ctnetlink now with flow-based accounting support
Some months ago, I included per-connection packet and byte counters to ip_conntrack (CONFIG_NF_CT_ACCT) into Linux-2.6 mainline. However, reading the entries from /proc/net/ip_conntrack is not really a useful interface to access those counters.
I've now merged Pablo Neira's latest ctnetlink/nfnetlink changes with mine, and patch-o-matic-ng now includes support for dumping the counters to userspace.
With any userspace program (using libctnetlink) you can then retrieve the counters. Either you wait until a connection dies (and receive the DELETE message from the netlink socket, containing the counters), or you regularly issue a request to list-conntracks-and-reset-counters-to-zero request.
The conntrack tool in subversion now already includes support for this, see the conntrack -E conntrack and conntrack -L conntrack -z commands.
I've also picked up working on ulogd2 again, to provide a all-in-one solution that allows you to create IPFIX (aka NETFLOW) records or put the per-flow accounting data directly into a SQL database. If everything works fine, I'll be finished in a week or so.