Harald Welte's blog

ctnetlink now with flow-based accounting support

Some months ago, I included per-connection packet and byte counters to ip_conntrack (CONFIG_NF_CT_ACCT) into Linux-2.6 mainline. However, reading the entries from /proc/net/ip_conntrack is not really a useful interface to access those counters.

I've now merged Pablo Neira's latest ctnetlink/nfnetlink changes with mine, and patch-o-matic-ng now includes support for dumping the counters to userspace.

With any userspace program (using libctnetlink) you can then retrieve the counters. Either you wait until a connection dies (and receive the DELETE message from the netlink socket, containing the counters), or you regularly issue a request to list-conntracks-and-reset-counters-to-zero request.

The conntrack tool in subversion now already includes support for this, see the conntrack -E conntrack and conntrack -L conntrack -z commands.

I've also picked up working on ulogd2 again, to provide a all-in-one solution that allows you to create IPFIX (aka NETFLOW) records or put the per-flow accounting data directly into a SQL database. If everything works fine, I'll be finished in a week or so.

Harald Welte's blog

	RSS Harald's Web gnumonks.org hmw-consulting.de sysmocom.de Projects OpenBSC OsmocomBB OsmocomTETRA deDECTed.org gpl-violations.org gpl-devices.org OpenMoko gnufiish OpenEZX OpenBeacon OpenPCD librfid openmrtd opentom.org netfilter/iptables Categories Root (1072) ccc (26) dect (2) electronics (19) gsm (123) osmocom-bb (7) knf (4) linux (697) a780 (39) conferences (127) cyberjack (4) gnuradio (5) gpl-violations (138) gspc (6) mobile (29) mrtd (35) netfilter (117) openmoko (52) opentom (7) samsung (1) via (23) misc (18) osmocom (7) personal (111) bollywood (17) taiwan (3) photography (9) politics (30) swpat (3) tetra (3) Archives 2012 (18) May (1) April (2) March (8) February (1) January (6) 2011 (47) December (2) November (3) October (3) September (3) August (1) July (5) June (9) May (5) April (6) March (3) February (2) January (5) 2010 (96) 2009 (146) 2008 (106) 2007 (53) 2006 (154) 2005 (248) 2004 (198) 2003 (5) 2002 (1) Other Bloggers David Burgess Zecke Dieter Spaar Michael Lauer Stefan Schmidt Rusty Russell David Miller Martin Pool Jeremy Kerr Tim Pritlove (German) fukami (German) fefe (German) Bradley M. Kuhn Lawrence Lessig Kalyan Varma Aggregators kernelplanet.org planet.netfilter.org planet.openezx.org planet.openmoko.org planet.foss.in identi.ca twitter flattr Linked in Xing Articles on this blog/journal are licensed under a Creative Commons Attribution-NoDerivs 2.5 License. Contact/Impressum	Sat, 16 Apr 2005 ctnetlink now with flow-based accounting support Some months ago, I included per-connection packet and byte counters to ip_conntrack (CONFIG_NF_CT_ACCT) into Linux-2.6 mainline. However, reading the entries from /proc/net/ip_conntrack is not really a useful interface to access those counters. I've now merged Pablo Neira's latest ctnetlink/nfnetlink changes with mine, and patch-o-matic-ng now includes support for dumping the counters to userspace. With any userspace program (using libctnetlink) you can then retrieve the counters. Either you wait until a connection dies (and receive the DELETE message from the netlink socket, containing the counters), or you regularly issue a request to list-conntracks-and-reset-counters-to-zero request. The conntrack tool in subversion now already includes support for this, see the conntrack -E conntrack and conntrack -L conntrack -z commands. I've also picked up working on ulogd2 again, to provide a all-in-one solution that allows you to create IPFIX (aka NETFLOW) records or put the per-flow accounting data directly into a SQL database. If everything works fine, I'll be finished in a week or so. [ /linux/netfilter \| permanent link ]