blob: 9901a463d8f7552f2f8c275b6cb6538983a784f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
= libnetfilter_acct: area-based accounting for netfilter =
Netfilter provides several accounting mechanisms:
* flow-based accouting through ctnetlink
* packet-based accounting through NFLOG
This library contains the user-space part of a third new mechanism that
provides area-based accounting.
You have to get the kernel part from:
git clone -b nf git://1984.lsi.us.es/net
Or you can obtain the patches that apply to 3.2-rc from the cgit interface:
http:/1984.lsi.us.es/git
Make sure you compile the kernel with NFNETLINK_ACCT and XT_TARGET_NFACCT
support.
== Flow-based accounting through ctnetlink ==
This mechanism allows you to account the number of packets and bytes
of one given flow. This information is obtained via netlink event once
the flow is closed with:
# conntrack -E
You can get real-time accounting packets and bytes per flow by polling:
# conntrack -L
== Packet-based accounting through NFLOG ==
This mechanism allows you to add specific iptables rules to log packets
that match some specific condition:
# iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix "http: "
== Area-based accouting ==
This mechanism allows you to create one accounting area:
libnetfilter_acct/examples# ./nfacct-create http-traffic
Then, you can use it in iptables:
# iptables -I INPUT -p tcp --dport 80 -j NFACCT --nfacct-name http-traffic
# iptables -I OUTPUT -p tcp --sport 80 -j NFACCT --nfacct-name http-traffic
You can obtain the counters via libnetfilter_acct:
libnetfilter_acct/examples# ./nfacct-get
http-traffic = { pkts = 000000061152, bytes = 000082999936 };
You can perform different actions like dumping the counters and reset them.
--
(c) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
(c) 2011 Intra2Net AG <http://www.intra2net.com>
|