I seriously suggest that for the primary (subject given) topic
you are SERIOUSLY OFF TARGET. Look around, counting hits on
some fw rules is waste of time! (And mightly inaccurate!)
You absolutely don't want to do any sort of counting aggeration policy
control within kernel ( = FW rules ). You want to collect accounting
per flow, and send those data records to offline analysis.
No more fighting of when to clear counters, and when not.
Having used (with own custom analyzers) cisco netflow, I can say
that any sort of "count hits on access-list elements" things are
from stone-age:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
Yet another nice thing to cook up -- if I had time ...
/Matti Aarnio
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/