Re: IP Acounting Idea for 2.5

Andreas Ferber (aferber@techfak.uni-bielefeld.de)
Mon, 16 Apr 2001 13:21:10 +0200


Hi,

On Tue, Apr 17, 2001 at 08:46:12AM +1000, David Findlay wrote:
>
> I suppose, but it would be so much easier if the kernel did it automatically.
> Having a rule to go through for each IP address to be logged would be slower
> than implementing one rule that would log all of them. Doing this in the
> kernel would improve preformance.

You can use the iptables ULOG facility (see netfilter CVS for the
patches). With this you can copy packets to userspace programs which
can do any further processing, like the accounting stuff. You can even
choose to only copy part of a packet (say only the IP header) to
userspace, to reduce the amount of data your application has to
handle.

Simply copy the headers of all IP packets going through your router to
userspace, and write a small application (possibly using libipulog
which comes with the netfilter userspace code) which does the actual
accounting. This has the additional benefit that further processing of
the packet in kernel (i.e. outputting it on the destination interface)
can continue while your application is processing the accounting data.

Andreas

-- 
You are in a maze of little twisting passages, all alike.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/