Jan Engelhardt wrote: > On Tuesday 2010-03-30 16:06, Roman Tsisyk wrote: > >> # Probe one network to first server >> iptables -A FORWARD -s 192.168.0.0/24 -j PROBE --target 0 >> iptables -A FORWARD -d 192.168.0.0/24 -j PROBE --target 0 >> >> # Probe another network to second server >> iptables -A FORWARD -s 192.168.5.0/24 -j PROBE --target 1 >> iptables -A FORWARD -d 192.168.5.0/24 -j PROBE --target 1 >> >> # Probe outgoing email flow to third server >> iptables -A FORWARD -s 192.168.5.0/24 --dport 25 -j PROBE --target 2 >> --- >> >> 4. Support for exporting statistics via /proc >> Traffic and packet rate, udp socket information and everything what >> can be useful. > > Should probably be using netlink or sysfs instead. We already have conntrack and ctnetlink to gather per-connection statistics, which should decrease the overhead for doing this in userspace a lot. There also exists a netflow plugin for ulogd2, but I'm not sure it was already submitted and merged. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
