Roman Tsisyk wrote: > On Wed, Mar 31, 2010 at 2:06 AM, Stig Thormodsrud <stig@xxxxxxxxxx> wrote: > On Tue, Mar 30, 2010 at 11:39 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote: >> We already have conntrack and ctnetlink to gather per-connection >> statistics, which should decrease the overhead for doing this in >> userspace a lot. There also exists a netflow plugin for ulogd2, >> but I'm not sure it was already submitted and merged. >> > > Thank you for pointing it out, I didn't know about conntrack support in ulogd. > > As far as I understood, IPFIX output in ulogd is in a early stage and > don't work. So, I tested ulogd + ctnetlink with null output and it > worked very well. IIRC Holger Eitzenberger (CCed) has done some work to make this work properly. Maybe he can tell use more. > CPU load was about 5-10%, and it's just nothing on this router. > However, I'm not sure that output is correct and all flows was > accounted. I also don't know what is about active and inactive > timeouts in this approach. > I'll look to ulogd_inpflow_NFCT more closely. > > Patrick, decision is to optimize ctnetlink and not to make accounting > in the kernel space? Accounting is done in kernel space by conntrack, but aggregation should be done in userspace in my opinion. I don't think you need a lot of optimization, AFAIK Holger's patches already scale to large setups very well. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html