Thank for your info. I have few questions on this. Basically I want to record all the information that are coming to my system. I want to do accounting for each sender that send packets to my system. It seems nfacct provides data usage for different protocols. If I want to achieve the above requirement, I have to set individual IP table rules for each incoming host and use nfacct. I dont want to do this. In consideration, nacct solves the problem, but only problem is it does not emit the data usage for long living connections in regular interval. Instead it emits the data usage only at the end of destroying the connections. That's why I raised the concern of changing the do_purge method that emits the data usage at regular intervals. Thanks & Regards, On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@xxxxxxxxx> wrote: > Hi, > > Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam > Muthuvinayagam a écrit : >> Hi, >> >> Currently NFCT supports polling mode, but polling mode only propagates >> the message to output plugin during DESTROY event. >> This is a problem for long living connections, since I want to know >> the amount of data transfer before the destroy event. > > For accounting, you may want to look NFACCT. For more information, you > can read my recent blog post: > https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ > > >> After getting a quick walk through on NFCT plugin code, It seems I >> have to change the do_purge method, which is called in a regular time >> interval. >> >> I came with the following updates in the code (I added the else block only). >> >> >> static int do_purge(void *data1, void *data2) >> { >> int ret; >> struct ulogd_pluginstance *upi = data1; >> struct ct_timestamp *ts = data2; >> struct nfct_pluginstance *cpi = >> (struct nfct_pluginstance *) upi->private; >> >> ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n"); >> >> /* if it is not in kernel anymore, purge it */ >> ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct); >> if (ret == -1 && errno == ENOENT) { >> do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts); >> hashtable_del(cpi->ct_active, &ts->hashnode); >> nfct_destroy(ts->ct); >> free(ts); >> } >> else // Added code >> { >> do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts); >> } >> >> return 0; >> } >> >> The else part propagates a flow eventhough there were no updates >> happened to the flow. Could you help somone here, I would like to >> propagate about the updates of a connection, if there was a change >> happened to the long living connection. Is this correct approach? >> >> My intuition, I have to call nfct_cmp method by passing the local hash >> table connection, and the available connection in the kernel. If they >> are same, then there were no updates happened to the connection, >> otherwise I will propagate the details of the particular connection. >> >> Thanks & Regards, >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > Eric Leblond > Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
