Can anyone respond for the message that I initially posted? Thanks & Regards, On Wed, Jul 18, 2012 at 12:21 PM, Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx> wrote: > Thank for your info. > > I have few questions on this. > > Basically I want to record all the information that are coming to my > system. I want to do accounting for each sender that send packets to > my system. > > It seems nfacct provides data usage for different protocols. If I want > to achieve the above requirement, I have to set individual IP table > rules for each incoming host and use nfacct. I dont want to do this. > > In consideration, nacct solves the problem, but only problem is it > does not emit the data usage for long living connections in regular > interval. Instead it emits the data usage only at the end of > destroying the connections. That's why I raised the concern of > changing the do_purge method that emits the data usage at regular > intervals. > > > Thanks & Regards, > > > > > On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@xxxxxxxxx> wrote: >> Hi, >> >> Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam >> Muthuvinayagam a écrit : >>> Hi, >>> >>> Currently NFCT supports polling mode, but polling mode only propagates >>> the message to output plugin during DESTROY event. >>> This is a problem for long living connections, since I want to know >>> the amount of data transfer before the destroy event. >> >> For accounting, you may want to look NFACCT. For more information, you >> can read my recent blog post: >> https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ >> >> >>> After getting a quick walk through on NFCT plugin code, It seems I >>> have to change the do_purge method, which is called in a regular time >>> interval. >>> >>> I came with the following updates in the code (I added the else block only). >>> >>> >>> static int do_purge(void *data1, void *data2) >>> { >>> int ret; >>> struct ulogd_pluginstance *upi = data1; >>> struct ct_timestamp *ts = data2; >>> struct nfct_pluginstance *cpi = >>> (struct nfct_pluginstance *) upi->private; >>> >>> ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n"); >>> >>> /* if it is not in kernel anymore, purge it */ >>> ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct); >>> if (ret == -1 && errno == ENOENT) { >>> do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts); >>> hashtable_del(cpi->ct_active, &ts->hashnode); >>> nfct_destroy(ts->ct); >>> free(ts); >>> } >>> else // Added code >>> { >>> do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts); >>> } >>> >>> return 0; >>> } >>> >>> The else part propagates a flow eventhough there were no updates >>> happened to the flow. Could you help somone here, I would like to >>> propagate about the updates of a connection, if there was a change >>> happened to the long living connection. Is this correct approach? >>> >>> My intuition, I have to call nfct_cmp method by passing the local hash >>> table connection, and the available connection in the kernel. If they >>> are same, then there were no updates happened to the connection, >>> otherwise I will propagate the details of the particular connection. >>> >>> Thanks & Regards, >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> -- >> Eric Leblond >> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
