Hi, I have a requirement to account for "bytes I pay for" over some
link, and conntrack very nearly gives me the right answer... This link
uses accounting somewhat like ATM, where the IP data is sliced into
fixed size cells and you have to pay for the overhead per cell, plus the
wasted space in the extra cell.
I look at the latest kernel sources and all the packet size accounting
seems to be performed in: nf_conntrack_core.c / __nf_ct_refresh_acct()
and __nf_ct_kill_acct().
I see several options:
1) Modify the accounting procedure in nf_conntrack_core.c so that
certain connections will use a different accounting formula. However,
how would I mark from userspace that a certain interface has this
unusual accounting property?
2) Could/Should I produce a new netfilter module which operates per
packet, looks up the connection object for a given packet, and then adds
a "fudge" to the connection accounting number to correct for the effect
of the odd packetisation? Presumably from userspace you would then
simply create an iptables rule tagging packets out of a certain
interface with "-m my_odd_accounting".
I don't yet know how to build option 2), but it seems appealing (anyone
got any consultancy time and want to bill me to build it?)
I would appreciate feedback from those more knowledgeable? Given the
small niche of the solution a modification to nf_conntrack_core.c is
appealing, but I'm unsure how to indicate which are the peculiar
interfaces, only userspace will know this.
Thanks for your thoughts/hints
Ed W
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
