Hello, Le mardi 02 avril 2013 à 20:11 +0100, Ed W a écrit : > Hi, I have a requirement to account for "bytes I pay for" over some > link, and conntrack very nearly gives me the right answer... This link > uses accounting somewhat like ATM, where the IP data is sliced into > fixed size cells and you have to pay for the overhead per cell, plus the > wasted space in the extra cell. I'm not sure I really understood your ATM comparison but why not use the new accounting system like described here: https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ BR, > > I look at the latest kernel sources and all the packet size accounting > seems to be performed in: nf_conntrack_core.c / __nf_ct_refresh_acct() > and __nf_ct_kill_acct(). > > I see several options: > > 1) Modify the accounting procedure in nf_conntrack_core.c so that > certain connections will use a different accounting formula. However, > how would I mark from userspace that a certain interface has this > unusual accounting property? > > 2) Could/Should I produce a new netfilter module which operates per > packet, looks up the connection object for a given packet, and then adds > a "fudge" to the connection accounting number to correct for the effect > of the odd packetisation? Presumably from userspace you would then > simply create an iptables rule tagging packets out of a certain > interface with "-m my_odd_accounting". > > I don't yet know how to build option 2), but it seems appealing (anyone > got any consultancy time and want to bill me to build it?) > > I would appreciate feedback from those more knowledgeable? Given the > small niche of the solution a modification to nf_conntrack_core.c is > appealing, but I'm unsure how to indicate which are the peculiar > interfaces, only userspace will know this. > > Thanks for your thoughts/hints > > Ed W > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: This is a digitally signed message part
