On Wed, Sep 04, 2013 at 02:05:29PM +0200, valentina.giusti@xxxxxxxxxxxx wrote: > From: Valentina Giusti <valentina.giusti@xxxxxxxxxxxx> > > This patchset introduces notifications of accounting objects to userspace for > nfacct. > Notifications can be sent periodically or based on the amount of accounted bytes > or packets. In case a notification is set by giving a period as well as a given > amount of traffic, the number of notifications triggered during a period can be > rate limited. > > The need for notifications stems from monitoring applications (e.g. connman) > which currently need to keep polling accounting objects via nfnl_acct_get() in > order to get updated statistics. This is far from ideal in scenarios with large > amounts of accounting objects and diverse, unpredictable network traffic. > > This implementation introduces a new message type, NFNL_MSG_ACCT_NOTIFY, which > is sent by userspace (typically, libnetfilter_acct) in order to configure > accounting notifications. > The new message parameters are NFACCT_NOTIFY_PACKETS, NFACCT_NOTIFY_BYTES and > NFACCT_NOTIFY_PERIOD, which are sent with the accounting object name. Userspace > applications would typically configure desired notification modes and then get > appropriate notifications via netlink, on the same socket used for said > configuration. > > The patches needed for libnetfilter_acct and nfacct are included in this series. > > An example of nfacct usage is: > > $ nfacct add http-traffic # Create the accounting object > > [create related iptables rules here] > > $ nfacct notify http-traffic bytes 1024 > [for every 1024 bytes of HTTP traffic:] > { pkts = 00000000000000039225, bytes = 00000000000002361568 } = http-traffic; > { pkts = 00000000000000039245, bytes = 00000000000002362608 } = http-traffic; > ... > > or: > > $ nfacct notify-traffic http packets 100 > [for every 100 packets of HTTP traffic:] > { pkts = 00000000000000008303, bytes = 00000000000000486469 } = http-traffic; > { pkts = 00000000000000008403, bytes = 00000000000000494581 } = http-traffic; > ... > > or: > > $ nfacct notify http-traffic interval 120 > [every two minutes:] > { pkts = 00000000000000008303, bytes = 00000000000000486469 } = http-traffic; > { pkts = 00000000000000008403, bytes = 00000000000000494581 } = http-traffic; > ... > > or: > > $ nfacct notify http-traffic bytes 1024 bytes-ratelimit 4 period 5 > { pkts = 00000000000000010172, bytes = 00000000000000628714 } = http-traffic; > { pkts = 00000000000000010192, bytes = 00000000000000629754 } = http-traffic; > { pkts = 00000000000000010212, bytes = 00000000000000630794 } = http-traffic; > { pkts = 00000000000000010232, bytes = 00000000000000631834 } = http-traffic; > { pkts = 00000000000000010894, bytes = 00000000000000672343 } = http-traffic; > ... You can implement this from userspace by polling to obtain the counters. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html