Hi, I was reading the NetFlow/sFlow/IPFIX probe discussion from earlier this year and thought there might be some interest the recent ULOG/sFlow implementation in the Host sFlow project: http://host-sflow.sourceforge.net It turned out that the random sampling capability in the statistic module combined with ULOG provided the hooks needed to implement sFlow: http://blog.sflow.com/2010/12/ulog.html I do have a few questions: 1. When sampling the INPUT chain it is possible to get the layer 2 header. Sampling the OUTPUT chain only provides the IP header. I understand that the layer 2 header hasn't been constructed yet, but is there a hook further down the netfilter chain where the layer 2 header is available? 2. We are also looking at an ebtables implementation. Is it possible to perform random sampling in ebtables? 3. Finally, is there a way to programmatically retrieve the packet counter associated with a rule? Ideally we would like to be able to tag the sFlow monitoring rules and retrieve their packet counters. I know its possible use a script to parse the output of iptables -L --verbose to get counter values, but it isn't the most efficient solution. Thanks, Peter -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
