All of lore.kernel.org
 help / color / mirror / Atom feed
* Add packet statistics to ipset?
@ 2013-01-23 18:19 Jonathan
  2013-01-23 19:20 ` Jozsef Kadlecsik
  0 siblings, 1 reply; 2+ messages in thread
From: Jonathan @ 2013-01-23 18:19 UTC (permalink / raw)
  To: netfilter-devel

Hello:

How difficult would it be to add packet/byte counters to ipset?

I have a iptables ruleset that I'm looking to simplify, and I would like 
to use the ipset module. However, I also have a need to collect per-host 
byte counters. Currently I scrape them from the iptables output, but 
with ipset this is not possible afaik. This makes the ipset module 
(which I would _really_ like to use) useless for me.

I am not familiar with kernel programming, but I do know C. If it's not 
too difficult, I would be very interested in helping with implementing 
this, or even implementing it myself with some help.

Other options I have considered are adding some sort of ip-bitmap or 
hash support to the nfacct system, or an aggregation filter module for 
ulogd. From what I can tell, adding bitmaps/hashes to the nfacct system 
would be much more complicated, and adding an aggregation filter to 
ulogd would be far less efficient.

What do you think?

Jonathan deBoer





^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Add packet statistics to ipset?
  2013-01-23 18:19 Add packet statistics to ipset? Jonathan
@ 2013-01-23 19:20 ` Jozsef Kadlecsik
  0 siblings, 0 replies; 2+ messages in thread
From: Jozsef Kadlecsik @ 2013-01-23 19:20 UTC (permalink / raw)
  To: Jonathan; +Cc: netfilter-devel

On Wed, 23 Jan 2013, Jonathan wrote:

> How difficult would it be to add packet/byte counters to ipset?
> 
> I have a iptables ruleset that I'm looking to simplify, and I would like to
> use the ipset module. However, I also have a need to collect per-host byte
> counters. Currently I scrape them from the iptables output, but with ipset
> this is not possible afaik. This makes the ipset module (which I would
> _really_ like to use) useless for me.
> 
> I am not familiar with kernel programming, but I do know C. If it's not too
> difficult, I would be very interested in helping with implementing this, or
> even implementing it myself with some help.
> 
> Other options I have considered are adding some sort of ip-bitmap or hash
> support to the nfacct system, or an aggregation filter module for ulogd. From
> what I can tell, adding bitmaps/hashes to the nfacct system would be much more
> complicated, and adding an aggregation filter to ulogd would be far less
> efficient.

It was already requested and I'm working on it. The next ipset release 
will come with counters support.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-01-23 19:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-23 18:19 Add packet statistics to ipset? Jonathan
2013-01-23 19:20 ` Jozsef Kadlecsik

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.