Unable to post - Ulogd / NFCT - Request for changes

Unable to post - Ulogd / NFCT - Request for changes

[Gomathivinayagam Muthuvinayagam]

Hi,

Currently NFCT supports polling mode, but polling mode only propagates
the message to output plugin during DESTROY event.
This is a problem for long living connections, since I want to know
the amount of data transfer before the destroy event.
After getting a quick walk through on NFCT plugin code, It seems I
have to change the do_purge method, which is called in a regular time
interval.

I came with the following updates in the code (I added the else block only).


static int do_purge(void *data1, void *data2)
{
        int ret;
        struct ulogd_pluginstance *upi = data1;
        struct ct_timestamp *ts = data2;
        struct nfct_pluginstance *cpi =
                                (struct nfct_pluginstance *) upi->private;

        ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n");

        /* if it is not in kernel anymore, purge it */
        ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct);
        if (ret == -1 && errno == ENOENT) {
                do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts);
                hashtable_del(cpi->ct_active, &ts->hashnode);
                nfct_destroy(ts->ct);
                free(ts);
        }
        else // Added code
        {
                do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts);
        }

        return 0;
}

The else part propagates a flow eventhough there were no updates
happened to the flow. Could you help somone here, I would like to
propagate about the updates of a connection, if there was a change
happened to the long living connection. Is this correct approach?

My intuition, I have to call nfct_cmp method by passing the local hash
table connection, and the available connection in the kernel. If they
are same, then there were no updates happened to the connection,
otherwise I will propagate the details of the particular connection.

Thanks & Regards,

Re: Unable to post - Ulogd / NFCT - Request for changes

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 2585 bytes --]

Hi,

Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam
Muthuvinayagam a écrit :
> Hi,
> 
> Currently NFCT supports polling mode, but polling mode only propagates
> the message to output plugin during DESTROY event.
> This is a problem for long living connections, since I want to know
> the amount of data transfer before the destroy event.

For accounting, you may want to look NFACCT. For more information, you
can read my recent blog post:
https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/


> After getting a quick walk through on NFCT plugin code, It seems I
> have to change the do_purge method, which is called in a regular time
> interval.
> 
> I came with the following updates in the code (I added the else block only).
> 
> 
> static int do_purge(void *data1, void *data2)
> {
>         int ret;
>         struct ulogd_pluginstance *upi = data1;
>         struct ct_timestamp *ts = data2;
>         struct nfct_pluginstance *cpi =
>                                 (struct nfct_pluginstance *) upi->private;
> 
>         ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n");
> 
>         /* if it is not in kernel anymore, purge it */
>         ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct);
>         if (ret == -1 && errno == ENOENT) {
>                 do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts);
>                 hashtable_del(cpi->ct_active, &ts->hashnode);
>                 nfct_destroy(ts->ct);
>                 free(ts);
>         }
>         else // Added code
>         {
>                 do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts);
>         }
> 
>         return 0;
> }
> 
> The else part propagates a flow eventhough there were no updates
> happened to the flow. Could you help somone here, I would like to
> propagate about the updates of a connection, if there was a change
> happened to the long living connection. Is this correct approach?
> 
> My intuition, I have to call nfct_cmp method by passing the local hash
> table connection, and the available connection in the kernel. If they
> are same, then there were no updates happened to the connection,
> otherwise I will propagate the details of the particular connection.
> 
> Thanks & Regards,
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Eric Leblond 
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Unable to post - Ulogd / NFCT - Request for changes

[Gomathivinayagam Muthuvinayagam]

Thank for your info.

I have few questions on this.

Basically I want to record all the information that are coming to my
system. I want to do accounting for each sender that send packets to
my system.

It seems nfacct provides data usage for different protocols. If I want
to achieve the above requirement, I  have to set individual IP table
rules for each incoming host and use nfacct. I dont want to do this.

In consideration, nacct solves the problem, but only problem is it
does not emit the data usage for long living connections in regular
interval. Instead it emits the data usage only at the end of
destroying the connections. That's why I raised the concern of
changing the do_purge method that emits the data usage at regular
intervals.


Thanks & Regards,




On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@regit.org> wrote:
> Hi,
>
> Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam
> Muthuvinayagam a écrit :
>> Hi,
>>
>> Currently NFCT supports polling mode, but polling mode only propagates
>> the message to output plugin during DESTROY event.
>> This is a problem for long living connections, since I want to know
>> the amount of data transfer before the destroy event.
>
> For accounting, you may want to look NFACCT. For more information, you
> can read my recent blog post:
> https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/
>
>
>> After getting a quick walk through on NFCT plugin code, It seems I
>> have to change the do_purge method, which is called in a regular time
>> interval.
>>
>> I came with the following updates in the code (I added the else block only).
>>
>>
>> static int do_purge(void *data1, void *data2)
>> {
>>         int ret;
>>         struct ulogd_pluginstance *upi = data1;
>>         struct ct_timestamp *ts = data2;
>>         struct nfct_pluginstance *cpi =
>>                                 (struct nfct_pluginstance *) upi->private;
>>
>>         ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n");
>>
>>         /* if it is not in kernel anymore, purge it */
>>         ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct);
>>         if (ret == -1 && errno == ENOENT) {
>>                 do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts);
>>                 hashtable_del(cpi->ct_active, &ts->hashnode);
>>                 nfct_destroy(ts->ct);
>>                 free(ts);
>>         }
>>         else // Added code
>>         {
>>                 do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts);
>>         }
>>
>>         return 0;
>> }
>>
>> The else part propagates a flow eventhough there were no updates
>> happened to the flow. Could you help somone here, I would like to
>> propagate about the updates of a connection, if there was a change
>> happened to the long living connection. Is this correct approach?
>>
>> My intuition, I have to call nfct_cmp method by passing the local hash
>> table connection, and the available connection in the kernel. If they
>> are same, then there were no updates happened to the connection,
>> otherwise I will propagate the details of the particular connection.
>>
>> Thanks & Regards,
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
> --
> Eric Leblond
> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Unable to post - Ulogd / NFCT - Request for changes

[Gomathivinayagam Muthuvinayagam]

Can anyone respond for the message that I initially posted?

Thanks & Regards,




On Wed, Jul 18, 2012 at 12:21 PM, Gomathivinayagam Muthuvinayagam
<sankarmail@gmail.com> wrote:
> Thank for your info.
>
> I have few questions on this.
>
> Basically I want to record all the information that are coming to my
> system. I want to do accounting for each sender that send packets to
> my system.
>
> It seems nfacct provides data usage for different protocols. If I want
> to achieve the above requirement, I  have to set individual IP table
> rules for each incoming host and use nfacct. I dont want to do this.
>
> In consideration, nacct solves the problem, but only problem is it
> does not emit the data usage for long living connections in regular
> interval. Instead it emits the data usage only at the end of
> destroying the connections. That's why I raised the concern of
> changing the do_purge method that emits the data usage at regular
> intervals.
>
>
> Thanks & Regards,
>
>
>
>
> On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@regit.org> wrote:
>> Hi,
>>
>> Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam
>> Muthuvinayagam a écrit :
>>> Hi,
>>>
>>> Currently NFCT supports polling mode, but polling mode only propagates
>>> the message to output plugin during DESTROY event.
>>> This is a problem for long living connections, since I want to know
>>> the amount of data transfer before the destroy event.
>>
>> For accounting, you may want to look NFACCT. For more information, you
>> can read my recent blog post:
>> https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/
>>
>>
>>> After getting a quick walk through on NFCT plugin code, It seems I
>>> have to change the do_purge method, which is called in a regular time
>>> interval.
>>>
>>> I came with the following updates in the code (I added the else block only).
>>>
>>>
>>> static int do_purge(void *data1, void *data2)
>>> {
>>>         int ret;
>>>         struct ulogd_pluginstance *upi = data1;
>>>         struct ct_timestamp *ts = data2;
>>>         struct nfct_pluginstance *cpi =
>>>                                 (struct nfct_pluginstance *) upi->private;
>>>
>>>         ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n");
>>>
>>>         /* if it is not in kernel anymore, purge it */
>>>         ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct);
>>>         if (ret == -1 && errno == ENOENT) {
>>>                 do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts);
>>>                 hashtable_del(cpi->ct_active, &ts->hashnode);
>>>                 nfct_destroy(ts->ct);
>>>                 free(ts);
>>>         }
>>>         else // Added code
>>>         {
>>>                 do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts);
>>>         }
>>>
>>>         return 0;
>>> }
>>>
>>> The else part propagates a flow eventhough there were no updates
>>> happened to the flow. Could you help somone here, I would like to
>>> propagate about the updates of a connection, if there was a change
>>> happened to the long living connection. Is this correct approach?
>>>
>>> My intuition, I have to call nfct_cmp method by passing the local hash
>>> table connection, and the available connection in the kernel. If they
>>> are same, then there were no updates happened to the connection,
>>> otherwise I will propagate the details of the particular connection.
>>>
>>> Thanks & Regards,
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>> --
>> Eric Leblond
>> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html