From: Holger Eitzenberger <holger@eitzenberger.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Cc: Krzysztof Piotr Oledzki <ole@ans.pl>
Subject: [PATCH RFC 0/3] conntrack: add interface information to accounting extend
Date: Thu, 26 Sep 2013 17:31:50 +0200 [thread overview]
Message-ID: <20130926153150.280914229@eitzenberger.org> (raw)
Hi,
there are quite some IPFIX collectors (both commercial and not),
which rely on the exported accounting data to contain the interface
index the packet arrived, as well as the interface index the packet
left the box. This is AFAIK not mandated by the RFC, but just a
de facto standard set by those vendors.
Those collectors then often don't work if interface data is missing.
I try to solve this by adding the missing interface data to the
accounting extend. See following three patches.
First patch encapsulates both directions of the extend data into a
newly introduced nf_conn_acct. This could make sense even if not
adding interface indices later.
2nd patch coalesces two calls of ctnetlink_dump_counters() into a
single call of newly created ctnetlink_dump_acct(), with the intent
to add interface info in the following patch. ABI stays the same.
The 3rd patch then adds the interface indices to the accounting
extend. I chose to wrap both inside a newly introduced CTA_ACCT
attribute in the hope to improve the situation for readers not using
this extend. At the cost of adding another 'nlattr' to the output:
<CTA_ACCT>
<CTA_ACCT_INDEV, u32>
<CTA_ACCT_OUTDEV, u32>
Please check the patches, I appreciate your comments.
Thanks.
/Holger
next reply other threads:[~2013-09-26 15:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-26 15:31 Holger Eitzenberger [this message]
2013-09-26 15:31 ` [PATCH RFC 1/3] acct: introduce nf_conn_acct Holger Eitzenberger
2013-09-26 15:31 ` [PATCH RFC 2/3] ctnetlink: account both directions in one step Holger Eitzenberger
2013-09-26 15:31 ` [PATCH RFC 3/3] acct: add input and output interface index Holger Eitzenberger
2013-10-17 11:06 ` Pablo Neira Ayuso
2013-10-17 11:33 ` Holger Eitzenberger
2013-11-03 20:59 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130926153150.280914229@eitzenberger.org \
--to=holger@eitzenberger.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).