Add packet statistics to ipset?

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jonathan <jdccdevel@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: Add packet statistics to ipset?
Date: Wed, 23 Jan 2013 11:19:56 -0700	[thread overview]
Message-ID: <510029CC.5000902@gmail.com> (raw)

Hello:

How difficult would it be to add packet/byte counters to ipset?

I have a iptables ruleset that I'm looking to simplify, and I would like 
to use the ipset module. However, I also have a need to collect per-host 
byte counters. Currently I scrape them from the iptables output, but 
with ipset this is not possible afaik. This makes the ipset module 
(which I would _really_ like to use) useless for me.

I am not familiar with kernel programming, but I do know C. If it's not 
too difficult, I would be very interested in helping with implementing 
this, or even implementing it myself with some help.

Other options I have considered are adding some sort of ip-bitmap or 
hash support to the nfacct system, or an aggregation filter module for 
ulogd. From what I can tell, adding bitmaps/hashes to the nfacct system 
would be much more complicated, and adding an aggregation filter to 
ulogd would be far less efficient.

What do you think?

Jonathan deBoer

next             reply	other threads:[~2013-01-23 18:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-01-23 18:19 Jonathan [this message]
2013-01-23 19:20 ` Add packet statistics to ipset? Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=510029CC.5000902@gmail.com \
    --to=jdccdevel@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).