* Add packet statistics to ipset?
@ 2013-01-23 18:19 Jonathan
2013-01-23 19:20 ` Jozsef Kadlecsik
0 siblings, 1 reply; 2+ messages in thread
From: Jonathan @ 2013-01-23 18:19 UTC (permalink / raw)
To: netfilter-devel
Hello:
How difficult would it be to add packet/byte counters to ipset?
I have a iptables ruleset that I'm looking to simplify, and I would like
to use the ipset module. However, I also have a need to collect per-host
byte counters. Currently I scrape them from the iptables output, but
with ipset this is not possible afaik. This makes the ipset module
(which I would _really_ like to use) useless for me.
I am not familiar with kernel programming, but I do know C. If it's not
too difficult, I would be very interested in helping with implementing
this, or even implementing it myself with some help.
Other options I have considered are adding some sort of ip-bitmap or
hash support to the nfacct system, or an aggregation filter module for
ulogd. From what I can tell, adding bitmaps/hashes to the nfacct system
would be much more complicated, and adding an aggregation filter to
ulogd would be far less efficient.
What do you think?
Jonathan deBoer
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Add packet statistics to ipset?
2013-01-23 18:19 Add packet statistics to ipset? Jonathan
@ 2013-01-23 19:20 ` Jozsef Kadlecsik
0 siblings, 0 replies; 2+ messages in thread
From: Jozsef Kadlecsik @ 2013-01-23 19:20 UTC (permalink / raw)
To: Jonathan; +Cc: netfilter-devel
On Wed, 23 Jan 2013, Jonathan wrote:
> How difficult would it be to add packet/byte counters to ipset?
>
> I have a iptables ruleset that I'm looking to simplify, and I would like to
> use the ipset module. However, I also have a need to collect per-host byte
> counters. Currently I scrape them from the iptables output, but with ipset
> this is not possible afaik. This makes the ipset module (which I would
> _really_ like to use) useless for me.
>
> I am not familiar with kernel programming, but I do know C. If it's not too
> difficult, I would be very interested in helping with implementing this, or
> even implementing it myself with some help.
>
> Other options I have considered are adding some sort of ip-bitmap or hash
> support to the nfacct system, or an aggregation filter module for ulogd. From
> what I can tell, adding bitmaps/hashes to the nfacct system would be much more
> complicated, and adding an aggregation filter to ulogd would be far less
> efficient.
It was already requested and I'm working on it. The next ipset release
will come with counters support.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-01-23 19:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-23 18:19 Add packet statistics to ipset? Jonathan
2013-01-23 19:20 ` Jozsef Kadlecsik
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).