Re: Unable to post - Ulogd / NFCT - Request for changes

[Gomathivinayagam Muthuvinayagam <sankarmail@gmail.com>]

Can anyone respond for the message that I initially posted?

Thanks & Regards,




On Wed, Jul 18, 2012 at 12:21 PM, Gomathivinayagam Muthuvinayagam
<sankarmail@gmail.com> wrote:
> Thank for your info.
>
> I have few questions on this.
>
> Basically I want to record all the information that are coming to my
> system. I want to do accounting for each sender that send packets to
> my system.
>
> It seems nfacct provides data usage for different protocols. If I want
> to achieve the above requirement, I  have to set individual IP table
> rules for each incoming host and use nfacct. I dont want to do this.
>
> In consideration, nacct solves the problem, but only problem is it
> does not emit the data usage for long living connections in regular
> interval. Instead it emits the data usage only at the end of
> destroying the connections. That's why I raised the concern of
> changing the do_purge method that emits the data usage at regular
> intervals.
>
>
> Thanks & Regards,
>
>
>
>
> On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@regit.org> wrote:
>> Hi,
>>
>> Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam
>> Muthuvinayagam a écrit :
>>> Hi,
>>>
>>> Currently NFCT supports polling mode, but polling mode only propagates
>>> the message to output plugin during DESTROY event.
>>> This is a problem for long living connections, since I want to know
>>> the amount of data transfer before the destroy event.
>>
>> For accounting, you may want to look NFACCT. For more information, you
>> can read my recent blog post:
>> https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/
>>
>>
>>> After getting a quick walk through on NFCT plugin code, It seems I
>>> have to change the do_purge method, which is called in a regular time
>>> interval.
>>>
>>> I came with the following updates in the code (I added the else block only).
>>>
>>>
>>> static int do_purge(void *data1, void *data2)
>>> {
>>>         int ret;
>>>         struct ulogd_pluginstance *upi = data1;
>>>         struct ct_timestamp *ts = data2;
>>>         struct nfct_pluginstance *cpi =
>>>                                 (struct nfct_pluginstance *) upi->private;
>>>
>>>         ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n");
>>>
>>>         /* if it is not in kernel anymore, purge it */
>>>         ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct);
>>>         if (ret == -1 && errno == ENOENT) {
>>>                 do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts);
>>>                 hashtable_del(cpi->ct_active, &ts->hashnode);
>>>                 nfct_destroy(ts->ct);
>>>                 free(ts);
>>>         }
>>>         else // Added code
>>>         {
>>>                 do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts);
>>>         }
>>>
>>>         return 0;
>>> }
>>>
>>> The else part propagates a flow eventhough there were no updates
>>> happened to the flow. Could you help somone here, I would like to
>>> propagate about the updates of a connection, if there was a change
>>> happened to the long living connection. Is this correct approach?
>>>
>>> My intuition, I have to call nfct_cmp method by passing the local hash
>>> table connection, and the available connection in the kernel. If they
>>> are same, then there were no updates happened to the connection,
>>> otherwise I will propagate the details of the particular connection.
>>>
>>> Thanks & Regards,
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>> --
>> Eric Leblond
>> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html