* Unable to post - Ulogd / NFCT - Request for changes
@ 2012-07-18 15:10 Gomathivinayagam Muthuvinayagam
2012-07-18 18:53 ` Eric Leblond
0 siblings, 1 reply; 4+ messages in thread
From: Gomathivinayagam Muthuvinayagam @ 2012-07-18 15:10 UTC (permalink / raw)
To: netfilter-devel
Hi,
Currently NFCT supports polling mode, but polling mode only propagates
the message to output plugin during DESTROY event.
This is a problem for long living connections, since I want to know
the amount of data transfer before the destroy event.
After getting a quick walk through on NFCT plugin code, It seems I
have to change the do_purge method, which is called in a regular time
interval.
I came with the following updates in the code (I added the else block only).
static int do_purge(void *data1, void *data2)
{
int ret;
struct ulogd_pluginstance *upi = data1;
struct ct_timestamp *ts = data2;
struct nfct_pluginstance *cpi =
(struct nfct_pluginstance *) upi->private;
ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n");
/* if it is not in kernel anymore, purge it */
ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct);
if (ret == -1 && errno == ENOENT) {
do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts);
hashtable_del(cpi->ct_active, &ts->hashnode);
nfct_destroy(ts->ct);
free(ts);
}
else // Added code
{
do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts);
}
return 0;
}
The else part propagates a flow eventhough there were no updates
happened to the flow. Could you help somone here, I would like to
propagate about the updates of a connection, if there was a change
happened to the long living connection. Is this correct approach?
My intuition, I have to call nfct_cmp method by passing the local hash
table connection, and the available connection in the kernel. If they
are same, then there were no updates happened to the connection,
otherwise I will propagate the details of the particular connection.
Thanks & Regards,
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Unable to post - Ulogd / NFCT - Request for changes 2012-07-18 15:10 Unable to post - Ulogd / NFCT - Request for changes Gomathivinayagam Muthuvinayagam @ 2012-07-18 18:53 ` Eric Leblond 2012-07-18 19:21 ` Gomathivinayagam Muthuvinayagam 0 siblings, 1 reply; 4+ messages in thread From: Eric Leblond @ 2012-07-18 18:53 UTC (permalink / raw) To: Gomathivinayagam Muthuvinayagam; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 2585 bytes --] Hi, Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam Muthuvinayagam a écrit : > Hi, > > Currently NFCT supports polling mode, but polling mode only propagates > the message to output plugin during DESTROY event. > This is a problem for long living connections, since I want to know > the amount of data transfer before the destroy event. For accounting, you may want to look NFACCT. For more information, you can read my recent blog post: https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ > After getting a quick walk through on NFCT plugin code, It seems I > have to change the do_purge method, which is called in a regular time > interval. > > I came with the following updates in the code (I added the else block only). > > > static int do_purge(void *data1, void *data2) > { > int ret; > struct ulogd_pluginstance *upi = data1; > struct ct_timestamp *ts = data2; > struct nfct_pluginstance *cpi = > (struct nfct_pluginstance *) upi->private; > > ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n"); > > /* if it is not in kernel anymore, purge it */ > ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct); > if (ret == -1 && errno == ENOENT) { > do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts); > hashtable_del(cpi->ct_active, &ts->hashnode); > nfct_destroy(ts->ct); > free(ts); > } > else // Added code > { > do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts); > } > > return 0; > } > > The else part propagates a flow eventhough there were no updates > happened to the flow. Could you help somone here, I would like to > propagate about the updates of a connection, if there was a change > happened to the long living connection. Is this correct approach? > > My intuition, I have to call nfct_cmp method by passing the local hash > table connection, and the available connection in the kernel. If they > are same, then there were no updates happened to the connection, > otherwise I will propagate the details of the particular connection. > > Thanks & Regards, > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Eric Leblond Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Unable to post - Ulogd / NFCT - Request for changes 2012-07-18 18:53 ` Eric Leblond @ 2012-07-18 19:21 ` Gomathivinayagam Muthuvinayagam 2012-07-20 3:57 ` Gomathivinayagam Muthuvinayagam 0 siblings, 1 reply; 4+ messages in thread From: Gomathivinayagam Muthuvinayagam @ 2012-07-18 19:21 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Thank for your info. I have few questions on this. Basically I want to record all the information that are coming to my system. I want to do accounting for each sender that send packets to my system. It seems nfacct provides data usage for different protocols. If I want to achieve the above requirement, I have to set individual IP table rules for each incoming host and use nfacct. I dont want to do this. In consideration, nacct solves the problem, but only problem is it does not emit the data usage for long living connections in regular interval. Instead it emits the data usage only at the end of destroying the connections. That's why I raised the concern of changing the do_purge method that emits the data usage at regular intervals. Thanks & Regards, On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@regit.org> wrote: > Hi, > > Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam > Muthuvinayagam a écrit : >> Hi, >> >> Currently NFCT supports polling mode, but polling mode only propagates >> the message to output plugin during DESTROY event. >> This is a problem for long living connections, since I want to know >> the amount of data transfer before the destroy event. > > For accounting, you may want to look NFACCT. For more information, you > can read my recent blog post: > https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ > > >> After getting a quick walk through on NFCT plugin code, It seems I >> have to change the do_purge method, which is called in a regular time >> interval. >> >> I came with the following updates in the code (I added the else block only). >> >> >> static int do_purge(void *data1, void *data2) >> { >> int ret; >> struct ulogd_pluginstance *upi = data1; >> struct ct_timestamp *ts = data2; >> struct nfct_pluginstance *cpi = >> (struct nfct_pluginstance *) upi->private; >> >> ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n"); >> >> /* if it is not in kernel anymore, purge it */ >> ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct); >> if (ret == -1 && errno == ENOENT) { >> do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts); >> hashtable_del(cpi->ct_active, &ts->hashnode); >> nfct_destroy(ts->ct); >> free(ts); >> } >> else // Added code >> { >> do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts); >> } >> >> return 0; >> } >> >> The else part propagates a flow eventhough there were no updates >> happened to the flow. Could you help somone here, I would like to >> propagate about the updates of a connection, if there was a change >> happened to the long living connection. Is this correct approach? >> >> My intuition, I have to call nfct_cmp method by passing the local hash >> table connection, and the available connection in the kernel. If they >> are same, then there were no updates happened to the connection, >> otherwise I will propagate the details of the particular connection. >> >> Thanks & Regards, >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > Eric Leblond > Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Unable to post - Ulogd / NFCT - Request for changes 2012-07-18 19:21 ` Gomathivinayagam Muthuvinayagam @ 2012-07-20 3:57 ` Gomathivinayagam Muthuvinayagam 0 siblings, 0 replies; 4+ messages in thread From: Gomathivinayagam Muthuvinayagam @ 2012-07-20 3:57 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Can anyone respond for the message that I initially posted? Thanks & Regards, On Wed, Jul 18, 2012 at 12:21 PM, Gomathivinayagam Muthuvinayagam <sankarmail@gmail.com> wrote: > Thank for your info. > > I have few questions on this. > > Basically I want to record all the information that are coming to my > system. I want to do accounting for each sender that send packets to > my system. > > It seems nfacct provides data usage for different protocols. If I want > to achieve the above requirement, I have to set individual IP table > rules for each incoming host and use nfacct. I dont want to do this. > > In consideration, nacct solves the problem, but only problem is it > does not emit the data usage for long living connections in regular > interval. Instead it emits the data usage only at the end of > destroying the connections. That's why I raised the concern of > changing the do_purge method that emits the data usage at regular > intervals. > > > Thanks & Regards, > > > > > On Wed, Jul 18, 2012 at 11:53 AM, Eric Leblond <eric@regit.org> wrote: >> Hi, >> >> Le mercredi 18 juillet 2012 à 08:10 -0700, Gomathivinayagam >> Muthuvinayagam a écrit : >>> Hi, >>> >>> Currently NFCT supports polling mode, but polling mode only propagates >>> the message to output plugin during DESTROY event. >>> This is a problem for long living connections, since I want to know >>> the amount of data transfer before the destroy event. >> >> For accounting, you may want to look NFACCT. For more information, you >> can read my recent blog post: >> https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ >> >> >>> After getting a quick walk through on NFCT plugin code, It seems I >>> have to change the do_purge method, which is called in a regular time >>> interval. >>> >>> I came with the following updates in the code (I added the else block only). >>> >>> >>> static int do_purge(void *data1, void *data2) >>> { >>> int ret; >>> struct ulogd_pluginstance *upi = data1; >>> struct ct_timestamp *ts = data2; >>> struct nfct_pluginstance *cpi = >>> (struct nfct_pluginstance *) upi->private; >>> >>> ulogd_log(ULOGD_NOTICE,"Inside do_purge method\n"); >>> >>> /* if it is not in kernel anymore, purge it */ >>> ret = nfct_query(cpi->pgh, NFCT_Q_GET, ts->ct); >>> if (ret == -1 && errno == ENOENT) { >>> do_propagate_ct(upi, ts->ct, NFCT_T_DESTROY, ts); >>> hashtable_del(cpi->ct_active, &ts->hashnode); >>> nfct_destroy(ts->ct); >>> free(ts); >>> } >>> else // Added code >>> { >>> do_propagate_ct(upi, ts->ct,NFCT_T_UPDATE,ts); >>> } >>> >>> return 0; >>> } >>> >>> The else part propagates a flow eventhough there were no updates >>> happened to the flow. Could you help somone here, I would like to >>> propagate about the updates of a connection, if there was a change >>> happened to the long living connection. Is this correct approach? >>> >>> My intuition, I have to call nfct_cmp method by passing the local hash >>> table connection, and the available connection in the kernel. If they >>> are same, then there were no updates happened to the connection, >>> otherwise I will propagate the details of the particular connection. >>> >>> Thanks & Regards, >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in >>> the body of a message to majordomo@vger.kernel.org >>> More majordomo info at http://vger.kernel.org/majordomo-info.html >> >> -- >> Eric Leblond >> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-07-20 3:58 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-07-18 15:10 Unable to post - Ulogd / NFCT - Request for changes Gomathivinayagam Muthuvinayagam 2012-07-18 18:53 ` Eric Leblond 2012-07-18 19:21 ` Gomathivinayagam Muthuvinayagam 2012-07-20 3:57 ` Gomathivinayagam Muthuvinayagam
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).