* [PATCH] flow statistic match
@ 2002-09-18 6:44 Jay Schulist
2002-09-18 21:41 ` Antony Stone
2002-09-18 21:59 ` Patrick Schaaf
0 siblings, 2 replies; 6+ messages in thread
From: Jay Schulist @ 2002-09-18 6:44 UTC (permalink / raw)
To: Harald Welte; +Cc: netfilter-devel, netfilter, Jay Schulist
[-- Attachment #1: Type: TEXT/PLAIN, Size: 804 bytes --]
Hello Harald,
Here is a new match which adds per tuple packet and byte statistics along
with allowing the user to match on the number of bytes and packets for a
flow.
Iptables userspace patch is against a clean iptables-1.2.7a
Kernel patch is against a clean linux-2.4.19
# cat /proc/net/ip_conntrack
tcp 6 432000 ESTABLISHED src=192.168.1.3 dst=192.168.1.100 sport=22
dport=3368 pkts=39 bytes=4024 src=192.168.1.100 dst=192.168.1.3 sport=3368
dport=22 pkts=47 bytes=3512 use=1
flow v1.2.7a options:
--lt-packet num Match on less than 'num' packet.
--lt-byte num Match on less than 'num' byte.
--gt-packet num Match on greater than or equal 'num' packet.
--gt-byte num Match on greater than or equal 'num' byte.
Thanks,
jay-s.
[-- Attachment #2: Type: APPLICATION/octet-stream, Size: 2189 bytes --]
[-- Attachment #3: Type: APPLICATION/octet-stream, Size: 1809 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] flow statistic match
2002-09-18 6:44 [PATCH] flow statistic match Jay Schulist
@ 2002-09-18 21:41 ` Antony Stone
2002-09-18 10:46 ` Jay Schulist
2002-09-18 21:59 ` Patrick Schaaf
1 sibling, 1 reply; 6+ messages in thread
From: Antony Stone @ 2002-09-18 21:41 UTC (permalink / raw)
To: netfilter
On Wednesday 18 September 2002 7:44 am, Jay Schulist wrote:
> Hello Harald,
> Here is a new match which adds per tuple packet and byte statistics along
> with allowing the user to match on the number of bytes and packets for a
> flow.
>
> Iptables userspace patch is against a clean iptables-1.2.7a
> Kernel patch is against a clean linux-2.4.19
>
> # cat /proc/net/ip_conntrack
> tcp 6 432000 ESTABLISHED src=192.168.1.3 dst=192.168.1.100 sport=22
> dport=3368 pkts=39 bytes=4024 src=192.168.1.100 dst=192.168.1.3 sport=3368
> dport=22 pkts=47 bytes=3512 use=1
>
> flow v1.2.7a options:
> --lt-packet num Match on less than 'num' packet.
> --lt-byte num Match on less than 'num' byte.
> --gt-packet num Match on greater than or equal 'num' packet.
> --gt-byte num Match on greater than or equal 'num' byte.
Consistency with other languages would suggest that --gt- means "greater
than". If you want "greater than or equal" use --ge-
Antony.
--
You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.
- Frank Skinner
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] flow statistic match
2002-09-18 21:41 ` Antony Stone
@ 2002-09-18 10:46 ` Jay Schulist
0 siblings, 0 replies; 6+ messages in thread
From: Jay Schulist @ 2002-09-18 10:46 UTC (permalink / raw)
To: Antony Stone; +Cc: netfilter
On Wed, 18 Sep 2002, Antony Stone wrote:
> > flow v1.2.7a options:
> > --lt-packet num Match on less than 'num' packet.
> > --lt-byte num Match on less than 'num' byte.
> > --gt-packet num Match on greater than or equal 'num' packet.
> > --gt-byte num Match on greater than or equal 'num' byte.
>
> Consistency with other languages would suggest that --gt- means "greater
> than". If you want "greater than or equal" use --ge-
>
We should probably add the syntax --eq- like the ttl match, to make things
even more conistent.
jay-s.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] flow statistic match
2002-09-18 6:44 [PATCH] flow statistic match Jay Schulist
2002-09-18 21:41 ` Antony Stone
@ 2002-09-18 21:59 ` Patrick Schaaf
2002-09-18 22:15 ` Jay Schulist
2002-10-01 8:53 ` Roberto Nibali
1 sibling, 2 replies; 6+ messages in thread
From: Patrick Schaaf @ 2002-09-18 21:59 UTC (permalink / raw)
To: Jay Schulist; +Cc: Harald Welte, netfilter-devel, netfilter
Jay,
> Here is a new match which adds per tuple packet and byte statistics along
> with allowing the user to match on the number of bytes and packets for a
> flow.
Sorry, but another nitpicking comment from me :-)
Is it neccessary to call this "flow"? All the other matches related
to connection tracking, at least keep some semblance of that name in
their own naming. "flow" stands out as some new kind of connection
tracking concept (being in use in other systems for just that purpose,
e.g. the unidirectional Cisco netflow accounting stuff.)
As a proposal out of the blue, what about calling it "ctvolume", instead?
Would it be possible, in the near future, to use a "ctnetlink" interface
to get at the final counters when a conntrack is destroyed? :-)
best regards
Patrick
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] flow statistic match
2002-09-18 21:59 ` Patrick Schaaf
@ 2002-09-18 22:15 ` Jay Schulist
2002-10-01 8:53 ` Roberto Nibali
1 sibling, 0 replies; 6+ messages in thread
From: Jay Schulist @ 2002-09-18 22:15 UTC (permalink / raw)
To: Patrick Schaaf; +Cc: Jay Schulist, Harald Welte, netfilter-devel, netfilter
On Wed, 18 Sep 2002, Patrick Schaaf wrote:
> Is it neccessary to call this "flow"? All the other matches related
> to connection tracking, at least keep some semblance of that name in
> their own naming. "flow" stands out as some new kind of connection
> tracking concept (being in use in other systems for just that purpose,
> e.g. the unidirectional Cisco netflow accounting stuff.)
>
> As a proposal out of the blue, what about calling it "ctvolume", instead?
>
Hello Patrick,
I am not really stuck on a the flow name, it was just what I happened to
call it, we can definately call it something better.
> Would it be possible, in the near future, to use a "ctnetlink" interface
> to get at the final counters when a conntrack is destroyed? :-)
>
Yeah, this is already available with the new iptables2/nfnetlink patches I
will make available in a few days.
J.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] flow statistic match
2002-09-18 21:59 ` Patrick Schaaf
2002-09-18 22:15 ` Jay Schulist
@ 2002-10-01 8:53 ` Roberto Nibali
1 sibling, 0 replies; 6+ messages in thread
From: Roberto Nibali @ 2002-10-01 8:53 UTC (permalink / raw)
To: Patrick Schaaf; +Cc: Jay Schulist, Harald Welte, netfilter-devel, netfilter
Hi.
> As a proposal out of the blue, what about calling it "ctvolume", instead?
Why :)
> Would it be possible, in the near future, to use a "ctnetlink" interface
> to get at the final counters when a conntrack is destroyed? :-)
Roman has done something like that already for our company, the patch (not the
final version, but enough to have a glance at it) can be fetched at:
http://www.drugphish.ch/patches/roman/slog-kernel-2.4.18.diff
Cheers,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-10-01 8:53 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-18 6:44 [PATCH] flow statistic match Jay Schulist
2002-09-18 21:41 ` Antony Stone
2002-09-18 10:46 ` Jay Schulist
2002-09-18 21:59 ` Patrick Schaaf
2002-09-18 22:15 ` Jay Schulist
2002-10-01 8:53 ` Roberto Nibali
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox