File: README

package info (click to toggle)
libnetfilter-acct 1.0.3-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,692 kB
  • sloc: sh: 14,252; ansic: 701; makefile: 30
file content (72 lines) | stat: -rw-r--r-- 2,061 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
= nfacct: the extended accounting infrastructure for Netfilter =

Netfilter provides three accounting mechanisms:

* flow-based accounting through ctnetlink
* packet-based accounting through NFLOG
* extended accounting through nfacct (since Linux 3.3)

The libnetfilter_acct library provides the programming interface (API)
for the extended accounting infrastructure.

== Flow-based accounting through ctnetlink ==

This mechanism allows you to account the number of packets and bytes
of one given flow. This information is obtained via netlink event once
the flow is closed with:

 # conntrack -E

You can get real-time accounting packets and bytes per flow by polling:

 # conntrack -L

== Packet-based accounting through NFLOG ==

This mechanism allows you to add specific iptables rules to log packets
that match some specific condition:

 # iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix "http: "

== nfacct: extended accounting infrastructure ==

This mechanism allows you to create one accounting object:

 libnetfilter_acct/examples# ./nfacct-add http-traffic

Then, you can use it in iptables:

 # iptables -I INPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic
 # iptables -I OUTPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic

You can obtain the counters via libnetfilter_acct:

 libnetfilter_acct/examples# ./nfacct-get
 http-traffic = { pkts = 000000061152,   bytes = 000082999936 };

To enable the extended accounting infrastructure in kernel-space, make sure
you enable NFNETLINK_ACCT and XT_MATCH_NFACCT config options in your Linux
kernel.

For further information, please refer to the doxygen documentation available.

== Compilation & Installation ==

First, you have to run:

 autoreconf -fi

If you got a working copy from git. Then:

 ./configure --prefix=/usr
 make
 make check # if you want to build the library examples
 sudo make install

== Licensing terms ==

This library is licensed under LGPLv2.1+.

--
(c) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
(c) 2011 Intra2Net AG <http://www.intra2net.com>