Hi Paolo,
Did this ever go anywhere? I am currently looking at my (accounting)
options for my new border routers. Using uacct would be rather nice due
its ability to easily determine the direction of traffic on a given
interface (without having to rely on mac-addresses or similar trick, as
discussed some time ago). However, the lack of support for IPv6 would be
close to being a showstopper.
Also, the documentation regarding uacct is still rather minimal. I
can't, for example, not really determine how to properly configure
iptables/uacct for "medium" traffic loads (between 100Mbps/10Kpps and
1Gbps/100Kpps). Stuff like snaplen and iptables' --ulog-cprange and
--ulog-qthreshold seem like proper tuning knobs, but without any
concrete info...
Regards,
Ruben Laban
On 05/Apr/2011 23:48, Paolo Lucente wrote:
Hi Neil,
Thanks for the initial pointers. Agree on your feeling of very sparse
documentation. Do you have a text box with IPv6 traffic passing by that
i can log on remotely? It would help to get a bit the grasp of how much
work this actually is and how to keep both ULOG and NFLOG interfaces up
and running. Makes sense to follow-up privately if you (or anybody else
reading) have the testbed available and summarize here at a later stage
when things become more clear.
Cheers,
Paolo
On Sat, Apr 02, 2011 at 08:24:24AM +0100, Neil Wilson wrote:
On Fri, 2011-04-01 at 17:28 +0000, Paolo Lucente wrote:
Hi Neil,
If such an issue exists, it's certainly not a problem fixing it. But
since i'm not the greatest expert of the ULOG API i would need you to
be somewhat more verbose with your comment. Suggestions are certainly
appreciated; perhaps you can offer access to a testbed or contribute
code yourself?
Cheers,
Paolo
Sorry. Final thing on a Friday is probably not the best time to be
posting your first message on a board.
Since the answer wasn't "Oh yes you just do this to support NFLOG" I
guess that means I get to write the code to make it work. I hope you
don't mind giving me a few pointers into your code.
The standard ip6tables interface doesn't have a ULOG target only an
NFLOG target and its clear from what little netfilter documentation
there is that NFLOG is the interface of preference for the future. At
least until they change their mind again.
The documentation is particularly sparse and I've only done a
preliminary search through the libraries. However I'm hoping that it
shouldn't be too difficult to switch the formats across.
The user level interface to the NFLOG structure appears to be a library
called 'libnetfilter_log' documented here:
http://www.netfilter.org/projects/libnetfilter_log/doxygen/
with a test program here:
http://www.netfilter.org/projects/libnetfilter_log/doxygen/nfulnl__test_8c_source.html
which appears to use a callback structure to handle the incoming
packets.
Do you think including this would be the best way in, or should I stick
with the lower level netlink interface as used for ULOG?
Rgs
Neil
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
