Hi Ruben, On Mon, Mar 26, 2012 at 03:56:25PM +0200, Ruben Laban wrote:
> Did this ever go anywhere? I am currently looking at my (accounting) > options for my new border routers. Using uacct would be rather nice due > its ability to easily determine the direction of traffic on a given > interface (without having to rely on mac-addresses or similar trick, as > discussed some time ago). However, the lack of support for IPv6 would be > close to being a showstopper. The NFLOG interface implementation did not move forward. Both for lack of resources (i don't have a software router/firewall handy to accurately test against) and lack of time (ie. developments that have greater priority given the bigger attention from end-users). > Also, the documentation regarding uacct is still rather minimal. I > can't, for example, not really determine how to properly configure > iptables/uacct for "medium" traffic loads (between 100Mbps/10Kpps and > 1Gbps/100Kpps). Stuff like snaplen and iptables' --ulog-cprange and > --ulog-qthreshold seem like proper tuning knobs, but without any > concrete info... On one hand probably you can read plenty on how to set these knobs around the web; on the other, it would be surely nice to include such pointers in the pmacct documentation itself for ease of retrieval from other users. It would be also nice if anybody reading is willing to provide their own dimensioning figures as these can result useful to build docs around them. Cheers, Paolo > On 05/Apr/2011 23:48, Paolo Lucente wrote: >> Hi Neil, >> >> Thanks for the initial pointers. Agree on your feeling of very sparse >> documentation. Do you have a text box with IPv6 traffic passing by that >> i can log on remotely? It would help to get a bit the grasp of how much >> work this actually is and how to keep both ULOG and NFLOG interfaces up >> and running. Makes sense to follow-up privately if you (or anybody else >> reading) have the testbed available and summarize here at a later stage >> when things become more clear. >> >> Cheers, >> Paolo >> >> On Sat, Apr 02, 2011 at 08:24:24AM +0100, Neil Wilson wrote: >>> On Fri, 2011-04-01 at 17:28 +0000, Paolo Lucente wrote: >>>> Hi Neil, >>>> >>>> If such an issue exists, it's certainly not a problem fixing it. But >>>> since i'm not the greatest expert of the ULOG API i would need you to >>>> be somewhat more verbose with your comment. Suggestions are certainly >>>> appreciated; perhaps you can offer access to a testbed or contribute >>>> code yourself? >>>> >>>> Cheers, >>>> Paolo >>>> >>> >>> Sorry. Final thing on a Friday is probably not the best time to be >>> posting your first message on a board. >>> >>> Since the answer wasn't "Oh yes you just do this to support NFLOG" I >>> guess that means I get to write the code to make it work. I hope you >>> don't mind giving me a few pointers into your code. >>> >>> The standard ip6tables interface doesn't have a ULOG target only an >>> NFLOG target and its clear from what little netfilter documentation >>> there is that NFLOG is the interface of preference for the future. At >>> least until they change their mind again. >>> >>> The documentation is particularly sparse and I've only done a >>> preliminary search through the libraries. However I'm hoping that it >>> shouldn't be too difficult to switch the formats across. >>> >>> The user level interface to the NFLOG structure appears to be a library >>> called 'libnetfilter_log' documented here: >>> >>> http://www.netfilter.org/projects/libnetfilter_log/doxygen/ >>> >>> with a test program here: >>> >>> http://www.netfilter.org/projects/libnetfilter_log/doxygen/nfulnl__test_8c_source.html >>> >>> which appears to use a callback structure to handle the incoming >>> packets. >>> >>> Do you think including this would be the best way in, or should I stick >>> with the lower level netlink interface as used for ULOG? >>> >>> Rgs >>> >>> Neil >>> >> >> _______________________________________________ >> pmacct-discussion mailing list >> http://www.pmacct.net/#mailinglists > _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
