= nfacct: the extended accounting infrastructure for Netfilter =
Netfilter provides three accounting mechanisms:
* flow-based accounting through ctnetlink
* packet-based accounting through NFLOG
* extended accounting through nfacct (since Linux 3.3)
The libnetfilter_acct library provides the programming interface (API)
for the extended accounting infrastructure.
== Flow-based accounting through ctnetlink ==
This mechanism allows you to account the number of packets and bytes
of one given flow. This information is obtained via netlink event once
the flow is closed with:
# conntrack -E
You can get real-time accounting packets and bytes per flow by polling:
# conntrack -L
== Packet-based accounting through NFLOG ==
This mechanism allows you to add specific iptables rules to log packets
that match some specific condition:
# iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix "http: "
== nfacct: extended accounting infrastructure ==
This mechanism allows you to create one accounting object:
libnetfilter_acct/examples# ./nfacct-add http-traffic
Then, you can use it in iptables:
# iptables -I INPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic
# iptables -I OUTPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic
You can obtain the counters via libnetfilter_acct:
libnetfilter_acct/examples# ./nfacct-get
http-traffic = { pkts = 000000061152, bytes = 000082999936 };
To enable the extended accounting infrastructure in kernel-space, make sure
you enable NFNETLINK_ACCT and XT_MATCH_NFACCT config options in your Linux
kernel.
For further information, please refer to the doxygen documentation available.
== Compilation & Installation ==
First, you have to run:
autoreconf -fi
If you got a working copy from git. Then:
./configure --prefix=/usr
make
make check # if you want to build the library examples
sudo make install
== Licensing terms ==
This library is licensed under LGPLv2.1+.
--
(c) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
(c) 2011 Intra2Net AG <http://www.intra2net.com>