ipt_ACCOUNT

ipt_ACCOUNT is a high performance local network accounting system written for the Linux netfilter/iptables system.

News

2011-01-19: Version 1.16 of ipt_ACCOUNT released
  • Support for kernel 2.6.36 / 2.6.37
  • Support for iptables 1.4.3 and 1.4.4 by Blazej
    iptables 1.4.2 and below is no longer supported
2009-04-14: Version 1.15 of ipt_ACCOUNT released
  • Support for kernel 2.6.29 / 2.6.28 and newer
2009-02-05: Developer section improvements
  • Public repositories for simple contribution
  • Mailinglists for better user communication
  • Clear structure and therefore new URLs (update Links please)

Description

ipt_ACCOUNT is designed to be queried for data every second or at least every ten seconds. It is written as kernel module to handle high bandwidths without packet loss.

The largest possible subnet size is 24 bit, meaning f.e. 10.0.0.0/8 networks. Therefore it's able to use a fixed internal data structures which speeds up the processing speed for each packet. Furthermore, accounting data for one complete 192.168.1.X/24 network takes 4kb of memory. Memory for 16 or 24 bit networks is only allocated when needed.

The data is queried using the userspace libipt_ACCOUNT library. There is no /proc interface as it would be too slow for continuous access. The read&flush query operation is the fastest, as no internal data snapshot needs to be created&copied for all data. Use the "read" operation without flush only for debugging purposes!

To optimize the kernel<->userspace data transfer a bit more, the kernel module only transfers information about IPs, where the src/dst packet counter is not 0. This saves precious kernel time.

 

License

ipt_ACCCOUNT is licensed under GPL 2 (not any later)

© Intra2net AG 2014
Imprint     Contact

axolotl