ipt_ACCOUNT is a high performance local network accounting
system written for the Linux netfilter/iptables system.
News2011-01-19: Version 1.16 of ipt_ACCOUNT released
- Support for kernel 2.6.36 / 2.6.37
- Support for iptables 1.4.3 and 1.4.4 by Blazej
iptables 1.4.2 and below is no longer supported
- Support for kernel 2.6.29 / 2.6.28 and newer
- Public repositories for simple contribution
- Mailinglists for better user communication
- Clear structure and therefore new URLs (update Links please)
ipt_ACCOUNT is designed to be queried for data every second or at least every ten seconds. It is written as kernel module to handle high bandwidths without packet loss.
The largest possible subnet size is 24 bit, meaning f.e. 10.0.0.0/8 networks. Therefore it's able to use a fixed internal data structures which speeds up the processing speed for each packet. Furthermore, accounting data for one complete 192.168.1.X/24 network takes 4kb of memory. Memory for 16 or 24 bit networks is only allocated when needed.
The data is queried using the userspace libipt_ACCOUNT library. There is no /proc interface as it would be too slow for continuous access. The read&flush query operation is the fastest, as no internal data snapshot needs to be created&copied for all data. Use the "read" operation without flush only for debugging purposes!
To optimize the kernel<->userspace data transfer a bit more, the kernel module only transfers information about IPs, where the src/dst packet counter is not 0. This saves precious kernel time.
ipt_ACCCOUNT is licensed under GPL 2 (not any later)