ipt_ACCOUNT is a high performance local network accounting system written for the Linux netfilter/iptables system.


2011-01-19: Version 1.16 of ipt_ACCOUNT released 2009-04-14: Version 1.15 of ipt_ACCOUNT released 2009-02-05: Developer section improvements


ipt_ACCOUNT is designed to be queried for data every second or at least every ten seconds. It is written as kernel module to handle high bandwidths without packet loss.

The largest possible subnet size is 24 bit, meaning f.e. networks. Therefore it's able to use a fixed internal data structures which speeds up the processing speed for each packet. Furthermore, accounting data for one complete 192.168.1.X/24 network takes 4kb of memory. Memory for 16 or 24 bit networks is only allocated when needed.

The data is queried using the userspace libipt_ACCOUNT library. There is no /proc interface as it would be too slow for continuous access. The read&flush query operation is the fastest, as no internal data snapshot needs to be created&copied for all data. Use the "read" operation without flush only for debugging purposes!

To optimize the kernel<->userspace data transfer a bit more, the kernel module only transfers information about IPs, where the src/dst packet counter is not 0. This saves precious kernel time.


ipt_ACCCOUNT is licensed under GPL 2 (not any later)