diff options
Diffstat (limited to '2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex')
| -rw-r--r-- | 2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex b/2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex new file mode 100644 index 0000000..27437ad --- /dev/null +++ b/2005/flow-accounting-ols2005/OLS2005/welte/welte-abstract.tex @@ -0,0 +1,46 @@ + +% Registration Flow based network accounting with Linux +% [2]Register/Submit Proposal Harald Marc Welte (laforge@gnumonks.org) + +Many networking scenarios require some form of +network accounting that goes beyond some +simple packet and byte counters as available +from the `ifconfig' output. + +When people want to do network accouting, the +past and current Linux kernel didn't provide +them with any reasonable mechanism for doing +so. + +Network accounting can generally be done in a +number of different ways. The traditional way +is to capture all packets by some userspace +program. Capturing can be done via a number of +mechanisms such as \ident{PF_PACKET} sockets, \ident{mmap()}ed +\ident{PF_PACKET}, \ident{ipt_ULOG}, or \ident{ip_queue}. This +userspace program then analyzes the packets +and aggregates the result into per-flow data +structures. + +Whatever mechanism used, this scheme has a +fundamental performance limitation, since all +packets need to be copied and analyzed by a +userspace process. + +The author has implemented a different +approach, by which the accounting information +is stored in the in-kernel connection tracking +table of the \ident{ip_conntrack} stateful firewall +state machine. On all firewalls, that state +table has to be kept anyways---the additional +overhead introduced by accounting is minimal. + +Once a connection is evicted from the state +table, its accounting relevant data is +transferred to userspace to a special +accounting daemon for further processing, +aggregation and finally storage in the +accounting log/database. + + + |