From fca59bea770346cf1c1f9b0e00cb48a61b44a8f3 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 25 Oct 2015 21:00:20 +0100 Subject: import of old now defunct presentation slides svn repo --- 2005/flow-accounting-lt2005/abstract | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 2005/flow-accounting-lt2005/abstract (limited to '2005/flow-accounting-lt2005/abstract') diff --git a/2005/flow-accounting-lt2005/abstract b/2005/flow-accounting-lt2005/abstract new file mode 100644 index 0000000..30c3f4c --- /dev/null +++ b/2005/flow-accounting-lt2005/abstract @@ -0,0 +1,28 @@ +Flow based network accounting with Linux + +Many networking scenarios require some form of network accounting that goes +beyond some simple packet and byte counters as available from the 'ifconfig' +output. + +When people want to do network accouting, the past and current Linux kernel +didn't provide them with any reasonable mechanism for doing so. + +Network accounting can generally be done in a number of different ways. The +traditional way is to capture all packets by some userspace program. Capturing +can be done via a number of mechanisms such as PF_PACKET sockets, mmap()ed +PF_PACKET, ipt_ULOG, or ip_queue. This userspace program then analyzes the +packets and aggregates the result into per-flow data structures. + +Whatever mechanism used, this scheme has a fundamental performance limitation, +since all packets need to be copied and analyzed by a userspace process. + +The author has implemented a different approach, by which the accounting +information is stored in the in-kernel connection tracking table of the +ip_conntrack stateful firewall state machine. On all firewalls, that +state table has to be kept anyways - the additional overhead introduced by +accounting is minimal. + +Once a connection is evicted from the state table, it's accounting relevant +data is transferred to userspace to a special accounting daemon for further +processing, aggregation and finally storage in the accounting log/database. + -- cgit v1.2.3