Skip to content
/ xt_pktstat Public
forked from jlafaye/xt_pktstat

High frequency packet accounting with netfilter

0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jiangxianliang/xt_pktstat

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits

iptables

iptables

 
 

kernel

kernel

 
 

tools/python

tools/python

 
 

README

README

 
 

README.md

README.md

 
 

Repository files navigation

xt_pktstat; an iptable module for high frequency packet accounting

The project features several components:

  • A loadable kernel module that keeps track of number of frames and bytes received per submillisecond time windows.
  • An iptables shared library to add/configure/remove rules
  • A /proc subdirectory to easily use statistics in user programs

And is divided into the following directories:

  • kernel: loadable kernel module, accounting code
  • iptables: userland shared library to manage accounting rules

Internally, xt_pkstat uses a FIFO filled in a netfilter hook and emptied when reading pseudo-file in /proc. It is up to the user program to ensure that the pseudo-file is regulary read to prevent statistics from accumulating in the FIFO. In case of a full FIFO, network stack will not be able to push new statistics samples onto the FIFO. Consistency of the statistics will be kept but accuracy will be lost.

Compilation of kernel module

cd kernel
make modules
make modules_install

Kernel headers are required for the compilation to succeed. The Makefile should automatically detect the location of those headers. If this is not the case, you can select by overriding the KERNEL_DIR variable using by the compilation script

make KERNEL_DIR=/lib/modules/3.0.0-1-686-pae/build modules

(Re)create module dependencies

depmod -a

Compilation of userland shared library

cd iptables
make all

Iptables development package must be installed for the library to compile. In case headers are not installed in a standard location, CFLAFS can be changed in the Makefile

Creating a filter and examining data

Load kernel module

modprobe xt_pktstat

Successful loading of the module can be checked in kernel log file, usually /var/log/messages:

grep xt_pktstat /var/log/messages
[29246.414327] xt_pktstat: init! size:24

Display help and usage for the pktstat module, iptables command must be prefixed with the location of the libxt_pktstat.so shared library.

XTABLES_LIBDIR=$PWD:/lib/xtables iptables -m pktstat --help

Create a basic rule, with e.g. the following parameters

  • period: width of a time bucket, here 100ms
  • samples: max number of samples allowed in the fifo, here 20
XTABLES_LIBDIR=$PWD:/lib/xtables iptables -m pktstat --period 100 --samples 20 -A INPUT

Read the data

cat /proc/net/xt_pktstat/0/data
# timestamp frames bytes
1313702809400000000 1235 485932
1313702809500000000 1235 485932
1313702809600000000 1235 485932
1313702809700000000 1235 485932

Sample graphical output

TODO

About

High frequency packet accounting with netfilter

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 98.3%
  • Makefile 1.7%