Hi all, I'd be interested to know if anyone has combined layer 7 classification with pmacct's traffic aggregation. For example, I would like to combine all Kazaa traffic (per minute) into a single counter.
I'm trying to figure out how this would be done, and it seems tricky. pmacct doesn't seem to have an internal mechanism where the classifier could be attached, so I guess I would have to at least add some code for that. The most popular Linux classifiers seem to be l7-filter and ipp2p, both of which run in kernel space and work with Netfilter Conntrack. So I could use this hook in pmacct to grab data from the conntrack table. I don't want to classify in user space because I also want to do traffic shaping on P2P flows, which seems to require it to be done in the kernel, and I don't want to do it twice. Another option might be to export classified packets from the kernel with ULOG (or divert sockets on BSD), find a way to include the netfilter mark/connmark in the exported packets, and replace the pcap capture code with ULOG/divert capture code. Does anyone have any thoughts on this? Cheers, Chris. -- (aidworld) chris wilson | chief engineer (http://www.aidworld.org) _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
