ipt_ACCOUNT is a robust local network accounting software built for Linux netfilter/iptables system. It offers unparalleled performance and accuracy in tracking network usage and is a trusted tool for organizations that require precise network accounting.
Once the data is collected, it can be queried later using the libipt_ACCOUNT userspace library or by using the "iptaccount" tool that comes with the libipt_ACCOUNT package. A special subnet that's worth noting is "0.0.0.0/0," where all data is stored in the "src_bytes" and "src_packets" structure of the "0" slot. This is particularly useful if you need to account for overall traffic to and from your internet provider.
ipt_ACCOUNT is capable of handling high bandwidths without any packet loss because it's designed to be queried for data every second or at least every ten seconds. It's also written as a kernel module that's able to process data as quickly as possible to save time. The largest possible subnet size is 24-bit, meaning that it's able to use fixed internal data structures, which speeds up the processing speed for each packet. Additionally, accounting data for one complete 192.168.1.X/24 network takes only 4kb of memory. Memory for 16 or 24 bit networks is allocated only when needed.
In terms of querying the data, the userspace libipt_ACCOUNT library is what you need. There's no /proc interface because it would be too slow for continuous access. The read&flush query operation is the fastest since no internal data snapshot needs to be created and copied for all data. However, the "read" operation without flush is only recommended for debugging purposes.
To optimize the kernel/userspace data transfer, the kernel module only transfers information about IPs where the "src/dst" packet counter is not 0. This saves precious kernel time. The installation process is straightforward: install the pom-ng-ipt_ACCOUNT archive in your patch-o matic-ng directory, patch your kernel, patch the userspace iptables tool with the iptables-ext ipt_ACCOUNT.patch, recompile the kernel, recompile iptables tool, unpack the libipt_ACCOUNT archive, run autoreconf -f ./configure && make && make install. You can also install and build the provided .src.prm for additional functionalities Overall, ipt_ACCOUNT is a great software tool that's definitely worth checking out!
Version 1.15: N/A