path: root/README
diff options
authorPablo Neira Ayuso <>2011-12-29 19:13:16 +0100
committerPablo Neira Ayuso <>2011-12-29 19:19:27 +0100
commit96850b291a147226210b9fb71fff59e6880a4b02 (patch)
treedef30fffa6c75248b5eae06cc493fd97c898a645 /README
parent14e2a84c721bd25f281e3aa0b5a02362256ad790 (diff)
update README file
Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'README')
1 files changed, 16 insertions, 22 deletions
diff --git a/README b/README
index 9901a46..8026121 100644
--- a/README
+++ b/README
@@ -1,23 +1,13 @@
-= libnetfilter_acct: area-based accounting for netfilter =
+= nfacct: the extended accounting infrastructure for Netfilter =
-Netfilter provides several accounting mechanisms:
+Netfilter provides three accounting mechanisms:
-* flow-based accouting through ctnetlink
+* flow-based accounting through ctnetlink
* packet-based accounting through NFLOG
+* extended accounting through nfacct (since Linux 3.3)
-This library contains the user-space part of a third new mechanism that
-provides area-based accounting.
-You have to get the kernel part from:
- git clone -b nf git://
-Or you can obtain the patches that apply to 3.2-rc from the cgit interface:
- http:/
-Make sure you compile the kernel with NFNETLINK_ACCT and XT_TARGET_NFACCT
+The libnetfilter_acct library provides the programming interface (API)
+for the extended accounting infrastructure.
== Flow-based accounting through ctnetlink ==
@@ -38,23 +28,27 @@ that match some specific condition:
# iptables -I INPUT -p tcp --dport 80 -j LOG --log-prefix "http: "
-== Area-based accouting ==
+== nfacct: extended accounting infrastructure ==
-This mechanism allows you to create one accounting area:
+This mechanism allows you to create one accounting object:
- libnetfilter_acct/examples# ./nfacct-create http-traffic
+ libnetfilter_acct/examples# ./nfacct-add http-traffic
Then, you can use it in iptables:
- # iptables -I INPUT -p tcp --dport 80 -j NFACCT --nfacct-name http-traffic
- # iptables -I OUTPUT -p tcp --sport 80 -j NFACCT --nfacct-name http-traffic
+ # iptables -I INPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic
+ # iptables -I OUTPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic
You can obtain the counters via libnetfilter_acct:
libnetfilter_acct/examples# ./nfacct-get
http-traffic = { pkts = 000000061152, bytes = 000082999936 };
-You can perform different actions like dumping the counters and reset them.
+To enable the extended accounting infrastructure in kernel-space, make sure
+you enable NFNETLINK_ACCT and XT_MATCH_NFACCT config options in your Linux
+For further information, please refer to the doxygen documentation available.
(c) 2011 Pablo Neira Ayuso <>