Installation

- Install the pom-ng-ipt_ACCOUNT archive in your patch-o-matic-ng directory
- Patch your kernel and userspace iptables tool: "./runme ACCOUNT"
- Recompile the kernel and iptables

- Unpack the libipt_ACCOUNT library archive
- Run autoreconf -f
- ./configure && make && make install

You can also install & build the provided .src.prm

Usage

It takes two parameters:
--addr is the subnet which is accounted for
--tname is the table name where the information is stored

The data can be queried later using the libipt_ACCOUNT userspace library or by the "iptaccount" tool which is part of the libipt_ACCOUNT package.

A special subnet is "0.0.0.0/0": All data is stored in the src_bytes and src_packets structure of slot "0". This is useful if you want to account the overall traffic to/from your internet provider.

Here's an example:
iptables -A OUTPUT -j ACCOUNT --addr 0.0.0.0/0 --tname all_outgoing
iptables -A OUTPUT -j ACCOUNT --addr 192.168.1.0/24 --tname sales

This creates two tables called "all_outgoing" and "sales" which can be queried using the userspace library/iptaccount tool.

What can I do with the userspace "iptaccount" tool?
"iptcount" is a reference implementation to show the usage
of the libipt_ACCOUNT library. It features the following commandline options:

[-u] show kernel handle usage
[-h] free all kernel handles (experts only!)
[-a] list all table names

[-l name] show table data
[-f] flush data after show
[-c] loop every second (abort with CTRL+C)

Here's the output of an iptaccount session:

ipt_ACCOUNT userspace accounting tool v1.0

Showing table: outgoing
Run #0 - 1 item found
IP: 0.0.0.0 SRC packets: 4 bytes: 1128 DST packets: 0 bytes: 0
Finished.