we are trying to get per-client traffic accounting on a comcerto2k-based board which functions as a router. When the PFE engine is not enabled, we have verified that once we add iptables rules for each NAT'ed IP, we can get byte counts for these rules (the traditional way to do traffic accounting).
When enabling PFE, since the "-t nat" rules are not hit once a connection enters "fast forwarding" mode, we can not rely on the iptables counters anymore.
Is there support in the PFE engine to provide per-IP (or per-MAC or similar) traffic accounting ? Is this something that can be implemented via pfe, or is this not supported by design ?