From owner-freebsd-net@FreeBSD.ORG Thu Jun 26 22:57:05 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89C8637B401; Thu, 26 Jun 2003 22:57:05 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 033BA43FE5; Thu, 26 Jun 2003 22:57:05 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h5R5uukN079771; Thu, 26 Jun 2003 22:56:56 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h5R5uuwT079770; Thu, 26 Jun 2003 22:56:56 -0700 (PDT) (envelope-from rizzo) Date: Thu, 26 Jun 2003 22:56:56 -0700 From: Luigi Rizzo To: Robert Watson Message-ID: <20030626225656.A79716@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from rwatson@freebsd.org on Thu, Jun 26, 2003 at 07:05:57PM -0400 cc: net@freebsd.org cc: Julian Elischer cc: Adam Subject: Re: Bandwidth monitoring X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2003 05:57:05 -0000 On Thu, Jun 26, 2003 at 07:05:57PM -0400, Robert Watson wrote: ... > > that an ISP is likely to charge for and have the tables 'reaped every > > now and then by a daemon to give a time dimension to the data.. > > Well, the case that this code was designed for was passive monitoring of > many IPs over many systems (some of which have a large number of IP > addresses, each to be separately billed). I also wanted to specifically > disqualify local traffic between the hosts, since that wasn't part of the > billing structure. You could certainly implement this using ipfw > accounting, but only if you wanted to add one firewall rule for each > matching case of interest (since we needed to separately measure), and you just for the records, you can do counting on a per-host basis with a single ipfw rule, using dummynet pipes: ... rules to remove undesired traffic... ipfw add pipe 1 ip from ${my_subnet} to not ${my_subnet} in ipfw pipe 1 config mask src-ip 0xffffffff sysctl net.inet.ip.dummynet.expire=0 This of course requires that the traffic you are interested in flows through the box where you are running the above ipfw config. cheers luigi