From owner-freebsd-net@FreeBSD.ORG  Thu Jun 26 22:57:05 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 89C8637B401; Thu, 26 Jun 2003 22:57:05 -0700 (PDT)
Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 033BA43FE5; Thu, 26 Jun 2003 22:57:05 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: from xorpc.icir.org (localhost [127.0.0.1])
	by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h5R5uukN079771;
	Thu, 26 Jun 2003 22:56:56 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: (from rizzo@localhost)
	by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h5R5uuwT079770;
	Thu, 26 Jun 2003 22:56:56 -0700 (PDT)
	(envelope-from rizzo)
Date: Thu, 26 Jun 2003 22:56:56 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: Robert Watson <rwatson@freebsd.org>
Message-ID: <20030626225656.A79716@xorpc.icir.org>
References: <Pine.BSF.4.21.0306261555530.12070-100000@InterJet.elischer.org>
	<Pine.NEB.3.96L.1030626190216.67803B-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <Pine.NEB.3.96L.1030626190216.67803B-100000@fledge.watson.org>;
	from rwatson@freebsd.org on Thu, Jun 26, 2003 at 07:05:57PM -0400
cc: net@freebsd.org
cc: Julian Elischer <julian@elischer.org>
cc: Adam <blueeskimo@gmx.net>
Subject: Re: Bandwidth monitoring
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2003 05:57:05 -0000

On Thu, Jun 26, 2003 at 07:05:57PM -0400, Robert Watson wrote:
...
> > that an ISP is likely to charge for and have the tables 'reaped every
> > now and then by a daemon to give a time dimension to the data.. 
> 
> Well, the case that this code was designed for was passive monitoring of
> many IPs over many systems (some of which have a large number of IP
> addresses, each to be separately billed).  I also wanted to specifically
> disqualify local traffic between the hosts, since that wasn't part of the
> billing structure.  You could certainly implement this using ipfw
> accounting, but only if you wanted to add one firewall rule for each
> matching case of interest (since we needed to separately measure), and you

just for the records, you can do counting on a per-host basis with
a single ipfw rule, using dummynet pipes:

	... rules to remove undesired traffic...
	ipfw add pipe 1 ip from ${my_subnet} to not ${my_subnet} in
	ipfw pipe 1 config mask src-ip 0xffffffff
	sysctl net.inet.ip.dummynet.expire=0

This of course requires that the traffic you are interested in
flows through the box where you are running the above ipfw config.

	cheers
	luigi