From owner-freebsd-hackers Tue Jun 6 3:33:36 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from outpost.huebner.org (hans.walledcity.de [212.84.209.59]) by hub.freebsd.org (Postfix) with ESMTP id 835BC37B517 for ; Tue, 6 Jun 2000 03:33:25 -0700 (PDT) (envelope-from hans@Huebner.ORG) Received: from localhost.huebner.org ([127.0.0.1] helo=localhost ident=hans) by outpost.huebner.org with esmtp (Exim 3.13 #1) id 12zGfh-0002H6-00 for freebsd-hackers@freebsd.org; Tue, 06 Jun 2000 12:33:21 +0200 Date: Tue, 6 Jun 2000 12:33:21 +0200 (CEST) From: Hans Huebner To: freebsd-hackers@freebsd.org Subject: IP prepaid accounting Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi there, I am in need of a prepaid IP accounting scheme for FreeBSD. What I want to be able to do is: I want to allocate a certain byte quota to an IP adress (or a subnetwork) and have the kernel automatically block the adress as soon as the quota has been used up, optionally generating a kernel message. This can, of course, be implemented in user space by polling some ipfw counters and adding the blocking rules as soon as the limit has been reached, but somehow I'd like a kernel based solution better. I'd want to have a few additions to "ipfw" which would work like this: To set up a quota entry, one would use ipfw quota quota [ warn ] where would be a alphanumeric identifier and would be the quota allocated. would be a byte count which would define at what remaining byte quota the kernel would generate a warning message. To actually use a quote set up like this, a new action for ipfw would be defined which would deduct the packet being processed from a quota entry and block the packet if the quota has been used up: ipfw add quota ip from A to B Typically, this system would be used in conjunction with a program listening for syslog messages and processing the quota-related messages. My questions are: Would this be useful to anyone else? Are there any suggestions? Is blocking the packet the only meaningful action which would be taken when the quota has been used up? Should the blocking action be handled from user mode instead? Thanks, Hans -- finger hans@huebner.org for details To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message