From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 01:28:53 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D793C16A4CE for ; Wed, 10 Dec 2003 01:28:53 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7BF643D3B for ; Wed, 10 Dec 2003 01:28:41 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.9p1/8.12.3) with ESMTP id hBA9Sf2e012313; Wed, 10 Dec 2003 01:28:41 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.9p1/8.12.3/Submit) id hBA9SfmH012312; Wed, 10 Dec 2003 01:28:41 -0800 (PST) (envelope-from rizzo) Date: Wed, 10 Dec 2003 01:28:41 -0800 From: Luigi Rizzo To: Eugene Grosbein Message-ID: <20031210012840.A93359@xorpc.icir.org> References: <3FD6E1C2.DF8EC599@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3FD6E1C2.DF8EC599@kuzbass.ru>; from eugen@kuzbass.ru on Wed, Dec 10, 2003 at 04:05:06PM +0700 cc: net@freebsd.org Subject: Re: ipfwshow as shell builtin? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 09:28:54 -0000 On Wed, Dec 10, 2003 at 04:05:06PM +0700, Eugene Grosbein wrote: > Hi! > > There are some tasks that are can be easily and efficiently solved > with ipfw(8). For example, it can summarize traffic delivered > over ethernet with unicast packets (ipfw2 feature), or make sums > of traffic from/to distinct network blocks. It's not about generic > detailed traffic accounting, it's about simple sums (f.e. for MRTG). > > The problem is how to get these values easly and efficiently for > the same time. To supply values for MRTG I use net-snmpd and its > 'pass_persist' feature (think about one MRTG and many monitires hosts). > > Simple shell script uses 'ipfw show' to return values. > It is easy but still is not very optimal. There is additional > fork+exec of /sbin/ipfw still. how often do you want to do this ? if it is once per second you do not care about the fork+exec overhead -- if it is more often, then you might start to care about the getsockopt overhead (basically forwarding is blocked while the kernel navigates through the ipfw data structures), and then you probably have some external program to parse the ipfw output, etc. so in the end i believe making ipfw a shell builtin will gain you close to nothing. cheers luigi > It would be nice to have something lightweight like 'ipfwshow' > as /bin/sh builtin, isn't it? > Eugene Grosbein > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"