From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 20 15:25:18 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6572116A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Mar 2005 15:25:18 +0000 (GMT)
Received: from ss.eunet.cz (ss.eunet.cz [193.85.228.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 93D0143D46
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Mar 2005 15:25:17 +0000 (GMT)
	(envelope-from mime@traveller.cz)
Received: from localhost.i.cz (ss.eunet.cz [193.85.228.13])
	by ss.eunet.cz (8.13.1/8.13.1) with ESMTP id j2KFPFZS047090;
	Sun, 20 Mar 2005 16:25:15 +0100 (CET)
	(envelope-from mime@traveller.cz)
From: Michal Mertl <mime@traveller.cz>
To: "Eugene M. Minkovskii" <emin@mccme.ru>
In-Reply-To: <20050320093159.GA3213@mccme.ru>
References: <20050320093159.GA3213@mccme.ru>
Content-Type: text/plain; charset=ISO-8859-2
Date: Sun, 20 Mar 2005 16:25:14 +0100
Message-Id: <1111332314.648.44.camel@genius2.i.cz>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.4 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 8bit
cc: freebsd-questions@freebsd.org
Subject: Re: OpenBSD's pf and traffic
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Mar 2005 15:25:18 -0000

Eugene M. Minkovskii píše v ne 20. 03. 2005 v 12:31 +0300:
> Hello!
> 
> Does any body know, how can I use OpenBSD's pf (packet filter) for
> determine total traffic volume on network interface? If it's
> impossible, what facility you recommend me to do this?
> 

I don't know much about pf, but I use ipfw and /usr/ports/sysutils/ipa
for the purpose. Works very well for me. IPFW itself has counters but
ipa makes the stats persist across reboots and changes to the ruleset.
Be carefull not to reconfigure ipfw from under running ipa - it will
think the counters overflowed and add huge numbers to the last known
value. Additionally ipa can do much more than just simple counters.

I configure it like this:

ipfw:
100 add allow all from any to any in via xl0
110 add allow all from any to any out via xl0

ipa(/usr/local/etc/ipa.conf):
rule xl0-in {
    ipfw = 100
    info = Incoming traffic for xl0
}
rule xl0-out {
    ipfw = 110
    info = Outgoing traffic for xl0
}

HTH

Michal Mertl