Date: Sun, 28 Jun 2020 13:15:33 +0300 From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com> To: Kristof Provost <kp@freebsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: pf - state counter tracking like pfsync Message-ID: <CAAcX-AEWxCOmOaySnq3vrEq2FGf3dgbemWceaYqae8iGdYCRdA@mail.gmail.com> In-Reply-To: <0DDD2D56-A3F9-4062-9F45-266F41FA641C@FreeBSD.org> References: <CAAcX-AFzvUMGpqf7joXgTV-gx9QLm8EEwS%2BfPhfYVjC5pqgpgA@mail.gmail.com> <0DDD2D56-A3F9-4062-9F45-266F41FA641C@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for the clarification. On Sun, Jun 28, 2020 at 1:10 PM Kristof Provost <kp@freebsd.org> wrote: > On 26 Jun 2020, at 13:56, =C3=96zkan KIRIK wrote: > > My goal is save pkt/byte counters of each expired/killed/closed states > > into > > a txt file. > > What is the right way to do this in userspace ? > > There=E2=80=99s no real right way to do this using pf. There are a couple= of > things that=E2=80=99ll get close, but no 100% solution. > > > Is it possible to do something with ioctl & poll ? > > > No. You could poll the states, but you=E2=80=99d heavily affect throughpu= t and > you=E2=80=99re going to miss data. > > > Alternatively is it possible to create multiple pfsync interfaces, > > first > > one for real purpose to send state changes to slave host, the second > > one > > for sending this log collect process lo1? > > > No, it=E2=80=99s not possible to create more than one pfsync interface. P= fsync > can send its data to a multicast group, so you could have multiple > subscribers. > > Note that pfsync optimises updates, so it=E2=80=99s likely that short-liv= ed > connections (i.e. where the connection is set up, used and closed before > the next sync) will not result in sync messages. > > > Following lines prevents cloning second pfsync interface: > > /usr/src/sys/netpfil/pf/if_pfsync.c on line 331 (pfsync_clone_create > > function) > > > > if (unit !=3D 0) > > return (EINVAL); > > > > If I remove these lines, do I hit any error ? > > > Yes, that will break. Pfsync is not designed to have multiple > interfaces. > > Kristof >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AEWxCOmOaySnq3vrEq2FGf3dgbemWceaYqae8iGdYCRdA>