Date: Wed, 10 Dec 2003 10:05:37 -0800 From: Kris Kennaway <kris@FreeBSD.org> To: Eugene Grosbein <eugen@kuzbass.ru> Cc: net@freebsd.org Subject: Re: ipfwshow as shell builtin? Message-ID: <20031210180537.GC98679@hub.freebsd.org> In-Reply-To: <3FD6E1C2.DF8EC599@kuzbass.ru> References: <3FD6E1C2.DF8EC599@kuzbass.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 10, 2003 at 04:05:06PM +0700, Eugene Grosbein wrote:
> Hi!
>
> There are some tasks that are can be easily and efficiently solved
> with ipfw(8). For example, it can summarize traffic delivered
> over ethernet with unicast packets (ipfw2 feature), or make sums
> of traffic from/to distinct network blocks. It's not about generic
> detailed traffic accounting, it's about simple sums (f.e. for MRTG).
>
> The problem is how to get these values easly and efficiently for
> the same time. To supply values for MRTG I use net-snmpd and its
> 'pass_persist' feature (think about one MRTG and many monitires hosts).
>
> Simple shell script uses 'ipfw show' to return values.
> It is easy but still is not very optimal. There is additional
> fork+exec of /sbin/ipfw still.
>
> It would be nice to have something lightweight like 'ipfwshow'
> as /bin/sh builtin, isn't it?
Dear god, no! How many hundred times per second are you running ipfw
for the overhead to be non-negligible?
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031210180537.GC98679>