From owner-freebsd-net@FreeBSD.ORG Wed Dec 10 10:05:37 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 970C716A4CF; Wed, 10 Dec 2003 10:05:37 -0800 (PST) Date: Wed, 10 Dec 2003 10:05:37 -0800 From: Kris Kennaway To: Eugene Grosbein Message-ID: <20031210180537.GC98679@hub.freebsd.org> References: <3FD6E1C2.DF8EC599@kuzbass.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FD6E1C2.DF8EC599@kuzbass.ru> User-Agent: Mutt/1.4.1i cc: net@freebsd.org Subject: Re: ipfwshow as shell builtin? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2003 18:05:37 -0000 On Wed, Dec 10, 2003 at 04:05:06PM +0700, Eugene Grosbein wrote: > Hi! > > There are some tasks that are can be easily and efficiently solved > with ipfw(8). For example, it can summarize traffic delivered > over ethernet with unicast packets (ipfw2 feature), or make sums > of traffic from/to distinct network blocks. It's not about generic > detailed traffic accounting, it's about simple sums (f.e. for MRTG). > > The problem is how to get these values easly and efficiently for > the same time. To supply values for MRTG I use net-snmpd and its > 'pass_persist' feature (think about one MRTG and many monitires hosts). > > Simple shell script uses 'ipfw show' to return values. > It is easy but still is not very optimal. There is additional > fork+exec of /sbin/ipfw still. > > It would be nice to have something lightweight like 'ipfwshow' > as /bin/sh builtin, isn't it? Dear god, no! How many hundred times per second are you running ipfw for the overhead to be non-negligible? Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe