Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Oct 1996 14:46:18 -0700 (PDT)
From:      Steve Reid <steve@edmweb.com>
To:        Dev Chanchani <dev@trifecta.com>
Cc:        freebsd-isp@FreeBSD.org
Subject:   Re: BPF
Message-ID:  <Pine.BSF.3.91.961007141926.236A-100000@bitbucket.edmweb.com>
In-Reply-To: <Pine.BSF.3.91.961007135109.11531A-100000@www.trifecta.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> My understanding is that reading from the bpf device gives you a raw dump 
> of the data over the network.
> You will have a bpf header (18 bytes?)
> Then I need to know the ip_offset for packets comming
> in over the ed1 network interface so I can start calculating
> how much traffic is going to what address based on the ip header.

The usuall way to keep track of traffic is to use IP accounting. Any
FreeBSD machine can be set up to keep track of how much data it is
sending/receiving to/from any address/port. Look at the man page for ipfw
if you haven't already. 

If you're trying to use a promiscious-mode FreeBSD machine to do
accounting for machines that don't have IP accounting facilities, then
what you're doing kinda makes sense... But, I think it probably would
still be better to use the existing IP accounting facilities if
possible... Is it possible to do IP accounting for other machines on the
network, if the interface is in promiscous mode? Can it be done with a
kernel hack? 

Sorry I can't answer your question, but the idea of using bpf to do IP
accounting doesn't seem quite right to me. (But what do I know? I haven't
looked at those parts of the kernel.)


=====================================================================
| Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/)    |
| Email: steve@edmweb.com   Home Page: http://www.edmweb.com/steve/ |
| PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 |
|          -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. --          |
===================================================================:)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961007141926.236A-100000>