From owner-freebsd-net Mon Jan 1 16:14:23 2001 From owner-freebsd-net@FreeBSD.ORG Mon Jan 1 16:14:20 2001 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from totem.fix.no (totem.fix.no [213.142.66.130]) by hub.freebsd.org (Postfix) with ESMTP id 2933437B400 for ; Mon, 1 Jan 2001 16:14:20 -0800 (PST) Received: by totem.fix.no (Postfix, from userid 1000) id F21073C98; Tue, 2 Jan 2001 01:14:18 +0100 (CET) Date: Tue, 2 Jan 2001 01:14:18 +0100 From: Anders Nordby To: Bill Fumerola Cc: freebsd-net@freebsd.org Subject: Re: ipfw uid rules and matching specific services for bandwidth limiting Message-ID: <20010102011418.E74504@totem.fix.no> References: <20010101210826.A69852@totem.fix.no> <20010101172409.I72273@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010101172409.I72273@elvis.mu.org>; from billf@mu.org on Mon, Jan 01, 2001 at 05:24:09PM -0600 X-Operating-System: FreeBSD 4.1.1-STABLE X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 Sender: anders@totem.fix.no Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 01, 2001 at 05:24:09PM -0600, Bill Fumerola wrote: >> Are people actually using uid type rules heavily? I'm having trouble matching >> the packets generated by programs like Apache and ProFTPD. I believe that may >> be because of root binding the ports these programs use before they setuid() or >> something, I'm not sure. Particularly I have trouble matching the packets of >> active FTP, since I have random ports on both ends to deal with and can't match >> them by port either. Does anyone have a solution to this? > sockstat is your friend, look at the 'user' that is defined per program, > thats who is going to be charged for packets on that socket. Nope, doesn't seem to work. Sockstat says: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS ftp proftpd 75182 0 tcp4 10.0.0.8:21 192.168.0.34:4955 ftp proftpd 75182 1 tcp4 10.0.0.8:21 192.168.0.34:4955 ftp proftpd 75182 12 tcp4 10.0.0.8:478 192.168.0.34:4959 ftp proftpd 75182 13 tcp4 10.0.0.8:478 192.168.0.34:4959 nobody proftpd 68820 0 tcp4 *:21 *:* Then I add a rule to see if I can count the packets while the above mentioned session is kept alive: # ipfw add 00010 count all from any to any uid ftp And ipfw show shows that the rule doesn't intercept any packets: 00010 0 0 count ip from any to any uid ftp FYI I am running 4.1.1-STABLE as of Tue Oct 24 01:25:55 CEST 2000, and top(1) shows all proftpd processes as being owned by root. Regards, -- Anders. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message