From owner-freebsd-hackers Thu Jan 18 11:20:04 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA26604 for hackers-outgoing; Thu, 18 Jan 1996 11:20:04 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id LAA26537 for ; Thu, 18 Jan 1996 11:19:58 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id NAA22746; Thu, 18 Jan 1996 13:19:16 -0600 From: Joe Greco Message-Id: <199601181919.NAA22746@brasil.moneng.mei.com> Subject: Re: ACCOUNTING counters? To: ugen@latte.worldbank.org (Ugen J.S.Antsilevich) Date: Thu, 18 Jan 1996 13:19:16 -0600 (CST) Cc: hackers@FreeBSD.org, ts@NetSurfer.PolyNet.Lviv.UA In-Reply-To: from "Ugen J.S.Antsilevich" at Jan 18, 96 09:58:56 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@FreeBSD.org Precedence: bulk > On Thu, 18 Jan 1996 10:48:01 +0000 (EET) Terletsky Slavik wrote: > > >Hi, I want to ask someone on size of Accounting Counters > >and why there is two counters per line? > >Accounting chain entries: > > 6028: 114 sA [HOST][0.0.0.0/0][sl0] > > 21654: 120 sA [0.0.0.0/0][HOST][sl0] > > -----? ---? > >Thanx. > First one is bytes, second - packets. Okay, so I decided to think about this a little and ran into a brick wall. I want to be able to monitor a particular type of traffic on a given interface. For example, my T1 gateway address is 204.95.219.1. I am using ipfw adda bidirectional all from 0/0 to 0/0 via 204.95.219.1 to summarize both inbound and outbound traffic. This is good, but what if I wanted to look at inbound OR outbound, rather than their sum? For a simple site that has a contiguous CIDR block, you could just use ipfw adda bidir all from 0/0 to some.cidr.blk/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk/0 to 0/0 via 204.95.219.1 However, since I have multiple address ranges to contend with, I can't easily do this without separately tallying each individual block and then adding them together manually, i.e. ipfw adda bidir all from 0/0 to some.cidr.blk-a/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk-a/0 to 0/0 via 204.95.219.1 ipfw adda bidir all from 0/0 to some.cidr.blk-b/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk-b/0 to 0/0 via 204.95.219.1 ipfw adda bidir all from 0/0 to some.cidr.blk-c/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk-c/0 to 0/0 via 204.95.219.1 This is messy and the intention is not immediately clear, and it means additional postprocessing of the stats to get the numbers I really want. It's also an additional load on the router to deal with 2*N rules rather than just 2. Another good example is that I would like to measure inbound vs. outbound telnet traffic. If there was a modifier similar to "via" that allowed you to set policy based on the source and destination interfaces, this would all be much easier: ipfw adda bidir all from 0/0 to 0/0 telnet rcvdfrom 204.95.219.1 would measure telnet connections to sites here, while ipfw adda bidir all from 0/0 to 0/0 telnet sentvia 204.95.219.1 would measure telnet connections to the rest of the world. I know this may be nitpicking but it is a minor annoyance in an otherwise beautiful system :-) ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847