From owner-freebsd-ipfw Fri Oct 1 5:18:23 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (Postfix) with ESMTP id 1CC12155D0 for ; Fri, 1 Oct 1999 05:18:19 -0700 (PDT) (envelope-from hu006co@mail.euroweb.hu) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id OAA02385 for freebsd-ipfw@freebsd.org; Fri, 1 Oct 1999 14:18:18 +0200 (MET DST) Received: (from zgabor@localhost) by CoDe.hu (8.8.8/8.8.8) id OAA00958 for freebsd-ipfw@freebsd.org; Fri, 1 Oct 1999 14:17:35 +0200 (CEST) (envelope-from zgabor) From: Zahemszky Gabor Message-Id: <199910011217.OAA00958@CoDe.hu> Subject: packet counting with firewall To: freebsd-ipfw@freebsd.org Date: Fri, 1 Oct 1999 14:17:35 +0200 (CEST) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! I need a way to count the network traffic on some of the pppX interfaces. So ipfw's count action is good to me. I have two methods in my mind: a) Every time, the connection established in ip-up: ipfw -q add X+1 count ip from any to any via pppX and in ip-down: ipfw show X+1 >> logfile ipfw -q delete X+1 b) At system startup, I add all the count rules: ipfw -q add 1 count ip from any to any via ppp0 ipfw -q add 2 count ip from any to any via ppp1 ipfw -q add 3 count ip from any to any via ppp2 etc. and in ip-up: ipfw -q zero X+1 and in ip-down: ipfw show X+1 >> logfile (I use interface X and rule X+1 - is there any problem with the rule number 0? Eg. in iijppp, rule 0 is special. If not, it's a bit simpler, of course.) So my question is that simple: which is the better method? Adding/removing rules, or adding rules at the beginning (and check them on every packet) and sometimes zeroing them? By the way, I'm interested in another alternatives if it's too crazy. Yes I know that with netstat -iI pppX I can get the packet statistics, but: a) are there any methods to reset the counters, eg: netstat -z -I pppX or something like that b) netstat counts the packets before or after ipfw/ipf? (And netstat's counters are only packets, and I think that a 100 byte packet has not to be counted equal to a 1000 byte packet.) Thank, Gabor PS: Please CC: to me, as I'm not on that list. Thanx! ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Oct 1 7:47:25 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 2F43D14A1C; Fri, 1 Oct 1999 07:44:38 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id RAA17998; Fri, 1 Oct 1999 17:42:49 +0300 (EEST) (envelope-from ru) Date: Fri, 1 Oct 1999 17:42:49 +0300 From: Ruslan Ermilov To: Zahemszky Gabor Cc: freebsd-ipfw@FreeBSD.ORG, green@FreeBSD.ORG Subject: Re: packet counting with firewall Message-ID: <19991001174249.D79506@relay.ucb.crimea.ua> References: <199910011217.OAA00958@CoDe.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <199910011217.OAA00958@CoDe.hu>; from Zahemszky Gabor on Fri, Oct 01, 1999 at 02:17:35PM +0200 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! It would be great, if this operation was atomic, i.e. # ipfw -a zero 100 would zero the counters and show their old values. Any takers? Brian? On Fri, Oct 01, 1999 at 02:17:35PM +0200, Zahemszky Gabor wrote: > Hi! > > I need a way to count the network traffic on some of the pppX interfaces. > So ipfw's count action is good to me. I have two methods in my mind: > > a) Every time, the connection established > in ip-up: > ipfw -q add X+1 count ip from any to any via pppX > and in ip-down: > ipfw show X+1 >> logfile > ipfw -q delete X+1 > > b) At system startup, I add all the count rules: > > ipfw -q add 1 count ip from any to any via ppp0 > ipfw -q add 2 count ip from any to any via ppp1 > ipfw -q add 3 count ip from any to any via ppp2 > etc. > and in ip-up: > ipfw -q zero X+1 > and in ip-down: > ipfw show X+1 >> logfile > > (I use interface X and rule X+1 - is there any problem with the rule number > 0? Eg. in iijppp, rule 0 is special. If not, it's a bit simpler, of course.) > > So my question is that simple: which is the better method? Adding/removing > rules, or adding rules at the beginning (and check them on every packet) > and sometimes zeroing them? > > By the way, I'm interested in another alternatives if it's too crazy. Yes I > know that with netstat -iI pppX I can get the packet statistics, but: > a) are there any methods to reset the counters, eg: netstat -z -I pppX or > something like that > b) netstat counts the packets before or after ipfw/ipf? > (And netstat's counters are only packets, and I think that a 100 byte > packet has not to be counted equal to a 1000 byte packet.) > > Thank, > Gabor > > PS: Please CC: to me, as I'm not on that list. Thanx! > > ZGabor at CoDe dot HU > > -- > #!/bin/ksh > Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Oct 1 9:25:30 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 9ECCC14FD1 for ; Fri, 1 Oct 1999 09:25:18 -0700 (PDT) (envelope-from julian@whistle.com) Received: from home.elischer.org (home.elischer.org [207.76.204.203]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id JAA80267; Fri, 1 Oct 1999 09:25:05 -0700 (PDT) Date: Fri, 1 Oct 1999 09:25:03 -0700 (PDT) From: Julian Elischer X-Sender: julian@home.elischer.org To: Zahemszky Gabor Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: packet counting with firewall In-Reply-To: <199910011217.OAA00958@CoDe.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 1 Oct 1999, Zahemszky Gabor wrote: > Hi! > > I need a way to count the network traffic on some of the pppX interfaces. > So ipfw's count action is good to me. I have two methods in my mind: > > a) Every time, the connection established > in ip-up: > ipfw -q add X+1 count ip from any to any via pppX > and in ip-down: > ipfw show X+1 >> logfile > ipfw -q delete X+1 > > b) At system startup, I add all the count rules: > > ipfw -q add 1 count ip from any to any via ppp0 > ipfw -q add 2 count ip from any to any via ppp1 > ipfw -q add 3 count ip from any to any via ppp2 > etc. > and in ip-up: > ipfw -q zero X+1 > and in ip-down: > ipfw show X+1 >> logfile > > (I use interface X and rule X+1 - is there any problem with the rule number > 0? Eg. in iijppp, rule 0 is special. If not, it's a bit simpler, of course.) > > So my question is that simple: which is the better method? Adding/removing > rules, or adding rules at the beginning (and check them on every packet) > and sometimes zeroing them? > > By the way, I'm interested in another alternatives if it's too crazy. Yes I > know that with netstat -iI pppX I can get the packet statistics, but: > a) are there any methods to reset the counters, eg: netstat -z -I pppX or > something like that > b) netstat counts the packets before or after ipfw/ipf? > (And netstat's counters are only packets, and I think that a 100 byte > packet has not to be counted equal to a 1000 byte packet.) netstat -ib also counts bytes You can use the same calls as netstat to read these numbers in your own C code.. both methods would work ok.. julian > > Thank, > Gabor > > PS: Please CC: to me, as I'm not on that list. Thanx! > > ZGabor at CoDe dot HU > > -- > #!/bin/ksh > Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sat Oct 2 2:44:21 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id 80AB414EF0 for ; Sat, 2 Oct 1999 02:44:13 -0700 (PDT) (envelope-from ay@sita.kiev.ua) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id MQZ17583 for freebsd-ipfw@freebsd.org; Sat, 2 Oct 1999 12:44:10 +0300 (envelope-from ay@sita.kiev.ua) To: freebsd-ipfw@freebsd.org From: Alexander Yeremenko Subject: Re: packet counting with firewall User-Agent: tin/pre-1.4-980818 ("Laura") (UNIX) (FreeBSD/3.1-RELEASE (i386)) Organization: Home Sweet Home Message-ID: References: Date: Fri, 1 Oct 1999 22:22:04 GMT Apparently-To: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 45 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Julian Elischer wrote: [...] >> >> By the way, I'm interested in another alternatives if it's too crazy. Yes I >> know that with netstat -iI pppX I can get the packet statistics, but: >> a) are there any methods to reset the counters, eg: netstat -z -I pppX or ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> something like that ^^^^^^^^^^^^^^^^^^^^^^^ > netstat -ib also counts bytes > You can use the same calls as netstat to read these numbers in your own > C code.. > both methods would work ok.. > julian >> >> Thank, >> Gabor >> >> PS: Please CC: to me, as I'm not on that list. Thanx! >> >> ZGabor at CoDe dot HU >> >> -- >> #!/bin/ksh >> Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-ipfw" in the body of the message >> > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message