From owner-freebsd-ipfw Fri Oct 1 9:25:30 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 9ECCC14FD1 for ; Fri, 1 Oct 1999 09:25:18 -0700 (PDT) (envelope-from julian@whistle.com) Received: from home.elischer.org (home.elischer.org [207.76.204.203]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id JAA80267; Fri, 1 Oct 1999 09:25:05 -0700 (PDT) Date: Fri, 1 Oct 1999 09:25:03 -0700 (PDT) From: Julian Elischer X-Sender: julian@home.elischer.org To: Zahemszky Gabor Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: packet counting with firewall In-Reply-To: <199910011217.OAA00958@CoDe.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 1 Oct 1999, Zahemszky Gabor wrote: > Hi! > > I need a way to count the network traffic on some of the pppX interfaces. > So ipfw's count action is good to me. I have two methods in my mind: > > a) Every time, the connection established > in ip-up: > ipfw -q add X+1 count ip from any to any via pppX > and in ip-down: > ipfw show X+1 >> logfile > ipfw -q delete X+1 > > b) At system startup, I add all the count rules: > > ipfw -q add 1 count ip from any to any via ppp0 > ipfw -q add 2 count ip from any to any via ppp1 > ipfw -q add 3 count ip from any to any via ppp2 > etc. > and in ip-up: > ipfw -q zero X+1 > and in ip-down: > ipfw show X+1 >> logfile > > (I use interface X and rule X+1 - is there any problem with the rule number > 0? Eg. in iijppp, rule 0 is special. If not, it's a bit simpler, of course.) > > So my question is that simple: which is the better method? Adding/removing > rules, or adding rules at the beginning (and check them on every packet) > and sometimes zeroing them? > > By the way, I'm interested in another alternatives if it's too crazy. Yes I > know that with netstat -iI pppX I can get the packet statistics, but: > a) are there any methods to reset the counters, eg: netstat -z -I pppX or > something like that > b) netstat counts the packets before or after ipfw/ipf? > (And netstat's counters are only packets, and I think that a 100 byte > packet has not to be counted equal to a 1000 byte packet.) netstat -ib also counts bytes You can use the same calls as netstat to read these numbers in your own C code.. both methods would work ok.. julian > > Thank, > Gabor > > PS: Please CC: to me, as I'm not on that list. Thanx! > > ZGabor at CoDe dot HU > > -- > #!/bin/ksh > Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message