Date: Thu, 18 Jan 1996 13:19:16 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: ugen@latte.worldbank.org (Ugen J.S.Antsilevich) Cc: hackers@FreeBSD.org, ts@NetSurfer.PolyNet.Lviv.UA Subject: Re: ACCOUNTING counters? Message-ID: <199601181919.NAA22746@brasil.moneng.mei.com> In-Reply-To: <Chameleon.821977147.ugen@ugen-tr> from "Ugen J.S.Antsilevich" at Jan 18, 96 09:58:56 am
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 18 Jan 1996 10:48:01 +0000 (EET) Terletsky Slavik <ts@NetSurfer.PolyNet.Lviv.UA> wrote: > > >Hi, I want to ask someone on size of Accounting Counters > >and why there is two counters per line? > >Accounting chain entries: > > 6028: 114 sA [HOST][0.0.0.0/0][sl0] > > 21654: 120 sA [0.0.0.0/0][HOST][sl0] > > -----? ---? > >Thanx. > First one is bytes, second - packets. Okay, so I decided to think about this a little and ran into a brick wall. I want to be able to monitor a particular type of traffic on a given interface. For example, my T1 gateway address is 204.95.219.1. I am using ipfw adda bidirectional all from 0/0 to 0/0 via 204.95.219.1 to summarize both inbound and outbound traffic. This is good, but what if I wanted to look at inbound OR outbound, rather than their sum? For a simple site that has a contiguous CIDR block, you could just use ipfw adda bidir all from 0/0 to some.cidr.blk/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk/0 to 0/0 via 204.95.219.1 However, since I have multiple address ranges to contend with, I can't easily do this without separately tallying each individual block and then adding them together manually, i.e. ipfw adda bidir all from 0/0 to some.cidr.blk-a/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk-a/0 to 0/0 via 204.95.219.1 ipfw adda bidir all from 0/0 to some.cidr.blk-b/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk-b/0 to 0/0 via 204.95.219.1 ipfw adda bidir all from 0/0 to some.cidr.blk-c/0 via 204.95.219.1 ipfw adda bidir all from some.cidr.blk-c/0 to 0/0 via 204.95.219.1 This is messy and the intention is not immediately clear, and it means additional postprocessing of the stats to get the numbers I really want. It's also an additional load on the router to deal with 2*N rules rather than just 2. Another good example is that I would like to measure inbound vs. outbound telnet traffic. If there was a modifier similar to "via" that allowed you to set policy based on the source and destination interfaces, this would all be much easier: ipfw adda bidir all from 0/0 to 0/0 telnet rcvdfrom 204.95.219.1 would measure telnet connections to sites here, while ipfw adda bidir all from 0/0 to 0/0 telnet sentvia 204.95.219.1 would measure telnet connections to the rest of the world. I know this may be nitpicking but it is a minor annoyance in an otherwise beautiful system :-) ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601181919.NAA22746>