From owner-freebsd-ipfw Fri Oct 1 5:18:23 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (Postfix) with ESMTP id 1CC12155D0 for ; Fri, 1 Oct 1999 05:18:19 -0700 (PDT) (envelope-from hu006co@mail.euroweb.hu) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id OAA02385 for freebsd-ipfw@freebsd.org; Fri, 1 Oct 1999 14:18:18 +0200 (MET DST) Received: (from zgabor@localhost) by CoDe.hu (8.8.8/8.8.8) id OAA00958 for freebsd-ipfw@freebsd.org; Fri, 1 Oct 1999 14:17:35 +0200 (CEST) (envelope-from zgabor) From: Zahemszky Gabor Message-Id: <199910011217.OAA00958@CoDe.hu> Subject: packet counting with firewall To: freebsd-ipfw@freebsd.org Date: Fri, 1 Oct 1999 14:17:35 +0200 (CEST) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi! I need a way to count the network traffic on some of the pppX interfaces. So ipfw's count action is good to me. I have two methods in my mind: a) Every time, the connection established in ip-up: ipfw -q add X+1 count ip from any to any via pppX and in ip-down: ipfw show X+1 >> logfile ipfw -q delete X+1 b) At system startup, I add all the count rules: ipfw -q add 1 count ip from any to any via ppp0 ipfw -q add 2 count ip from any to any via ppp1 ipfw -q add 3 count ip from any to any via ppp2 etc. and in ip-up: ipfw -q zero X+1 and in ip-down: ipfw show X+1 >> logfile (I use interface X and rule X+1 - is there any problem with the rule number 0? Eg. in iijppp, rule 0 is special. If not, it's a bit simpler, of course.) So my question is that simple: which is the better method? Adding/removing rules, or adding rules at the beginning (and check them on every packet) and sometimes zeroing them? By the way, I'm interested in another alternatives if it's too crazy. Yes I know that with netstat -iI pppX I can get the packet statistics, but: a) are there any methods to reset the counters, eg: netstat -z -I pppX or something like that b) netstat counts the packets before or after ipfw/ipf? (And netstat's counters are only packets, and I think that a 100 byte packet has not to be counted equal to a 1000 byte packet.) Thank, Gabor PS: Please CC: to me, as I'm not on that list. Thanx! ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message