Date: Sun, 8 Feb 1998 23:20:58 +0300 (MSK) From: laskavy@Hedgehog.CS.MSU.SU To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/5682: ipfw: byte counters: overflow Message-ID: <199802082020.XAA02789@Hedgehog.CS.MSU.SU>
next in thread | raw e-mail | index | archive | help
>Number: 5682 >Category: kern >Synopsis: ipfw: byte counters: overflow >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 8 12:30:00 PST 1998 >Last-Modified: >Originator: Sergei S. Laskavy >Organization: Gambit Automated Design >Release: FreeBSD 2.2.5-STABLE i386 >Environment: uname -a FreeBSD Hedgehog.Moscow.Ru 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Thu Feb 5 02:54:46 MSK 1998 laskavy@Hedgehog.Moscow.Ru:/usr/src/sys/compile/HEDGEHOG i386 grep -i ipf /sys/i386/conf/HEDGEHOG options IPFIREWALL options IPFIREWALL_VERBOSE options "IPFIREWALL_VERBOSE_LIMIT=100" grep -i firew /etc/rc.conf firewall_enable="YES" firewall_type="open" firewall_quiet="YES" ipfw list 01000 allow ip from any to any via lo0 01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any >Description: On a fast network ipfw byte counters grow rapidly. This makes IP traffic accounting harder, because we can not just do "ipfw -a list" monthly, need to count real traffic using external programs. On a router with 2Mbit uplink the byte counter may overflow every 5 hours, on a 100Mbit -- every 3 minutes. >How-To-Repeat: <--------------------------------------------------------------- #!/bin/sh # We use Bourne shell syntax # This program will use loopback to test ipfw byte counter # 1) clear counters for the loopback allow all rule: ipfw zero `ipfw list|grep 'allow ip from any to any via lo0'|awk '{print$1}'` # 2) simulate busy network using "flood ping": ping -f -s 8000 127.0.0.1 >/dev/null 2>&1 & # 3) check the packet and byte counter every 10 seconds: while :; do ipfw -a l sleep 10 done | awk '/allow ip from any to any via lo0/{print $3, $2, $3/$2}' # 4) kill the "flood ping" process kill $! <--------------------------------------------------------------- I got the following output: [skipped] 2806396128 349576 8028 3116758608 388236 8028 3427281648 426916 8028 3733630128 465076 8028 4043061360 503620 8028 --------> here the bytes counter turned oved 56529824 542040 104.291 366378512 580636 630.995 668199200 618232 1080.82 The overflow of byte counter occured in a few minutes. >Fix: Can we do ipfw counters at least 64-bit? If not, then how do you suggest to collect IP accounting information? >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802082020.XAA02789>