Date: Sun, 8 Feb 1998 23:20:58 +0300 (MSK) From: laskavy@Hedgehog.CS.MSU.SU To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/5682: ipfw: byte counters: overflow Message-ID: <199802082020.XAA02789@Hedgehog.CS.MSU.SU>
next in thread | raw e-mail | index | archive | help
>Number: 5682
>Category: kern
>Synopsis: ipfw: byte counters: overflow
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 8 12:30:00 PST 1998
>Last-Modified:
>Originator: Sergei S. Laskavy
>Organization:
Gambit Automated Design
>Release: FreeBSD 2.2.5-STABLE i386
>Environment:
uname -a
FreeBSD Hedgehog.Moscow.Ru 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0:
Thu Feb 5 02:54:46 MSK 1998
laskavy@Hedgehog.Moscow.Ru:/usr/src/sys/compile/HEDGEHOG i386
grep -i ipf /sys/i386/conf/HEDGEHOG
options IPFIREWALL
options IPFIREWALL_VERBOSE
options "IPFIREWALL_VERBOSE_LIMIT=100"
grep -i firew /etc/rc.conf
firewall_enable="YES"
firewall_type="open"
firewall_quiet="YES"
ipfw list
01000 allow ip from any to any via lo0
01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8
65000 allow ip from any to any
65535 deny ip from any to any
>Description:
On a fast network ipfw byte counters grow rapidly.
This makes IP traffic accounting harder, because we can not just do
"ipfw -a list" monthly, need to count real traffic using external
programs.
On a router with 2Mbit uplink the byte counter may overflow every 5
hours, on a 100Mbit -- every 3 minutes.
>How-To-Repeat:
<---------------------------------------------------------------
#!/bin/sh
# We use Bourne shell syntax
# This program will use loopback to test ipfw byte counter
# 1) clear counters for the loopback allow all rule:
ipfw zero `ipfw list|grep 'allow ip from any to any via lo0'|awk '{print$1}'`
# 2) simulate busy network using "flood ping":
ping -f -s 8000 127.0.0.1 >/dev/null 2>&1 &
# 3) check the packet and byte counter every 10 seconds:
while :; do
ipfw -a l
sleep 10
done | awk '/allow ip from any to any via lo0/{print $3, $2, $3/$2}'
# 4) kill the "flood ping" process
kill $!
<---------------------------------------------------------------
I got the following output:
[skipped]
2806396128 349576 8028
3116758608 388236 8028
3427281648 426916 8028
3733630128 465076 8028
4043061360 503620 8028
--------> here the bytes counter turned oved
56529824 542040 104.291
366378512 580636 630.995
668199200 618232 1080.82
The overflow of byte counter occured in a few minutes.
>Fix:
Can we do ipfw counters at least 64-bit?
If not, then how do you suggest to collect IP accounting information?
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802082020.XAA02789>