Date: Tue, 2 Jan 2001 01:14:18 +0100 From: Anders Nordby <anders@fix.no> To: Bill Fumerola <billf@mu.org> Cc: freebsd-net@freebsd.org Subject: Re: ipfw uid rules and matching specific services for bandwidth limiting Message-ID: <20010102011418.E74504@totem.fix.no> In-Reply-To: <20010101172409.I72273@elvis.mu.org>; from billf@mu.org on Mon, Jan 01, 2001 at 05:24:09PM -0600 References: <20010101210826.A69852@totem.fix.no> <20010101172409.I72273@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 01, 2001 at 05:24:09PM -0600, Bill Fumerola wrote: >> Are people actually using uid type rules heavily? I'm having trouble matching >> the packets generated by programs like Apache and ProFTPD. I believe that may >> be because of root binding the ports these programs use before they setuid() or >> something, I'm not sure. Particularly I have trouble matching the packets of >> active FTP, since I have random ports on both ends to deal with and can't match >> them by port either. Does anyone have a solution to this? > sockstat is your friend, look at the 'user' that is defined per program, > thats who is going to be charged for packets on that socket. Nope, doesn't seem to work. Sockstat says: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS ftp proftpd 75182 0 tcp4 10.0.0.8:21 192.168.0.34:4955 ftp proftpd 75182 1 tcp4 10.0.0.8:21 192.168.0.34:4955 ftp proftpd 75182 12 tcp4 10.0.0.8:478 192.168.0.34:4959 ftp proftpd 75182 13 tcp4 10.0.0.8:478 192.168.0.34:4959 nobody proftpd 68820 0 tcp4 *:21 *:* Then I add a rule to see if I can count the packets while the above mentioned session is kept alive: # ipfw add 00010 count all from any to any uid ftp And ipfw show shows that the rule doesn't intercept any packets: 00010 0 0 count ip from any to any uid ftp FYI I am running 4.1.1-STABLE as of Tue Oct 24 01:25:55 CEST 2000, and top(1) shows all proftpd processes as being owned by root. Regards, -- Anders. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010102011418.E74504>