Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Jan 2001 01:14:18 +0100
From:      Anders Nordby <anders@fix.no>
To:        Bill Fumerola <billf@mu.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: ipfw uid rules and matching specific services for bandwidth limiting
Message-ID:  <20010102011418.E74504@totem.fix.no>
In-Reply-To: <20010101172409.I72273@elvis.mu.org>; from billf@mu.org on Mon, Jan 01, 2001 at 05:24:09PM -0600
References:  <20010101210826.A69852@totem.fix.no> <20010101172409.I72273@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Jan 01, 2001 at 05:24:09PM -0600, Bill Fumerola wrote:
>> Are people actually using uid type rules heavily? I'm having trouble matching
>> the packets generated by programs like Apache and ProFTPD. I believe that may
>> be because of root binding the ports these programs use before they setuid() or
>> something, I'm not sure. Particularly I have trouble matching the packets of
>> active FTP, since I have random ports on both ends to deal with and can't match
>> them by port either. Does anyone have a solution to this?
> sockstat is your friend, look at the 'user' that is defined per program,
> thats who is going to be charged for packets on that socket.

Nope, doesn't seem to work. Sockstat says:

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
ftp      proftpd  75182    0 tcp4   10.0.0.8:21           192.168.0.34:4955   
ftp      proftpd  75182    1 tcp4   10.0.0.8:21           192.168.0.34:4955   
ftp      proftpd  75182   12 tcp4   10.0.0.8:478          192.168.0.34:4959   
ftp      proftpd  75182   13 tcp4   10.0.0.8:478          192.168.0.34:4959   
nobody   proftpd  68820    0 tcp4   *:21                  *:*

Then I add a rule to see if I can count the packets while the above mentioned
session is kept alive:

# ipfw add 00010 count all from any to any uid ftp

And ipfw show shows that the rule doesn't intercept any packets:

00010        0          0 count ip from any to any uid ftp

FYI I am running 4.1.1-STABLE as of Tue Oct 24 01:25:55 CEST 2000, and top(1)
shows all proftpd processes as being owned by root.

Regards,

-- 
Anders.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010102011418.E74504>