ipfwshow as shell builtin?
Luigi Rizzo
rizzo at icir.org
Wed Dec 10 01:28:54 PST 2003
On Wed, Dec 10, 2003 at 04:05:06PM +0700, Eugene Grosbein wrote:
> Hi!
>
> There are some tasks that are can be easily and efficiently solved
> with ipfw(8). For example, it can summarize traffic delivered
> over ethernet with unicast packets (ipfw2 feature), or make sums
> of traffic from/to distinct network blocks. It's not about generic
> detailed traffic accounting, it's about simple sums (f.e. for MRTG).
>
> The problem is how to get these values easly and efficiently for
> the same time. To supply values for MRTG I use net-snmpd and its
> 'pass_persist' feature (think about one MRTG and many monitires hosts).
>
> Simple shell script uses 'ipfw show' to return values.
> It is easy but still is not very optimal. There is additional
> fork+exec of /sbin/ipfw still.
how often do you want to do this ? if it is once per second you do
not care about the fork+exec overhead -- if it is more often,
then you might start to care about the getsockopt overhead
(basically forwarding is blocked while the kernel navigates through
the ipfw data structures), and then you probably have some external
program to parse the ipfw output, etc.
so in the end i believe making ipfw a shell builtin will gain you
close to nothing.
cheers
luigi
> It would be nice to have something lightweight like 'ipfwshow'
> as /bin/sh builtin, isn't it?
> Eugene Grosbein
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list