ports/102742: [patch] add support for ng_bpf to ports/net-mgmt/ng_ipacct scripts

Eugene Grosbein eugen at grosbein.pp.ru
Fri Sep 1 09:30:20 UTC 2006


>Number:         102742
>Category:       ports
>Synopsis:       [patch] add support for ng_bpf to ports/net-mgmt/ng_ipacct scripts
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 01 09:30:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
Svyaz Service JSC
>Environment:
System: FreeBSD www.svzserv.kemerovo.su 4.11-STABLE FreeBSD 4.11-STABLE #13: Sun Jul 2 16:11:30 KRAST 2006 eu at www.svzserv.kemerovo.su:/home4/obj/home/src/sys/WWW i386

>Description:

	Sometimes we do not need to feed ng_ipacct with all traffic
	going via network interface but want to filter it with ng_bpf(8)
	before. We can easily insert ng_bpf between ng_tee and ng_ipacct
	but ng_bpf needs filters to be loaded into it to work.

	The following patch adds possibility to automatically
	load filters into ng_bpf(8) node using
	ng_ipacct_${iface}_afterstart_script that is supplied with
	interface name and is invoked just after ng_ipacct is started.

	This script runs when ng_bpf is fully initialized and may
	load filters into it. See patch for additional details,
	it contains an example of using new feature.

>How-To-Repeat:
	N/A
>Fix:

diff -ur ng_ipacct.orig/Makefile ng_ipacct/Makefile
--- ng_ipacct/Makefile	Tue Aug  2 00:31:50 2005
+++ ng_ipacct.new/Makefile	Fri Sep  1 16:59:45 2006
@@ -7,6 +7,7 @@
 
 PORTNAME=	ng_ipacct
 PORTVERSION=	20050731
+PORTREVISION=	1
 CATEGORIES=	net-mgmt
 MASTER_SITES=	ftp://ftp.wuppy.net.ru/pub/FreeBSD/local/kernel/ng_ipacct/
 
diff -ur ng_ipacct.orig/files/ng_ipacct.conf ng_ipacct/files/ng_ipacct.conf
--- ng_ipacct/files/ng_ipacct.conf	Wed Apr 13 08:31:57 2005
+++ ng_ipacct.new/files/ng_ipacct.conf	Fri Sep  1 17:00:37 2006
@@ -44,6 +44,27 @@
 	shutdown %%iface%%:
 '
 
+ng_ipacct_bpf_ether_start='
+	mkpeer %%iface%%: tee lower right
+	name %%iface%%:lower %%iface%%_tee
+	connect %%iface%%: lower upper left
+
+	mkpeer %%iface%%_tee: bpf right2left %%iface%%_in
+	name %%iface%%_tee:right2left %%iface%%_bpf
+	connect %%iface%%_tee: right2left left2right %%iface%%_out
+	
+	mkpeer %%iface%%_bpf: ipacct %%iface%%_match_in %%iface%%_in
+	name %%iface%%_bpf:%%iface%%_match_in %%iface%%_ip_acct
+	connect %%iface%%_bpf: %%iface%%_ip_acct: %%iface%%_match_out %%iface%%_out
+'
+
+ng_ipacct_bpf_ether_stop='
+	shutdown %%iface%%_ip_acct:
+	shutdown %%iface%%_bpf:
+	shutdown %%iface%%_tee:
+	shutdown %%iface%%:
+'
+
 # EXAMPLE 1. Ethernet interface
 
 #        +-------------------------------+
@@ -147,3 +168,36 @@
 ng_ipacct_vpn0_stop='
 	shutdown %%iface%%_ip_acct:
 '
+
+# EXAMPLE 4. Ethernet interface with BPF
+
+#   +-------------------------------+
+#   |                               |
+# (upper)              (left2right)-----(xl0_in) (xl0_match_in)----(xl0_in)
+#   |                      |        |        |     |                    |
+#  xl0         +--(left)-xl0_tee-(right)     xl0_bpf               xl0_ip_acct
+#   |          |           |                 |     |                    |
+# (lower)      |       (right2left)----(xl0_out) (xl0_match_out)--(xl0_out)
+#   |          |
+#   +----------+
+#
+# xl0           - ng_ether
+# xl0_tee       - ng_tee
+# xl0_bpf       - ng_bpf
+# xl0_ip_acct   - ng_ipacct
+
+# Configuration for 'xl0_ip_acct' node:
+
+ng_ipacct_xl0_dlt="EN10MB"	# required line; see ipacctctl(8)
+ng_ipacct_xl0_threshold="15000"	# '5000' by default
+ng_ipacct_xl0_verbose="yes"	# 'yes' by default
+ng_ipacct_xl0_saveuid="yes"	# 'no' by default
+ng_ipacct_xl0_savetime="no"	# 'no' by default
+ng_ipacct_xl0_start=${ng_ipacct_bpf_ether_start}
+ng_ipacct_xl0_stop=${ng_ipacct_bpf_ether_stop}
+ng_ipacct_xl0_checkpoint_script="path/to/your/script --checkpoint-and-save xl0"
+			# this script is called on stop (to save accumulated 
+			# data) or via "rc.d/ng_ipacct.sh checkpoint"
+ng_ipacct_xl0_afterstart_script="path/to/your/script --load-bpf-filters xl0"
+			# this script is called just after initialization
+			# of nodes to load filters into xl0_bpf
diff -ur ng_ipacct.orig/files/ng_ipacct.sh.in ng_ipacct/files/ng_ipacct.sh.in
--- ng_ipacct/files/ng_ipacct.sh.in	Sun Apr  3 08:31:43 2005
+++ ng_ipacct.new/files/ng_ipacct.sh.in	Fri Sep  1 17:08:19 2006
@@ -114,6 +114,13 @@
 		${ipacctctl} ${iface}_ip_acct:${iface} verbose ${verbose}
 		${ipacctctl} ${iface}_ip_acct:${iface} saveuid ${saveuid}
 		${ipacctctl} ${iface}_ip_acct:${iface} savetime ${savetime}
+
+		eval afterstart_script=\$ng_ipacct_${iface}_afterstart_script
+		if [ -n "${afterstart_script}" ]; then
+		    (set -T
+		    trap 'exit 1' 2
+		    ${afterstart_script} ${iface})
+		fi
 	fi
    done
 }



Eugene Grosbein
>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list