Net statistics for single user

[Jon Simola]

On 5/18/05, KrzychK2 <krzychk2 at o2.pl> wrote:

> Well maybe this is a good solution but how making 200 tables will
> affect to capacity of pf.

200 tables will have very little effect. Here's another example from
my live 5.3-STABLE router running pf:

table <vlan100_ips> persist file "/etc/pf/vlan100_ips"
pass in on vlan100 from <vlan100_ips> to any keep state
pass out on vlan100 from any to <vlan100_ips> keep state

That table has 2024 IPs in it, and collects traffic statistics for
each IP. I'm not sure why you'd need 200 tables, I only use one or two
per interface. At least one of the OpenBSD guys has the entire 1.4
million entry SBL loaded as a single table with pf.

That is almost exactly the same as I still do with ipfw and dummynet
(pre ipfw tables):
ipfw pipe 1 config mask src-ip 0xffffffff buckets 512
ipfw pipe 2 config mask dst-ip 0xffffffff buckets 512
ipfw add 32001 pipe 1 src-ip x.x.x.0/24 bridged
ipfw add 32002 pipe 2 dst-ip x.x.x.0/24 bridged

and then read the counters with "ipfw pipe show". Both methods
required some perl scripting to read the counters and insert the
results in a database, per-ip, giving me the ability to graph and
summarize customer traffic in 5 minute intevals.

-- 
Jon Simola
Systems Administrator
ABC Communications