[Fwd: Re: Per Protocol Traffic Accounting]

Tyler tyler at tylercentral.com
Mon Oct 17 23:59:37 PDT 2005



Hi Travis,

> 
> Thanks for the reply.  However I want to capture data for each
> protocol.  So, I'd like to have data for HTTP, SMTP, POP3, etc.  I've
> done this before with ipfilter using the "count" command.  (Eg.  count
> in on de0 from any to any proto http )
> 
> However PF doesn't have the count command.  I've set labels on my ACL
> entries, however when a new TCP session is established, the flow stays
> with the "IN" rule because I'm keeping state on the connection.  So
> the IN counters show all the bytes Tx'd and Rx'd, and the OUT rule is
> 0 because the flow never hits that rule due to keeping the state.
> 
> (Hmm... confusing?)
> 
> I was hoping someone out there has done per protocol accounting with
> PF because I can't figure it out.  :(
> 
> I've also looked at ntop from a suggestion earlier in this thread.
> However I was hoping to find a solution using just PF.
> 
> Tyler
> 
> On Mon, 2005-10-17 at 23:23 -0500, Travis H. wrote: 
> 
> > "set loginterface interface
> > 
> > Sets the interface for which PF should gather statistics such as bytes
> > in/out and packets passed/blocked. Statistics can only be gathered for
> > one interface at a time. Note that the match, bad-offset, etc.,
> > counters and the state table counters are recorded regardless of
> > whether loginterface is set or not. To turn this option off, set it to
> > none. The default is none."
> > 
> > 
> > Otherwise, couldn't you just use the ifconfig stats?  I think there's
> > a package for exporting this via SNMP, which could be queried using
> > ifgraph or rrdtool.
> > --
> > http://www.lightconsulting.com/~travis/  -><-
> > "We already have enough fast, insecure systems." -- Schneier & Ferguson
> > GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B


More information about the freebsd-pf mailing list