On May 5, 2005, at 10:37 AM, Henning Brauer wrote:
* Jason Dixon <[EMAIL PROTECTED]> [2005-05-04 21:56]:I've been working on an IP accounting project for use with PF labels.
The entire concept is based on the label macros that can be assigned to
each filter rule, using values like $dstaddr, $srcaddr, $dstport, etc.
Unfortunately, I just got slapped with a big dose of reality when I
realized that these macros are just like normal macros; that is, the
expansion only occurs at configuration file parse time, not during
runtime.
yes. keeping these counters for each remote IP we ever saw would waste a lot of kernel memory.
*nod*
I don't mean to sound like a leach or ingrate, because I most certainly
am not. I'll be the first to pitch in where I can, but those who know
me well don't want me hacking on PF. On the other hand, I've been
happy to donate hardware and cash in the past and would be happy to do
it again for this feature. I've discussed the possibilities for PF
labels with Theo et al off-list in the past, so I'm hoping this might
be something the PF team would be interested in pursuing.
see above, I don't think it makes sense.
we should probably investigate a better integrated netflow data export or the like for accounting.
I'm going to start looking at some sort of NetFlow interface based on pfflowd. I really hate putzing with logs, but it appears to be the best alternative at this point.
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
