Dear list,
I am trying to setup some bandwidth monitoring based on firewall rules
(consolidate
traffic per project in stead of per ip or interface). However I am
unable to get correct
statistics from pfctl. So to check the output i setup a rule on
interface nfe0 that tags
all traffic with a label
# cat /etc/pf.conf
pass on nfe0 label "all"
# pfctl -s labels
all 165 0 0 0 0 0 0
The count for evaluations does rise, but the number of packets in or out
remains at 0.
Sometimes it does seem to find a packet but the numbers are way too low:
# pfctl -s labels
all 1245 9 702 9 702 0 0
I am using this interface to log in on the machine and netstat -I nfe0
-b does update
# netstat -I nfe0 -b
Name Mtu Network Address Ibytes Obytes
nfe0 1500 <Link> 00:16:36:7e:d1:31 556970162 792545030
nfe0 1500 fe80::%nfe0 fe80::216:36ff:fe 556970162 792545030
nfe0 1500 10.32.4/24 10.32.4.159 556970162 792545030
# netstat -I nfe0 -b
Name Mtu Network Address Ibytes Obytes
nfe0 1500 <Link> 00:16:36:7e:d1:31 556971292 792546692
nfe0 1500 fe80::%nfe0 fe80::216:36ff:fe 556971292 792546692
nfe0 1500 10.32.4/24 10.32.4.159 556971292 792546692
I hope anyone can help me out here and tell me what I am doing wrong.
I tried it on 2 servers, one sunfire v120 (sparc64) OpenBSD 3.9 and one
sunfire x2100M2 (amd) OpenBSD 4.1 and both have the same symptoms.
dmesg will follow as soon as i can reboot one of these machines
