patrick keshishian escribis:
> On Fri, Oct 2, 2009 at 8:21 PM, Alvaro Mantilla Gimenez
> <[email protected]> wrote:
>> Hi,
>>
>> I found a wear behavior of pfctl.
>>
>> I have this pf.conf (I am going to show only the lines that matters):
>>
>> ---------------------------------
>> external = "cdce0"
>>
>> internal = "re0"
>>
>> set loginterface $external
>>
>> set loginterface $internal
>> ---------------------------------
>>
>> According to this both interfaces are collecting statistics...but if I
>> run the command "pfctl -s info" then shows:
>
> I don't think that is true. I believe you can only 'set loginterface'
> for only one interface or interface-group:
>
> $ man pf.conf
> /loginterface
> set loginterface
> Enable collection of packet and byte count statistics for the
> given interface or interface group.
>
> $ man ifconfig
> /group
> group group-name
> Assign the interface to a ``group''. Any interface
can
> be in multiple groups.
>
> might be what you are looking for.
>
Are the interfaces re0 and cdce0 in the same group??
There is no "groups" on re0 definition...
$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:a0:d1:5e:a0:63
description: RED_INTERNA
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 7.7.7.1 netmask 0xffffff80 broadcast 7.7.7.127
inet6 fe80::2a0:d1ff:fe5e:a063%re0 prefixlen 64 scopeid 0x1
wpi0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:18:de:a6:e7:64
priority: 0
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid ""
enc0: flags=0<> mtu 1536
priority: 0
cdce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 2a:cb:02:bf:5d:00
description: CABLE_MODEM
priority: 0
groups: egress
inet6 fe80::28cb:2ff:febf:5d00%cdce0 prefixlen 64 scopeid 0x5
inet 190.XXX.XX.XXX netmask 0xffffff00 broadcast 255.255.255.255
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204
priority: 0
groups: pflog
>> After that I commented the line "#set loginterface $internal" and then
>> the output was this:
>
> Reverse the order of 'set loginterface ...' in your pf.conf and try
> `pfctl -si'. Does that reverse your findings?
>
> --patrick
set loginterface $internal
set loginterface $external
# pfctl -si
Status: Enabled for 0 days 02:07:42 Debug: Urgent
Interface Stats for cdce0 IPv4 IPv6
Bytes In 22834146 0
Bytes Out 1370195 64
Packets In
Passed 19276 0
Blocked 412 0
Packets Out
Passed 14512 1
Blocked 161 0
State Table Total Rate
current entries 31
searches 73486 9.6/s
inserts 2223 0.3/s
removals 2192 0.3/s
Counters
match 2436 0.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 2 0.0/s
synproxy 474 0.1/s
Same thing....
Alvaro
