On Fri, Oct 2, 2009 at 10:43 PM, Alvaro Mantilla Gimenez <alv...@dydnetworks.com> wrote: > patrick keshishian escribis: >> On Fri, Oct 2, 2009 at 8:21 PM, Alvaro Mantilla Gimenez >> <alv...@dydnetworks.com> wrote: >>> Hi, >>> >>> I found a wear behavior of pfctl. >>> >>> I have this pf.conf (I am going to show only the lines that matters): >>> >>> --------------------------------- >>> external = "cdce0" >>> >>> internal = "re0" >>> >>> set loginterface $external >>> >>> set loginterface $internal >>> --------------------------------- >>> >>> According to this both interfaces are collecting statistics...but if I >>> run the command "pfctl -s info" then shows: >> >> I don't think that is true. I believe you can only 'set loginterface' >> for only one interface or interface-group: >> >> $ man pf.conf >> /loginterface >> set loginterface >> Enable collection of packet and byte count statistics for the >> given interface or interface group. >> >> $ man ifconfig >> /group >> group group-name >> Assign the interface to a ``group''. Any interface > can >> be in multiple groups. >> >> might be what you are looking for. >> > > Are the interfaces re0 and cdce0 in the same group?? > There is no "groups" on re0 definition...
It does not look like it based on your provided output below: > $ ifconfig -a > > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204 > priority: 0 > groups: lo > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 > re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:a0:d1:5e:a0:63 > description: RED_INTERNA > priority: 0 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 7.7.7.1 netmask 0xffffff80 broadcast 7.7.7.127 > inet6 fe80::2a0:d1ff:fe5e:a063%re0 prefixlen 64 scopeid 0x1 > wpi0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:18:de:a6:e7:64 > priority: 0 > groups: wlan > media: IEEE802.11 autoselect > status: no network > ieee80211: nwid "" > enc0: flags=0<> mtu 1536 > priority: 0 > cdce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr 2a:cb:02:bf:5d:00 > description: CABLE_MODEM > priority: 0 > groups: egress > inet6 fe80::28cb:2ff:febf:5d00%cdce0 prefixlen 64 scopeid 0x5 > inet 190.XXX.XX.XXX netmask 0xffffff00 broadcast 255.255.255.255 > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204 > priority: 0 > groups: pflog > > >>> After that I commented the line "#set loginterface $internal" and then >>> the output was this: >> >> Reverse the order of 'set loginterface ...' in your pf.conf and try >> `pfctl -si'. Does that reverse your findings? >> >> --patrick > > set loginterface $internal > > set loginterface $external > > # pfctl -si > > > Status: Enabled for 0 days 02:07:42 Debug: Urgent > > Interface Stats for cdce0 IPv4 IPv6 [...] > Same thing.... Not the same thing. The reverse; which indicates that only the last `set loginterface $if' is used; that is, you may not specify multiple `set loginterface $if' options. Try, adding your re0 and cdce0 to a single user defined group and use that group in your pf.conf for `set loginterface $thegroup'. But I suspect, this may not be what you are looking for. $ sudo ifconfig re0 group alvaro $ sudo ifconfig cdce0 group alvaro $ ifconfig to verify group names, then change your /etc/pf.conf to include: set loginterface alvaro reload rules: $ sudo pfctl -f /etc/pf.conf $ sudo pfctl -si That should give you stats for all interfaces belonging to the group "alvaro". But, once again, this may not be what you want. --patrick
