On Aug 27, 2006, at 7:55 AM, Federico Giannici wrote:
I'm setting up a firewall with queues and I'd like to know how much
traffic of a given "class" was ACTUALLY sent out of an interface
(i.e. not dropped by a queue). I mark the classes by means of labels.
I have a couple of questions:
1) Let's assume that every queue contains the traffic of only a
single class. What is the amount of traffic sent OUT of the queue?
In the statistics showed by "pfctl -vs queue" there are two values:
one is the amount of dropped traffic, and the other?
The amount of passed traffic.
Is it the traffic sent OUT, or is the traffic sent INTO the queue
(so I have to subtract the amount of the dropped one)?
Huh?
2) If the queues contain the traffic of more than a class, is there
a way to know the amount of traffic that actually was sent out (not
dropped by a queue) for every single class?
The statistics showed by "pfctl -vs labels" count the traffic
ENTERED in the queue, even for "pass OUT" rules?
If a packet matches a rule (or an existing state that matches a rule)
that uses the queue keyword, that packet gets assigned to the queue.
Any passed packets (or dropped packets) that are assigned to a queue
count towards the "passed pkts/bytes" and "dropped pkts/bytes"
statistics shown by "pfctl -vsq".
Perhaps I don't understand your question. The answer seems simple
enough.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
