Gentlemen, I've expanded upon the work of Masahiro Sekiguchi <[EMAIL PROTECTED]>'s patch for libalias located at: http://www.fexx.org/ybb/alias_db.c.diff.txt
This alias_db.c diff modified libalias in a way to replace the original /var/log/alias.log file with one that reported running statistics in a format like such: + udp 219.63.255.49:1024 211.5.1.219:53 219.63.255.49:1024 *:* (0x8060100) + udp 219.63.255.49:1024 165.76.0.98:53 219.63.255.49:1024 *:* (0x8060180) + udp 219.63.255.49:1024 165.76.4.2:53 219.63.255.49:1024 *:* (0x8060200) + udp 219.63.255.49:1024 211.5.1.217:53 219.63.255.49:1024 *:* (0x8060280) + tcp 192.168.1.188:1346 210.142.46.154:80 219.63.255.49:1346 *:* (0x8060300) + udp 219.63.255.49:1024 210.141.108.194:53 219.63.255.49:1024 *:* (0x8060400) + udp 219.63.255.49:1024 210.239.166.194:53 219.63.255.49:1024 *:* (0x8060480) Obviously this patch was built for a much older version of libalias; circa 2003. I recently attempted to convert his work, modify it (relatively heavily) for my own uses and what I think makes a bit better sense; after a few weeks of testing and repeated modifications I'm ready to give it to whomever thinks they could make use of it. The highlights of my changes: * alias.log becomes 'alias' under /var/log; it is no longer a massive running list of connection #'s per protocol, but a one-line file updated every 20 seconds showing current protocol #'s. * alias.details is a new log under /var/log which provides interesting information on all of the active translated connections in a format that looks like this: total: 485 time: 1209374774 last_chg exp_t T- protocol source addr:port dest addr:port alias addr:port proxy addr:port 1209374770 00060 -00056 udp 192.0.21.10:8080 78.109.177.139:61878 *:8080 *:* 1209374733 00010 00000 tcp DIS:DIS 192.0.21.10:3276 209.85.133.18:80 68.52.101.103:3276 *:* 1209374635 00060 00000 icmp 68.52.101.103:1 67.15.240.42:256 68.52.101.103:1 *:* 1209374566 00300 -00092 tcp EST:DWN 68.52.101.103:11225 69.60.111.193:39357 68.52.101.103:11225 *:* 1209374747 00010 00000 tcp DIS:DIS 192.0.21.10:3261 209.85.133.19:80 68.52.101.103:3261 *:* 1209374078 00300 00000 tcp PERMLNK 192.0.21.10:5580 *:* *:5580 *:* (if your email client supports tabbed text properly the format of the log looks much cleaner) * modified TCP_EXPIRE_CONNECTED from 24 hours to 1 hour (did this for debugging purposes, it can be set to whatever standard there is) I ran into this bug: BUG: when a TCP connection is dropped locally (behind the nat) or remotely, sometimes libalias/natd does not mark the translated TCP connection as down/disconnected/dead. The connection will remain in the translation tables until libalias/natd is reloaded. This could be just a problem with natd but I do not have the proper tools or environment to figure out exactly where the problem is coming from, leading to this: * modification: when idelta > lnk->expire_time and LINK_TCP in IncrementalCleanup(), SetStateIn/Out ALIAS_TCP_NOT_CONNECTED, reset lnk->timestamp to current la->timeStamp and set lnk->expire_time to TCP_EXPIRE_SINGLEDEAD; on the pass after next of the IncrementalCleanup() function we'll come across the same translation entry, if it hasn't changed we'll expire it. The issue here is that after a period of time I had 1500+ TCP connections in my translation tables all showing a "time to expire" of 0 seconds (out of 86400); and no activity on the network to warrant such connections. In normal TCP connections when a packet is processed for a translation entry lnk->timestamp is updated, so idelta will never exceed lnk->expire_time as long as the link is actually communicating packets; I feel like this was a safe compromise and it has not negatively affected my computing habits yet - but granted, I am neither a power user nor everyone else, so this solution/hack/crapshoot is open for interpritation. It's my experience with most commercial firewalls will drop inactive links after 15 min-1hr, etc. I've abused calls to AliasLog with this patch. I'm still a relative novice to C programming and memory management, so the last thing I wanted to deal with was mallocing crap and working with string buffers/etc and create all kinds of havoc. I'm not sure what sort of impact this has on the performance of the program; from my experience I've had 6000+ established UDP and TCP connections going at once (with about 800KB/s load) and my 1Ghz Celeron machine has seen about 30% load; it's important to note that libalias was rewriting the alias.details log every 75 state changes, instead of every 20 seconds like it does now; so it's likely the load will be significantly lower. I know there's been some recent changes to alias_db.c in the CVS which I did not have at the time I started making these changes, so I tried to keep what I've changed to a minimum in order to insure an easy patching process if any of you decide to implement this. Thanks to Masahiro Sekiguchi for his original work as an inspiration for me to do this; I don't know if anyone else uses ipfw/natd anymore (I know I do!) but if they do, they might find this useful. Any comments are appreciated. Regards, David Todd
libalias.patch
Description: Binary data
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
