Hello again
I wrote to the author of IPA - Andrey Simonenko and described him our
problem. He answered that he is currently working on new version of IPA.
To solve problem quickly he has released a patch which modify IPA 1.3.6 to
work in OpenBSD 3.8. I tried it and it works. According to Andrey the
problem is caused by new format of PF rule which now has two bytes and
packet counters - one for original direction of packet and another one for
reverse direction. Which could be probably use in future to measure outgoing
and incoming traffic separatelly in one rule where is keep state statement.
The patch now sums both directions so it works as before.
I placed the patch to my site, you can download it from:
http://www.kubikcz.net/ipa-1.3.6.diff ( in the diff is maybe wrong line, I
used line 176 instead of 173 and file has been patched successfuly )
Finally I'd like to thanks to Andrey very much for his great work.
MK
----- Original Message -----
From: "Spruell, Darren-Perot" <[EMAIL PROTECTED]>
To: <misc@openbsd.org>
Sent: Tuesday, November 15, 2005 11:52 PM
Subject: Re: OpenBSD 3.8 and IPA
From: MK [mailto:[EMAIL PROTECTED]
worked fine. But now in OpenBSD 3.8 it seems that IPA doesn't work
correctly. I can compile it, run it but the IPA can't see any
traffic. I
have same config file as before. I think that something had
to change in new
version of OpenBSD so IPA can't extract traffic from pf
rules.
I've noticed the same issue. Mine was on a snapshot several weeks ago
(3.8-current).
The IPA accounting rules just show 0, even when the rule counters
increment
for monitored pf rules.
DS
