On 9 Apr 2006, at 15:26, Stuart Henderson wrote:
The thing with pflog is that I can't see which field (if any) is the
packet size, which is what I'm interested in. I'm trying to log how
much of which protocol eats what amount of my bandwidth, both inbound
and outbound.
Are the 'pfctl -sr -v' counters no use for you?
These look very promising indeed. I'm guessing that this:
-s rules Show the currently loaded filter
rules. When used
together with -v, the per-rule
statistics (number
of evaluations, packets and bytes) are
also shown.
Note that the ``skip step''
optimization done au-
tomatically by the kernel will skip
evaluation of
rules where possible. Packets passed
statefully
are counted in the rule that created
the state
(even though the rule isn't evaluated
more than
once for the entire connection).
Means that all the bytes are counted, even for stateful connections?
So if the first x bytes of an HTTP connection create the state, and a
further Y bytes of web page are transmitted over that connection,
then the total bytes field will show X+Y, rather than just X?
Gaby
--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/
