Hi,
I am testing pmacctd in my network, here is the topo:
local subnet(192.168.20.0/24) --- (eth1 192.168.20.1)Gateway(eth0
10.10.8.1) --- internet
pmacctd.conf:
################################################################################
interface: any
debug: true
daemonize: false
promisc: false
sql_cache_entries: 2
pcap_filter: not ip broadcast and not (host 192.168.20.1 or 10.10.8.1)
!syslog: daemon
plugins: sqlite3[din]
pidfile: /var/run/pmacctd.pid
sql_db: /usr/local/conf/db/db.pmacctd.sqlite
!=======plugin 1day setting=====
aggregate[din]: dst_host
!aggregate[dout]: src_host
aggregate_filter[din]: dst net 192.168.20.0/24
!aggregate_filter[dout]: src net 192.168.20.0/24
sql_table[din]: acct_in_1day
!sql_table[dout]: acct_out_1day
sql_table_version[din]: 1
!sql_table_version[dout]: 1
sql_refresh_time[din]: 59
!sql_refresh_time[dout]: 67
sql_history[din]: 1d
!sql_history[dout]: 1d
sql_history_roundoff[din]: h
!sql_history_roundoff[dout]: h
plugin_pipe_size[din]: 1024000
!plugin_pipe_size[dout]: 1024000
plugin_buffer_size[din]: 10240
!plugin_buffer_size[dout]: 10240
!====================================
!plugins: sqlite3[din],sqlite3[dout]
######################################################################################
If the interface is set to 'eth1' in pmacctd.conf. the aggregate filter
works properly. but if the interface is set to 'any', all of the packets
is filtered out. nothing is written to the database. bpf_filter() in
exec_plugin() always returns 0, I think it should be a bug in
bpf_filter() or pmacct since 'any' is a valid device name in libpcap.
I'm using libpcap 0.9.4 and pmacct 0.10.3 on linux kenerl 2.6.15.7. but
the bug can also be found in pmacct 0.10.2.
Any help will be appeciated.
Thanks.
Best regards,
Zhuang Yuyao
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
