On Fri, Oct 2, 2009 at 10:43 PM, Alvaro Mantilla Gimenez
<alvaro@dydnetworks.com> wrote:
quoted text > patrick keshishian escribis:
>> On Fri, Oct 2, 2009 at 8:21 PM, Alvaro Mantilla Gimenez
>> <alvaro@dydnetworks.com> wrote:
>>> Hi,
>>>
>>> I found a wear behavior of pfctl.
>>>
>>> I have this pf.conf (I am going to show only the lines that matters):
>>>
>>> ---------------------------------
>>> external = "cdce0"
>>>
>>> internal = "re0"
>>>
>>> set loginterface $external
>>>
>>> set loginterface $internal
>>> ---------------------------------
>>>
>>> According to this both interfaces are collecting statistics...but if I
>>> run the command "pfctl -s info" then shows:
>>
>> I don't think that is true. I believe you can only 'set loginterface'
>> for only one interface or interface-group:
>>
>> $ man pf.conf
>> /loginterface
>> set loginterface
>> Enable collection of packet and byte count statistics for the
>> given interface or interface group.
>>
>> $ man ifconfig
>> /group
>> group group-name
>> Assign the interface to a ``group''. Any interface
> can
>> be in multiple groups.
>>
>> might be what you are looking for.
>>
>
> Are the interfaces re0 and cdce0 in the same group??
> There is no "groups" on re0 definition...
It does not look like it based on your provided output below:
quoted text > $ ifconfig -a
>
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33204
> priority: 0
> groups: lo
> inet 127.0.0.1 netmask 0xff000000
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:a0:d1:5e:a0:63
> description: RED_INTERNA
> priority: 0
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 7.7.7.1 netmask 0xffffff80 broadcast 7.7.7.127
> inet6 fe80::2a0:d1ff:fe5e:a063%re0 prefixlen 64 scopeid 0x1
> wpi0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:18:de:a6:e7:64
> priority: 0
> groups: wlan
> media: IEEE802.11 autoselect
> status: no network
> ieee80211: nwid ""
> enc0: flags=0<> mtu 1536
> priority: 0
> cdce0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 2a:cb:02:bf:5d:00
> description: CABLE_MODEM
> priority: 0
> groups: egress
> inet6 fe80::28cb:2ff:febf:5d00%cdce0 prefixlen 64 scopeid 0x5
> inet 190.XXX.XX.XXX netmask 0xffffff00 broadcast 255.255.255.255
> pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204
> priority: 0
> groups: pflog
>
>
>>> After that I commented the line "#set loginterface $internal" and then
>>> the output was this:
>>
>> Reverse the order of 'set loginterface ...' in your pf.conf and try
>> `pfctl -si'. Does that reverse your findings?
>>
>> --patrick
>
> set loginterface $internal
>
> set loginterface $external
>
> # pfctl -si
>
>
> Status: Enabled for 0 days 02:07:42 Debug: Urgent
>
> Interface Stats for cdce0 IPv4 IPv6
[...]
quoted text > Same thing....
Not the same thing. The reverse; which indicates that only the last
`set loginterface $if' is used; that is, you may not specify multiple
`set loginterface $if' options.
Try, adding your re0 and cdce0 to a single user defined group and use
that group in your pf.conf for `set loginterface $thegroup'. But I
suspect, this may not be what you are looking for.
$ sudo ifconfig re0 group alvaro
$ sudo ifconfig cdce0 group alvaro
$ ifconfig
to verify group names, then change your /etc/pf.conf to include:
set loginterface alvaro
reload rules:
$ sudo pfctl -f /etc/pf.conf
$ sudo pfctl -si
That should give you stats for all interfaces belonging to the group
"alvaro". But, once again, this may not be what you want.
--patrick
