DragonFly On-Line Manual Pages
ipacctd(8) DragonFly System Manager's Manual ipacctd(8)
NAME
ipacctd - IP accounting using divert socket
SYNOPSIS
ipacctd [-cdhstvwV] [-b size] [-f file] [-m recs] [-r file] -p port
DESCRIPTION
The ipacctd is intended for IP accounting. divert(4) and corresponding
ipfw(8) rules are used for obtaining IP packets.
The following options are available:
-b size Set both input and output buffer size of divert(4) socket
to size. When number of packets per second is too great
it is recommended to set buffer size equal to maximum
value (equal to value of sysctl(8) variable
kern.ipc.maxsockbuf).
-c cisco-like accounting output format. In this case the
columns packets and bytes are swapped and space symbol are
inserted before ip_src.
-d Do not detach from the controlling terminal (do not call
daemon(3) ). Useful for debugging.
-f file Dump accounting to the file. The filename string may
contain any of the conversion specifications described in
the strftime(3).
-h Display help information (list of supported options).
-m recs Set maximum number of records in hash table (by default
equal to 30000). The record is a unique combination of
ip_src/ip_dst for standard accounting mode and
ip_src/ip_dst/s_port/d_port/ip_proto for extended
accounting mode. Using this option prevents DoS attacks
because for each record in the hash table some amount of
operating memory is required.
-p port Required option. Set the port number related to correspond
divert/tee rule.
-r file Specify the name and path to record the ipacctd 's process
ID.
-s Create unix(4) stream socket which can be used to fetch
accounting instead of sending SIGHUP. See also
IMPLEMENTATION NOTES.
-t Use tee ipfw(8) rule for obtaining packets ( divert is
used by default).
-v Extended accounting mode (also output ip protocol and
TCP/UDP/ICMP ports).
-w Output the time of writing the first packet in time_t
format in the last column.
-V Show ipacctd version.
The SIGHUP signal causes ipacctd to dump accounting in the default file
or specified in -f option. Accounting format is:
ip_from ip_to bytes packets
When -v option is used the accounting output format is:
ip_from s_port ip_to d_port proto bytes packets
If proto is ICMP then s_port is ICMP type and d_port is ICMP sub-code.
The SIGUSR2 signal causes ipacctd to dump current accounting and
debugging information to file /var/tmp/ipacctd_dump.
IMPLEMENTATION NOTES
Since 1.43 version option -s is introduced, which is used to fetch
accounting via cat(1):
cat /tmp/ipacct/ipacct.<port>
Note that support of unix(4) sockets in cat(1) was introduced in
FreeBSD 4.5.
FILES
/tmp/ipacct/ipacct.<port> unix(8) socket used to obtain accounting
when -s option is specified
/var/log/ipacct.<port> default accounting file
/vsr/run/ipacctd.<port> default process ID file
/var/tmp/ipacctd_dump default dump file
EXAMPLES
Typical ipacctd use:
1. Add ipfw(8) rule
add 2000 divert 10000 ip from any to any via ppp*
2. Run ipacctd
ipacctd -v -p 10000 -f /var/log/ipacct.%F_%T
After these steps when the SIGHUP is sent ipacctd will dump all
accounting for IP packets transmitted via ppp interfaces to the file
ipacct.YYYY-MM-DD_HH:MM:SS.
DIAGNOSTICS
All error messages are logged to syslog(3). It is important to pay
attention to messages like (port %d) accounting threshold exceeded for %d
packet(s) and %d byte(s). They mean that the shown number of packets was
received by ipacctd but was not accounted because the number of records
in the hash table had been exhausted. The possible solution is to dump
accounting more often or to increase the number of records in hash table
with option -m.
COMPATIBILITY
The ipacctd should work on all versions of FreeBSD that support divert(4)
sockets.
SEE ALSO
divert(4), ipfw(8).
AUTHORS
Roman V. Palagin <romanp@unshadow.net>.
English version of this manual page has been written by
Sergey Skvortsov <skv@FreeBSD.org>.
BUGS
If you find one - please contact the author.
DragonFly 6.5-DEVELOPMENT June 27, 2003 DragonFly 6.5-DEVELOPMENT