mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-06 01:57:40 +00:00
* add new example to ng_ipacct.conf [1]
* skip NO_PACKAGE if PACKAGE_BUILDING is defined [1] * minor clean PR: ports/105597 Submitted by: Eugene Grosbein <eugen xx kuzbass.ru>
This commit is contained in:
parent
0513d9f43b
commit
db26f4a06d
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=214189
@ -14,14 +14,17 @@ MASTER_SITES= ${MASTER_SITE_LOCAL:S!$!skv/!} \
|
||||
MAINTAINER= skv@FreeBSD.org
|
||||
COMMENT= Netgraph IP accounting
|
||||
|
||||
.ifndef PACKAGE_BUILDING
|
||||
NO_PACKAGE= "Depends on kernel"
|
||||
.endif
|
||||
|
||||
OPTIONS= MEM_ZONE "Use UMA zone allocator (>= 5.x only)" on
|
||||
|
||||
PLIST_SUB+= KMODDIR=${KMODDIR}
|
||||
KMODDIR= /boot/modules
|
||||
PLIST_SUB+= KMODDIR=${KMODDIR:S!^/!!}
|
||||
|
||||
WRKSRC= ${WRKDIR}/${PORTNAME}
|
||||
MAKE_ENV= BINDIR="${PREFIX}/sbin"
|
||||
MAKE_ENV= BINDIR="${PREFIX}/sbin" KMODDIR=${KMODDIR}
|
||||
|
||||
MAN8= ipacctctl.8
|
||||
MANLANG= ru.KOI8-R
|
||||
|
@ -12,7 +12,7 @@
|
||||
ng_ipacct_modules_load="YES"
|
||||
|
||||
# Netgraph can load required ng_* modules automatically on the hook creation
|
||||
# - except for "ng_ether". Generally, preloading modules is recommended.
|
||||
# - except for "ng_ether". Generally, modules preloading is recommended.
|
||||
# Do not add to this list modules which are statically compiled into kernel.
|
||||
#ng_ipacct_modules_list="netgraph ng_ether ng_cisco ng_socket ng_tee ng_ipacct"
|
||||
ng_ipacct_modules_list="netgraph ng_ether ng_ipacct"
|
||||
@ -24,9 +24,9 @@ ng_ipacct_modules_list="netgraph ng_ether ng_ipacct"
|
||||
|
||||
# Default start/stop scripts.
|
||||
#
|
||||
# Single quotes is required to preserve newlines.
|
||||
# '%%iface%%' will be automatically expanded with relevant interface.
|
||||
# This feature should be applied to reuse indentical rules
|
||||
# Single quotes are required to preserve newlines.
|
||||
# '%%iface%%' will be automatically expanded with a relevant interface.
|
||||
# This feature should be applied to use indentical rules
|
||||
# for similar interfaces.
|
||||
ng_ipacct_default_ether_start='
|
||||
mkpeer %%iface%%: tee lower right
|
||||
@ -91,7 +91,7 @@ ng_ipacct_xl0_savetime="no" # 'no' by default
|
||||
ng_ipacct_xl0_start=${ng_ipacct_default_ether_start}
|
||||
ng_ipacct_xl0_stop=${ng_ipacct_default_ether_stop}
|
||||
ng_ipacct_xl0_checkpoint_script="path/to/your/script --checkpoint-and-save xl0"
|
||||
# this script is called on stop (to save accumulated
|
||||
# this script is called on "stop" (to save accumulated
|
||||
# data) or via "rc.d/ng_ipacct.sh checkpoint"
|
||||
|
||||
# EXAMPLE 2. Cronyx Sigma WAN adapter with HDLC encapsulation
|
||||
@ -196,8 +196,76 @@ ng_ipacct_xl0_savetime="no" # 'no' by default
|
||||
ng_ipacct_xl0_start=${ng_ipacct_bpf_ether_start}
|
||||
ng_ipacct_xl0_stop=${ng_ipacct_bpf_ether_stop}
|
||||
ng_ipacct_xl0_checkpoint_script="path/to/your/script --checkpoint-and-save xl0"
|
||||
# this script is called on stop (to save accumulated
|
||||
# this script is called on "stop" (to save accumulated
|
||||
# data) or via "rc.d/ng_ipacct.sh checkpoint"
|
||||
ng_ipacct_xl0_afterstart_script="path/to/your/script --load-bpf-filters xl0"
|
||||
# this script is called just after initialization
|
||||
# of nodes to load filters into xl0_bpf
|
||||
|
||||
# EXAMPLE 5. Really _divert_ traffic to ng_ksocket
|
||||
|
||||
# ipfw add divert 4001 ip from any to any via em0 in
|
||||
# ipfw add divert 4002 ip from any to any via em0 out
|
||||
|
||||
# USER-LEVEL | KERNEL-LEVEL
|
||||
# |
|
||||
# div4 *.4001 ->|-> ipfw_ks_in in-(ipfw_echo_in)
|
||||
# | | |
|
||||
# | (inet/raw/divert)---(left)-(ipfw_tee_in)-right
|
||||
# | |
|
||||
# | left2right---(ipfw_in)
|
||||
# | |
|
||||
# | ipfw_ip_acct
|
||||
# | |
|
||||
# | left2right---(ipfw_out)
|
||||
# | |
|
||||
# | (inet/raw/divert)---(left)-(ipfw_tee_out)-right
|
||||
# | | |
|
||||
# div4 *.4002 ->|-> ipfw_ks_out out-(ipfw_echo_out)
|
||||
#
|
||||
# ipfw_ks_in - ng_ksocket
|
||||
# ipfw_ks_out - ng_ksocket
|
||||
# ipfw_tee_in - ng_tee
|
||||
# ipfw_tee_out - ng_tee
|
||||
# ipfw_ip_acct - ng_ipacct
|
||||
# ipfw_echo_in - ng_echo
|
||||
# ipfw_echo_out - ng_echo
|
||||
|
||||
ng_ipacct_ks_start='
|
||||
mkpeer ipacct dummy dummy
|
||||
name .:dummy %%iface%%_ip_acct
|
||||
|
||||
mkpeer %%iface%%_ip_acct: tee %%iface%%_in left2right
|
||||
name %%iface%%_ip_acct:%%iface%%_in %%iface%%_tee_in
|
||||
mkpeer %%iface%%_ip_acct: tee %%iface%%_out left2right
|
||||
name %%iface%%_ip_acct:%%iface%%_out %%iface%%_tee_out
|
||||
|
||||
mkpeer %%iface%%_tee_in: echo right in
|
||||
name %%iface%%_tee_in:right %%iface%%_echo_in
|
||||
mkpeer %%iface%%_tee_out: echo right out
|
||||
name %%iface%%_tee_out:right %%iface%%_echo_out
|
||||
|
||||
mkpeer %%iface%%_tee_in: ksocket left inet/raw/divert
|
||||
name %%iface%%_tee_in:left %%iface%%_ks_in
|
||||
msg %%iface%%_ks_in: bind inet/0.0.0.0:4001
|
||||
|
||||
mkpeer %%iface%%_tee_out: ksocket left inet/raw/divert
|
||||
name %%iface%%_tee_out:left %%iface%%_ks_out
|
||||
msg %%iface%%_ks_out: bind inet/0.0.0.0:4002
|
||||
|
||||
rmhook .:dummy
|
||||
'
|
||||
ng_ipacct_ks_stop='
|
||||
shutdown %%iface%%_ks_in:
|
||||
shutdown %%iface%%_ks_out:
|
||||
shutdown %%iface%%_tee_in:
|
||||
shutdown %%iface%%_tee_out:
|
||||
'
|
||||
ng_ipacct_ks_dlt="RAW" # required line; see ipacctctl(8)
|
||||
ng_ipacct_ks_threshold="15000" # '5000' by default
|
||||
ng_ipacct_ks_verbose="yes" # 'yes' by default
|
||||
ng_ipacct_ks_saveuid="yes" # 'no' by default
|
||||
ng_ipacct_ks_savetime="no" # 'no' by default
|
||||
ng_ipacct_ks_checkpoint_script="path/to/your/script --checkpoint-and-save ks"
|
||||
# this script is called on stop (to save accumulated
|
||||
# data) or via "rc.d/ng_ipacct.sh checkpoint"
|
||||
|
Loading…
Reference in New Issue
Block a user