diff options
| -rw-r--r-- | net-mgmt/Makefile | 1 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/Makefile | 44 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/distinfo | 2 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/files/ng_ipacct.conf | 106 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/files/ng_ipacct.sh.in | 160 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/files/pkg-message.in | 13 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/pkg-descr | 19 | ||||
| -rw-r--r-- | net-mgmt/ng_ipacct/pkg-plist | 6 |
8 files changed, 351 insertions, 0 deletions
diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile index f8fd4f1a7a3b..79455361cbbb 100644 --- a/net-mgmt/Makefile +++ b/net-mgmt/Makefile @@ -93,6 +93,7 @@ SUBDIR += netwag SUBDIR += netwox SUBDIR += nfdump + SUBDIR += ng_ipacct SUBDIR += nitpicker SUBDIR += nocol SUBDIR += nrg diff --git a/net-mgmt/ng_ipacct/Makefile b/net-mgmt/ng_ipacct/Makefile new file mode 100644 index 000000000000..b6d22935349e --- /dev/null +++ b/net-mgmt/ng_ipacct/Makefile @@ -0,0 +1,44 @@ +# New ports collection makefile for: ng_ipacct +# Date created: 30 Nov 2004 +# Whom: Sergey Skvortsov <skv@protey.ru> +# +# $FreeBSD$ +# + +PORTNAME= ng_ipacct +PORTVERSION= 20050228 +CATEGORIES= net-mgmt +MASTER_SITES= ftp://ftp.wuppy.net.ru/pub/FreeBSD/local/kernel/ng_ipacct/ + +MAINTAINER= skv@FreeBSD.org +COMMENT= Netgraph IP accounting + +NO_PACKAGE= "Depends on kernel" + +OPTIONS= MEM_ZONE "Use UMA zone allocator (5.x only)" off + +PLIST_SUB+= KMODDIR=${KMODDIR} + +WRKSRC= ${WRKDIR}/${PORTNAME} +MAKE_ENV= BINDIR="${PREFIX}/sbin" + +MAN8= ipacctctl.8 +MANLANG= ru.KOI8-R +MANCOMPRESSED= yes + +USE_RC_SUBR= ng_ipacct.sh +SUB_FILES= pkg-message + +.include <bsd.port.pre.mk> + +.ifdef WITH_MEM_ZONE +CFLAGS+= -DMEM_USE_ZONE +.endif + +post-install: + @${MKDIR} ${PREFIX}/include/netgraph + ${INSTALL_DATA} ${WRKSRC}/ng_ipacct/ng_ipacct.h ${PREFIX}/include/netgraph + ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf ${PREFIX}/etc/ + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/net-mgmt/ng_ipacct/distinfo b/net-mgmt/ng_ipacct/distinfo new file mode 100644 index 000000000000..a567c8a0d968 --- /dev/null +++ b/net-mgmt/ng_ipacct/distinfo @@ -0,0 +1,2 @@ +MD5 (ng_ipacct-20050228.tar.gz) = 881f05c5c4745128b45275af6b82f93f +SIZE (ng_ipacct-20050228.tar.gz) = 24970 diff --git a/net-mgmt/ng_ipacct/files/ng_ipacct.conf b/net-mgmt/ng_ipacct/files/ng_ipacct.conf new file mode 100644 index 000000000000..819f1c6f06a8 --- /dev/null +++ b/net-mgmt/ng_ipacct/files/ng_ipacct.conf @@ -0,0 +1,106 @@ +# $FreeBSD$ +# +# Please read and meditate on netgraph(4), ipacctctl(8) and ngctl(8). + +# Enable ng_ipacct (i.e. enable run startup script "ng_ipacct.sh") +#ng_ipacct_enable="YES" + +# Enable kernel modules loading. +# On "ng_ipacct.sh start" all kernel modules specified +# in ${ng_ipacct_modules_list} will be loaded. +# Note: on "ng_ipacct.sh stop" only "ng_ipacct" will be unloaded. +ng_ipacct_modules_load="YES" + +# Netgraph can load required ng_* modules automatically on the hook creation +# - except for "ng_ether". Generally, preloading modules is recommended. +# Do not add to this list modules which are statically compiled into kernel. +#ng_ipacct_modules_list="netgraph ng_ether ng_cisco ng_socket ng_tee ng_ipacct" +ng_ipacct_modules_list="netgraph ng_ether ng_ipacct" + +# List of monitored interfaces. For each interface additional vars must be +# specified in corresponding variables 'ng_ipacct_IFACE_*'. +# See examples below. +#ng_ipacct_interfaces="xl0 cx0" + +# Default start/stop scripts. +# +# Single quotes is required to preserve newlines. +# '%%iface%%' will be automatically expanded with relevant interface. +# This feature should be applied to reuse indentical rules +# for similar interfaces. +ng_ipacct_default_ether_start=' + mkpeer %%iface%%: tee lower right + name %%iface%%:lower %%iface%%_tee + connect %%iface%%: lower upper left + + mkpeer %%iface%%_tee: ipacct right2left %%iface%%_in + name %%iface%%_tee:right2left %%iface%%_ip_acct + connect %%iface%%_tee: %%iface%%_ip_acct: left2right %%iface%%_out +' + +ng_ipacct_default_ether_stop=' + shutdown %%iface%%_ip_acct: + shutdown %%iface%%_tee: + shutdown %%iface%%: +' + +# EXAMPLE 1. Ethernet interface + +# +-------------------------------+ +# | | +# (upper) (left2right)-----------(xl0_in) +# | | | | +# xl0 +--(left)-xl0_tee-(right) xl0_ip_acct +# | | | | +# (lower) | (right2left)-----------(xl0_out) +# | | +# +----------+ +# +# xl0 - ng_ether +# xl0_tee - ng_tee +# xl0_ip_acct - ng_ipacct + +# Configuration for 'xl0_ip_acct' node: + +ng_ipacct_xl0_dlt="EN10MB" # required line; see ipacctctl(8) +ng_ipacct_xl0_threshold="15000" # '5000' by default +ng_ipacct_xl0_verbose="yes" # 'yes' by default +ng_ipacct_xl0_saveuid="yes" # 'no' by default +ng_ipacct_xl0_savetime="no" # 'no' by default +ng_ipacct_xl0_start=${ng_ipacct_default_ether_start} +ng_ipacct_xl0_stop=${ng_ipacct_default_ether_stop} + +# EXAMPLE 2. Cronyx Sigma WAN adapter with HDLC encapsulation + +# cx0_hdlc-(downstream)----(rawdata)-cx0 +# | +# (inet) (left2right)--------------------(cx0_in) +# | | | +# (left)-cx0_tee-(right)---(inet)-ng0 cx0_ip_acct +# | | +# (right2left)--------------------(cx0_out) +# +# cx0 - ng_cx +# cx0_hdlc - ng_cisco +# cx0_tee - ng_tee +# cx0_ip_acct - ng_ipacct + +# Configuration for 'cx0_ip_acct' node: + +ng_ipacct_cx0_dlt="RAW" +ng_ipacct_cx0_start=' + mkpeer %%iface%%: cisco rawdata downstream + name %%iface%%:rawdata %%iface%%_hdlc + mkpeer %%iface%%_hdlc: tee inet left + name %%iface%%_hdlc:inet %%iface%%_tee + mkpeer %%iface%%_tee: iface right inet + + mkpeer %%iface%%_tee: ipacct right2left %%iface%%_in + name %%iface%%_tee:right2left %%iface%%_ip_acct + connect %%iface%%_tee: %%iface%%_ip_acct: left2right %%iface%%_out +' +ng_ipacct_cx0_stop=' + shutdown %%iface%%_ip_acct: + shutdown %%iface%%_tee: + shutdown %%iface%%_hdlc: +' diff --git a/net-mgmt/ng_ipacct/files/ng_ipacct.sh.in b/net-mgmt/ng_ipacct/files/ng_ipacct.sh.in new file mode 100644 index 000000000000..cc41066477fb --- /dev/null +++ b/net-mgmt/ng_ipacct/files/ng_ipacct.sh.in @@ -0,0 +1,160 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ng_ipacct +# REQUIRE: LOGIN abi +# BEFORE: securelevel +# KEYWORD: shutdown + +# +# Define these ng_ipacct_* variables in one of these files: +# +# /etc/rc.conf +# /etc/rc.conf.local +# /etc/rc.conf.d/ng_ipacct +# %%PREFIX%%/etc/ng_ipacct.conf +# +# Add the following line to enable `ng_ipacct': +# +#ng_ipacct_enable="YES" +# +# See %%PREFIX%%/etc/ng_ipacct.conf for futher reference. + +. "%%RC_SUBR%%" + +name="ng_ipacct" +rcvar=`set_rcvar` + +# for debugging purpose you can append flag "-d" to these cmds +# or even use dumb stubs. +ngctl="/usr/sbin/ngctl" +ngctl_batch="/usr/sbin/ngctl -f-" +#ngctl_batch="cat" +ipacctctl="%%PREFIX%%/sbin/ipacctctl" +#ipacctctl="echo %%PREFIX%%/sbin/ipacctctl" +sed="/usr/bin/sed" + +start_cmd="start_cmd" +stop_cmd="stop_cmd" + +bool2int() +{ + eval _value=\$${1} + case $_value in + # "yes", "true", "on", or "1" + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + eval $1=1 + ;; + # "no", "false", "off", or "0" + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + eval $1=0 + ;; + *) + echo "\$${1} is not set properly - see rc.conf(5)." + exit 1 + ;; + esac +} + +start_cmd() +{ + if checkyesno ng_ipacct_modules_load; then + debug "Load kld modules '${ng_ipacct_modules_list}'" + local module + for module in ${ng_ipacct_modules_list}; do + if ! /sbin/kldstat -n ${module} >/dev/null 2>&1; then + if ! /sbin/kldload ${module} >/dev/null; then + warn "can not load kld module ${module}" + fi + fi + done + fi + + local iface + + for iface in ${ng_ipacct_interfaces}; do + debug "start ng_ipacct interface ${iface}" + local dlt threshold verbose saveuid savetime start_script + + eval dlt=\$ng_ipacct_${iface}_dlt + if [ -z "$dlt" ]; then + echo " you must define 'ng_ipacct_${iface}_dlt'" + exit 1 + fi + + eval start_script=\$ng_ipacct_${iface}_start + if [ -z "$start_script" ]; then + echo " you must define 'ng_ipacct_${iface}_start'" + exit 1 + fi + + eval threshold=\${ng_ipacct_${iface}_threshold:-"5000"} + + eval verbose=\${ng_ipacct_${iface}_verbose:-"yes"} + bool2int verbose + + eval saveuid=\${ng_ipacct_${iface}_saveuid:-"no"} + bool2int saveuid + + eval savetime=\${ng_ipacct_${iface}_savetime:-"no"} + bool2int savetime + + ${sed} "s!%%iface%%!${iface}!g" <<-EOF | ${ngctl_batch} +$start_script +EOF + if ! ${ngctl} show ${iface}_ip_acct: >/dev/null 2>&1; then + warn "netgraph node '${iface}_ip_acct' did not created!" + else + ${ipacctctl} ${iface}_ip_acct:${iface} threshold ${threshold} + ${ipacctctl} ${iface}_ip_acct:${iface} verbose ${verbose} + ${ipacctctl} ${iface}_ip_acct:${iface} saveuid ${saveuid} + ${ipacctctl} ${iface}_ip_acct:${iface} savetime ${savetime} + fi + done +} + +stop_cmd() +{ + local iface + + for iface in ${ng_ipacct_interfaces}; do + debug "stop ng_ipacct interface ${iface}" + + local stop_script + eval stop_script=\$ng_ipacct_${iface}_stop + + if ${ngctl} show ${iface}_ip_acct: >/dev/null 2>&1; then + ${sed} "s!%%iface%%!${iface}!g" <<-EOF | ${ngctl_batch} +$stop_script +EOF + if ${ngctl} show ${iface}_ip_acct: >/dev/null 2>&1; then + warn "netgraph node '${iface}_ip_acct' did not destroyed!" + fi + fi + done + + if checkyesno ng_ipacct_modules_load; then + debug "Unload kld module 'ng_ipacct'" + local module + for module in ng_ipacct; do + if /sbin/kldstat -n ${module} >/dev/null 2>&1; then + /sbin/kldunload ${module} + fi + done + fi +} + +# read settings, set default values +if [ -f %%PREFIX%%/etc/${name}.conf ]; then + debug "Sourcing %%PREFIX%%/etc/${name}.conf" + . %%PREFIX%%/etc/${name}.conf +fi + +load_rc_config $name + +: ${ng_ipacct_enable="NO"} +: ${ng_ipacct_flags=""} + +run_rc_command "$1" diff --git a/net-mgmt/ng_ipacct/files/pkg-message.in b/net-mgmt/ng_ipacct/files/pkg-message.in new file mode 100644 index 000000000000..7f0bab834cf8 --- /dev/null +++ b/net-mgmt/ng_ipacct/files/pkg-message.in @@ -0,0 +1,13 @@ + +******************************************************************************* +* This port contains a prebuilt kernel module. Due to the ever changing * +* nature of FreeBSD it may be necessary to rebuild the module after a kernel * +* source update. To do this rebuild and reinstall the port. * +******************************************************************************* + +===> CONFIGURATION NOTE: + + To setup ng_ipacct, you may have to edit %%PREFIX%%/etc/ng_ipacct.conf. + + To run ng_ipacct from startup, add ng_ipacct_enable="YES" + in your /etc/rc.conf or activate it in %%PREFIX%%/etc/ng_ipacct.conf. diff --git a/net-mgmt/ng_ipacct/pkg-descr b/net-mgmt/ng_ipacct/pkg-descr new file mode 100644 index 000000000000..d56ba59a8851 --- /dev/null +++ b/net-mgmt/ng_ipacct/pkg-descr @@ -0,0 +1,19 @@ +The ng_ipacct is Netgraph IP accounting node intended to gather +IP traffic informations. + +IP accounting is collected in both simple and extended modes. +Output format is similar to the one used in Cisco IOS (command +"show ip accounting"). + +In simple mode output format is: + ip_from ip_to packets bytes + +and in verbose mode: + ip_from s_port ip_to d_port proto packets bytes + +Also, effective user ID of relevant process and timestamp can be saved. + +CPU overhead is minimal because ng_ipacct works at kernel level. + +Author: Roman V. Palagin <romanp@unshadow.net> +FTP: ftp://ftp.wuppy.net.ru/pub/FreeBSD/local/kernel/ng_ipacct/ diff --git a/net-mgmt/ng_ipacct/pkg-plist b/net-mgmt/ng_ipacct/pkg-plist new file mode 100644 index 000000000000..5e24ce8b1465 --- /dev/null +++ b/net-mgmt/ng_ipacct/pkg-plist @@ -0,0 +1,6 @@ +include/netgraph/ng_ipacct.h +etc/ng_ipacct.conf +sbin/ipacctctl +@unexec rmdir %D/include/netgraph 2>/dev/null || true +@cwd / +%%KMODDIR%%/ng_ipacct.ko |