GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  IPACCTD (8)

NAME

ipacctd - IP accounting using divert socket

CONTENTS

Synopsis
Description
Implementation Notes
Files
Examples
Diagnostics
Compatibility
See Also
Authors
Bugs

SYNOPSIS

ipacctd [-cdhstvwV] [-b size] [-f file] [-m recs] [-r file] -p port

DESCRIPTION

The ipacctd is intended for IP accounting. divert(4) and corresponding ipfw(8) rules are used for obtaining IP packets.

The following options are available:
-b size Set both input and output buffer size of divert(4) socket to size. When number of packets per second is too great it is recommended to set buffer size equal to maximum value (equal to value of sysctl(8) variable kern.ipc.maxsockbuf).
-c cisco-like accounting output format. In this case the columns packets and bytes are swapped and space symbol are inserted before ip_src.
-d Do not detach from the controlling terminal (do not call daemon(3) ). Useful for debugging.
-f file Dump accounting to the file. The filename string may contain any of the conversion specifications described in the strftime(3).
-h Display help information (list of supported options).
-m recs Set maximum number of records in hash table (by default equal to 30000). The record is a unique combination of ip_src/ip_dst for standard accounting mode and ip_src/ip_dst/s_port/d_port/ip_proto for extended accounting mode. Using this option prevents DoS attacks because for each record in the hash table some amount of operating memory is required.
-p port Required option. Set the port number related to correspond divert/tee rule.
-r file Specify the name and path to record the ipacctd ’s process ID.
-s Create unix(4) stream socket which can be used to fetch accounting instead of sending SIGHUP. See also IMPLEMENTATION NOTES.
-t Use tee ipfw(8) rule for obtaining packets ( divert is used by default).
-v Extended accounting mode (also output ip protocol and TCP/UDP/ICMP ports).
-w Output the time of writing the first packet in time_t format in the last column.
-V Show ipacctd version.

The SIGHUP signal causes ipacctd to dump accounting in the default file or specified in -f option. Accounting format is:

ip_from ip_to bytes packets

When -v option is used the accounting output format is:

ip_from s_port ip_to d_port proto bytes packets

If proto is ICMP then s_port is ICMP type and d_port is ICMP sub-code.

The SIGUSR2 signal causes ipacctd to dump current accounting and debugging information to file /var/tmp/ipacctd_dump.

IMPLEMENTATION NOTES

Since 1.43 version option -s is introduced, which is used to fetch accounting via cat(1):

    cat /tmp/ipacct/ipacct.<port>

Note that support of unix(4) sockets in cat(1) was introduced in
.Fx 4.5 .

FILES

/tmp/ipacct/ipacct.<port>
  unix(8) socket used to obtain accounting when -s option is specified
/var/log/ipacct.<port> default accounting file
/vsr/run/ipacctd.<port> default process ID file
/var/tmp/ipacctd_dump default dump file

EXAMPLES

Typical ipacctd use:
  1. Add ipfw(8) rule

        add 2000 divert 10000 ip from any to any via ppp*

  2. Run ipacctd

        ipacctd -v -p 10000 -f /var/log/ipacct.%F_%T

After these steps when the SIGHUP is sent ipacctd will dump all accounting for IP packets transmitted via ppp interfaces to the file ipacct.YYYY-MM-DD_HH:MM:SS.

DIAGNOSTICS

All error messages are logged to syslog(3). It is important to pay attention to messages like (port %d) accounting threshold exceeded for %d packet(s) and %d byte(s). They mean that the shown number of packets was received by ipacctd but was not accounted because the number of records in the hash table had been exhausted. The possible solution is to dump accounting more often or to increase the number of records in hash table with option -m .

COMPATIBILITY

The ipacctd should work on all versions of
.Fx that support divert(4) sockets.

SEE ALSO

divert(4), ipfw(8).

AUTHORS


.An Roman V. Palagin Aq romanp@unshadow.net .

English version of this manual page has been written by
.An Sergey Skvortsov Aq skv@FreeBSD.org .

BUGS

If you find one - please contact the author.
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.