On 26 Jun 2020, at 13:56, Özkan KIRIK wrote:
My goal is save pkt/byte counters of each expired/killed/closed states
into
a txt file.
What is the right way to do this in userspace ?
There’s no real right way to do this using pf. There are a couple of
things that’ll get close, but no 100% solution.
Is it possible to do something with ioctl & poll ?
No. You could poll the states, but you’d heavily affect throughput and
you’re going to miss data.
Alternatively is it possible to create multiple pfsync interfaces,
first
one for real purpose to send state changes to slave host, the second
one
for sending this log collect process lo1?
No, it’s not possible to create more than one pfsync interface. Pfsync
can send its data to a multicast group, so you could have multiple
subscribers.
Note that pfsync optimises updates, so it’s likely that short-lived
connections (i.e. where the connection is set up, used and closed before
the next sync) will not result in sync messages.
Following lines prevents cloning second pfsync interface:
/usr/src/sys/netpfil/pf/if_pfsync.c on line 331 (pfsync_clone_create
function)
if (unit != 0)
return (EINVAL);
If I remove these lines, do I hit any error ?
Yes, that will break. Pfsync is not designed to have multiple
interfaces.
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
