pfctl bug

I think I might have found another bug, this time with the pfctl utility (of PF itself). I was dumping pfctl -vs rule dumps, and feeding that information into MRTG to produce a graph.

I take a poll every 5 minutes, and subtract that value form the one 5 minutes ago. I divide that number by 300 (5 minutes in seconds) and feed that into mrtg. I was generating a graph on a two rules, one inbound for a single IP, and another for it's outbound. That single machine, for testing sake, was downloading at 20kbyte/s on average during this entire graphing period. The numbers grew gradually over my testing period.

For my MRTG output, see
http://www.purevanity.net/pfctlbug/

For my RAW numbers see:
http://www.purevanity.net/pfctlbug/rawstats.txt

Below is the PHP code I use to grab the numbers from the database, and mess with 'em, then feed a bytes/s average for the last 5 minutes:

$sql = "SELECT * from fwlast where ip='$ip'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$lastup = $row["up"];
$lastdown = $row["down"];
$sql = "SELECT * from fw where ip='$ip'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$up = $row["up"];
$down = $row["down"];

if ($lastup > $up) {
  $lastup = 0;
}
if ($lastdown > $up) {
  $lastdown = 0;
}
$difup = $up - $lastup;
$difdown = $down - $lastdown;
$difup = $difup / 300;
$difdown = $difdown / 300;

print $difup . "\n";
print $difdown . "\n";
print "0\n";
$sql = "delete from fwlast where ip='$ip'";
$result = mysql_query($sql);
$sql = "insert into fwlast values ('$ip', '$down', '$up')";
$result = mysql_query($sql);

I've double checked my math, so unless I'm having another one of those days...
Let me know if I can provide any more information. BTW, those numbers are what the output from pfctl -vs rules for the monitored rule outputs, so no code around that is messing things up.

--Dave Received on Fri May 30 00:12:02 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek