From mw@beast.FreibergNet.de  Thu May 29 02:10:10 1997
Received: from beast.FreibergNet.de (beast.FreibergNet.de [195.125.179.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA04094
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 29 May 1997 02:10:07 -0700 (PDT)
Received: (from mw@localhost)
	by beast.FreibergNet.de (8.8.5/8.8.5) id LAA02799;
	Thu, 29 May 1997 11:10:01 +0200 (CEST)
Message-Id: <199705290910.LAA02799@beast.FreibergNet.de>
Date: Thu, 29 May 1997 11:10:01 +0200 (CEST)
From: mw@FreibergNet.DE
Reply-To: mw@FreibergNet.DE
To: FreeBSD-gnats-submit@freebsd.org
Subject: IP Accounting counts packets to virtual servers more than once
X-Send-Pr-Version: 3.2

>Number:         3707
>Category:       kern
>Synopsis:       IP Accounting counts packets two virtual servers more than once
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 29 02:20:01 PDT 1997
>Closed-Date:    Mon Sep 22 01:09:44 PDT 1997
>Last-Modified:  Mon Sep 22 01:11:36 PDT 1997
>Originator:     Martin Welk
>Release:        FreeBSD 2.2-RELEASE i386
>Organization:
Provider for Internet Services
>Environment:

	Our FreeBSD server has some different IP addresses running
	virtual www and ftp servers for customers and yet two
	different Ethernet devices, one used mainly for our
	Internet connection, the other for our local network.

>Description:

	We're trying to use the firewall's accounting functions
	to count incoming and outgoing traffic.

	Data transferred from another host (also running FreeBSD,
	but this shouldn't be relevant) is counted correctly.
	But when I'm logged in on the server itself and
	transferring data to a virtual machine on the same
	server, it count's a significant higher amount of data.

	For example, if I send a ``ping -c 1'' to the virtual
	address, it doesn't count the expected 84 bytes but
	it counts exactly twice as much, 168 bytes.

	If I do an ftp transfer, it counts almost twice as much.
	I can't reproduce the transferred amount of data from
	that counted.
	
>How-To-Repeat:

	Enable IP accounting, do an ifconfig alias for another
	address on your subnet, do an ipfw zero, send ping to
	that address. Tell me if it works for you.

	I'll add my firewall rules:

	add 65435 allow ip from any to any
	add 01000 count ip from 127.0.0.1 to 127.0.0.1
	add 01010 count ip from beast.FreibergNet.de to any
	add 01020 count ip from any to beast.FreibergNet.de
	add 01030 count ip from www.Liebscher.FreibergNet.de to any
	add 01040 count ip from any to www.Liebscher.FreibergNet.de
	add 01050 count ip from ftp.FreibergNet.de to any
	add 01060 count ip from any to ftp.FreibergNet.de
	add 01070 count ip from ftp.actech.FreibergNet.de to any
	add 01080 count ip from any to ftp.actech.FreibergNet.de
	add 01090 count ip from www.Solac.FreibergNet.de to any
	add 01100 count ip from any to www.Solac.FreibergNet.de
	add 01110 count ip from camelot.FreibergNet.de to any
	add 01120 count ip from any to camelot.FreibergNet.de

	ifconfig de0 says:

	de0: flags=c943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK2,MULTICAST> mtu 1500
		inet 195.125.179.3 netmask 0xffffff80 broadcast 195.125.179.127
		inet 195.125.179.11 netmask 0xffffff80 broadcast 195.125.179.127
		inet 195.125.179.12 netmask 0xffffff80 broadcast 195.125.179.127
		inet 195.125.179.13 netmask 0xffffff80 broadcast 195.125.179.127
		inet 195.125.179.14 netmask 0xffffff80 broadcast 195.125.179.127
		ether 00:00:c0:0c:7e:e0 

>Fix:
	
	I don't have any yet :-(
>Release-Note:
>Audit-Trail:

From: Poul-Henning Kamp <phk@dk.tfs.com>
To: mw@FreibergNet.DE
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/3707: IP Accounting counts packets to virtual servers more than once 
Date: Thu, 29 May 1997 11:50:17 +0200

 >
 >	We're trying to use the firewall's accounting functions
 >	to count incoming and outgoing traffic.
 >
 >	Data transferred from another host (also running FreeBSD,
 >	but this shouldn't be relevant) is counted correctly.
 >	But when I'm logged in on the server itself and
 >	transferring data to a virtual machine on the same
 >	server, it count's a significant higher amount of data.
 
 Counted exactly twice I would pressume ?
 
 --
 Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
 http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
 whois: [PHK]                | phk@tfs.com           TRW Financial Systems, Inc.
 Power and ignorance is a disgusting cocktail.

From: Martin Welk <mw@beast.FreibergNet.de>
To: phk@dk.tfs.com (Poul-Henning Kamp)
Cc: mw@FreibergNet.DE, FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/3707: IP Accounting counts packets to virtual servers more than once
Date: Thu, 29 May 1997 11:59:28 +0200 (CEST)

 Poul-Henning Kamp writes:
 
 () >	Data transferred from another host (also running FreeBSD,
 () >	but this shouldn't be relevant) is counted correctly.
 () >	But when I'm logged in on the server itself and
 () >	transferring data to a virtual machine on the same
 () >	server, it count's a significant higher amount of data.
 () Counted exactly twice I would pressume ?
 
 As I stated later in my PR, I can't tell exactly when I transfer data
 via ftp. A `ping -c 1' is definitely counted twice.
 
 Does it have something to do with IP accounting collecting it's data
 depending on the network device (here the loopback device)?
 
 I'm not deep enough in the firewall's internals...
 
 Thanks in advance for your help!
 
 Martin
 -- 
 Liebscher & Partner Werbeagentur                                Martin Welk
 09599 Freiberg, Am St. Niclas Schacht 13             network administration
 Advertising, Art Design & DTP                   phone: (+49|0) 3731 781-386
 http://www.FreibergNet.de                         fax: (+49|0) 3731 781-377

From: Poul-Henning Kamp <phk@dk.tfs.com>
To: mw@FreibergNet.DE
Cc: phk@dk.tfs.com (Poul-Henning Kamp), FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/3707: IP Accounting counts packets to virtual servers more than once 
Date: Thu, 29 May 1997 12:04:25 +0200

 >As I stated later in my PR, I can't tell exactly when I transfer data
 >via ftp. A `ping -c 1' is definitely counted twice.
 >
 >Does it have something to do with IP accounting collecting it's data
 >depending on the network device (here the loopback device)?
 
 No, but it will count them both in and outgoing on the interfaces.
 
 Try to say
 
 	ipfw ...... in
 
 They the packets should only be counted once in both cases.
 
 --
 Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
 http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
 whois: [PHK]                | phk@tfs.com           TRW Financial Systems, Inc.
 Power and ignorance is a disgusting cocktail.
State-Changed-From-To: open->closed 
State-Changed-By: danny 
State-Changed-When: Mon Sep 22 01:09:44 PDT 1997 
State-Changed-Why:  

This PR was left dangling open after the user was given better instructions 
on using ipfw accounting.  No changes to FreeBSD needed.  User has agreed  
to the closing of the PR. 
>Unformatted:
