From laskavy@Hedgehog.CS.MSU.SU  Sun Feb  8 12:27:45 1998
Received: from pc759.cs.msu.su (pc759.cs.msu.su [158.250.10.223])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA29476
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 8 Feb 1998 12:27:35 -0800 (PST)
          (envelope-from laskavy@Hedgehog.CS.MSU.SU)
Received: from Hedgehog.CS.MSU.SU (d85.z194-58-227.relcom.ru [194.58.227.85])
	by pc759.cs.msu.su (8.8.5/8.8.5) with ESMTP id XAA07762
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 8 Feb 1998 23:27:38 +0300 (MSK)
Received: (from laskavy@localhost)
	by Hedgehog.CS.MSU.SU (8.8.8/8.8.8) id XAA02789;
	Sun, 8 Feb 1998 23:20:58 +0300 (MSK)
	(envelope-from laskavy)
Message-Id: <199802082020.XAA02789@Hedgehog.CS.MSU.SU>
Date: Sun, 8 Feb 1998 23:20:58 +0300 (MSK)
From: laskavy@Hedgehog.CS.MSU.SU
Reply-To: laskavy@Hedgehog.CS.MSU.SU
To: FreeBSD-gnats-submit@freebsd.org
Subject: ipfw: byte counters: overflow
X-Send-Pr-Version: 3.2

>Number:         5682
>Category:       kern
>Synopsis:       ipfw: byte counters: overflow
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb  8 12:30:00 PST 1998
>Closed-Date:    Sun Feb 8 15:08:50 PST 1998
>Last-Modified:  Sun Feb  8 15:16:23 PST 1998
>Originator:     Sergei S. Laskavy
>Release:        FreeBSD 2.2.5-STABLE i386
>Organization:
Gambit Automated Design
>Environment:

uname -a
	FreeBSD Hedgehog.Moscow.Ru 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0:
	Thu Feb  5 02:54:46 MSK 1998
	laskavy@Hedgehog.Moscow.Ru:/usr/src/sys/compile/HEDGEHOG  i386

grep -i ipf /sys/i386/conf/HEDGEHOG
	options		IPFIREWALL
	options		IPFIREWALL_VERBOSE
	options		"IPFIREWALL_VERBOSE_LIMIT=100"

grep -i firew /etc/rc.conf
	firewall_enable="YES"
	firewall_type="open"
	firewall_quiet="YES"

ipfw list
	01000 allow ip from any to any via lo0
	01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8
	65000 allow ip from any to any
	65535 deny ip from any to any

>Description:

On a fast network ipfw byte counters grow rapidly.

This makes IP traffic accounting harder, because we can not just do
"ipfw -a list" monthly, need to count real traffic using external
programs.

On a router with 2Mbit uplink the byte counter may overflow every 5
hours, on a 100Mbit -- every 3 minutes.

>How-To-Repeat:

<---------------------------------------------------------------
#!/bin/sh
# We use Bourne shell syntax

# This program will use loopback to test ipfw byte counter

# 1) clear counters for the loopback allow all rule:
ipfw zero `ipfw list|grep 'allow ip from any to any via lo0'|awk '{print$1}'`

# 2) simulate busy network using "flood ping":
ping -f -s 8000 127.0.0.1 >/dev/null 2>&1 &

# 3) check the packet and byte counter every 10 seconds:

while :; do
	ipfw -a l
	sleep 10
done | awk '/allow ip from any to any via lo0/{print $3, $2, $3/$2}'

# 4) kill the "flood ping" process
kill $!
<---------------------------------------------------------------

I got the following output:
[skipped]
	2806396128 349576 8028
	3116758608 388236 8028
	3427281648 426916 8028
	3733630128 465076 8028
	4043061360 503620 8028
--------> here the bytes counter turned oved
	56529824 542040 104.291
	366378512 580636 630.995
	668199200 618232 1080.82

The overflow of byte counter occured in a few minutes.

>Fix:

Can we do ipfw counters at least 64-bit?

If not, then how do you suggest to collect IP accounting information?
>Release-Note:
>Audit-Trail:

From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: laskavy@Hedgehog.CS.MSU.SU
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, alex@FreeBSD.ORG
Subject: Re: kern/5682: ipfw: byte counters: overflow
Date: Mon, 9 Feb 1998 09:04:56 +1100 (EST)

 ipfw counters have been converted to quad ints in -current.  The committer
 who did this (<alex@freebsd.org>) suggested it was not apprpriate to merge
 into 2.2-stable because the ipfw struct changed in size, thus both kernel
 and userland ipfw need recompiling. 
 
 Danny
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Sun Feb 8 15:08:50 PST 1998 
State-Changed-Why:  
As Danny has pointed out, 3.0-current does use 64-bit counters. 
However, previous ipfw binary-compatibility breakages in -stable have 
led to a lot of problems.  If you absolutely must have 64-bit counters 
in -stable, you can find patches to do so here: 

http://www.freebsd.org/~alex/ipfw64-2.2-diffs. 
>Unformatted:
