bandwidth usage limits with pf, etc.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

bandwidth usage limits with pf, etc.

Mark Carroll
I was wondering recently what the biggest bandwidth hogs were on my home
network at a certain moment. On Linux I use iftop on the router for
this, but I wonder in OpenBSD if, rather than install the iftop package,
there's something different -- more OpenBSD-ish -- I should be doing
with clients to pflow or whatever to achieve this same near-instanteous
view of machines' Internet usage across the router (which NATs them from
their LAN).

Lately I've been reading about CARP and discovering that the packet
filter code has all kinds of cool stuff built in for transparent
load-balancing and failover. And, I like the keep-state stuff that lets
me do things like rate-limit ssh connections. So, I'm thinking that PF
may offer me all manner of wonders. So, I got to thinking today:

I wondered about my kids' use of YouTube and suchlike, and I wondered if
there's a good way of using PF on the router to give them a weekly
download limit, perhaps cumulative over their devices, after which it
gets limited to a slow crawl or even cut off. Is this (or some variant
thereof) something that PF makes easy (any pointers?), or is tricky but
clearly described in the latest Book of PF, or just not worth the effort
of attempting -- any thoughts? I may have just picked the wrong web
search terms, or maybe this just isn't yet at all easy.

(... and Happy New Year!)

-- Mark

Reply | Threaded
Open this post in threaded view
|

Re: bandwidth usage limits with pf, etc.

lists-3
pftop is what youbare looking for.

pkg_add pftop

> On Dec 31, 2015, at 2:28 PM, Mark Carroll <[hidden email]> wrote:
>
> I was wondering recently what the biggest bandwidth hogs were on my home
> network at a certain moment. On Linux I use iftop on the router for
> this, but I wonder in OpenBSD if, rather than install the iftop package,
> there's something different -- more OpenBSD-ish -- I should be doing
> with clients to pflow or whatever to achieve this same near-instanteous
> view of machines' Internet usage across the router (which NATs them from
> their LAN).
>
> Lately I've been reading about CARP and discovering that the packet
> filter code has all kinds of cool stuff built in for transparent
> load-balancing and failover. And, I like the keep-state stuff that lets
> me do things like rate-limit ssh connections. So, I'm thinking that PF
> may offer me all manner of wonders. So, I got to thinking today:
>
> I wondered about my kids' use of YouTube and suchlike, and I wondered if
> there's a good way of using PF on the router to give them a weekly
> download limit, perhaps cumulative over their devices, after which it
> gets limited to a slow crawl or even cut off. Is this (or some variant
> thereof) something that PF makes easy (any pointers?), or is tricky but
> clearly described in the latest Book of PF, or just not worth the effort
> of attempting -- any thoughts? I may have just picked the wrong web
> search terms, or maybe this just isn't yet at all easy.
>
> (... and Happy New Year!)
>
> -- Mark

Reply | Threaded
Open this post in threaded view
|

Re: bandwidth usage limits with pf, etc.

Brian Conway
In reply to this post by Mark Carroll
systat will show you most of what pftop does, no package necessary.

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1?query=systat&sec=1

Brian Conway

On Dec 31, 2015 2:30 PM, "Mark Carroll" <[hidden email]> wrote:

> I was wondering recently what the biggest bandwidth hogs were on my home
> network at a certain moment. On Linux I use iftop on the router for
> this, but I wonder in OpenBSD if, rather than install the iftop package,
> there's something different -- more OpenBSD-ish -- I should be doing
> with clients to pflow or whatever to achieve this same near-instanteous
> view of machines' Internet usage across the router (which NATs them from
> their LAN).
>
> Lately I've been reading about CARP and discovering that the packet
> filter code has all kinds of cool stuff built in for transparent
> load-balancing and failover. And, I like the keep-state stuff that lets
> me do things like rate-limit ssh connections. So, I'm thinking that PF
> may offer me all manner of wonders. So, I got to thinking today:
>
> I wondered about my kids' use of YouTube and suchlike, and I wondered if
> there's a good way of using PF on the router to give them a weekly
> download limit, perhaps cumulative over their devices, after which it
> gets limited to a slow crawl or even cut off. Is this (or some variant
> thereof) something that PF makes easy (any pointers?), or is tricky but
> clearly described in the latest Book of PF, or just not worth the effort
> of attempting -- any thoughts? I may have just picked the wrong web
> search terms, or maybe this just isn't yet at all easy.
>
> (... and Happy New Year!)
>
> -- Mark

Reply | Threaded
Open this post in threaded view
|

Re: bandwidth usage limits with pf, etc.

Michel Behr
AFAIK systat displays info, it doesn't allow to limit bandwidth for example

On Thursday, 31 December 2015, Brian Conway <[hidden email]> wrote:

> systat will show you most of what pftop does, no package necessary.
>
>
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1?query=systat&sec=1
>
> Brian Conway
>
> On Dec 31, 2015 2:30 PM, "Mark Carroll" <[hidden email] <javascript:;>>
> wrote:
>
> > I was wondering recently what the biggest bandwidth hogs were on my home
> > network at a certain moment. On Linux I use iftop on the router for
> > this, but I wonder in OpenBSD if, rather than install the iftop package,
> > there's something different -- more OpenBSD-ish -- I should be doing
> > with clients to pflow or whatever to achieve this same near-instanteous
> > view of machines' Internet usage across the router (which NATs them from
> > their LAN).
> >
> > Lately I've been reading about CARP and discovering that the packet
> > filter code has all kinds of cool stuff built in for transparent
> > load-balancing and failover. And, I like the keep-state stuff that lets
> > me do things like rate-limit ssh connections. So, I'm thinking that PF
> > may offer me all manner of wonders. So, I got to thinking today:
> >
> > I wondered about my kids' use of YouTube and suchlike, and I wondered if
> > there's a good way of using PF on the router to give them a weekly
> > download limit, perhaps cumulative over their devices, after which it
> > gets limited to a slow crawl or even cut off. Is this (or some variant
> > thereof) something that PF makes easy (any pointers?), or is tricky but
> > clearly described in the latest Book of PF, or just not worth the effort
> > of attempting -- any thoughts? I may have just picked the wrong web
> > search terms, or maybe this just isn't yet at all easy.
> >
> > (... and Happy New Year!)
> >
> > -- Mark

Reply | Threaded
Open this post in threaded view
|

Re: bandwidth usage limits with pf, etc.

Stuart Henderson
In reply to this post by Mark Carroll
On 2015-12-31, Mark Carroll <[hidden email]> wrote:
> I was wondering recently what the biggest bandwidth hogs were on my home
> network at a certain moment. On Linux I use iftop on the router for
> this, but I wonder in OpenBSD if, rather than install the iftop package,
> there's something different -- more OpenBSD-ish -- I should be doing
> with clients to pflow or whatever to achieve this same near-instanteous
> view of machines' Internet usage across the router (which NATs them from
> their LAN).

Others have mentioned systat for an instantaneous view. Or there are things
like darkstat in ports. pflow (in combination with a netflow receiver program)
is one way to get historical stats of traffic flows.

> Lately I've been reading about CARP and discovering that the packet
> filter code has all kinds of cool stuff built in for transparent
> load-balancing and failover. And, I like the keep-state stuff that lets
> me do things like rate-limit ssh connections. So, I'm thinking that PF
> may offer me all manner of wonders. So, I got to thinking today:
>
> I wondered about my kids' use of YouTube and suchlike, and I wondered if
> there's a good way of using PF on the router to give them a weekly
> download limit, perhaps cumulative over their devices, after which it
> gets limited to a slow crawl or even cut off. Is this (or some variant
> thereof) something that PF makes easy (any pointers?), or is tricky but
> clearly described in the latest Book of PF, or just not worth the effort
> of attempting -- any thoughts? I may have just picked the wrong web
> search terms, or maybe this just isn't yet at all easy.

The 'counters' flag for PF tables is probably the simplest way to get the
data. You may want to cope with it being reset if rules are reloaded or
the machine is restarted. You could throttle/block by adding the relevant
addresses to a table which is referenced in a suitable rule.