Given the prevalence of DHCP and address reissue/reuse, it would be nice to configure accounting rules by mac address (optionally of course). Is there something other than just time and effort to implement this that is preventing it? Cheers, b. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On 10/06/2010 11:13 AM, Brian J. Murrell wrote:> Given the prevalence of DHCP and address reissue/reuse, it would be nice > to configure accounting rules by mac address (optionally of course). Is > there something other than just time and effort to implement this that > is preventing it?It should already work for the SOURCE address; it will never work for DEST address since netfilter doesn''t allow matching by destination MAC address. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On Wed, 2010-10-06 at 11:18 -0700, Tom Eastep wrote:> > It should already work for the SOURCE address;Heh. My first rule with a MAC address was destination.> it will never work for DEST > address since netfilter doesn''t allow matching by destination MAC address.Am I just going about this accounting incorrectly then? For a given host I (wanted to) have: acc_brian_a:COUNT - eth0.1 br-lan:~00-16-DC-5E-F0-06 acc_brian_a:COUNT - br-lan:~00-16-DC-5E-F0-06 eth0.1 DONE - - br-lan:~00-16-DC-5E-F0-06 DONE - br-lan:~00-16-DC-5E-F0-06 To account for both incoming and outgoing traffic to the device with that MAC address. Is there a{nother, better} way to handle this without having to resort to IP addresses, which might change? Cheers, b. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On 10/6/10 11:25 AM, Brian J. Murrell wrote:> On Wed, 2010-10-06 at 11:18 -0700, Tom Eastep wrote: >> >> It should already work for the SOURCE address; > > Heh. My first rule with a MAC address was destination. > >> it will never work for DEST >> address since netfilter doesn''t allow matching by destination MAC address. > > Am I just going about this accounting incorrectly then? For a given > host I (wanted to) have: > > acc_brian_a:COUNT - eth0.1 br-lan:~00-16-DC-5E-F0-06 > acc_brian_a:COUNT - br-lan:~00-16-DC-5E-F0-06 eth0.1 > DONE - - br-lan:~00-16-DC-5E-F0-06 > DONE - br-lan:~00-16-DC-5E-F0-06 > > To account for both incoming and outgoing traffic to the device with > that MAC address.And I''m telling you, that is never going to work. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On Wed, 2010-10-06 at 11:32 -0700, Tom Eastep wrote:> > And I''m telling you, that is never going to work.I know what you are telling me. I am asking (a) if there is a better/alternate way to achieve what I am looking for and (b) why a MAC address as a destination is any less valid than as a source address. I know I must be missing something. I''m just not sure what yet. Cheers, b. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On 10/6/10 12:15 PM, Brian J. Murrell wrote:> On Wed, 2010-10-06 at 11:32 -0700, Tom Eastep wrote: >> >> And I''m telling you, that is never going to work. > > I know what you are telling me. I am asking (a) if there is a > better/alternate way to achieve what I am looking for and (b) why a MAC > address as a destination is any less valid than as a source address. I > know I must be missing something. I''m just not sure what yet.There is no way to do what you want -- you cannot do accounting for traffic destined for a specified MAC address. Except when dealing with traffic between bridges, the destination MAC address is not known at any Netfilter hook. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On Wed, 2010-10-06 at 12:25 -0700, Tom Eastep wrote:> > There is no way to do what you want -- you cannot do accounting for > traffic destined for a specified MAC address.Is there any way to fake it with connection tracking? i.e. given that for such a device, connections will always originate from the device where we do know the mac address. Once a connection has started, can that connection be used to account for data going in both directions?> Except when dealing with traffic between bridges, the destination MAC > address is not known at any Netfilter hook.And there is the bit I was missing. I didn''t know this. Thanx for the help! b. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
On 10/06/2010 12:33 PM, Brian J. Murrell wrote:> On Wed, 2010-10-06 at 12:25 -0700, Tom Eastep wrote: >> >> There is no way to do what you want -- you cannot do accounting for >> traffic destined for a specified MAC address. > > Is there any way to fake it with connection tracking? i.e. given that > for such a device, connections will always originate from the device > where we do know the mac address. Once a connection has started, can > that connection be used to account for data going in both directions?Not that I can think of off hand... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb