* add new example to ng_ipacct.conf [1]

* skip NO_PACKAGE if PACKAGE_BUILDING is defined [1]
* minor clean

PR:		ports/105597
Submitted by:	Eugene Grosbein <eugen xx kuzbass.ru>

2 files changed, 79 insertions, 8 deletions

diff --git a/net-mgmt/ng_ipacct/Makefile b/net-mgmt/ng_ipacct/Makefile
index 0a88ae9c53d1..d8cfff69128b 100644
--- a/net-mgmt/ng_ipacct/Makefile
+++ b/net-mgmt/ng_ipacct/Makefile
@@ -14,14 +14,17 @@ MASTER_SITES=	${MASTER_SITE_LOCAL:S!$!skv/!} \
 MAINTAINER=	skv@FreeBSD.org
 COMMENT=	Netgraph IP accounting
 
+.ifndef PACKAGE_BUILDING
 NO_PACKAGE=	"Depends on kernel"
+.endif
 
 OPTIONS=	MEM_ZONE "Use UMA zone allocator (>= 5.x only)" on
 
-PLIST_SUB+=	KMODDIR=${KMODDIR}
+KMODDIR=	/boot/modules
+PLIST_SUB+=	KMODDIR=${KMODDIR:S!^/!!}
 
 WRKSRC=		${WRKDIR}/${PORTNAME}
-MAKE_ENV=	BINDIR="${PREFIX}/sbin"
+MAKE_ENV=	BINDIR="${PREFIX}/sbin" KMODDIR=${KMODDIR}
 
 MAN8=		ipacctctl.8
 MANLANG=	ru.KOI8-R
diff --git a/net-mgmt/ng_ipacct/files/ng_ipacct.conf b/net-mgmt/ng_ipacct/files/ng_ipacct.conf
index d02a42b0b9f9..d1e5d9741e1f 100644
--- a/net-mgmt/ng_ipacct/files/ng_ipacct.conf
+++ b/net-mgmt/ng_ipacct/files/ng_ipacct.conf
@@ -12,7 +12,7 @@
 ng_ipacct_modules_load="YES"
 
 # Netgraph can load required ng_* modules automatically on the hook creation
-# - except for "ng_ether". Generally, preloading modules is recommended.
+# - except for "ng_ether". Generally, modules preloading is recommended.
 # Do not add to this list modules which are statically compiled into kernel.
 #ng_ipacct_modules_list="netgraph ng_ether ng_cisco ng_socket ng_tee ng_ipacct"
 ng_ipacct_modules_list="netgraph ng_ether ng_ipacct"
@@ -24,9 +24,9 @@ ng_ipacct_modules_list="netgraph ng_ether ng_ipacct"
 
 # Default start/stop scripts.
 #
-# Single quotes is required to preserve newlines.
-# '%%iface%%' will be automatically expanded with relevant interface.
-# This feature should be applied to reuse indentical rules
+# Single quotes are required to preserve newlines.
+# '%%iface%%' will be automatically expanded with a relevant interface.
+# This feature should be applied to use indentical rules
 # for similar interfaces.
 ng_ipacct_default_ether_start='
 	mkpeer %%iface%%: tee lower right
@@ -91,7 +91,7 @@ ng_ipacct_xl0_savetime="no"	# 'no' by default
 ng_ipacct_xl0_start=${ng_ipacct_default_ether_start}
 ng_ipacct_xl0_stop=${ng_ipacct_default_ether_stop}
 ng_ipacct_xl0_checkpoint_script="path/to/your/script --checkpoint-and-save xl0"
-			# this script is called on stop (to save accumulated 
+			# this script is called on "stop" (to save accumulated 
 			# data) or via "rc.d/ng_ipacct.sh checkpoint"
 
 # EXAMPLE 2. Cronyx Sigma WAN adapter with HDLC encapsulation 
@@ -196,8 +196,76 @@ ng_ipacct_xl0_savetime="no"	# 'no' by default
 ng_ipacct_xl0_start=${ng_ipacct_bpf_ether_start}
 ng_ipacct_xl0_stop=${ng_ipacct_bpf_ether_stop}
 ng_ipacct_xl0_checkpoint_script="path/to/your/script --checkpoint-and-save xl0"
-			# this script is called on stop (to save accumulated 
+			# this script is called on "stop" (to save accumulated 
 			# data) or via "rc.d/ng_ipacct.sh checkpoint"
 ng_ipacct_xl0_afterstart_script="path/to/your/script --load-bpf-filters xl0"
 			# this script is called just after initialization
 			# of nodes to load filters into xl0_bpf
+

+# EXAMPLE 5. Really _divert_ traffic to ng_ksocket

+

+# ipfw add divert 4001 ip from any to any via em0 in

+# ipfw add divert 4002 ip from any to any via em0 out

+

+#    USER-LEVEL | KERNEL-LEVEL

+#               |

+# div4 *.4001 ->|-> ipfw_ks_in                              in-(ipfw_echo_in)

+#               |       |                                   |

+#               | (inet/raw/divert)---(left)-(ipfw_tee_in)-right

+#               |                                |

+#               |                            left2right---(ipfw_in)

+#               |			                |

+#               |		                    ipfw_ip_acct

+#               |			                |

+#               |                            left2right---(ipfw_out)

+#               |                                |

+#               | (inet/raw/divert)---(left)-(ipfw_tee_out)-right

+#               |       |                                    |

+# div4 *.4002 ->|-> ipfw_ks_out                              out-(ipfw_echo_out)

+#

+# ipfw_ks_in	- ng_ksocket

+# ipfw_ks_out	- ng_ksocket

+# ipfw_tee_in	- ng_tee

+# ipfw_tee_out	- ng_tee

+# ipfw_ip_acct	- ng_ipacct

+# ipfw_echo_in	- ng_echo

+# ipfw_echo_out	- ng_echo

+

+ng_ipacct_ks_start='

+	mkpeer ipacct dummy dummy

+	name .:dummy %%iface%%_ip_acct

+

+	mkpeer %%iface%%_ip_acct: tee  %%iface%%_in left2right

+	name   %%iface%%_ip_acct:%%iface%%_in  %%iface%%_tee_in

+	mkpeer %%iface%%_ip_acct: tee  %%iface%%_out left2right

+	name   %%iface%%_ip_acct:%%iface%%_out %%iface%%_tee_out

+

+	mkpeer %%iface%%_tee_in:  echo right in

+	name   %%iface%%_tee_in:right  %%iface%%_echo_in

+	mkpeer %%iface%%_tee_out: echo right out

+	name   %%iface%%_tee_out:right %%iface%%_echo_out

+	

+	mkpeer %%iface%%_tee_in: ksocket  left inet/raw/divert

+	name   %%iface%%_tee_in:left  %%iface%%_ks_in

+	msg    %%iface%%_ks_in:  bind inet/0.0.0.0:4001

+

+	mkpeer %%iface%%_tee_out: ksocket left inet/raw/divert

+	name   %%iface%%_tee_out:left %%iface%%_ks_out

+	msg    %%iface%%_ks_out: bind inet/0.0.0.0:4002

+

+	rmhook .:dummy

+'

+ng_ipacct_ks_stop='

+	shutdown %%iface%%_ks_in:

+	shutdown %%iface%%_ks_out:

+	shutdown %%iface%%_tee_in:

+	shutdown %%iface%%_tee_out:

+'

+ng_ipacct_ks_dlt="RAW"		# required line; see ipacctctl(8)

+ng_ipacct_ks_threshold="15000"	# '5000' by default

+ng_ipacct_ks_verbose="yes"	# 'yes' by default

+ng_ipacct_ks_saveuid="yes"	# 'no' by default

+ng_ipacct_ks_savetime="no"	# 'no' by default

+ng_ipacct_ks_checkpoint_script="path/to/your/script --checkpoint-and-save ks"

+			# this script is called on stop (to save accumulated 

+			# data) or via "rc.d/ng_ipacct.sh checkpoint"