I've spent several interesting (though often frustrating!) hours trying
various ways of tracking bandwidth by IP and have the following strawman
proposal. This is based on my still very patchy and limited knowledge of
*BSD/*nix tools in this area, so please don't be shy about telling me how
much easier I could do something or how braindead my approach is!

Problem:

I'd like to track bandwidth used by IPs within my lan. Most of my IPs are
actually assigned via static dhcp/mac mappings, so it would be great to use
that list as a tracking source, but it would also be ok to track via another
list entered seperately (assuming an automatic list is too hard, is it? -
see proposal below).

I'd settle initially for a bandwidth report that I can view as an admin via
the GUI. Ability to zero the counts would be nice too.

Proposal:

Add some GUI that adds the following style rules via ipf (assuming sis1 is
the wan):

count in on sis1 from any to 10.0.0.52
count out on sis1 from 10.0.0.52 to any

and the ability to read those rules via /sbin/ipfstat -aio and present the
results.

Discussion:

This is (obviously) a fairly simple addition. No new programs needed, just a
couple more php pages with some code to parse the output and display it.

But, my ignorance makes me wonder what the negatives might be?  Are counters
relatively cheap in ipfilter?  Or would this perhaps be better done via
ipfw? Or maybe I missed the handy-dandy utility that does all this
automagically? Or maybe this too specific to my scenario (e.g. assigned IPs)
and noone else would want or use it?  Or maybe I'm missing something major
such as ipf's 'count' only counts packets which are not a good proxy for
bandwidth like I'm assuming?

Comments please!  If others agree that this would be useful and workable,
I'll go ahead and make a start on it.

cheers, michael