Run-time per-connection statistics from CLI

jiml8 · January 31, 2022, 7:38pm

I have a need to automatically collect information about data traffic per connection. On a full-up linux installation, the kernel collects this information and I can obtain it by any of a number of different means. "ss -i" is actually pretty much perfect for my needs.

My reading of the openwrt docs suggests a number of choices, but what I see seems to be per-interface, or perhaps per-user, but not per-connection. There is one choice that uses luci that might do it, but I am not using luci. I would prefer to avoid adding any database to the system.

Also, ss -i in openwrt does not return any bytes/packets passed information.

My searching around in /sys and /proc on my openwrt target system does not turn up any useful information on traffic.

I am deploying a product based on openwrt that uses a controller built entirely in C, so I am quite willing to do whatever is necessary to get the information I need. I presently am thinking about taking an approach similar to that of iftop. In fact, I am thinking of modifying iftop as being the quickest route to reaching my goal; I would need to daemonize it, remove the console display, strip the data that would be displayed in the console to just what I need, aggregate it appropriately, and pipe the result to where I need it to go when told to do so.

Is there an easier way? Some solution already built that I have not found?

anon50098793 · February 1, 2022, 3:46am

opkg update && opkg install nlbwmon
sleep 23
nlbw -c show | head -n 5

  Fam            Host (    MAC )      Layer7      Conn.   > Downld. ( > Pkts. )      Upload (   Pkts. )
IPv6  2403:58xx:: (6e:xx:xx)       HTTPS     7.02 K    41.07 GB (  28.76 M)   408.50 MB (   4.86 M)
IPv6  2403:58xx:: (6e:xx:xx)       HTTPS     4.49 K    23.98 GB (  16.85 M)   248.84 MB (   2.97 M)
IPv4  10.2.3.155 (60:xx:yy)        HTTPS    98.67 K    20.32 GB (  14.30 M)   454.22 MB (   6.44 M)
IPv4  10.2.3.102 (6e:xx:xx)        HTTPS     7.10 K    16.89 GB (  11.59 M)   121.34 MB (   1.93 M)

jiml8 · February 1, 2022, 4:28am

Interesting.

I did put nlbwmon on my build shortly after putting up my first post, though I don't use opkg.

Here is my output:

root@testunit:/etc/config# nlbw -c show
  Fam            Host (    MAC )      Layer7      Conn.   > Downld. ( > Pkts. )      Upload (   Pkts. )
IPv4     192.168.2.61 (ea:44:6e)       other     3.56 K         0 B (       0 )         0 B (       0 )
IPv4     192.168.2.61 (ea:44:6e)        ICMP       302          0 B (       0 )         0 B (       0 )
IPv4     192.168.2.61 (ea:44:6e)       HTTPS       976          0 B (       0 )         0 B (       0 )
IPv4     192.168.2.61 (ea:44:6e)         DNS   149.39 K         0 B (       0 )         0 B (       0 )

This suggests that there must be some netlink module I don't have in my build. While this seems obvious, I would have thought that adding nlbwmon would have picked up all dependencies.

Also, this is giving protocols per interface and not per connection. Thus, if there are multiple https connections across the interface, I cannot distinguish them by the address of the other end, and this is something I must be able to do.