23/11/2001 : This page is not valid. Plz go to docum.org

Changelog

Version 0.5 (23/09/01)
I integrated monitor.pl in a firewall configrator I'm building. Now it produces HTML-output. Just put in you cgi-bin and executed it. A lot changed, but I didn't documented it. So read the source to see what changed. You will also miss some other files, but a good hacker can solve this :-)
Version 0.4 (05/06/01)
Logging last line to proces in other scripts to /tmp/monitor.log
Version 0.3 (22/05/01) : I added support for kernel 2.4.x. The scripts checks for /proc/net/ip_fwchains and /proc/net/ip_tables_names to know what kernel it's running. It seems that kernel 2.4.x has a byte counter for each rule so you don't need to create a special chain.
Version 0.2 (22/04/01) : logging the numbers in log-files so you can plot graphics with xplot.
Version 0.1 (19/4/01) : First numbered release :-)
You can specify command-line options to control the output and the numbers are also coloured. The number of classes is also dynamic.

How

The firewall code in the linux kernel has builtin byte counters. These counters register each byte that passes. So this is a very accurate number. When you read these byte counters and know the exact time, you can calculate how many bytes passe per second. So you have the bandwidth.

Kernel 2.2.x: Each chain has a byte counter. So you have to make sure that all traffic that passes that chain belongs to exact one data stream and that all the data of that data stream passes that chain. You can read the byte counters with ipchains -L but it's much faster if you read the file /proc/net/ip_fwchains.

Kernel 2.4.x: The 2.4.x kernel has a byte counter for each firewall rule. So you don't need to create a chain for each data stream. But to make my live easy, I create that chain. You can read the byte counters with the command iptables -L -v -x.

Marking: To make sure that a data stream and a chain hold the same data, I mark the packets I put into that chain and I use that mark as a filter.

For a better explanation, read the source. It's a simple perl script. It's my first one, so don't shoot me if I made a mistake.

Command-line options

numbers="no" : no numbers will be printed
bars_len="30" : total characters in bars will be 30
=0: nu numbers are printex
short_prct="yes" : last percent will not be showned (sum is allways 100%, so you can calculated it easely yourself)
logs="yes" : all numbers will be logged in /tmp.
/tmp/bb_speed.log : speed
/tmp/bb_speed_ave.log : Average speed
/tmp/bb_prct__ : percent of class
/tmp/bb_prct_ave_ : average percent of class
/tmp/bb_speed__ : speed of class
/tmp/bb_speed_ave_ : average speed of class
batch="yes" : Last line is logged to /tmp/monitor.pl for further processing

Output

TODO

Output of monitor.pl :

############################# 2.325 KB/s 3.718 KB/s 9.290 KB/s  T 15.33 KB/s  G 14.73 KB/s 15.16%  24.24%  30.65% 31.69%
############################# SP1        SP2        SP3         T SP4         G SP5        PR1     PR2     PR3    PR4

Explanation :
SP1 : Bandwidth of first chain
SP2 : Bandwidth of second chain
SP3 : Bandwidth of thirth chain
SP4 : Total Bandwidth = SP1 + SP2 + SP3
SP5 : total SP4
PR1 : SP1 / SP4
PR2 : SP2 / SP4
PR3 : total SP1 / total SP4
PR4 : total SP2 / total SP4

Sleep

A collague of me wrote me a little program in C to give the time in micorseconds. I called it time_ms.exe.

monitor.pl : BW monitor
monitor_html.pl : BW monitor that produces HTML
time_ms.exe : gives time in milliseconds (needed to run monitor.pl)


Index of monitor.pl

Naam Size Date monitor.pl 8206 Bytes Thu Nov 15 14:47:31 2001 monitor_html.pl 3619 Bytes Thu Nov 15 14:47:31 2001 time_ms.exe 4933 Bytes Thu Nov 15 14:47:31 2001 time_ms.source 194 Bytes Thu Nov 15 14:47:31 2001

Naam	Size	Date
monitor.pl	8206 Bytes	Thu Nov 15 14:47:31 2001
monitor_html.pl	3619 Bytes	Thu Nov 15 14:47:31 2001
time_ms.exe	4933 Bytes	Thu Nov 15 14:47:31 2001
time_ms.source	194 Bytes	Thu Nov 15 14:47:31 2001