In this chapter I am going to develop a simple bandwidth meter using
the following functions from libiptc:
To initialize the system:
iptc_handle_t iptc_init(const char *tablename).
To catch from errors:
const char *iptc_strerror(int err).
To iterate through the chains of the table:
const char *iptc_first_chain(iptc_handle_t *handle) and
const char *iptc_next_chain(iptc_handle_t *handle).
To read packet and byte counters for a specific rule:
struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain,
unsigned int rulenum, iptc_handle_t *handle).
Also the function gettimeofday will be used to
measure elapsed time and the function getopt to
get options from the command line.
I don't know really if the term bandwidth meter is
well used here. I interpret bandwidth as a reference to
a flow capacity; perhaps a better term could be flow meter.
Here is the bandwidth meter bw.c.
It's well commented to be easy followed by everyone:
/*
* How to use libiptc- program #4
* /usr/local/src/bw.c
* By Leonardo Balliache - 04.09.2002
* e-mail: leonardo@opalsoft.net
* --WELL COMMENTED-- to be easy followed by everyone.
*/
/* include files required */
#include <getopt.h>
#include <sys/errno.h>
#include <sys/time.h>
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
#include <time.h>
#include <unistd.h>
#include "libiptc/libiptc.h"
#include "iptables.h"
/* colors to differentiate chains measures */
#define RED "\033[41m\033[37m"
#define GREEN "\033[42m\033[30m"
#define ORANGE "\033[43m\033[30m"
#define BLUE "\033[44m\033[37m"
#define MAGENTA "\033[45m\033[37m"
#define CYAN "\033[46m\033[30m"
#define WHITE "\033[47m\033[30m"
#define BLACK "\033[40m\033[37m"
#define RESET "\033[00m"
/* maximum number of chains to be processed */
#define MAXUSERCHAINS 7
/* time between measures in seconds; adjust as you like */
#define SLEEPTIME 1
/* structure to count bytes per chain */
struct bwcnt {
int start; /* the chain was initialized */
u_int64_t icnt; /* bytes through; previous measure */
u_int64_t ocnt; /* bytes through; current measure */
double bw; /* bandwitdh (flow) on this chain */
};
/* function to calculate differences of time in seconds.
* micro-seconds precision.
*/
double delta(struct timeval a, struct timeval b)
{
if (a.tv_usec & b.tv_usec) {
a.tv_sec--;
a.tv_usec += 1000000;
}
return a.tv_sec-b.tv_sec + (a.tv_usec-b.tv_usec)/1000000.0;
}
/* main function */
int main(int argc, char *argv[])
{
int i, j, ok;
double totbw;
iptc_handle_t h;
int c, act_bw = 0;
const char *chain = NULL;
const char *tablename = "filter";
struct timeval ti, to;
struct bwcnt bw[MAXUSERCHAINS];
struct ipt_counters *counters;
char *col[9] = { RED,GREEN,ORANGE,BLUE,MAGENTA,CYAN,WHITE,BLACK,RESET };
program_name = "bw";
program_version = NETFILTER_VERSION;
/* check options
* we have 2 options:
* -c = display current flow (each SLEEPTIME).
* -a = display average flow (from start); default option.
*/
while ((c = getopt (argc, argv, "ac")) != -1)
switch (c) {
case 'a':
act_bw = 0;
break;
case 'c':
act_bw = 1;
break;
case '?':
if (isprint(optopt))
fprintf (stderr, "Unknown option `-%c'.\n", optopt);
else
fprintf (stderr,"Unknown option character `\\x%x'.\n",optopt);
exit(1);
default:
abort();
}
/* initialize array of chains */
memset(&bw, 0, MAXUSERCHAINS * sizeof(struct bwcnt));
/* get time to start meter on variable ti */
gettimeofday(&ti, NULL);
/* fire meter loop */
if ( act_bw )
printf("Displaying current flow values ...\n");
else
printf("Displaying average flow values ...\n");
/* forever loop; abort the program with ^C */
while ( 1 ) {
/* you have to initialize for each measure to be done */
if ( !(h = iptc_init(tablename)) ) {
printf("Error initializing: %s\n", iptc_strerror(errno));
exit(errno);
}
ok = 0; /* we start a new loop */
gettimeofday(&to, NULL); /* have a time shoot */
/* iterate through each chain of the table */
for (chain = iptc_first_chain(&h), i = 0;
chain;
chain = iptc_next_chain(&h)) {
if ( iptc_builtin(chain, h) )
continue; /* if it is a built-in chain, ignore it */
/* ok, read the counters of this chain */
if ( !(counters = iptc_read_counter(chain, 0, &h)) ) {
printf("Error reading %s: %s\n", chain, iptc_strerror(errno));
exit(errno);
}
/* check that we do not have more chains than we can process */
if ( i >= MAXUSERCHAINS ) {
printf("Maximum of %d user chains exceeded!!\n", MAXUSERCHAINS);
exit(1);
}
/* this chain counter has not been initialized; initialize it */
if ( bw[i].start == 0 ) {
bw[i].icnt = counters->bcnt;
bw[i].start = 1;
}
/* this chain has a previous measure; take the current one */
else {
bw[i].ocnt = counters->bcnt;
if ( bw[i].ocnt == bw[i].icnt ) /* no new bytes flowing? */
bw[i].bw = 0; /* flow is zero */
else
/* flow in this chain is:
* current bytes count (bw[i].octn) *minus*
* previous bytes count (bw[i].icnt) *divided by*
* 128.0 to convert bytes to kbits *and divided by*
* difference in times in seconds *to get*
* flow in kbits/sec that is what we want.
*/
bw[i].bw = (bw[i].ocnt - bw[i].icnt) / (128.0 * delta(to, ti));
/* do you want current flow of this chain? initialize previous
* bytes count to current bytes count; we get the flow in last
* SLEEPTIME elapsed time.
*/
if ( act_bw )
bw[i].icnt = bw[i].ocnt;
ok = 1; /* ok, we have some measure to show */
}
++i; /* next chain, please */
}
/* we iterate and i == 0; we do not have user chains at all */
if ( i == 0 ) {
printf("No user chains to meter!!\n");
exit(1);
}
/* do you want to measure current flow? initialize previous time
* to actual time; we get the time elapsed in last SLEEPTIME.
*/
if ( act_bw )
ti = to;
/* do we have something to show? ok, display it */
if ( ok ) {
totbw = 0;
for ( j = 0; j < i; ++j ) {
totbw = totbw + bw[j].bw; /* calculate total flow */
}
printf("%s%6.1fk:%s ", col[7], totbw, col[8]); /* display total */
for ( j = 0; j < i; ++j ) { /* display flow of each chain in color */
printf("%s%6.1fk%s ", col[j], bw[j].bw, col[8]);
}
printf("\n");
}
sleep(SLEEPTIME); /* rest a little; you go too fast */
} /* give us enough time in order to let some bytes flow */
exit(0); /* bye, we have our measures!! */
} /* main */ |
Write your program and compile as before:
Before using the meter we need to set our environment.
First, we have to have at least 2 PCs connected in a network. This is our
diagram configuration:
+--------+ eth0 eth0 +--------+
| PC #1 +-----------------+ PC #2 |
+--------+ +--------+
eth0=192.168.1.1 eth0=192.168.1.2 |
Second, we need to install a very nice and useful package called
netcat written by Hobbit. This
excellent package will help us to inject and receive
a flow of bytes between 2 NICs. If you don't have the package in your
system, download it from http://rr.sans.org/audit/netcat.php.
The version that I use is 1.10-277. To install it follow
these instructions:
bash# cp netcat-1.10.tar.gz /usr/local/src
bash# tar xzvf netcat-1.10.tar.gz
bash# cd netcat-1.10 |
My version requires to make a patch first; check yours if you have a file
with a .dif extension and apply it too:
bash# patch -p0 -i netcat-1.10.dif |
Next compile the package using make:
Copy the binary nc to your user bin directory:
And also to the second PC in your network:
bash# scp nc 192.168.1.2:/usr/bin |
We are going to use netcat to
"listen" to a flow of bytes from PC #2 and
to "talk" from PC #1. Using tty1 to tty4
consoles on PC #2 let's start netcat to
listen from this PC. Go to PC #2 and in tty1 type:
bash# nc -n -v -l -s 192.168.1.2 -p 1001 >/dev/null |
netcat must respond with:
listening on [192.168.1.2] 1001 ... |
This command started netcat to listen from address
192.168.1.2 using port number 1001.
Arguments are: -n = use numeric address identification;
-v = verbose; -l = listen. All the
flow that netcat receives in
192.168.1.2:1001 will be redirected to the
"black hole" in /dev/null.
Repeat the command in tty2, tty3 and tty4; change to tty2 using
ALT-F2 and after logging in write:
bash# nc -n -v -l -s 192.168.1.2 -p 1002 >/dev/null |
Now we are "listening" to the same address but port
number 1002.
Go on now with tty3:
bash# nc -n -v -l -s 192.168.1.2 -p 1003 >/dev/null |
And tty4:
bash# nc -n -v -l -s 192.168.1.2 -p 1004 >/dev/null |
Now we are listening in PC #2, address
192.168.1.2 in ports 1001,
1002, 1003 and
1004.
Come back to PC #1 and let's set the environment to allow
iptables to help us to complete our tests:
On PC #1, type the into tty1 as follows:
bash# iptables -F
bash# iptables -X
bash# iptables -N chn_1
bash# iptables -N chn_2
bash# iptables -N chn_3
bash# iptables -N chn_4
bash# iptables -A chn_1 -j ACCEPT
bash# iptables -A chn_2 -j ACCEPT
bash# iptables -A chn_3 -j ACCEPT
bash# iptables -A chn_4 -j ACCEPT
bash# iptables -A OUTPUT -o eth0 -p tcp --dport 1001 -j chn_1
bash# iptables -A OUTPUT -o eth0 -p tcp --dport 1002 -j chn_2
bash# iptables -A OUTPUT -o eth0 -p tcp --dport 1003 -j chn_3
bash# iptables -A OUTPUT -o eth0 -p tcp --dport 1004 -j chn_4 |
These commands will:
Flush all chains in table filter.
Delete all user chains in table filter.
Create user chains chn_1,
chn_2, chn_3 and
chn_4.
Establish a target ACCEPT in each user chain.
Create 4 rules in chain OUTPUT that matches
port numbers 1001 to
1004 and target it to user chains
chn_1 to chn_4.
Now start the bw meter using current values:
It must respond with:
Displaying current flow values ...
0.0k: 0.0k 0.0k 0.0k 0.0k
0.0k: 0.0k 0.0k 0.0k 0.0k
0.0k: 0.0k 0.0k 0.0k 0.0k
0.0k: 0.0k 0.0k 0.0k 0.0k |
It informs that measures are current flows. Every line is a measure
taken each SLEEPTIME lapse (1 second in our
program). First column (in black) are total flow, next columns (in red,
green, orange and blue) are flows in chains chn_1,
chn_2, chn_3 and
chn_4 respectively. Of course we do not have any
flow now. However let bw run and continue reading.
Let's start now one of our byte flows; go to tty2 in PC #1 with
ALT-F2 and after logging in, type:
bash# yes 000000000000000000 | nc -n -v -s 192.168.1.1 -p 2001 192.168.1.2 1001 |
netcat responds with:
(UNKNOWN) [192.168.1.2] 1000 (?) open |
Now we have a flow of bytes from PC #1 to PC #2. yes
generates a constant flow of zeroes; this flow is piped to
netcat through address 192.168.1.1,
port 2001 and sends it to PC #2, address
192.168.1.2, port 1001
(where PC #2 is listening).
Check now the display of bw in tty1:
7653.2k: 7653.2k 0.0k 0.0k 0.0k
7829.5k: 7829.5k 0.0k 0.0k 0.0k
7786.7k: 7786.7k 0.0k 0.0k 0.0k
7892.1k: 7982.1k 0.0k 0.0k 0.0k |
Your mileage can vary depending of the physical characteristics of your
system. In mine I have a flow of aproximately 7700 kbits/sec in the first
chain chn_1 which corresponds to port number
1001 in PC #2.
Let's start now the second bytes flow; go to tty3 in PC #1 with
ALT-F3 and after logging in, type:
bash# yes 000000000000000000 | nc -n -v -s 192.168.1.1 -p 2002 192.168.1.2 1002 |
netcat responds with:
(UNKNOWN) [192.168.1.2] 1002 (?) open |
Now we have 2 flows of bytes from PC #1 to PC #2; one from
192.168.1.1:2001 to
192.168.1.2:1001 and another from
192.168.1.1:2002 to
192.168.1.2:1002.
Now check the display of bw in tty1:
7819.6k: 4144.2k 3675.4k 0.0k 0.0k
8090.5k: 3923.9k 4166.6k 0.0k 0.0k
7794.7k: 3920.8k 3873.9k 0.0k 0.0k
7988.3k: 3754.6k 4233.7k 0.0k 0.0k |
Now we have 2 flows; each of them is more or less 50% of the total flow
going out of the computer. The Linux kernel tries to balance the bandwidth
available between the 2 channels of output.
To continue, start the 2 aditional flows through channels
192.168.1.1:2003-192.168.1.2:1003 and
192.168.1.1:2004-192.168.1.2:1004.
In tty4 type:
bash# yes 000000000000000000 | nc -n -v -s 192.168.1.1 -p 2003 192.168.1.2 1003 |
In tty5 type:
bash# yes 000000000000000000 | nc -n -v -s 192.168.1.1 -p 2004 192.168.1.2 1004 |
The display of bw in tty1 will be something like:
8120.6k: 1705.3k 2354.9k 1898.6k 2161.8k
7765.3k: 1634.2k 2560.2k 2011.4k 1559.5k
7911.9k: 1699.8k 2090.3k 1768.0k 2353.8k
8309.4k: 1734.5k 1999.7k 1999.9k 2575.3k |
Total bandwidth is distributed between the 4 channels of flow.
