Programming for Linux traffic monitoring

Overview

The goal is to show the upload and download traffic and speed of the process. such as Firfox: Cumulative upload 1MB, cumulative download 23MB, upload speed 0kb/s, download speed 121kb/s.

Real-time monitoring of application traffic, including application download speed, upload speed, total downloads and total uploads.

The implementation process consists of 3 main steps.

Step 1:Libpcap Real-time statistics of the network port flow through the grab packet, statistical SIP+sport+Dip +dport and payload the key-value structure .

Step 2: get the Socket Statusby parsing /proc/net/ (tcp6?| Udp6?),get Local_ IP+local_Port+remote_IP+remote_Port and inode the key-value structure.

step 3 : process status parse /proc/xx/fd/ get inode process_name

Through the above 3 steps to connect payload and process_name , and then through the operation to get the download speed, upload speed, Download total amount and upload amount and other related values.

data structure and Data Transformation Ipgroup-inode

throughanalytic /proc/net/(tcp6?| Udp6?) get the IP four tuple and Inode key value structure, this file gets the IP Four tuple combination is socket level address, in order to determine the direction, need to use Ipgroup-dir Store orientation information, {local_addr+remote_addr:1} indicates uplink (upload) and {Remote_addr+local_addr:2} represents the downstream (download).

Ipgroup-payload

The key value structure of IP four-tuple and packet load is obtained by Pcap packet , and the Ipgroup obtained by this method is TCP/IP Ipgroup of the protocol layer , get {src_addr+dest_addr:payload}, use Ipgroup-dir Gets the direction of the packet and then adds the payload to the corresponding place.

Pid-inode and pname-pid

Obtained by parsing /proc/xx/fd/ .

The goal is to get pname-payloadand calculate real-time speed.

Program Flow

1. Span style= "; font-size:14px;font-family: ' Times New Roman '" > Initialize storage space, initialize Pid-inode pname-pid ipgroup-payload Span style= "font-family: Arial" and ipgroup-inode

2.Pcap started to grab the packet and monitor the ' package ' event, counting The packages to an array of ipgroup-payload.

3.set Timers to update pid-inode,pname-pid and ipgroup-inodeperiodically, depending on /proc/xx/fd/update Pid-inode and pname-pid, based on /proc/net/[tcp6?| Udp6?] statistics out ipgroup-inode. After the update, the combined ipgroup-payload is converted from "Data conversion diagram" to Pname-payload Array, and calculates the instantaneous speed.

Programming for Linux traffic monitoring