Re: traffic statistics by network connection

Thomas Haller wrote:
On Wed, 2021-07-21 at 10:49 -0400, David H Durgee wrote:
Thomas Haller wrote:
On Tue, 2021-07-20 at 16:26 -0400, David H Durgee via
list wrote:
How can I get traffic statistics by network connection?  Is there
to retrieve this using nmcli?  Is there another tool that will do

I have looked around and the tools I see work at the interface
not at the connection level.

I am using nmcli 1.22.18 as distributed with linux mint 20.1 x64

a "connection" is a profile, that is a bunch of settings for
configuring a network interface. Basically, see the lower-case keys
`nmcli connection show "$PROFILE". A profile has no traffic
nor would it make sense.

Well, that's not entirely correct and I guess it might make some
to collect statistics associated with a profile. NM associates
additional information to prfiles with "connection.timestamp" and
"wifi.seen-bssids" properties and there are also the lease files
/var/lib/NetworkManager. But these are exceptions, usually a
profile is
just the settings that the user configured. In particular traffic
statistics are not tracked or associated with connection profiles
NetworkManager (yet).

On D-Bus,

  $ busctl -j call org.freedesktop.NetworkManager /org/freedesktop
org.freedesktop.DBus.ObjectManager GetManagedObjects

you see the "org.freedesktop.NetworkManager.Device.Statistics"
interface (which is per-interface). That exposes the RX/TX bytes.
is basically the same as kernel reports via netlink API. However,
values are stale unless you RefreshRateMs to a positive value
causes NM to periodically poll the statistics from kernel).

There is no further magic with
"org.freedesktop.NetworkManager.Device.Statistics". You could just
well read the information via netlink.

These statistics are ad-hoc, and will be lost after reboot (or when
interface dispears). I guess you could build an interesting tool
that. I am not aware that one exists. However, the API was added by
Ubuntu developers, and presumably the do have a use for it and a

 My reason for asking about this was as a means of confirming proper
operation of a strongswan VPN.  When activated this VPN does not
a tun interface as the VPN I was previously using did.  I had hoped
find some way to confirm that the traffic is indeed being routed via
the VPN as opposed to going directly over the WiFi connection even
the VPN is active.
I see.

 Perhaps I need to take another approach.  How difficult would it be
for me to modify the connection to add a tun interface?  I see no way
to specify this in the GUI, but inspecting the lapsed VPN connection
shows a "dev=tun" statement in the VPN section of its nmconnection
file.  Would manually adding such a statement to the strongswan VPN
nmconnection file be sufficient?  Are other additional statements
required that are not present by default?
I am not familiar with strongswan VPN. In general, it's the
responsibility of the VPN plugin to create the interface (if at all). 

For IPSec VPN (like libreswan, strongswan), the tunnel can also be
configured without having an actual interface. They can use XFRM
instead. So if strongswan does not create an interface, then that might
be still correct. And possibly there is a configuration in strongswan
to switch between the two modes. IDK.


Thank you, I believe you have pointed me to what I was looking for.  Ever since I successfully created a strongswan connection in network manager I have been seeking a way to confirm it was operating properly.  When I asked on the strongswan list I was told that policy based routing was the default.  You have pointed me to where I can confirm things are working as designed.

Looking at the documentation for ip xfrm it appears that I should be able to issue commands:

ip xfrm policy list
ip xfrm state list

When I attempt to use them from my login I get an "operation not permitted" error, so I assume I must use sudo for them to work.  Before I do so can someone confirm for me that these particular commands are safe to use and will not impact system operation?

Thank you again for your assistance.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]