Thomas Haller wrote:
On Wed, 2021-07-21 at 10:49 -0400, David H Durgee wrote:Thomas Haller wrote: ÂOn Tue, 2021-07-20 at 16:26 -0400, David H Durgee via networkmanager- list wrote: ÂHow can I get traffic statistics by network connection? Is there a way to retrieve this using nmcli? Is there another tool that will do so? I have looked around and the tools I see work at the interface level, not at the connection level. I am using nmcli 1.22.18 as distributed with linux mint 20.1 x64 here.Ui, a "connection" is a profile, that is a bunch of settings for configuring a network interface. Basically, see the lower-case keys in `nmcli connection show "$PROFILE". A profile has no traffic statstics, nor would it make sense. Well, that's not entirely correct and I guess it might make some sense to collect statistics associated with a profile. NM associates additional information to prfiles with "connection.timestamp" and "wifi.seen-bssids" properties and there are also the lease files under /var/lib/NetworkManager. But these are exceptions, usually a profile is just the settings that the user configured. In particular traffic statistics are not tracked or associated with connection profiles in NetworkManager (yet). On D-Bus,   $ busctl -j call org.freedesktop.NetworkManager /org/freedesktop org.freedesktop.DBus.ObjectManager GetManagedObjects you see the "org.freedesktop.NetworkManager.Device.Statistics" interface (which is per-interface). That exposes the RX/TX bytes. That is basically the same as kernel reports via netlink API. However, the values are stale unless you RefreshRateMs to a positive value (which causes NM to periodically poll the statistics from kernel). There is no further magic with "org.freedesktop.NetworkManager.Device.Statistics". You could just as well read the information via netlink. These statistics are ad-hoc, and will be lost after reboot (or when the interface dispears). I guess you could build an interesting tool for that. I am not aware that one exists. However, the API was added by Ubuntu developers, and presumably the do have a use for it and a tool. best, Thomas  My reason for asking about this was as a means of confirming proper operation of a strongswan VPN. When activated this VPN does not create a tun interface as the VPN I was previously using did. I had hoped to find some way to confirm that the traffic is indeed being routed via the VPN as opposed to going directly over the WiFi connection even when the VPN is active.I see.  Perhaps I need to take another approach. How difficult would it be for me to modify the connection to add a tun interface? I see no way to specify this in the GUI, but inspecting the lapsed VPN connection shows a "dev=tun" statement in the VPN section of its nmconnection file. Would manually adding such a statement to the strongswan VPN nmconnection file be sufficient? Are other additional statements required that are not present by default?I am not familiar with strongswan VPN. In general, it's the responsibility of the VPN plugin to create the interface (if at all). For IPSec VPN (like libreswan, strongswan), the tunnel can also be configured without having an actual interface. They can use XFRM instead. So if strongswan does not create an interface, then that might be still correct. And possibly there is a configuration in strongswan to switch between the two modes. IDK. best, Thomas Thank you, I believe you have pointed me to what I was looking for. Ever since I successfully created a strongswan connection in network manager I have been seeking a way to confirm it was operating properly. When I asked on the strongswan list I was told that policy based routing was the default. You have pointed me to where I can confirm things are working as designed. Looking at the documentation for ip xfrm it appears that I should be able to issue commands: ip xfrm policy list ip xfrm state list When I attempt to use them from my login I get an "operation not permitted" error, so I assume I must use sudo for them to work. Before I do so can someone confirm for me that these particular commands are safe to use and will not impact system operation? Thank you again for your assistance. Dave |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature