ifconfig showing wrong RX/TX byte count
ifconfig tells for eth0 some RX = 2,8GB, TX = 1,3GB value that cannot be real, since I recently transmitted many 10GB+ files over eth0. I would like to know
- if that's just some ordinary integer overflow (4GB limit)
- or if that's an indicator that there is some evil rootkit that lies wrong data
It's a silly question, but the discrepance keeps me bothering.
Thank you, Nils
I would say it is the 4GB wraparound as you are guessing. I ran into this with fairly recent 32 bit linux kernels.
You can grab the source code for your kernel and see if it is the same in include/linux/netdevice.h
and check the data type of net_device_stats->rx_bytes
. If you are using a 32 bit system and the time is an unsigned long you will get only 2^32 bytes or 4 GB. More about this in a post of mine here.
Unless of course ifconfig grabs is counters from somewhere besides proc these days...
You can set up iptables to manage the counters - they can even be made to survive reboots with a save/restore or manually clearing/setting the counters to specific values.
If you don't already have iptables rules you just need to add at least one rule to the input and output chains that allows everything for example and it will provide what you want:
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT
Then you can see the totals:
root@devcloner:~# iptables -n -vL
Chain INPUT (policy ACCEPT 2850K packets, 4183M bytes)
pkts bytes target prot opt in out source destination
22M 32G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 657K packets, 43M bytes)
pkts bytes target prot opt in out source destination
12951 813K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
-x will show the full byte counter:
root@devcloner:~# iptables -n -vL -x
Chain INPUT (policy ACCEPT 2850263 packets, 4182667884 bytes)
pkts bytes target prot opt in out source destination
22285352 32724735127 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 657099 packets, 43320848 bytes)
pkts bytes target prot opt in out source destination
102453 6738544 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
That info is probably parseable somewhere from /proc or /sys too.