Thursday, February 25, 2010

Per Socket Goodput

One of the holy grails of denial of service testing is the measurement of effective throughput of a service when under attack. There is no way to measure this in Linux because all the statistics are per-interface or system wide. What you actually need is to measure the number of bytes read or written by an open socket using a particular protocol (UDP or TCP). The new systemtap utility in Linux can do that, but how do you get the data out and into a MIB so you can read it using standard SNMP methods? There is a nice script supplied with systemtap called tcpipstat.stp, which outputs among other things bytes received and transmitted for each port, but it writes to the console.

I tried to capture the console output and read it into a c-program, which would enable me to port it into my MIB code. But try as I might you can't apparently read a file that is in the process of being written in C. You can in the underlying Linux OS but the bottom line is what the C library supports, and not all OSes allow it I guess.

After a bit of lateral thinking I realised that systemtap allows you to do other kinds of outputting than simple printf statements. In particular it allows system commands, as in C. So I can just call:

command = sprintf("snmpset -c public -v2c 
    localhost DOSTF-MIB::dosTFTCPRecvBytes.0 = %d",SockSendbytes[key])
system( command )

And I get the MIB variables set directly.

No comments:

Post a Comment