The basic idea behind this is to have a set standard for retrieving in detail statistics on a port by port basis. These statistics would include long term information regarding number of ACK packets sent from a port, or to a port, as well as short term information concerning current port activity (list of current connections with in detail information regarding packets).
The ideal situation would be to have the port statistics gathered together and returned to user land via a syscall(s). Yes, this could be very easily implemented in userland with libpcap, however, this would not be very efficient. Doing this in kernel land would allow for much quicker response time and, in general, will be a cleaner implementation.
Very much in the early stages. Currently work is being done what actual information will be saved (hence, longterm vs. current statistics). Along with this, work is being done in the FreeBSD 4.0 kernel to implement the ideas as they come along for testing purposes.
Please look out for the draft of the CPPS standard that will be available in the weeks to come. It will detail how the interface to the information should look, ala POSIX standards. Also, the FreeBSD 4.0 implementation should be done around this time as well.
Upon the release of the draft of the CPPS standard, comments will be more than welcome as to what people think are necesary in their eyes for saved stats. Also, after the standard is complete, the need for people to implement will be great. If you have any questions or comments, please contact us.
Andrew Reiter awr@blackops.org
Last updated: Wed May 3 02:35:39 EDT 2000