use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).
Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
netstat [-s] [-B] [-I Interface]
Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
4941 lo0 0 0 0 I--S- 262144 tcpdump
252 ex0 19668 0 5 I-RS- 32768 dhclient
And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
19669 total packets received
5 total packets captured
0 total packets dropped
This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.
Reviewed by: christos@
