# ifconfig RX/TX stats

## grant123

The RX and TX stats aren't appearing in ifconfig for one of my systems, they all show zero.  That system has a specific application and I strip as much out of its filesystem as I can so I probably stripped something that is required for those stats.  Any hints on where to look?

----------

## lovelytux

Hey grant 123,

does exist rx_packets in 

```
cat /sys/class/net/eth0????/statistics/rx_packets
```

lovelytux

----------

## grant123

I do have that file but you led me to a big clue:

ifconfig does yield stats for root and for my own regular user but it does not yield stats for any other user even though all users can 'cat /sys/class/net/net0/statistics/rx_packets' and see numbers that way.

----------

## khayyam

 *grant123 wrote:*   

> I do have that file but you led me to a big clue: ifconfig does yield stats for root and for my own regular user but it does not yield stats for any other user even though all users can 'cat /sys/class/net/net0/statistics/rx_packets' and see numbers that way.

 

grant123 ... and busybox?

```
# busybox ifconfig -a
```

best ... khay

----------

## grant123

I get zeros from busybox too.

----------

## khayyam

 *grant123 wrote:*   

> I get zeros from busybox too.

 

grant123 ... again, just with this one user? If so then this would suggest 'groups' (but I'm not aware there is such a group). You don't happen to have hardened kernel/userland?

best ... khay

----------

## Hu

Are there any interesting differences in the output of strace ifconfig as compared between the good non-root user and bad non-root user?  Per khayyam's question, what is the output of id for each user?

----------

## grant123

I do use a hardened kernel.  I will test without it tomorrow but how could only one of two regular users exhibit the problem?  The groups don't look like they could explain it.

----------

## grant123

It turns out if I'm using a hardened kernel then the user must be in the wheel group to get ifconfig stats.  Under a gentoo-sources kernel the user does not need to be in the wheel group to get ifconfig stats.

Can I grant non-wheel users access to stats in ifconfig under a hardened kernel?

----------

## khayyam

 *grant123 wrote:*   

> It turns out if I'm using a hardened kernel then the user must be in the wheel group to get ifconfig stats.  Under a gentoo-sources kernel the user does not need to be in the wheel group to get ifconfig stats.

 

grant123 ... as I remember hardened provides some additional sysctl mechanisms for access to dmesg, proc, and it seems it may apply other ACL's (well, it may not be the hardended patchset, there is CONFIG_SECURITY_DMESG_RESTRICT already in kernel, but hardened-sources may enable them). So, it seems the place to look is in your .config (under "Security options").

 *grant123 wrote:*   

> Can I grant non-wheel users access to stats in ifconfig under a hardened kernel?

 

Perhaps you should be asking why they need such data, they are users after all, and so are not doing the sort of thing that requires them to know TX/RX. The short answer is I don't know, I imagine the security features are not fine grained, by the sound of it they are wired to 'wheel'.

best ... khay

----------

## grant123

It must be this:

[*] Proc restrictions

[ ] Restrict /proc to user only

[*] Allow special group

(10) GID for special group

GID 10 is, of course, wheel.

From where in /proc are these network stats pulled?  Maybe I can change the permissions manually.

----------

## cboldt

/proc/net/dev

----------

## grant123

 *cboldt wrote:*   

> /proc/net/dev

 

That one is root:wheel but it's readable by everyone so there must be something more involved.  Using chmod to change the group to users does not seem to have any affect, it remains group wheel.

EDIT:  I'm able to cat that file as any user but the stats are all zeros.

----------

## cboldt

Running gentoo-sources here, not hardened, and that file contains stats for any user.

There is also /proc/net/netstat with the same permissions (world readable)

----------

## Hu

I suspect that the hardened developer responsible for this change found that making the file inaccessible to normal users caused problems, so he settled for making the file lie to unprivileged users instead.  Returning all zeroes is a common choice when refusing to return data is not an acceptable path.  Yes, you could patch the kernel to remove this restriction, but why do you need ordinary users to see this data?  Do you even want the proc restrictions enabled at all?

----------

## grant123

I do want high security in general.  If there were a way to restrict access to /proc while allowing anyone to read this generic traffic data (without patching the kernel) then I would probably do that.  But it doesn't look like we have that degree of control.

I want a regular user to be able to read this data simply so that their xfce4 panel network traffic monitor works.  It's not critical by any means but it doesn't hurt to have more eyes on the network.

----------

