Report packet statistics via the telemetry framework

scripts/base/init-bare.zeek

@@ -669,16 +669,16 @@ type SYN_packet: record {
 ##
 ## .. zeek:see:: get_net_stats
 type NetStats: record {
-	pkts_recvd:   count &default=0;	##< Packets received by Zeek.
+	pkts_recvd:    count &default=0; ##< Packets received by Zeek.
-	pkts_dropped: count &default=0;	##< Packets reported dropped by the system.
+	pkts_dropped:  count &default=0; ##< Packets reported dropped by the system.
 	## Packets seen on the link. Note that this may differ
 	## from *pkts_recvd* because of a potential capture_filter. See
 	## :doc:`/scripts/base/frameworks/packet-filter/main.zeek`. Depending on the
 	## packet capture system, this value may not be available and will then
 	## be always set to zero.
-	pkts_link:    count &default=0;
+	pkts_link:     count &default=0;
-	bytes_recvd:  count &default=0;	##< Bytes received by Zeek.
+	bytes_recvd:   count &default=0; ##< Bytes received by Zeek.
-	filtered:     count &optional;  ##< Packets filtered by the packet source.
+	pkts_filtered: count &optional;  ##< Packets filtered by the packet source.
 };
 
 type ConnStats: record {

scripts/policy/misc/stats.zeek

@@ -1,6 +1,7 @@
 ##! Log memory/packet/lag statistics.
 
 @load base/frameworks/notice
+@load base/frameworks/telemetry
 
 module Stats;
 
@@ -87,6 +88,57 @@ export {
 	global log_stats: event(rec: Info);
 }
 
+global bytes_received_cf = Telemetry::register_counter_family([
+    $prefix="zeek",
+    $name="net-received-bytes",
+    $unit="1",
+    $help_text="Total number of bytes received",
+]);
+
+global packets_received_cf = Telemetry::register_counter_family([
+    $prefix="zeek",
+    $name="net-received-packets",
+    $unit="1",
+    $help_text="Total number of packets received",
+]);
+
+global packets_dropped_cf = Telemetry::register_counter_family([
+    $prefix="zeek",
+    $name="net-dropped-packets",
+    $unit="1",
+    $help_text="Total number of packets dropped",
+]);
+
+global link_packets_cf = Telemetry::register_counter_family([
+    $prefix="zeek",
+    $name="net-link-packets",
+    $unit="1",
+    $help_text="Total number of packets on the packet source link before filtering",
+]);
+
+global packets_filtered_cf = Telemetry::register_counter_family([
+    $prefix="zeek",
+    $name="net-filtered-packets",
+    $unit="1",
+    $help_text="Total number of packets filtered",
+]);
+
+hook Telemetry::sync() {
+	local net_stats = get_net_stats();
+	Telemetry::counter_family_set(bytes_received_cf, vector(), net_stats$bytes_recvd);
+	Telemetry::counter_family_set(packets_received_cf, vector(), net_stats$pkts_recvd);
+
+	if ( reading_live_traffic() )
+		{
+		Telemetry::counter_family_set(packets_dropped_cf, vector(), net_stats$pkts_dropped);
+		Telemetry::counter_family_set(link_packets_cf, vector(), net_stats$pkts_link);
+
+		if ( net_stats?$pkts_filtered )
+			Telemetry::counter_family_set(packets_filtered_cf, vector(), net_stats$pkts_filtered);
+		}
+}
+
+
 event zeek_init() &priority=5
 	{
 	Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats", $policy=log_policy]);

src/RunState.cc

@@ -432,7 +432,8 @@ void get_final_stats()
 		std::string filtered = "";
 		if ( s.filtered )
 			{
-			double filtered_pct = s.filtered ? pct(s.filtered.value(), s.received) : 0.0;
+			double filtered_pct = s.filtered.value() > 0 ? pct(s.filtered.value(), s.received)
+			                                             : 0.0;
 			filtered = zeek::util::fmt(" %" PRIu64 " (%.2f%%) filtered", s.filtered.value(),
 			                           filtered_pct);
 			}

src/iosource/PktSrc.h

@@ -9,6 +9,7 @@
 #include "zeek/iosource/BPF_Program.h"
 #include "zeek/iosource/IOSource.h"
 #include "zeek/iosource/Packet.h"
+#include "zeek/telemetry/Manager.h"
 
 struct pcap_pkthdr;
 

testing/external/commit-hash.zeek-testing

@@ -1 +1 @@
-175be0b929c7f513cdb944f9f20d61274380501e
+18a9ac00f5b7617e8660d4ba680a25291d2b44f7

testing/external/commit-hash.zeek-testing-private

@@ -1 +1 @@
-8718f8842f64a4ea97900b5a03380a5417528d1c
+98e8aee2f09bff7e8138290242274b5ffd834e58