new(driver): add 2 new scap stats

driver/API_VERSION

@@ -1 +1 @@
-4.0.2
+5.0.0

driver/bpf/fillers.h

@@ -190,6 +190,12 @@ FILLER_RAW(terminate_filler)
 					++state->n_drops_buffer_other_interest_enter;
 				}
 				break;
+			case PPME_PROCEXIT_E:
+			case PPME_PROCEXIT_1_E:
+				if (state->n_drops_buffer_proc_exit != ULLONG_MAX) {
+					++state->n_drops_buffer_proc_exit;
+				}
+				break;
 			// exit
 			case PPME_SYSCALL_OPEN_X:
 			case PPME_SYSCALL_CREAT_X:
@@ -274,6 +280,11 @@ FILLER_RAW(terminate_filler)
 					++state->n_drops_buffer_other_interest_exit;
 				}
 				break;
+			case PPME_SYSCALL_CLOSE_X:
+				if (state->n_drops_buffer_close_exit != ULLONG_MAX) {
+					++state->n_drops_buffer_close_exit;
+				}
+				break;
 			default:
 				break;
 		}

driver/bpf/types.h

@@ -270,6 +270,8 @@ struct scap_bpf_per_cpu_state {
 	unsigned long long n_drops_buffer_dir_file_exit;
 	unsigned long long n_drops_buffer_other_interest_enter;		/* Category of other system calls of interest, not all other system calls that did not match a category from above. */
 	unsigned long long n_drops_buffer_other_interest_exit;
+	unsigned long long n_drops_buffer_close_exit;
+	unsigned long long n_drops_buffer_proc_exit;
 	unsigned long long n_drops_scratch_map;		/* Number of kernel side scratch map drops. */
 	unsigned long long n_drops_pf;		/* Number of kernel side page faults drops (invalid memory access). */
 	unsigned long long n_drops_bug;		/* Number of kernel side bug drops (invalid condition in the kernel instrumentation). */

driver/main.c

@@ -591,7 +591,7 @@ static int ppm_release(struct inode *inode, struct file *filp)
 		goto cleanup_release;
 	}
 
-	vpr_info("closing ring %d, consumer:%p evt:%llu, dr_buf:%llu, dr_buf_clone_fork_e:%llu, dr_buf_clone_fork_x:%llu, dr_buf_execve_e:%llu, dr_buf_execve_x:%llu, dr_buf_connect_e:%llu, dr_buf_connect_x:%llu, dr_buf_open_e:%llu, dr_buf_open_x:%llu, dr_buf_dir_file_e:%llu, dr_buf_dir_file_x:%llu, dr_buf_other_e:%llu, dr_buf_other_x:%llu, dr_pf:%llu, pr:%llu, cs:%llu\n",
+	vpr_info("closing ring %d, consumer:%p evt:%llu, dr_buf:%llu, dr_buf_clone_fork_e:%llu, dr_buf_clone_fork_x:%llu, dr_buf_execve_e:%llu, dr_buf_execve_x:%llu, dr_buf_connect_e:%llu, dr_buf_connect_x:%llu, dr_buf_open_e:%llu, dr_buf_open_x:%llu, dr_buf_dir_file_e:%llu, dr_buf_dir_file_x:%llu, dr_buf_other_e:%llu, dr_buf_other_x:%llu, dr_buf_close_exit:%llu, dr_buf_proc_exit:%llu, dr_pf:%llu, pr:%llu, cs:%llu\n",
 	       ring_no,
 	       consumer_id,
 	       ring->info->n_evts,
@@ -608,6 +608,8 @@ static int ppm_release(struct inode *inode, struct file *filp)
 	       ring->info->n_drops_buffer_dir_file_exit,
 	       ring->info->n_drops_buffer_other_interest_enter,
 	       ring->info->n_drops_buffer_other_interest_exit,
+	       ring->info->n_drops_buffer_close_exit,	
+	       ring->info->n_drops_buffer_proc_exit,
 	       ring->info->n_drops_pf,
 	       ring->info->n_preemptions,
 	       ring->info->n_context_switches);
@@ -1520,6 +1522,10 @@ static inline void drops_buffer_syscall_categories_counters(ppm_event_code event
 	case PPME_SYSCALL_CAPSET_E:
 		ring_info->n_drops_buffer_other_interest_enter++;
 		break;
+	case PPME_PROCEXIT_E:
+	case PPME_PROCEXIT_1_E:
+		ring_info->n_drops_buffer_proc_exit++;
+		break;			
 	// exit
 	case PPME_SYSCALL_OPEN_X:
 	case PPME_SYSCALL_CREAT_X:
@@ -1592,6 +1598,9 @@ static inline void drops_buffer_syscall_categories_counters(ppm_event_code event
 	case PPME_SYSCALL_CAPSET_X:
 		ring_info->n_drops_buffer_other_interest_exit++;
 		break;
+	case PPME_SYSCALL_CLOSE_X:
+		ring_info->n_drops_buffer_close_exit++;
+		break;
 	default:
 		break;
 	}
@@ -2088,7 +2097,7 @@ static int record_event_consumer(struct ppm_consumer_t *consumer,
 	}
 
 	if (MORE_THAN_ONE_SECOND_AHEAD(ns, ring->last_print_time + 1) && !(drop_flags & UF_ATOMIC)) {
-		vpr_info("consumer:%p CPU:%d, use:%lu%%, ev:%llu, dr_buf:%llu, dr_buf_clone_fork_e:%llu, dr_buf_clone_fork_x:%llu, dr_buf_execve_e:%llu, dr_buf_execve_x:%llu, dr_buf_connect_e:%llu, dr_buf_connect_x:%llu, dr_buf_open_e:%llu, dr_buf_open_x:%llu, dr_buf_dir_file_e:%llu, dr_buf_dir_file_x:%llu, dr_buf_other_e:%llu, dr_buf_other_x:%llu, dr_pf:%llu, pr:%llu, cs:%llu\n",
+		vpr_info("consumer:%p CPU:%d, use:%lu%%, ev:%llu, dr_buf:%llu, dr_buf_clone_fork_e:%llu, dr_buf_clone_fork_x:%llu, dr_buf_execve_e:%llu, dr_buf_execve_x:%llu, dr_buf_connect_e:%llu, dr_buf_connect_x:%llu, dr_buf_open_e:%llu, dr_buf_open_x:%llu, dr_buf_dir_file_e:%llu, dr_buf_dir_file_x:%llu, dr_buf_other_e:%llu, dr_buf_other_x:%llu, dr_buf_close_exit:%llu, dr_buf_proc_exit:%llu, dr_pf:%llu, pr:%llu, cs:%llu\n",
 			   consumer->consumer_id,
 		       smp_processor_id(),
 		       (usedspace * 100) / consumer->buffer_bytes_dim,
@@ -2106,6 +2115,8 @@ static int record_event_consumer(struct ppm_consumer_t *consumer,
 		       ring_info->n_drops_buffer_dir_file_exit,
 		       ring_info->n_drops_buffer_other_interest_enter,
 		       ring_info->n_drops_buffer_other_interest_exit,
+		       ring->info->n_drops_buffer_close_exit,
+		       ring->info->n_drops_buffer_proc_exit,
 		       ring_info->n_drops_pf,
 		       ring_info->n_preemptions,
 		       ring->info->n_context_switches);
@@ -2620,6 +2631,8 @@ static void reset_ring_buffer(struct ppm_ring_buffer_context *ring)
 	ring->info->n_drops_buffer_dir_file_exit = 0;
 	ring->info->n_drops_buffer_other_interest_enter = 0;
 	ring->info->n_drops_buffer_other_interest_exit = 0;
+	ring->info->n_drops_buffer_close_exit = 0;
+	ring->info->n_drops_buffer_proc_exit = 0;
 	ring->info->n_drops_pf = 0;
 	ring->info->n_preemptions = 0;
 	ring->info->n_context_switches = 0;

driver/modern_bpf/helpers/base/stats.h

@@ -95,6 +95,10 @@ static __always_inline void compute_event_types_stats(u16 event_type, struct cou
 	case PPME_SYSCALL_CAPSET_E:
 		counter->n_drops_buffer_other_interest_enter++;
 		break;
+	case PPME_PROCEXIT_E:
+	case PPME_PROCEXIT_1_E:
+		counter->n_drops_buffer_proc_exit++;
+		break;		
 	// exit
 	case PPME_SYSCALL_OPEN_X:
 	case PPME_SYSCALL_CREAT_X:
@@ -167,6 +171,9 @@ static __always_inline void compute_event_types_stats(u16 event_type, struct cou
 	case PPME_SYSCALL_CAPSET_X:
 		counter->n_drops_buffer_other_interest_exit++;
 		break;
+	case PPME_SYSCALL_CLOSE_X:
+		counter->n_drops_buffer_close_exit++;
+		break;		
 	default:
 		break;
 	}

driver/modern_bpf/shared_definitions/struct_definitions.h

@@ -74,5 +74,7 @@ struct counter_map
 	uint64_t n_drops_buffer_dir_file_exit;
 	uint64_t n_drops_buffer_other_interest_enter;
 	uint64_t n_drops_buffer_other_interest_exit;	 /* Category of other system calls of interest, not all other system calls that did not match a category from above. */
+	uint64_t n_drops_buffer_close_exit;
+	uint64_t n_drops_buffer_proc_exit;
 	uint64_t n_drops_max_event_size; /* Number of drops due to an excessive event size (>64KB). */
 };

driver/ppm_ringbuffer.h

@@ -50,6 +50,8 @@ struct ppm_ring_buffer_info {
 	volatile __u64 n_drops_buffer_dir_file_exit;
 	volatile __u64 n_drops_buffer_other_interest_enter;		/* Category of other system calls of interest, not all other system calls that did not match a category from above. */
 	volatile __u64 n_drops_buffer_other_interest_exit;
+	volatile __u64 n_drops_buffer_close_exit;
+	volatile __u64 n_drops_buffer_proc_exit;
 	volatile __u64 n_drops_pf;		/* Number of dropped events (page faults). */
 	volatile __u64 n_preemptions;		/* Number of preemptions. */
 	volatile __u64 n_context_switches;	/* Number of received context switch events. */

userspace/libpman/src/stats.c

@@ -35,6 +35,8 @@ typedef enum modern_bpf_kernel_counters_stats
 	MODERN_BPF_N_DROPS_BUFFER_DIR_FILE_EXIT,
 	MODERN_BPF_N_DROPS_BUFFER_OTHER_INTEREST_ENTER,
 	MODERN_BPF_N_DROPS_BUFFER_OTHER_INTEREST_EXIT,
+	MODERN_BPF_N_DROPS_BUFFER_CLOSE_EXIT,
+	MODERN_BPF_N_DROPS_BUFFER_PROC_EXIT,
 	MODERN_BPF_N_DROPS_SCRATCH_MAP,
 	MODERN_BPF_N_DROPS,
 	MODERN_BPF_MAX_KERNEL_COUNTERS_STATS
@@ -63,6 +65,8 @@ const char *const modern_bpf_kernel_counters_stats_names[] = {
 	[MODERN_BPF_N_DROPS_BUFFER_DIR_FILE_EXIT] = "n_drops_buffer_dir_file_exit",
 	[MODERN_BPF_N_DROPS_BUFFER_OTHER_INTEREST_ENTER] = "n_drops_buffer_other_interest_enter",
 	[MODERN_BPF_N_DROPS_BUFFER_OTHER_INTEREST_EXIT] = "n_drops_buffer_other_interest_exit",
+	[MODERN_BPF_N_DROPS_BUFFER_CLOSE_EXIT] = "n_drops_buffer_close_exit",
+	[MODERN_BPF_N_DROPS_BUFFER_PROC_EXIT] = "n_drops_buffer_proc_exit",
 	[MODERN_BPF_N_DROPS_SCRATCH_MAP] = "n_drops_scratch_map",
 	[MODERN_BPF_N_DROPS] = "n_drops",
 };
@@ -121,6 +125,8 @@ int pman_get_scap_stats(struct scap_stats *stats)
 		stats->n_drops_buffer_dir_file_enter += cnt_map.n_drops_buffer_dir_file_enter;
 		stats->n_drops_buffer_dir_file_exit += cnt_map.n_drops_buffer_dir_file_exit;
 		stats->n_drops_buffer_other_interest_enter += cnt_map.n_drops_buffer_other_interest_enter;
+		stats->n_drops_buffer_close_exit += cnt_map.n_drops_buffer_close_exit;
+		stats->n_drops_buffer_proc_exit += cnt_map.n_drops_buffer_proc_exit;
 		stats->n_drops_buffer_other_interest_exit += cnt_map.n_drops_buffer_other_interest_exit;
 		stats->n_drops_scratch_map += cnt_map.n_drops_max_event_size;
 		stats->n_drops += (cnt_map.n_drops_buffer + cnt_map.n_drops_max_event_size);
@@ -198,6 +204,8 @@ struct scap_stats_v2 *pman_get_scap_stats_v2(uint32_t flags, uint32_t *nstats, i
 			g_state.stats[MODERN_BPF_N_DROPS_BUFFER_DIR_FILE_EXIT].value.u64 += cnt_map.n_drops_buffer_dir_file_exit;
 			g_state.stats[MODERN_BPF_N_DROPS_BUFFER_OTHER_INTEREST_ENTER].value.u64 += cnt_map.n_drops_buffer_other_interest_enter;
 			g_state.stats[MODERN_BPF_N_DROPS_BUFFER_OTHER_INTEREST_EXIT].value.u64 += cnt_map.n_drops_buffer_other_interest_exit;
+			g_state.stats[MODERN_BPF_N_DROPS_BUFFER_CLOSE_EXIT].value.u64 += cnt_map.n_drops_buffer_close_exit;
+			g_state.stats[MODERN_BPF_N_DROPS_BUFFER_PROC_EXIT].value.u64 += cnt_map.n_drops_buffer_proc_exit;
 			g_state.stats[MODERN_BPF_N_DROPS_SCRATCH_MAP].value.u64 += cnt_map.n_drops_max_event_size;
 			g_state.stats[MODERN_BPF_N_DROPS].value.u64 += (cnt_map.n_drops_buffer + cnt_map.n_drops_max_event_size);
 		}

userspace/libscap/engine/bpf/scap_bpf.c

@@ -64,6 +64,8 @@ static const char * const bpf_kernel_counters_stats_names[] = {
 	[BPF_N_DROPS_BUFFER_DIR_FILE_EXIT] = "n_drops_buffer_dir_file_exit",
 	[BPF_N_DROPS_BUFFER_OTHER_INTEREST_ENTER] = "n_drops_buffer_other_interest_enter",
 	[BPF_N_DROPS_BUFFER_OTHER_INTEREST_EXIT] = "n_drops_buffer_other_interest_exit",
+	[BPF_N_DROPS_BUFFER_CLOSE_EXIT] = "n_drops_buffer_close_exit",
+	[BPF_N_DROPS_BUFFER_PROC_EXIT] = "n_drops_buffer_proc_exit",
 	[BPF_N_DROPS_SCRATCH_MAP] = "n_drops_scratch_map",
 	[BPF_N_DROPS_PAGE_FAULTS] = "n_drops_page_faults",
 	[BPF_N_DROPS_BUG] = "n_drops_bug",
@@ -1654,6 +1656,8 @@ int32_t scap_bpf_get_stats(struct scap_engine_handle engine, OUT scap_stats* sta
 		stats->n_drops_buffer_dir_file_exit += v.n_drops_buffer_dir_file_exit;
 		stats->n_drops_buffer_other_interest_enter += v.n_drops_buffer_other_interest_enter;
 		stats->n_drops_buffer_other_interest_exit += v.n_drops_buffer_other_interest_exit;
+		stats->n_drops_buffer_close_exit += v.n_drops_buffer_close_exit;
+		stats->n_drops_buffer_proc_exit += v.n_drops_buffer_proc_exit;
 		stats->n_drops_scratch_map += v.n_drops_scratch_map;
 		stats->n_drops_pf += v.n_drops_pf;
 		stats->n_drops_bug += v.n_drops_bug;
@@ -1714,6 +1718,8 @@ const struct scap_stats_v2* scap_bpf_get_stats_v2(struct scap_engine_handle engi
 			stats[BPF_N_DROPS_BUFFER_DIR_FILE_EXIT].value.u64 += v.n_drops_buffer_dir_file_exit;
 			stats[BPF_N_DROPS_BUFFER_OTHER_INTEREST_ENTER].value.u64 += v.n_drops_buffer_other_interest_enter;
 			stats[BPF_N_DROPS_BUFFER_OTHER_INTEREST_EXIT].value.u64 += v.n_drops_buffer_other_interest_exit;
+			stats[BPF_N_DROPS_BUFFER_CLOSE_EXIT].value.u64 += v.n_drops_buffer_close_exit;
+			stats[BPF_N_DROPS_BUFFER_PROC_EXIT].value.u64 += v.n_drops_buffer_proc_exit;
 			stats[BPF_N_DROPS_SCRATCH_MAP].value.u64 += v.n_drops_scratch_map;
 			stats[BPF_N_DROPS_PAGE_FAULTS].value.u64 += v.n_drops_pf;
 			stats[BPF_N_DROPS_BUG].value.u64 += v.n_drops_bug;

userspace/libscap/engine/bpf/scap_bpf_stats.h

@@ -32,6 +32,8 @@ typedef enum bpf_kernel_counters_stats {
 	BPF_N_DROPS_BUFFER_DIR_FILE_EXIT,
 	BPF_N_DROPS_BUFFER_OTHER_INTEREST_ENTER,
 	BPF_N_DROPS_BUFFER_OTHER_INTEREST_EXIT,
+	BPF_N_DROPS_BUFFER_CLOSE_EXIT,
+	BPF_N_DROPS_BUFFER_PROC_EXIT,
 	BPF_N_DROPS_SCRATCH_MAP,
 	BPF_N_DROPS_PAGE_FAULTS,
 	BPF_N_DROPS_BUG,

userspace/libscap/engine/kmod/scap_kmod.c

@@ -52,6 +52,8 @@ static const char * const kmod_kernel_counters_stats_names[] = {
 	[KMOD_N_DROPS_BUFFER_DIR_FILE_EXIT] = "n_drops_buffer_dir_file_exit",
 	[KMOD_N_DROPS_BUFFER_OTHER_INTEREST_ENTER] = "n_drops_buffer_other_interest_enter",
 	[KMOD_N_DROPS_BUFFER_OTHER_INTEREST_EXIT] = "n_drops_buffer_other_interest_exit",
+	[KMOD_N_DROPS_BUFFER_CLOSE_EXIT] = "n_drops_buffer_close_exit",
+	[KMOD_N_DROPS_BUFFER_PROC_EXIT] = "n_drops_buffer_proc_exit",
 	[KMOD_N_DROPS_PAGE_FAULTS] = "n_drops_page_faults",
 	[KMOD_N_DROPS_BUG] = "n_drops_bug",
 	[KMOD_N_DROPS] = "n_drops",
@@ -558,6 +560,8 @@ int32_t scap_kmod_get_stats(struct scap_engine_handle engine, scap_stats* stats)
 		stats->n_drops_buffer_dir_file_exit += dev->m_bufinfo->n_drops_buffer_dir_file_exit;
 		stats->n_drops_buffer_other_interest_enter += dev->m_bufinfo->n_drops_buffer_other_interest_enter;
 		stats->n_drops_buffer_other_interest_exit += dev->m_bufinfo->n_drops_buffer_other_interest_exit;
+		stats->n_drops_buffer_close_exit += dev->m_bufinfo->n_drops_buffer_close_exit;
+		stats->n_drops_buffer_proc_exit += dev->m_bufinfo->n_drops_buffer_proc_exit;
 		stats->n_drops_pf += dev->m_bufinfo->n_drops_pf;
 		stats->n_drops += dev->m_bufinfo->n_drops_buffer +
 				  dev->m_bufinfo->n_drops_pf;
@@ -609,6 +613,8 @@ const struct scap_stats_v2* scap_kmod_get_stats_v2(struct scap_engine_handle eng
 			stats[KMOD_N_DROPS_BUFFER_DIR_FILE_EXIT].value.u64 += dev->m_bufinfo->n_drops_buffer_dir_file_exit;
 			stats[KMOD_N_DROPS_BUFFER_OTHER_INTEREST_ENTER].value.u64 += dev->m_bufinfo->n_drops_buffer_other_interest_enter;
 			stats[KMOD_N_DROPS_BUFFER_OTHER_INTEREST_EXIT].value.u64 += dev->m_bufinfo->n_drops_buffer_other_interest_exit;
+			stats[KMOD_N_DROPS_BUFFER_CLOSE_EXIT].value.u64 += dev->m_bufinfo->n_drops_buffer_close_exit;
+			stats[KMOD_N_DROPS_BUFFER_PROC_EXIT].value.u64 += dev->m_bufinfo->n_drops_buffer_proc_exit;
 			stats[KMOD_N_DROPS_PAGE_FAULTS].value.u64 += dev->m_bufinfo->n_drops_pf;
 			stats[KMOD_N_DROPS].value.u64 += dev->m_bufinfo->n_drops_buffer +
 					dev->m_bufinfo->n_drops_pf;

userspace/libscap/engine/kmod/scap_kmod_stats.h

@@ -32,6 +32,8 @@ typedef enum kmod_kernel_counters_stats {
 	KMOD_N_DROPS_BUFFER_DIR_FILE_EXIT,
 	KMOD_N_DROPS_BUFFER_OTHER_INTEREST_ENTER,
 	KMOD_N_DROPS_BUFFER_OTHER_INTEREST_EXIT,
+	KMOD_N_DROPS_BUFFER_CLOSE_EXIT,
+	KMOD_N_DROPS_BUFFER_PROC_EXIT,
 	KMOD_N_DROPS_PAGE_FAULTS,
 	KMOD_N_DROPS_BUG,
 	KMOD_N_DROPS,

userspace/libscap/examples/01-open/README.md

@@ -111,6 +111,8 @@ Number of dropped events caused by full buffer (n_drops_buffer_dir_file_enter sy
 Number of dropped events caused by full buffer (n_drops_buffer_dir_file_exit syscall category): 0
 Number of dropped events caused by full buffer (n_drops_buffer_other_interest_enter syscall category): 0
 Number of dropped events caused by full buffer (n_drops_buffer_other_interest_exit syscall category): 0
+Number of dropped events caused by full buffer (n_drops_buffer_close_exit syscall category): 0
+Number of dropped events caused by full buffer (n_drops_buffer_proc_exit syscall category): 0
 Number of dropped events caused by full scratch map: 0
 Number of dropped events caused by invalid memory access (page faults): 0
 Number of dropped events caused by an invalid condition in the kernel instrumentation (bug): 0

userspace/libscap/scap.c

@@ -371,6 +371,8 @@ int32_t scap_get_stats(scap_t* handle, OUT scap_stats* stats)
 	stats->n_drops_buffer_dir_file_exit = 0;
 	stats->n_drops_buffer_other_interest_enter = 0;
 	stats->n_drops_buffer_other_interest_exit = 0;
+	stats->n_drops_buffer_close_exit = 0;
+	stats->n_drops_buffer_proc_exit = 0;
 	stats->n_drops_scratch_map = 0;
 	stats->n_drops_pf = 0;
 	stats->n_drops_bug = 0;

userspace/libscap/scap.h

@@ -100,7 +100,7 @@ typedef struct ppm_evt_hdr scap_evt;
 // call `scap_get_driver_api_version()` and/or `scap_get_driver_schema_version()`
 // and handle the result
 //
-#define SCAP_MINIMUM_DRIVER_API_VERSION PPM_API_VERSION(4, 0, 0)
+#define SCAP_MINIMUM_DRIVER_API_VERSION PPM_API_VERSION(5, 0, 0)
 #define SCAP_MINIMUM_DRIVER_SCHEMA_VERSION PPM_API_VERSION(2, 0, 0)
 
 // 
@@ -140,6 +140,8 @@ typedef struct scap_stats
 	uint64_t n_drops_buffer_dir_file_exit;
 	uint64_t n_drops_buffer_other_interest_enter;
 	uint64_t n_drops_buffer_other_interest_exit;
+	uint64_t n_drops_buffer_close_exit;
+	uint64_t n_drops_buffer_proc_exit;
 	uint64_t n_drops_scratch_map; ///< Number of dropped events caused by full frame scratch map.
 	uint64_t n_drops_pf; ///< Number of dropped events caused by invalid memory access.
 	uint64_t n_drops_bug; ///< Number of dropped events caused by an invalid condition in the kernel instrumentation.

userspace/libsinsp/capture_stats_source.h

@@ -18,6 +18,7 @@ limitations under the License.
 
 #include "sinsp_public.h"
 #include <stdint.h>
+#include "logger.h"
 
 struct scap_stats;
 
@@ -45,6 +46,16 @@ class SINSP_PUBLIC capture_stats_source
 	 */
 	virtual void get_capture_stats(scap_stats* stats) const = 0;
 
+	/**
+	 * Print a log with statistics about the currently
+	 * open capture.
+	 *
+	 * @note This may not work for a file-based capture source.
+	 *
+	 * @param[in] sev severity used to log
+	 */
+	virtual void print_capture_stats(sinsp_logger::severity sev) const = 0;
+
 	/**
 	 * Get engine statistics (including counters and `bpftool prog show` like stats).
 	 *