From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26152 invoked by alias); 3 Oct 2006 15:49:53 -0000 Received: (qmail 26133 invoked by uid 22791); 3 Oct 2006 15:49:52 -0000 X-Spam-Status: No, hits=-2.7 required=5.0 tests=AWL,BAYES_00,SPF_PASS X-Spam-Check-By: sourceware.org Received: from e4.ny.us.ibm.com (HELO e4.ny.us.ibm.com) (32.97.182.144) by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 03 Oct 2006 15:49:45 +0000 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e4.ny.us.ibm.com (8.13.8/8.12.11) with ESMTP id k93FnffO012787 for ; Tue, 3 Oct 2006 11:49:41 -0400 Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay02.pok.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id k93FnfVR245408 for ; Tue, 3 Oct 2006 11:49:41 -0400 Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id k93FnfP8001840 for ; Tue, 3 Oct 2006 11:49:41 -0400 Received: from austin.ibm.com (netmail2.austin.ibm.com [9.41.248.176]) by d01av04.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id k93FneJq001823; Tue, 3 Oct 2006 11:49:41 -0400 Received: from [9.41.41.30] (rx8.austin.ibm.com [9.41.41.30]) by austin.ibm.com (8.12.10/8.12.10) with ESMTP id k93Fnetv058708; Tue, 3 Oct 2006 10:49:40 -0500 Message-ID: <452285FD.7010909@us.ibm.com> Date: Tue, 03 Oct 2006 15:49:00 -0000 From: "Jose R. Santos" Reply-To: jrs@us.ibm.com Organization: IBM User-Agent: Thunderbird 1.5.0.5 (X11/20060728) MIME-Version: 1.0 To: Irfan Habib CC: Linux kernel , SystemTAP Subject: Re: Fwd: Any way to find the network usage by a process? References: <3420082f0610030114o5b44b8ak7797483e02002614@mail.gmail.com> <3420082f0610030114o4c6998en907bccce81d28c59@mail.gmail.com> In-Reply-To: <3420082f0610030114o4c6998en907bccce81d28c59@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2006-q4/txt/msg00019.txt.bz2 Irfan Habib wrote: > Hi, > > Is there any method either kernel or user level which tells me which > process is generating how much traffic from a machine. For example if > some process is flooding the network, then I would like to know which > process (PID ideally), is generating the most traffic. > > A while ago I did a SystemTap script to solve a problem similar to this. It's been siting in my system for a while collecting dust and you currently don't need the embedded C code since the networking.stp tapset has all this script needs(and more), but I should point you in the right direction. This worked a couple of months ago but it is currently untested. Hope it helps. -JRS global ifstats, ifdevs, execname %{ #include #include %} probe kernel.function("dev_queue_xmit") { execname[pid()] = execname() name=skb_to_name($skb) ifdevs[name] = name ifstats[pid(),name] <<< 1 } function skb_to_name:string (skbuff:long) %{ struct sk_buff *skbuff = (struct sk_buff *)((long)THIS->skbuff); struct net_device *netdev = skbuff->dev; sprintf (THIS->__retvalue, "%s" , netdev->name); %} probe timer.ms(5000) { exit() } probe end { foreach( pid in execname) { if (pid == 0) continue printf("%15s[%5d] ->\t", execname[pid],pid) foreach( ifname in ifdevs) { printf("[%s:%7d] \t", ifname, @count(ifstats[pid, ifname])) } print("\n") } print("\n") }