lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 05 Oct 2006 16:28:10 -0700
From:	Mike Mason <mmlnx@...ibm.com>
To:	"Frank Ch. Eigler" <fche@...hat.com>
CC:	jrs@...ibm.com, Irfan Habib <irfan.habib@...il.com>,
	Linux kernel <linux-kernel@...r.kernel.org>,
	SystemTAP <systemtap@...rces.redhat.com>
Subject: Re: Fwd: Any way to find the network usage by a process?

Frank Ch. Eigler wrote:
> Mike Mason <mmlnx@...ibm.com> writes:
> 
>> Here's a variation of Jose's script that uses the networking tapset
>> and prints top-like output for transmits and receives.  [...]
> 
> Thanks for posting it to the systemtap wiki.
> 
> Some minor style suggestions follow:
> 
>> [...]
>>          ifxmit_p[pid(), dev_name] ++
>>          ifxmit_b[pid(), dev_name] += length
> 
> These could be collapsed into a single statistics-aggregate array: 
> #          ifxmit[pid(), dev_name] <<< length
> Then the printing routine would use @count(ifxmit[...]) and @sum(ifxmit[...])
> to extract the two values.  Same of course for ifrecv.

I tried that and got the following output:

   PID   UID DEV     XMIT_PK RECV_PK XMIT_KB RECV_KB COMMAND
     0     0 eth0          9      10     486     672 swapper
ERROR: empty aggregate near identifier 'execname' at nettop.stp:35:4
WARNING: Number of errors: 1, skipped probes: 0

Apparently using @sum on empty aggregates isn't allowed. I expected 0's to 
be returned. The only way to avoid the error is use @sum only if @count > 
0, which makes the printf too complex in my opinion.

> 
>>          execname[pid()] = execname()
>>          user[pid()] = uid()
>>          ifdevs[pid(), dev_name] = dev_name
> 
> Calling pid() so many times is worse than calling it once and caching
> the result in a local variable ("p = pid()").  

Agreed.  I'll change that.

> 
> The way that the script tracks pid-to-uid and pid-to-execname mappings
> is not bad, though if that part were moved to new probes on fork or
> exec, it would allow the network-related probes to run concurrently on
> an SMP without fighting over locks.

But that would only catch processes created after the script starts, correct?

- Mike

> 
> 
> - FChE

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists