5.1.1. Network Profiling
This section describes how to profile network activity. provides a glimpse into how much network traffic each process is generating on a machine.
点击(此处)折叠或打开
-
#! /usr/bin/env stap
-
-
global ifxmit, ifrecv
-
global ifmerged
-
-
probe netdev.transmit
-
{
-
ifxmit[pid(), dev_name, execname(), uid()] <<< length
-
}
-
-
probe netdev.receive
-
{
-
ifrecv[pid(), dev_name, execname(), uid()] <<< length
-
}
-
-
function print_activity()
-
{
-
printf("%5s %5s %-7s %7s %7s %7s %7s %-15s\n",
-
"PID", "UID", "DEV", "XMIT_PK", "RECV_PK",
-
"XMIT_KB", "RECV_KB", "COMMAND")
-
-
foreach ([pid, dev, exec, uid] in ifrecv) {
-
ifmerged[pid, dev, exec, uid] += @count(ifrecv[pid,dev,exec,uid]);
-
}
-
foreach ([pid, dev, exec, uid] in ifxmit) {
-
ifmerged[pid, dev, exec, uid] += @count(ifxmit[pid,dev,exec,uid]);
-
}
-
foreach ([pid, dev, exec, uid] in ifmerged-) {
-
n_xmit = @count(ifxmit[pid, dev, exec, uid])
-
n_recv = @count(ifrecv[pid, dev, exec, uid])
-
printf("%5d %5d %-7s %7d %7d %7d %7d %-15s\n",
-
pid, uid, dev, n_xmit, n_recv,
-
n_xmit ? @sum(ifxmit[pid, dev, exec, uid])/1024 : 0,
-
n_recv ? @sum(ifrecv[pid, dev, exec, uid])/1024 : 0,
-
exec)
-
}
-
-
print("\n")
-
-
delete ifxmit
-
delete ifrecv
-
delete ifmerged
-
}
-
-
probe timer.ms(5000), end, error
-
{
-
print_activity()
-
}
Note that function print_activity() uses the following expressions:
-
n_xmit ? @sum(ifxmit[pid, dev, exec, uid])/1024 : 0
-
n_recv ? @sum(ifrecv[pid, dev, exec, uid])/1024 : 0
These expressions are if/else conditionals. The first statement is
simply a more concise way of writing the following psuedo code:
-
if n_recv != 0 then
-
@sum(ifrecv[pid, dev, exec, uid])/1024
-
else
-
0
tracks which processes are generating network traffic on the system, and provides the following information about each process:
-
PID — the ID of the listed process.
-
UID — user ID. A user ID of 0 refers to the root user.
-
DEV — which ethernet device the process used to send / receive data (e.g. eth0, eth1)
-
XMIT_PK — number of packets transmitted by the process
-
RECV_PK — number of packets received by the process
-
XMIT_KB — amount of data sent by the process, in kilobytes
-
RECV_KB — amount of data received by the service, in kilobytes
provides network profile sampling every 5 seconds. You can change this setting by editing probe timer.ms(5000) accordingly. contains an excerpt of the output from over a 20-second period:
-
[...]
-
PID UID DEV XMIT_PK RECV_PK XMIT_KB RECV_KB COMMAND
-
0 0 eth0 0 5 0 0 swapper
-
11178 0 eth0 2 0 0 0 synergyc
-
-
PID UID DEV XMIT_PK RECV_PK XMIT_KB RECV_KB COMMAND
-
2886 4 eth0 79 0 5 0 cups-polld
-
11362 0 eth0 0 61 0 5 firefox
-
0 0 eth0 3 32 0 3 swapper
-
2886 4 lo 4 4 0 0 cups-polld
-
11178 0 eth0 3 0 0 0 synergyc
-
-
PID UID DEV XMIT_PK RECV_PK XMIT_KB RECV_KB COMMAND
-
0 0 eth0 0 6 0 0 swapper
-
2886 4 lo 2 2 0 0 cups-polld
-
11178 0 eth0 3 0 0 0 synergyc
-
3611 0 eth0 0 1 0 0 Xorg
-
-
PID UID DEV XMIT_PK RECV_PK XMIT_KB RECV_KB COMMAND
-
0 0 eth0 3 42 0 2 swapper
-
11178 0 eth0 43 1 3 0 synergyc
-
11362 0 eth0 0 7 0 0 firefox
-
3897 0 eth0 0 1 0 0 multiload-apple
-
[...]
大部分英文和语法都不难
有几个点没有提:
1、probe netdev.transmit
这个探测点是tapset里定义的,具体看这里
https://sourceware.org/systemtap/tapsets/API-netdev-transmit.html
netdev.receive也是tapset里定义的
阅读(1106) | 评论(0) | 转发(0) |
