09:50 <n_1-c_k> Hi, running 3.1 on debian stable and trying out the network profile example at https://sourceware.org/systemtap/SystemTap_Beginners_Guide/useful-systemtap-scripts.html#nettopsect ...

09:51 <n_1-c_k> ...it shows xmit_ numbers but recv_ is always zero. Is there any hope of modifying the script to correct? Or best to try a newer version of systemtap?

11:55 <fche> n_1-c_k, hi

11:57 <fche> the netdev.receive probe point needed porting to kernels >3.14

11:57 <fche> it's just a one-liner patch to one file; you can probably apply it to your own copy of prebuilt systemtap and go

11:57 <fche> https://sourceware.org/git/?p=systemtap.git;a=commit;h=94b3978aa1d01f09b29dbc2d61e1a2bddec313df

11:58 <n_1-c_k> fche: thanks, I'll look

11:58 <fche> (this patch is in the fresh stap 3.3 release)

12:03 <n_1-c_k> fche: that worked for me - thanks!

12:15 <fche> great

12:22 <n_1-c_k> I'll venture to ask a followup question... I'm looking at the results of running that 'nettop' script while I get pages from a web server running there...

12:23 <n_1-c_k> The traffic uploaded from the server to send me the pages is shown as 'lighttpd', which is nice. But for the traffic going into the server...

12:24 <n_1-c_k> ...it's shown as belonging to 'swapper/0', which is a bit unexpected. Is there some way of having it show something about the receiving process, i.e. the web server?

12:25 <fche> I believe at the time the packet is received, there's no way to know which process it is destined to

12:25 <n_1-c_k> fche: ah...

12:28 <n_1-c_k> My knowledge of networking is modest but I wonder whether identifying the receiving port and matching that to a socket and then to the process owning the socket would reveal the receiver? But perhaps that's getting outside the realm of what systemtap can be expected to do?

12:33 <fche> it's possible but requires coordination of information that's not immediately available

12:34 <fche> so stap could do that - track bind/connect ops on a per-process basis

12:34 <fche> and match up incoming tcp/udp packets (at the device driver or firewall level) with them

12:34 <n_1-c_k> fche: oh! Then I hope someone cleverer than me will accomplish that :)

12:38 <n_1-c_k> I think that 'nethogs' must be doing something along those lines but it's interactive-only, it can't save to a log file (I think). I looked at its source code but struggle to make any sense of it.

12:40 <fche> aha

12:42 <fche> heh, it does it by scanning /proc/*/fd/* to find out what all the processes' filedescriptors are

12:44 <n_1-c_k> Yes, and that finds their sockets I think? Then it matches those to connections... somehow.. and uses libpcap for traffic.. somehow. I think.

12:44 <fche> very processing-heavy, but works

12:54 <n_1-c_k> fche, thanks for your help and comments.

12:54 <fche> np

22:59 <irker534> systemtap: amerey systemtap.git:refs/heads/master * release-3.3-11-gca70fe9 / stap-exporter/USAGE stap-exporter/example1.stp stap-exporter/exporter.py: stap-exporter: initial commit http://tinyurl.com/y8wy5rhp

22:59 <irker534> systemtap: amerey systemtap.git:refs/heads/master * release-3.3-12-g1b5ebe3 / stap-exporter/USAGE stap-exporter/example1.stp stap-exporter/exporter.conf stap-exporter/exporter.py stap-exporter/scripts/example1.stp stap-exporter/scripts/example2.stp: stap-exporter: improve configurability, enable automatic session timeouts http://tinyurl.com/y9eyak5o