Use DKMS to build netatop kernel module

[RogueScholar]

Is there a reason this isn't already implemented? I was about to dig into the man page for DKMS and see if I couldn't figure it out, then I thought it'd be prudent to ask those who've been active on the project if it was even a worthwhile endeavor. All thoughts and experiences are welcome.

[hdhoang]

archlinux users can use this package for such functionality https://aur.archlinux.org/packages/netatop-dkms/

[denizzzka]

My discovery: nethogs can display network traffic per process without any additional modules. I don't know how it is implemented.

[perkinslr]

nethogs uses libpcap, which asks the kernel to mirror all incoming and outgoing packets to the nethogs process. This lets it see source and destination IPs and ports, and packet length. I believe nethogs then looks in /proc to figure out who is using those IP:port combinations to figure out associated user/program. This fails when you have multiple programs using the same IP:port, either via SO_REUSEPORT or by not closing a file descriptor after fork(). It's good enough for most cases, bit netatop knows which process sent or received the packet.

[ILMostro]

~Nice write-up. Thank you for that. I haven't dug into the sources (yet) for netatop (atop). What does netatop use if not libpcap for network traffic inspection/monitoring?~

Never mind. The netatop homepage mentions that netfilter is used.

[tbjornli]

Are there any plans to use DKMS to build netatop?

It is always a hassle to remember to rebuild the netatop module when the kernel changes.