Red Hat systemtap nettop shows swapper/0 process

Question

I'm analyzing network performance of a host, and I am using SystemTap's nettop.stp example, /usr/share/systemtap/examples/network/nettoqp.stp. I noticed that it includes network activity for the swapper process and kworker kernel threads. Why would pid 0 or kernel threads be performing network i/o? It seems odd. Could it be that we are receiving data yet there are no apps that are wanting it- multicast, perhaps, that is not destined for this host?

I am running this on a RHEL7 machine but I notice that I have pid 0 packets on my Fedora 37 laptop.

Thanks for any clues. Here's some sample output:

  PID   UID DEV     XMIT_PK RECV_PK XMIT_KB RECV_KB COMMAND
64397 10446 em1       37143   59977  602558    3093 ssh
64397 10446 bond0.16   37143       0  602558       0 ssh
64397 10446 bond0     37143       0  602558       0 ssh
    0     0 em1         823   21151   13073    1225 swapper/0
64396 10446 em1         189    4418    3026     227 scp
    0     0 bond0.16     823       0   13073       0 swapper/0
    0     0 bond0       823       0   13073       0 swapper/0
65058     0 p1p2          0     645       0      87 kworker/u547:3
11122     0 p1p2          0     474       0      41 kworker/u547:2
    0     0 p1p2          0     261       0      12 swapper/16
    0     0 p3p2          0     253       0      12 swapper/17
    6     0 em1         151      92    2431       4 ksoftirqd/0
66793     0 em1           2     232      32      12 lsof

Answer 1

There's a lot of network clients and servers in the kernel; from NFS and CIFS clients and servers, to network block device, to virtualized network devices, to USB/IP to IIO, and a lot more.

PID 0 is systemd, on your system, in all likelihood, which has a lot of networking capabilities, depending on what you make it do. For example, it might be logging to a syslog daemon over network.