diff options
| author | Dave Brolley <brolley@redhat.com> | 2009-04-15 11:57:50 -0400 |
|---|---|---|
| committer | Dave Brolley <brolley@redhat.com> | 2009-04-15 11:57:50 -0400 |
| commit | 44602d5b700d547cb1d560e90c0187c3fe66d613 (patch) | |
| tree | 7d7d423e761b117e4e10510f6a135d9160a7fc65 | |
| parent | 6c39ba6093aa0b3b86aa7e6f17a23ef322bd67cd (diff) | |
| parent | 7a51212ca1895b85f400fafe0e5198525996af1d (diff) | |
| download | systemtap-steved-44602d5b700d547cb1d560e90c0187c3fe66d613.tar.gz systemtap-steved-44602d5b700d547cb1d560e90c0187c3fe66d613.tar.xz systemtap-steved-44602d5b700d547cb1d560e90c0187c3fe66d613.zip | |
Merge branch 'master' of git://sources.redhat.com/git/systemtap
25 files changed, 283 insertions, 76 deletions
@@ -1,4 +1,5 @@ Ananth N Mavinakayanahalli +Andre Detsch Anil Keshavamurthy Anithra Janakiraman Breno Leitao diff --git a/Makefile.am b/Makefile.am index f6f9fff0..1c14f8d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap \ staprun.8 \ man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap \ man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap \ -man/stapprobes.pagefault.3stap man/stapprobes.process.3stap \ +man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap \ man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap \ man/stapprobes.signal.3stap man/stapprobes.socket.3stap \ man/stapprobes.tcp.3stap man/stapprobes.udp.3stap diff --git a/Makefile.in b/Makefile.in index dfa2b593..fdec204e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -70,7 +70,7 @@ DIST_COMMON = INSTALL NEWS README AUTHORS $(srcdir)/Makefile.in \ $(top_srcdir)/man/stapprobes.nfs.3stap.in \ $(top_srcdir)/man/stapprobes.nfsd.3stap.in \ $(top_srcdir)/man/stapprobes.pagefault.3stap.in \ - $(top_srcdir)/man/stapprobes.process.3stap.in \ + $(top_srcdir)/man/stapprobes.kprocess.3stap.in \ $(top_srcdir)/man/stapprobes.rpc.3stap.in \ $(top_srcdir)/man/stapprobes.scsi.3stap.in \ $(top_srcdir)/man/stapprobes.signal.3stap.in \ @@ -91,7 +91,7 @@ CONFIG_CLEAN_FILES = stap.1 stapprobes.3stap stapfuncs.3stap \ stapvars.3stap stapex.3stap staprun.8 stap-server.8 \ man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap \ man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap \ - man/stapprobes.pagefault.3stap man/stapprobes.process.3stap \ + man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap \ man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap \ man/stapprobes.signal.3stap man/stapprobes.socket.3stap \ man/stapprobes.tcp.3stap man/stapprobes.udp.3stap \ @@ -313,7 +313,7 @@ man_MANS = stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap \ stapex.3stap staprun.8 man/stapprobes.iosched.3stap \ man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap \ man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap \ - man/stapprobes.process.3stap man/stapprobes.rpc.3stap \ + man/stapprobes.kprocess.3stap man/stapprobes.rpc.3stap \ man/stapprobes.scsi.3stap man/stapprobes.signal.3stap \ man/stapprobes.socket.3stap man/stapprobes.tcp.3stap \ man/stapprobes.udp.3stap $(am__append_1) @@ -468,7 +468,7 @@ man/stapprobes.nfsd.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapp cd $(top_builddir) && $(SHELL) ./config.status $@ man/stapprobes.pagefault.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.pagefault.3stap.in cd $(top_builddir) && $(SHELL) ./config.status $@ -man/stapprobes.process.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.process.3stap.in +man/stapprobes.kprocess.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.kprocess.3stap.in cd $(top_builddir) && $(SHELL) ./config.status $@ man/stapprobes.rpc.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.rpc.3stap.in cd $(top_builddir) && $(SHELL) ./config.status $@ @@ -1,5 +1,10 @@ * What's new +- The overlapping process.* tapsets are now separated. Those probe points + documented in stapprobes(3stap) remain the same. Those that were formerly + in stapprobes.process(3stap) have been renamed to kprocess, to reflect + their kernel perspective on processes. + - The --skip-badvars option now also suppresses run-time error messages that would otherwise result from erroneous memory accesses. Such accesses can originate from $context expressions fueled by @@ -7,20 +12,20 @@ * What's new in version 0.9.5 - - New probes process().insn and process().insn.block that allows - inspection of the process after each instruction or block of - instructions executed. So to count the total number of instructions - a process executes during a run do something like: - $ stap -e 'global steps; probe process("/bin/ls").insn {steps++} - probe end {printf("Total instructions: %d\n", steps);}' \ - -c /bin/ls - This feature can slow down execution of a process somewhat. - - - Systemtap probes and function man pages extracted from the tapsets - are now available under 3stap. To show the page for probe vm.pagefault - or the stap function pexecname do: - $ man 3stap vm.pagefault - $ man 3stap pexecname +- New probes process().insn and process().insn.block that allows + inspection of the process after each instruction or block of + instructions executed. So to count the total number of instructions + a process executes during a run do something like: + $ stap -e 'global steps; probe process("/bin/ls").insn {steps++} + probe end {printf("Total instructions: %d\n", steps);}' \ + -c /bin/ls + This feature can slow down execution of a process somewhat. + +- Systemtap probes and function man pages extracted from the tapsets + are now available under 3stap. To show the page for probe vm.pagefault + or the stap function pexecname do: + $ man 3stap vm.pagefault + $ man 3stap pexecname - Kernel tracepoints are now supported for probing predefined kernel events without any debuginfo. Tracepoints incur less overhead than @@ -7876,7 +7876,7 @@ _ACEOF ac_config_headers="$ac_config_headers config.h:config.in" -ac_config_files="$ac_config_files Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.process.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap" +ac_config_files="$ac_config_files Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap" subdirs="$subdirs testsuite" @@ -8541,7 +8541,7 @@ do "man/stapprobes.nfs.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.nfs.3stap" ;; "man/stapprobes.nfsd.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.nfsd.3stap" ;; "man/stapprobes.pagefault.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.pagefault.3stap" ;; - "man/stapprobes.process.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.process.3stap" ;; + "man/stapprobes.kprocess.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.kprocess.3stap" ;; "man/stapprobes.rpc.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.rpc.3stap" ;; "man/stapprobes.scsi.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.scsi.3stap" ;; "man/stapprobes.signal.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.signal.3stap" ;; diff --git a/configure.ac b/configure.ac index d814d997..1ed44007 100644 --- a/configure.ac +++ b/configure.ac @@ -359,7 +359,7 @@ dnl Don't use this directly (when not given it is set to NONE). AC_DEFINE_UNQUOTED(STAP_PREFIX, "$prefix", [configure prefix location]) AC_CONFIG_HEADERS([config.h:config.in]) -AC_CONFIG_FILES(Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.process.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap) +AC_CONFIG_FILES(Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap) AC_CONFIG_SUBDIRS(testsuite) AC_CONFIG_FILES([run-stap], [chmod +x run-stap]) AC_CONFIG_FILES([run-staprun], [chmod +x run-staprun]) diff --git a/doc/SystemTap_Beginners_Guide/en-US/References.xml b/doc/SystemTap_Beginners_Guide/en-US/References.xml index ff993df2..6ab74f17 100644 --- a/doc/SystemTap_Beginners_Guide/en-US/References.xml +++ b/doc/SystemTap_Beginners_Guide/en-US/References.xml @@ -43,7 +43,7 @@ The <filename>stapprobes</filename> man page enumerates a variety of probe points supported by SystemTap, along with additional aliases defined by the SystemTap tapset library. The bottom of the man page includes a list of other man pages enumerating similar probe points for specific system components, such as - <filename>stapprobes.scsi</filename>, <filename>stapprobes.process</filename>, + <filename>stapprobes.scsi</filename>, <filename>stapprobes.kprocess</filename>, <filename>stapprobes.signal</filename>, etc. </para> </listitem> diff --git a/doc/SystemTap_Tapset_Reference/tapsets.tmpl b/doc/SystemTap_Tapset_Reference/tapsets.tmpl index b7c0713b..19a8e02f 100644 --- a/doc/SystemTap_Tapset_Reference/tapsets.tmpl +++ b/doc/SystemTap_Tapset_Reference/tapsets.tmpl @@ -181,13 +181,13 @@ </para> !Itapset/socket.stp </chapter> - <chapter id="process.stp"> - <title>Process Tapset</title> + <chapter id="kprocess.stp"> + <title>Kernel Process Tapset</title> <para> This family of probe points is used to probe process-related activities. It contains the following probe points: </para> -!Itapset/process.stp +!Itapset/kprocess.stp </chapter> <chapter id="signal.stp"> <title>Signal Tapset</title> diff --git a/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml b/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml index d497eae6..293a0dc3 100644 --- a/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml +++ b/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml @@ -64,7 +64,7 @@ <para> <programlisting> -probe process.exec = kernel.function("do_execve"), +probe kprocess.exec = kernel.function("do_execve"), kernel.function("compat_do_execve") {<replaceable>probe body</replaceable>} </programlisting> @@ -106,7 +106,7 @@ kernel.function("compat_do_execve") <para> <programlisting> -probe process.create = kernel.function("copy_process").return +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) diff --git a/elaborate.cxx b/elaborate.cxx index 323261c7..b760173f 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -2433,7 +2433,8 @@ void semantic_pass_opt4 (systemtap_session& s, bool& relaxed_p) p->body = duv.require(p->body, true); if (p->body == 0) { - if (! s.suppress_warnings) + if (! s.suppress_warnings + && ! s.timing) // PR10070 s.print_warning ("side-effect-free probe '" + p->name + "'", p->tok); p->body = new null_statement(); diff --git a/man/stapprobes.process.3stap.in b/man/stapprobes.kprocess.3stap.in index aa8089e8..4f5e7903 100644 --- a/man/stapprobes.process.3stap.in +++ b/man/stapprobes.kprocess.3stap.in @@ -1,7 +1,7 @@ .\" -*- nroff -*- -.TH STAPPROBES.PROCESS 3stap @DATE@ "Intel, IBM" +.TH STAPPROBES.KPROCESS 3stap @DATE@ "Intel, IBM" .SH NAME -stapprobes.process \- systemtap process probe points +stapprobes.kprocess \- systemtap kernel process probe points .\" macros .de SAMPLE @@ -18,12 +18,12 @@ stapprobes.process \- systemtap process probe points .SH DESCRIPTION -This family of probe points is used to probe the process activities. +This family of probe points is used to probe the kernel's process activities. It contains the following probe points: .P .TP -.B process.create +.B kprocess.create Fires whenever a new process is successfully created, either as a result of one of the fork syscall variants, or a new kernel thread. @@ -38,7 +38,7 @@ result of one of the fork syscall variants, or a new kernel thread. .P .TP -.B process.start +.B kprocess.start Fires immediately before a new process begins execution. @@ -48,7 +48,7 @@ Fires immediately before a new process begins execution. .P .TP -.B process.exec +.B kprocess.exec Fires whenever a process attempts to exec to a new program @@ -59,7 +59,7 @@ Fires whenever a process attempts to exec to a new program .P .TP -.B process.exec_complete +.B kprocess.exec_complete Fires at the completion of an exec call @@ -73,10 +73,10 @@ Fires at the completion of an exec call .P .TP -.B process.exit +.B kprocess.exit Fires when a process terminates. This will always be followed by a -process.release, though the latter may be delayed if the process +kprocess.release, though the latter may be delayed if the process waits in a zombie state. .B Arguments: @@ -86,10 +86,10 @@ waits in a zombie state. .P .TP -.B process.release +.B kprocess.release Fires when a process is released from the kernel. This always -follows a process.exit, though it may be delayed somewhat if the +follows a kprocess.exit, though it may be delayed somewhat if the process waits in a zombie state. .B Arguments: diff --git a/tapset/DEVGUIDE b/tapset/DEVGUIDE index e6bc3fb8..693521a8 100644 --- a/tapset/DEVGUIDE +++ b/tapset/DEVGUIDE @@ -59,8 +59,8 @@ For example, process execs can occur in either the do_execve() or the compat_do_execve() functions. The following alias inserts probes at the beginning of those functions: -probe process.exec = kernel.function("do_execve"), - kernel.function("compat_do_execve") { +probe kprocess.exec = kernel.function("do_execve"), + kernel.function("compat_do_execve") { < probe body > } @@ -87,7 +87,7 @@ process is retrieved by calling task_pid() and passing it the task_struct pointer. In this case, the auxiliary function is an embedded C function that's defined in the task tapset (task.stp). -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) } diff --git a/tapset/ip.stp b/tapset/ip.stp index 1e2e263c..299d88d2 100644 --- a/tapset/ip.stp +++ b/tapset/ip.stp @@ -7,6 +7,10 @@ // // Based on previous work done by Arnaldo Carvalho de Melo <acme@redhat.com> +%{ +#include <linux/skbuff.h> +%} + /** * sfunction ip_ntop - returns a string representation from an integer IP number * @addr: the ip represented as an integer @@ -30,3 +34,45 @@ function __ip_sock_daddr:long (sock:long) { return @cast(sock, "inet_sock")->daddr } + +/* Get the IP header for recent (> 2.6.21) kernels */ +function __get_skb_iphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_network_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->network_header))); + #else + THIS->__retvalue = (long)kread(&(skb->network_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* Get the IP header from a sk_buff struct */ +function __get_skb_iphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + iphdr = @cast(skb, "sk_buff")->nh->raw + return iphdr +%: + return __get_skb_iphdr_new(skb) +%) +} + +/* return the source next layer protocol for a given sk_buff structure */ +function __ip_skb_proto:long (iphdr) +{ + return @cast(iphdr, "iphdr")->protocol +} + +/* return the source IP address for a given sk_buff structure */ +function __ip_skb_saddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->saddr +} + +/* return the destination IP address for a given skb */ +function __ip_skb_daddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->daddr +} diff --git a/tapset/process.stp b/tapset/kprocess.stp index e39f740a..316e03ce 100644 --- a/tapset/process.stp +++ b/tapset/kprocess.stp @@ -1,4 +1,4 @@ -// process tapset +// kernel process tapset // Copyright (C) 2006 Intel Corporation. // // This file is part of systemtap, and is free software. You can @@ -15,7 +15,7 @@ function _IS_ERR:long(ptr:long) %{ /* pure */ /** - * probe process.create - Fires whenever a new process is successfully created + * probe kprocess.create - Fires whenever a new process is successfully created * @new_pid: The PID of the newly created process * * Context: @@ -24,7 +24,7 @@ function _IS_ERR:long(ptr:long) %{ /* pure */ * Fires whenever a new process is successfully created, either as a result of * <command>fork</command> (or one of its syscall variants), or a new kernel thread. */ -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return if (_IS_ERR(task)) next new_pid = task_pid(task) @@ -32,7 +32,7 @@ probe process.create = kernel.function("copy_process").return { /** - * probe process.start - Starting new process + * probe kprocess.start - Starting new process * * Context: * Newly created process. @@ -40,11 +40,11 @@ probe process.create = kernel.function("copy_process").return { * Fires immediately before a new process begins execution. * */ -probe process.start = kernel.function("schedule_tail") { } +probe kprocess.start = kernel.function("schedule_tail") { } /** - * probe process.exec - Attempt to exec to a new program + * probe kprocess.exec - Attempt to exec to a new program * @filename: The path to the new executable * * Context: @@ -52,7 +52,7 @@ probe process.start = kernel.function("schedule_tail") { } * * Fires whenever a process attempts to exec to a new program. */ -probe process.exec = +probe kprocess.exec = kernel.function("do_execve"), kernel.function("compat_do_execve") ? { @@ -61,7 +61,7 @@ probe process.exec = /** - * probe process.exec_complete - Return from exec to a new program + * probe kprocess.exec_complete - Return from exec to a new program * @errno: The error number resulting from the exec * @success: A boolean indicating whether the exec was successful * @@ -71,7 +71,7 @@ probe process.exec = * * Fires at the completion of an exec call. */ -probe process.exec_complete = +probe kprocess.exec_complete = kernel.function("do_execve").return, kernel.function("compat_do_execve").return ? { @@ -81,23 +81,23 @@ probe process.exec_complete = /** - * probe process.exit - Exit from process + * probe kprocess.exit - Exit from process * @code: The exit code of the process * * Context: * The process which is terminating. * * Fires when a process terminates. This will always be followed by a - * process.release, though the latter may be delayed if the process waits in a + * kprocess.release, though the latter may be delayed if the process waits in a * zombie state. */ -probe process.exit = kernel.function("do_exit") { +probe kprocess.exit = kernel.function("do_exit") { code = $code } /** - * probe process.release - Process released + * probe kprocess.release - Process released * @task: A task handle to the process being released * @pid: PID of the process being released * @@ -106,10 +106,10 @@ probe process.exit = kernel.function("do_exit") { * termination, else the context of the process itself. * * Fires when a process is released from the kernel. This always follows a - * process.exit, though it may be delayed somewhat if the process waits in a + * kprocess.exit, though it may be delayed somewhat if the process waits in a * zombie state. */ -probe process.release = kernel.function("release_task") { +probe kprocess.release = kernel.function("release_task") { task = $p pid = $p->pid; } diff --git a/tapset/tcp.stp b/tapset/tcp.stp index bb96b0cb..2c5dce7e 100644 --- a/tapset/tcp.stp +++ b/tapset/tcp.stp @@ -15,6 +15,7 @@ #include <net/sock.h> #include <net/tcp.h> #include <net/ip.h> +#include <linux/skbuff.h> %} // Get retransmission timeout in usecs. RTO is initialized from default @@ -78,6 +79,70 @@ function __tcp_sock_dport:long (sock:long){ return @cast(sock, "inet_sock")->dport } +/* returns the TCP header for recent (<2.6.21) kernel */ +function __get_skb_tcphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_transport_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->transport_header))); + #else + THIS->__retvalue = (long)kread(&(skb->transport_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* returns the TCP header for a given sk_buff structure */ +function __get_skb_tcphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + tcphdr = @cast(skb, "sk_buff")->h->raw + return tcphdr +%: + return __get_skb_tcphdr_new(skb) +%) +} + +/* returns TCP URG flag for a given sk_buff structure */ +function __tcp_skb_urg:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->urg +} + +/* returns TCP ACK flag for a given sk_buff structure */ +function __tcp_skb_ack:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->ack +} + +/* returns TCP PSH flag for a given sk_buff structure */ +function __tcp_skb_psh:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->psh +} + +/* returns TCP RST flag for a given sk_buff structure */ +function __tcp_skb_rst:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->rst +} + +/* returns TCP SYN flag for a given sk_buff structure */ +function __tcp_skb_syn:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->syn +} + +/* returns TCP FIN flag for a given sk_buff structure */ +function __tcp_skb_fin:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->fin +} + +/* returns TCP source port for a given sk_buff structure */ +function __tcp_skb_sport:long (tcphdr){ + return ntohs(@cast(tcphdr, "tcphdr")->source) +} + +/* returns TCP destination port for a given sk_buff structure */ +function __tcp_skb_dport:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->dest +} + /* return the TCP source port for a given sock */ function __tcp_sock_sport:long (sock:long){ return @cast(sock, "inet_sock")->sport @@ -300,3 +365,32 @@ probe tcp.setsockopt.return = kernel.function("tcp_setsockopt").return { ret = $return } +/** + * probe tcp.receive - Called when a TCP packet is received + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port + * @urg: TCP URG flag + * @ack: TCP ACK flag + * @psh: TCP PSH flag + * @rst: TCP RST flag + * @syn: TCP SYN flag + * @fin: TCP FIN flag + */ +probe tcp.receive = kernel.function("tcp_v4_rcv") { + iphdr = __get_skb_iphdr($skb) + saddr = ip_ntop(__ip_skb_saddr(iphdr)) + daddr = ip_ntop(__ip_skb_daddr(iphdr)) + protocol = __ip_skb_proto(iphdr) + + tcphdr = __get_skb_tcphdr($skb) + dport = __tcp_skb_dport(tcphdr) + sport = __tcp_skb_sport(tcphdr) + urg = __tcp_skb_urg(tcphdr) + ack = __tcp_skb_ack(tcphdr) + psh = __tcp_skb_psh(tcphdr) + rst = __tcp_skb_rst(tcphdr) + syn = __tcp_skb_syn(tcphdr) + fin = __tcp_skb_fin(tcphdr) +} diff --git a/testsuite/buildok/process-all-probes.stp b/testsuite/buildok/process-all-probes.stp index 91a96514..c754462b 100755 --- a/testsuite/buildok/process-all-probes.stp +++ b/testsuite/buildok/process-all-probes.stp @@ -2,11 +2,11 @@ // Tests if all probes in the process tapset are resolvable. -probe process.create, - process.start, - process.exec, - process.exec_complete, - process.exit, - process.release +probe kprocess.create, + kprocess.start, + kprocess.exec, + kprocess.exec_complete, + kprocess.exit, + kprocess.release { } diff --git a/testsuite/buildok/process_test.stp b/testsuite/buildok/process_test.stp index 90de8b69..ba3fadf1 100755 --- a/testsuite/buildok/process_test.stp +++ b/testsuite/buildok/process_test.stp @@ -1,31 +1,31 @@ #! stap -p4 -probe process.create { +probe kprocess.create { log(pp()) log(sprint(task)) } -probe process.start { +probe kprocess.start { log(pp()) } -probe process.exec { +probe kprocess.exec { log(pp()) log(filename) } -probe process.exec_complete { +probe kprocess.exec_complete { log(pp()) log(sprint(errno)) log(sprint(success)) } -probe process.exit { +probe kprocess.exit { log(pp()) log(sprint(code)) } -probe process.release { +probe kprocess.release { log(pp()) log(sprint(task)) } diff --git a/testsuite/systemtap.examples/index.html b/testsuite/systemtap.examples/index.html index 3287458a..a03b8dcc 100644 --- a/testsuite/systemtap.examples/index.html +++ b/testsuite/systemtap.examples/index.html @@ -97,6 +97,9 @@ keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-inde <li><a href="network/tcp_connections.stp">network/tcp_connections.stp</a> - Track Creation of Incoming TCP Connections<br> keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-index.html#TCP">TCP</a> <a href="keyword-index.html#SOCKET">SOCKET</a> <br> <p>The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.</p></li> +<li><a href="network/tcpdumplike.stp">network/tcpdumplike.stp</a> - Dump of Received TCP Packets<br> +keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-index.html#TRAFFIC">TRAFFIC</a> <br> +<p>The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.</p></li> <li><a href="process/errsnoop.stp">process/errsnoop.stp</a> - tabulate system call errors<br> keywords: <a href="keyword-index.html#PROCESS">PROCESS</a> <a href="keyword-index.html#SYSCALL">SYSCALL</a> <br> <p>The script prints a periodic tabular report about failing system calls, by process and by syscall failure. The first optional argument specifies the reporting interval (in seconds, default 5); the second optional argument gives a screen height (number of lines in the report, default 20).</p></li> diff --git a/testsuite/systemtap.examples/index.txt b/testsuite/systemtap.examples/index.txt index d538d760..d24232e7 100644 --- a/testsuite/systemtap.examples/index.txt +++ b/testsuite/systemtap.examples/index.txt @@ -182,6 +182,14 @@ keywords: network tcp socket originator of the request. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + process/errsnoop.stp - tabulate system call errors keywords: process syscall diff --git a/testsuite/systemtap.examples/keyword-index.html b/testsuite/systemtap.examples/keyword-index.html index 2254fd25..e65ed19d 100644 --- a/testsuite/systemtap.examples/keyword-index.html +++ b/testsuite/systemtap.examples/keyword-index.html @@ -159,6 +159,9 @@ keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-inde <li><a href="network/tcp_connections.stp">network/tcp_connections.stp</a> - Track Creation of Incoming TCP Connections<br> keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-index.html#TCP">TCP</a> <a href="keyword-index.html#SOCKET">SOCKET</a> <br> <p>The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.</p></li> +<li><a href="network/tcpdumplike.stp">network/tcpdumplike.stp</a> - Dump of Received TCP Packets<br> +keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-index.html#TRAFFIC">TRAFFIC</a> <br> +<p>The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.</p></li> </ul> <h3><a name="PER-PROCESS">PER-PROCESS</a></h3> <ul> @@ -288,6 +291,9 @@ keywords: <a href="keyword-index.html#TRACE">TRACE</a> <a href="keyword-index.ht <li><a href="network/nettop.stp">network/nettop.stp</a> - Periodic Listing of Processes Using Network Interfaces<br> keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-index.html#TRAFFIC">TRAFFIC</a> <a href="keyword-index.html#PER-PROCESS">PER-PROCESS</a> <br> <p>Every five seconds the nettop.stp script prints out a list of processed (PID and command) with the number of packets sent/received and the amount of data sent/received by the process during that interval.</p></li> +<li><a href="network/tcpdumplike.stp">network/tcpdumplike.stp</a> - Dump of Received TCP Packets<br> +keywords: <a href="keyword-index.html#NETWORK">NETWORK</a> <a href="keyword-index.html#TRAFFIC">TRAFFIC</a> <br> +<p>The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.</p></li> </ul> <h3><a name="USE">USE</a></h3> <ul> diff --git a/testsuite/systemtap.examples/keyword-index.txt b/testsuite/systemtap.examples/keyword-index.txt index 8fd8e0d8..40b5276f 100644 --- a/testsuite/systemtap.examples/keyword-index.txt +++ b/testsuite/systemtap.examples/keyword-index.txt @@ -281,6 +281,14 @@ keywords: network tcp socket originator of the request. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + = PER-PROCESS = network/nettop.stp - Periodic Listing of Processes Using Network Interfaces @@ -597,6 +605,14 @@ keywords: network traffic per-process interval. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + = USE = general/graphs.stp - Graphing Disk and CPU Utilization diff --git a/testsuite/systemtap.examples/network/tcpdumplike.meta b/testsuite/systemtap.examples/network/tcpdumplike.meta new file mode 100644 index 00000000..8fb9fccb --- /dev/null +++ b/testsuite/systemtap.examples/network/tcpdumplike.meta @@ -0,0 +1,12 @@ +title: Dump of Received TCP Packets +name: tcpdumplike.stp +version: 1.0 +author: anonymous +keywords: network traffic +subsystem: network +status: production +exit: user-controlled +output: timed +scope: system-wide +description: The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags. +test_installcheck: stap tcpdumplike.stp -c "sleep 1" diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp new file mode 100755 index 00000000..de3899d6 --- /dev/null +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -0,0 +1,14 @@ +#! /usr/bin/env stap + +// A TCP dump like example + +probe begin, timer.s(1) { + printf("-----------------------------------------------------------------\n") + printf(" Source IP Dest IP SPort DPort U A P R S F \n") + printf("-----------------------------------------------------------------\n") +} + +probe tcp.receive { + printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", + saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) +} diff --git a/testsuite/systemtap.examples/process/proc_snoop.stp b/testsuite/systemtap.examples/process/proc_snoop.stp index 06425d45..9a3768c2 100755 --- a/testsuite/systemtap.examples/process/proc_snoop.stp +++ b/testsuite/systemtap.examples/process/proc_snoop.stp @@ -18,30 +18,30 @@ function id:string(task:long) { task_execname(task)) } -probe process.create { +probe kprocess.create { report(sprintf("create %s", id(task))) } -probe process.start { +probe kprocess.start { report("start") } -probe process.exec { +probe kprocess.exec { report(sprintf("exec %s", filename)) } -probe process.exec_complete { +probe kprocess.exec_complete { if (success) report("exec success") else report(sprintf("exec failed %d (%s)", errno, errno_str(errno))) } -probe process.exit { +probe kprocess.exit { report(sprintf("exit %d", code)) } -probe process.release { +probe kprocess.release { report(sprintf("remove %s", id(task))) } diff --git a/testsuite/systemtap.stress/whitelist.exp b/testsuite/systemtap.stress/whitelist.exp index 4a31c124..70973978 100644 --- a/testsuite/systemtap.stress/whitelist.exp +++ b/testsuite/systemtap.stress/whitelist.exp @@ -96,6 +96,7 @@ set init_probes_all_script { udp.*.return, tcp.*, tcp.*.return, + kprocess.*, process.*, nfs.fop.*, nfs.aop.*, |