From 7175b49227fb1f71f3bdd6060ef9f6499e42f035 Mon Sep 17 00:00:00 2001 From: "Frank Ch. Eigler" Date: Tue, 14 Apr 2009 13:13:43 -0400 Subject: PR10070: don't warn about side-effect-free probes in -t (timing) mode * elaborate.cxx (semantic_pass_opt4): Filter warning on s.timing. --- elaborate.cxx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/elaborate.cxx b/elaborate.cxx index 323261c7..b760173f 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -2433,7 +2433,8 @@ void semantic_pass_opt4 (systemtap_session& s, bool& relaxed_p) p->body = duv.require(p->body, true); if (p->body == 0) { - if (! s.suppress_warnings) + if (! s.suppress_warnings + && ! s.timing) // PR10070 s.print_warning ("side-effect-free probe '" + p->name + "'", p->tok); p->body = new null_statement(); -- cgit From 5e868ddd8263d2f7b61a702891252cc2bacb1c07 Mon Sep 17 00:00:00 2001 From: Andre Detsch Date: Tue, 14 Apr 2009 14:23:59 -0300 Subject: Add new TCP and IP functions This patch adds some basic functions to the IP and TCP tapsets. Mainly, it's possible to get the iphdr and tcphdr from a sk_buff structure. As a consequence, a TCP probe called tcp.receive() was created and is probed every time a TCP packet is received, and a lot of useful fields is available, as the TCP flags. Also a small example that works like tcpdump for received TCP packets was created. This patch was tested on x86 and ppc machines, on 2.6.18 kernel and also on mainline one. Signed-off-by: Breno Leitao Signed-off-by: Andre Detsch Signed-off-by: Josh Stone --- tapset/ip.stp | 46 +++++++++++ tapset/tcp.stp | 94 ++++++++++++++++++++++ .../systemtap.examples/network/tcpdumplike.stp | 12 +++ 3 files changed, 152 insertions(+) create mode 100644 testsuite/systemtap.examples/network/tcpdumplike.stp diff --git a/tapset/ip.stp b/tapset/ip.stp index 1e2e263c..299d88d2 100644 --- a/tapset/ip.stp +++ b/tapset/ip.stp @@ -7,6 +7,10 @@ // // Based on previous work done by Arnaldo Carvalho de Melo +%{ +#include +%} + /** * sfunction ip_ntop - returns a string representation from an integer IP number * @addr: the ip represented as an integer @@ -30,3 +34,45 @@ function __ip_sock_daddr:long (sock:long) { return @cast(sock, "inet_sock")->daddr } + +/* Get the IP header for recent (> 2.6.21) kernels */ +function __get_skb_iphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_network_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->network_header))); + #else + THIS->__retvalue = (long)kread(&(skb->network_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* Get the IP header from a sk_buff struct */ +function __get_skb_iphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + iphdr = @cast(skb, "sk_buff")->nh->raw + return iphdr +%: + return __get_skb_iphdr_new(skb) +%) +} + +/* return the source next layer protocol for a given sk_buff structure */ +function __ip_skb_proto:long (iphdr) +{ + return @cast(iphdr, "iphdr")->protocol +} + +/* return the source IP address for a given sk_buff structure */ +function __ip_skb_saddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->saddr +} + +/* return the destination IP address for a given skb */ +function __ip_skb_daddr:long (iphdr) +{ + return @cast(iphdr, "iphdr")->daddr +} diff --git a/tapset/tcp.stp b/tapset/tcp.stp index bb96b0cb..2c5dce7e 100644 --- a/tapset/tcp.stp +++ b/tapset/tcp.stp @@ -15,6 +15,7 @@ #include #include #include +#include %} // Get retransmission timeout in usecs. RTO is initialized from default @@ -78,6 +79,70 @@ function __tcp_sock_dport:long (sock:long){ return @cast(sock, "inet_sock")->dport } +/* returns the TCP header for recent (<2.6.21) kernel */ +function __get_skb_tcphdr_new:long(skb:long) +%{ /* pure */ + struct sk_buff *skb; + skb = (struct sk_buff *)(long)THIS->skb; + /* as done by skb_transport_header() */ + #ifdef NET_SKBUFF_DATA_USES_OFFSET + THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->transport_header))); + #else + THIS->__retvalue = (long)kread(&(skb->transport_header)); + #endif + CATCH_DEREF_FAULT(); +%} + +/* returns the TCP header for a given sk_buff structure */ +function __get_skb_tcphdr:long(skb:long){ +%( kernel_v < "2.6.21" %? + tcphdr = @cast(skb, "sk_buff")->h->raw + return tcphdr +%: + return __get_skb_tcphdr_new(skb) +%) +} + +/* returns TCP URG flag for a given sk_buff structure */ +function __tcp_skb_urg:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->urg +} + +/* returns TCP ACK flag for a given sk_buff structure */ +function __tcp_skb_ack:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->ack +} + +/* returns TCP PSH flag for a given sk_buff structure */ +function __tcp_skb_psh:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->psh +} + +/* returns TCP RST flag for a given sk_buff structure */ +function __tcp_skb_rst:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->rst +} + +/* returns TCP SYN flag for a given sk_buff structure */ +function __tcp_skb_syn:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->syn +} + +/* returns TCP FIN flag for a given sk_buff structure */ +function __tcp_skb_fin:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->fin +} + +/* returns TCP source port for a given sk_buff structure */ +function __tcp_skb_sport:long (tcphdr){ + return ntohs(@cast(tcphdr, "tcphdr")->source) +} + +/* returns TCP destination port for a given sk_buff structure */ +function __tcp_skb_dport:long (tcphdr){ + return @cast(tcphdr, "tcphdr")->dest +} + /* return the TCP source port for a given sock */ function __tcp_sock_sport:long (sock:long){ return @cast(sock, "inet_sock")->sport @@ -300,3 +365,32 @@ probe tcp.setsockopt.return = kernel.function("tcp_setsockopt").return { ret = $return } +/** + * probe tcp.receive - Called when a TCP packet is received + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: TCP source port + * @dport: TCP destination port + * @urg: TCP URG flag + * @ack: TCP ACK flag + * @psh: TCP PSH flag + * @rst: TCP RST flag + * @syn: TCP SYN flag + * @fin: TCP FIN flag + */ +probe tcp.receive = kernel.function("tcp_v4_rcv") { + iphdr = __get_skb_iphdr($skb) + saddr = ip_ntop(__ip_skb_saddr(iphdr)) + daddr = ip_ntop(__ip_skb_daddr(iphdr)) + protocol = __ip_skb_proto(iphdr) + + tcphdr = __get_skb_tcphdr($skb) + dport = __tcp_skb_dport(tcphdr) + sport = __tcp_skb_sport(tcphdr) + urg = __tcp_skb_urg(tcphdr) + ack = __tcp_skb_ack(tcphdr) + psh = __tcp_skb_psh(tcphdr) + rst = __tcp_skb_rst(tcphdr) + syn = __tcp_skb_syn(tcphdr) + fin = __tcp_skb_fin(tcphdr) +} diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp new file mode 100644 index 00000000..4026e7a7 --- /dev/null +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -0,0 +1,12 @@ +// A TCP dump like example + +probe begin, timer.s(1) { + printf("-----------------------------------------------------------------\n"); + printf(" Source IP Dest IP SPort DPort U A P R S F \n"); + printf("-----------------------------------------------------------------\n"); +} + +probe tcp.receive { + printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", + saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) +} -- cgit From 03e6d58fa0f0e7f9dae71c6aefe0d0ef01153214 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 10:53:44 -0700 Subject: Add Andre Detsch to AUTHORS --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 0ed3ed04..a6e54c7b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,4 +1,5 @@ Ananth N Mavinakayanahalli +Andre Detsch Anil Keshavamurthy Anithra Janakiraman Breno Leitao -- cgit From b9c1e0228f6c629e278820caf40870cdad285441 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 11:00:05 -0700 Subject: Make tcpdumplike.stp executable --- testsuite/systemtap.examples/network/tcpdumplike.stp | 2 ++ 1 file changed, 2 insertions(+) mode change 100644 => 100755 testsuite/systemtap.examples/network/tcpdumplike.stp diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp old mode 100644 new mode 100755 index 4026e7a7..533c71b9 --- a/testsuite/systemtap.examples/network/tcpdumplike.stp +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -1,3 +1,5 @@ +#! /usr/bin/env stap + // A TCP dump like example probe begin, timer.s(1) { -- cgit From 891e4fb2d5bf81b540b66b126b2ba78d1b7f459b Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 11:49:15 -0700 Subject: Adjust NEWS indentation --- NEWS | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/NEWS b/NEWS index 96e14b70..02f00367 100644 --- a/NEWS +++ b/NEWS @@ -7,20 +7,20 @@ * What's new in version 0.9.5 - - New probes process().insn and process().insn.block that allows - inspection of the process after each instruction or block of - instructions executed. So to count the total number of instructions - a process executes during a run do something like: - $ stap -e 'global steps; probe process("/bin/ls").insn {steps++} - probe end {printf("Total instructions: %d\n", steps);}' \ - -c /bin/ls - This feature can slow down execution of a process somewhat. - - - Systemtap probes and function man pages extracted from the tapsets - are now available under 3stap. To show the page for probe vm.pagefault - or the stap function pexecname do: - $ man 3stap vm.pagefault - $ man 3stap pexecname +- New probes process().insn and process().insn.block that allows + inspection of the process after each instruction or block of + instructions executed. So to count the total number of instructions + a process executes during a run do something like: + $ stap -e 'global steps; probe process("/bin/ls").insn {steps++} + probe end {printf("Total instructions: %d\n", steps);}' \ + -c /bin/ls + This feature can slow down execution of a process somewhat. + +- Systemtap probes and function man pages extracted from the tapsets + are now available under 3stap. To show the page for probe vm.pagefault + or the stap function pexecname do: + $ man 3stap vm.pagefault + $ man 3stap pexecname - Kernel tracepoints are now supported for probing predefined kernel events without any debuginfo. Tracepoints incur less overhead than -- cgit From 1f65cc4ffd1bd362b10d7f07d1cb9c4e7de68027 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 12:34:12 -0700 Subject: PR9953: split up the two process.* tapsets The overlapping process.* tapsets are now separated. Those probe points documented in stapprobes(3stap) remain the same. Those that were formerly in stapprobes.process(3stap) have been renamed to kprocess, to reflect their kernel perspective on processes. --- Makefile.am | 2 +- Makefile.in | 8 +- NEWS | 5 + configure | 4 +- configure.ac | 2 +- doc/SystemTap_Beginners_Guide/en-US/References.xml | 2 +- doc/SystemTap_Tapset_Reference/tapsets.tmpl | 6 +- .../en-US/Tapset_Dev_Guide.xml | 4 +- man/stapprobes.kprocess.3stap.in | 106 +++++++++++++++++++ man/stapprobes.process.3stap.in | 106 ------------------- tapset/DEVGUIDE | 6 +- tapset/kprocess.stp | 115 +++++++++++++++++++++ tapset/process.stp | 115 --------------------- testsuite/buildok/process-all-probes.stp | 12 +-- testsuite/buildok/process_test.stp | 12 +-- .../systemtap.examples/process/proc_snoop.stp | 12 +-- testsuite/systemtap.stress/whitelist.exp | 1 + 17 files changed, 262 insertions(+), 256 deletions(-) create mode 100644 man/stapprobes.kprocess.3stap.in delete mode 100644 man/stapprobes.process.3stap.in create mode 100644 tapset/kprocess.stp delete mode 100644 tapset/process.stp diff --git a/Makefile.am b/Makefile.am index b4d97e9a..f5fedae1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap \ staprun.8 \ man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap \ man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap \ -man/stapprobes.pagefault.3stap man/stapprobes.process.3stap \ +man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap \ man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap \ man/stapprobes.signal.3stap man/stapprobes.socket.3stap \ man/stapprobes.tcp.3stap man/stapprobes.udp.3stap diff --git a/Makefile.in b/Makefile.in index 42bdec7c..a953be51 100644 --- a/Makefile.in +++ b/Makefile.in @@ -64,7 +64,7 @@ DIST_COMMON = INSTALL NEWS README AUTHORS $(srcdir)/Makefile.in \ $(top_srcdir)/man/stapprobes.nfs.3stap.in \ $(top_srcdir)/man/stapprobes.nfsd.3stap.in \ $(top_srcdir)/man/stapprobes.pagefault.3stap.in \ - $(top_srcdir)/man/stapprobes.process.3stap.in \ + $(top_srcdir)/man/stapprobes.kprocess.3stap.in \ $(top_srcdir)/man/stapprobes.rpc.3stap.in \ $(top_srcdir)/man/stapprobes.scsi.3stap.in \ $(top_srcdir)/man/stapprobes.signal.3stap.in \ @@ -85,7 +85,7 @@ CONFIG_CLEAN_FILES = stap.1 stapprobes.3stap stapfuncs.3stap \ stapvars.3stap stapex.3stap staprun.8 stap-server.8 \ man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap \ man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap \ - man/stapprobes.pagefault.3stap man/stapprobes.process.3stap \ + man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap \ man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap \ man/stapprobes.signal.3stap man/stapprobes.socket.3stap \ man/stapprobes.tcp.3stap man/stapprobes.udp.3stap \ @@ -303,7 +303,7 @@ man_MANS = stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap \ stapex.3stap staprun.8 man/stapprobes.iosched.3stap \ man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap \ man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap \ - man/stapprobes.process.3stap man/stapprobes.rpc.3stap \ + man/stapprobes.kprocess.3stap man/stapprobes.rpc.3stap \ man/stapprobes.scsi.3stap man/stapprobes.signal.3stap \ man/stapprobes.socket.3stap man/stapprobes.tcp.3stap \ man/stapprobes.udp.3stap $(am__append_1) @@ -457,7 +457,7 @@ man/stapprobes.nfsd.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapp cd $(top_builddir) && $(SHELL) ./config.status $@ man/stapprobes.pagefault.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.pagefault.3stap.in cd $(top_builddir) && $(SHELL) ./config.status $@ -man/stapprobes.process.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.process.3stap.in +man/stapprobes.kprocess.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.kprocess.3stap.in cd $(top_builddir) && $(SHELL) ./config.status $@ man/stapprobes.rpc.3stap: $(top_builddir)/config.status $(top_srcdir)/man/stapprobes.rpc.3stap.in cd $(top_builddir) && $(SHELL) ./config.status $@ diff --git a/NEWS b/NEWS index 02f00367..37a424d8 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,10 @@ * What's new +- The overlapping process.* tapsets are now separated. Those probe points + documented in stapprobes(3stap) remain the same. Those that were formerly + in stapprobes.process(3stap) have been renamed to kprocess, to reflect + their kernel perspective on processes. + - The --skip-badvars option now also suppresses run-time error messages that would otherwise result from erroneous memory accesses. Such accesses can originate from $context expressions fueled by diff --git a/configure b/configure index 03763d5a..852dc786 100755 --- a/configure +++ b/configure @@ -8074,7 +8074,7 @@ _ACEOF ac_config_headers="$ac_config_headers config.h:config.in" -ac_config_files="$ac_config_files Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.process.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap" +ac_config_files="$ac_config_files Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap" @@ -8776,7 +8776,7 @@ do "man/stapprobes.nfs.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.nfs.3stap" ;; "man/stapprobes.nfsd.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.nfsd.3stap" ;; "man/stapprobes.pagefault.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.pagefault.3stap" ;; - "man/stapprobes.process.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.process.3stap" ;; + "man/stapprobes.kprocess.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.kprocess.3stap" ;; "man/stapprobes.rpc.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.rpc.3stap" ;; "man/stapprobes.scsi.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.scsi.3stap" ;; "man/stapprobes.signal.3stap") CONFIG_FILES="$CONFIG_FILES man/stapprobes.signal.3stap" ;; diff --git a/configure.ac b/configure.ac index ee8ae61f..a953e156 100644 --- a/configure.ac +++ b/configure.ac @@ -356,7 +356,7 @@ dnl Don't use this directly (when not given it is set to NONE). AC_DEFINE_UNQUOTED(STAP_PREFIX, "$prefix", [configure prefix location]) AC_CONFIG_HEADERS([config.h:config.in]) -AC_CONFIG_FILES(Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.process.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap) +AC_CONFIG_FILES(Makefile doc/Makefile doc/SystemTap_Tapset_Reference/Makefile stap.1 stapprobes.3stap stapfuncs.3stap stapvars.3stap stapex.3stap staprun.8 stap-server.8 man/stapprobes.iosched.3stap man/stapprobes.netdev.3stap man/stapprobes.nfs.3stap man/stapprobes.nfsd.3stap man/stapprobes.pagefault.3stap man/stapprobes.kprocess.3stap man/stapprobes.rpc.3stap man/stapprobes.scsi.3stap man/stapprobes.signal.3stap man/stapprobes.socket.3stap man/stapprobes.tcp.3stap man/stapprobes.udp.3stap initscript/systemtap) AC_CONFIG_SUBDIRS(testsuite) AC_CONFIG_FILES([run-stap], [chmod +x run-stap]) AC_CONFIG_FILES([run-staprun], [chmod +x run-staprun]) diff --git a/doc/SystemTap_Beginners_Guide/en-US/References.xml b/doc/SystemTap_Beginners_Guide/en-US/References.xml index ff993df2..6ab74f17 100644 --- a/doc/SystemTap_Beginners_Guide/en-US/References.xml +++ b/doc/SystemTap_Beginners_Guide/en-US/References.xml @@ -43,7 +43,7 @@ The stapprobes man page enumerates a variety of probe points supported by SystemTap, along with additional aliases defined by the SystemTap tapset library. The bottom of the man page includes a list of other man pages enumerating similar probe points for specific system components, such as - stapprobes.scsi, stapprobes.process, + stapprobes.scsi, stapprobes.kprocess, stapprobes.signal, etc. diff --git a/doc/SystemTap_Tapset_Reference/tapsets.tmpl b/doc/SystemTap_Tapset_Reference/tapsets.tmpl index b7c0713b..19a8e02f 100644 --- a/doc/SystemTap_Tapset_Reference/tapsets.tmpl +++ b/doc/SystemTap_Tapset_Reference/tapsets.tmpl @@ -181,13 +181,13 @@ !Itapset/socket.stp - - Process Tapset + + Kernel Process Tapset This family of probe points is used to probe process-related activities. It contains the following probe points: -!Itapset/process.stp +!Itapset/kprocess.stp Signal Tapset diff --git a/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml b/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml index d497eae6..293a0dc3 100644 --- a/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml +++ b/doc/Tapset_Reference_Guide/en-US/Tapset_Dev_Guide.xml @@ -64,7 +64,7 @@ -probe process.exec = kernel.function("do_execve"), +probe kprocess.exec = kernel.function("do_execve"), kernel.function("compat_do_execve") {probe body} @@ -106,7 +106,7 @@ kernel.function("compat_do_execve") -probe process.create = kernel.function("copy_process").return +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) diff --git a/man/stapprobes.kprocess.3stap.in b/man/stapprobes.kprocess.3stap.in new file mode 100644 index 00000000..4f5e7903 --- /dev/null +++ b/man/stapprobes.kprocess.3stap.in @@ -0,0 +1,106 @@ +.\" -*- nroff -*- +.TH STAPPROBES.KPROCESS 3stap @DATE@ "Intel, IBM" +.SH NAME +stapprobes.kprocess \- systemtap kernel process probe points + +.\" macros +.de SAMPLE +.br +.RS +.nf +.nh +.. +.de ESAMPLE +.hy +.fi +.RE +.. + +.SH DESCRIPTION + +This family of probe points is used to probe the kernel's process activities. +It contains the following probe points: + +.P +.TP +.B kprocess.create + +Fires whenever a new process is successfully created, either as a +result of one of the fork syscall variants, or a new kernel thread. + +.B Arguments: + +.I task + a handle to the newly created process + +.I new_pid + pid of the newly created process + +.P +.TP +.B kprocess.start + +Fires immediately before a new process begins execution. + +.B Arguments: + +.I N/A + +.P +.TP +.B kprocess.exec + +Fires whenever a process attempts to exec to a new program + +.B Arguments: + +.I filename + the path to the new executable + +.P +.TP +.B kprocess.exec_complete + +Fires at the completion of an exec call + +.B Arguments: + +.I errno + the error number resulting from the exec + +.I success + a boolean indicating whether the exec was successful + +.P +.TP +.B kprocess.exit + +Fires when a process terminates. This will always be followed by a +kprocess.release, though the latter may be delayed if the process +waits in a zombie state. + +.B Arguments: + +.I code + the exit code of the process + +.P +.TP +.B kprocess.release + +Fires when a process is released from the kernel. This always +follows a kprocess.exit, though it may be delayed somewhat if the +process waits in a zombie state. + +.B Arguments: + +.I task + a task handle to the process being released + +.I pid + pid of the process being released + +.SH SEE ALSO +.IR stap (1), +.IR stapprobes (3stap) + diff --git a/man/stapprobes.process.3stap.in b/man/stapprobes.process.3stap.in deleted file mode 100644 index aa8089e8..00000000 --- a/man/stapprobes.process.3stap.in +++ /dev/null @@ -1,106 +0,0 @@ -.\" -*- nroff -*- -.TH STAPPROBES.PROCESS 3stap @DATE@ "Intel, IBM" -.SH NAME -stapprobes.process \- systemtap process probe points - -.\" macros -.de SAMPLE -.br -.RS -.nf -.nh -.. -.de ESAMPLE -.hy -.fi -.RE -.. - -.SH DESCRIPTION - -This family of probe points is used to probe the process activities. -It contains the following probe points: - -.P -.TP -.B process.create - -Fires whenever a new process is successfully created, either as a -result of one of the fork syscall variants, or a new kernel thread. - -.B Arguments: - -.I task - a handle to the newly created process - -.I new_pid - pid of the newly created process - -.P -.TP -.B process.start - -Fires immediately before a new process begins execution. - -.B Arguments: - -.I N/A - -.P -.TP -.B process.exec - -Fires whenever a process attempts to exec to a new program - -.B Arguments: - -.I filename - the path to the new executable - -.P -.TP -.B process.exec_complete - -Fires at the completion of an exec call - -.B Arguments: - -.I errno - the error number resulting from the exec - -.I success - a boolean indicating whether the exec was successful - -.P -.TP -.B process.exit - -Fires when a process terminates. This will always be followed by a -process.release, though the latter may be delayed if the process -waits in a zombie state. - -.B Arguments: - -.I code - the exit code of the process - -.P -.TP -.B process.release - -Fires when a process is released from the kernel. This always -follows a process.exit, though it may be delayed somewhat if the -process waits in a zombie state. - -.B Arguments: - -.I task - a task handle to the process being released - -.I pid - pid of the process being released - -.SH SEE ALSO -.IR stap (1), -.IR stapprobes (3stap) - diff --git a/tapset/DEVGUIDE b/tapset/DEVGUIDE index e6bc3fb8..693521a8 100644 --- a/tapset/DEVGUIDE +++ b/tapset/DEVGUIDE @@ -59,8 +59,8 @@ For example, process execs can occur in either the do_execve() or the compat_do_execve() functions. The following alias inserts probes at the beginning of those functions: -probe process.exec = kernel.function("do_execve"), - kernel.function("compat_do_execve") { +probe kprocess.exec = kernel.function("do_execve"), + kernel.function("compat_do_execve") { < probe body > } @@ -87,7 +87,7 @@ process is retrieved by calling task_pid() and passing it the task_struct pointer. In this case, the auxiliary function is an embedded C function that's defined in the task tapset (task.stp). -probe process.create = kernel.function("copy_process").return { +probe kprocess.create = kernel.function("copy_process").return { task = $return new_pid = task_pid(task) } diff --git a/tapset/kprocess.stp b/tapset/kprocess.stp new file mode 100644 index 00000000..316e03ce --- /dev/null +++ b/tapset/kprocess.stp @@ -0,0 +1,115 @@ +// kernel process tapset +// Copyright (C) 2006 Intel Corporation. +// +// This file is part of systemtap, and is free software. You can +// redistribute it and/or modify it under the terms of the GNU General +// Public License (GPL); either version 2, or (at your option) any +// later version. +// +// This family of probe points is used to probe process-related activities. +// + +function _IS_ERR:long(ptr:long) %{ /* pure */ + THIS->__retvalue = IS_ERR((const void *)(long)THIS->ptr); +%} + + +/** + * probe kprocess.create - Fires whenever a new process is successfully created + * @new_pid: The PID of the newly created process + * + * Context: + * Parent of the created process. + * + * Fires whenever a new process is successfully created, either as a result of + * fork (or one of its syscall variants), or a new kernel thread. + */ +probe kprocess.create = kernel.function("copy_process").return { + task = $return + if (_IS_ERR(task)) next + new_pid = task_pid(task) +} + + +/** + * probe kprocess.start - Starting new process + * + * Context: + * Newly created process. + * + * Fires immediately before a new process begins execution. + * + */ +probe kprocess.start = kernel.function("schedule_tail") { } + + +/** + * probe kprocess.exec - Attempt to exec to a new program + * @filename: The path to the new executable + * + * Context: + * The caller of exec. + * + * Fires whenever a process attempts to exec to a new program. + */ +probe kprocess.exec = + kernel.function("do_execve"), + kernel.function("compat_do_execve") ? +{ + filename = kernel_string($filename) +} + + +/** + * probe kprocess.exec_complete - Return from exec to a new program + * @errno: The error number resulting from the exec + * @success: A boolean indicating whether the exec was successful + * + * Context: + * On success, the context of the new executable. + * On failure, remains in the context of the caller. + * + * Fires at the completion of an exec call. + */ +probe kprocess.exec_complete = + kernel.function("do_execve").return, + kernel.function("compat_do_execve").return ? +{ + errno = $return + success = (errno >= 0) +} + + +/** + * probe kprocess.exit - Exit from process + * @code: The exit code of the process + * + * Context: + * The process which is terminating. + * + * Fires when a process terminates. This will always be followed by a + * kprocess.release, though the latter may be delayed if the process waits in a + * zombie state. + */ +probe kprocess.exit = kernel.function("do_exit") { + code = $code +} + + +/** + * probe kprocess.release - Process released + * @task: A task handle to the process being released + * @pid: PID of the process being released + * + * Context: + * The context of the parent, if it wanted notification of this process' + * termination, else the context of the process itself. + * + * Fires when a process is released from the kernel. This always follows a + * kprocess.exit, though it may be delayed somewhat if the process waits in a + * zombie state. + */ +probe kprocess.release = kernel.function("release_task") { + task = $p + pid = $p->pid; +} diff --git a/tapset/process.stp b/tapset/process.stp deleted file mode 100644 index e39f740a..00000000 --- a/tapset/process.stp +++ /dev/null @@ -1,115 +0,0 @@ -// process tapset -// Copyright (C) 2006 Intel Corporation. -// -// This file is part of systemtap, and is free software. You can -// redistribute it and/or modify it under the terms of the GNU General -// Public License (GPL); either version 2, or (at your option) any -// later version. -// -// This family of probe points is used to probe process-related activities. -// - -function _IS_ERR:long(ptr:long) %{ /* pure */ - THIS->__retvalue = IS_ERR((const void *)(long)THIS->ptr); -%} - - -/** - * probe process.create - Fires whenever a new process is successfully created - * @new_pid: The PID of the newly created process - * - * Context: - * Parent of the created process. - * - * Fires whenever a new process is successfully created, either as a result of - * fork (or one of its syscall variants), or a new kernel thread. - */ -probe process.create = kernel.function("copy_process").return { - task = $return - if (_IS_ERR(task)) next - new_pid = task_pid(task) -} - - -/** - * probe process.start - Starting new process - * - * Context: - * Newly created process. - * - * Fires immediately before a new process begins execution. - * - */ -probe process.start = kernel.function("schedule_tail") { } - - -/** - * probe process.exec - Attempt to exec to a new program - * @filename: The path to the new executable - * - * Context: - * The caller of exec. - * - * Fires whenever a process attempts to exec to a new program. - */ -probe process.exec = - kernel.function("do_execve"), - kernel.function("compat_do_execve") ? -{ - filename = kernel_string($filename) -} - - -/** - * probe process.exec_complete - Return from exec to a new program - * @errno: The error number resulting from the exec - * @success: A boolean indicating whether the exec was successful - * - * Context: - * On success, the context of the new executable. - * On failure, remains in the context of the caller. - * - * Fires at the completion of an exec call. - */ -probe process.exec_complete = - kernel.function("do_execve").return, - kernel.function("compat_do_execve").return ? -{ - errno = $return - success = (errno >= 0) -} - - -/** - * probe process.exit - Exit from process - * @code: The exit code of the process - * - * Context: - * The process which is terminating. - * - * Fires when a process terminates. This will always be followed by a - * process.release, though the latter may be delayed if the process waits in a - * zombie state. - */ -probe process.exit = kernel.function("do_exit") { - code = $code -} - - -/** - * probe process.release - Process released - * @task: A task handle to the process being released - * @pid: PID of the process being released - * - * Context: - * The context of the parent, if it wanted notification of this process' - * termination, else the context of the process itself. - * - * Fires when a process is released from the kernel. This always follows a - * process.exit, though it may be delayed somewhat if the process waits in a - * zombie state. - */ -probe process.release = kernel.function("release_task") { - task = $p - pid = $p->pid; -} diff --git a/testsuite/buildok/process-all-probes.stp b/testsuite/buildok/process-all-probes.stp index 91a96514..c754462b 100755 --- a/testsuite/buildok/process-all-probes.stp +++ b/testsuite/buildok/process-all-probes.stp @@ -2,11 +2,11 @@ // Tests if all probes in the process tapset are resolvable. -probe process.create, - process.start, - process.exec, - process.exec_complete, - process.exit, - process.release +probe kprocess.create, + kprocess.start, + kprocess.exec, + kprocess.exec_complete, + kprocess.exit, + kprocess.release { } diff --git a/testsuite/buildok/process_test.stp b/testsuite/buildok/process_test.stp index 90de8b69..ba3fadf1 100755 --- a/testsuite/buildok/process_test.stp +++ b/testsuite/buildok/process_test.stp @@ -1,31 +1,31 @@ #! stap -p4 -probe process.create { +probe kprocess.create { log(pp()) log(sprint(task)) } -probe process.start { +probe kprocess.start { log(pp()) } -probe process.exec { +probe kprocess.exec { log(pp()) log(filename) } -probe process.exec_complete { +probe kprocess.exec_complete { log(pp()) log(sprint(errno)) log(sprint(success)) } -probe process.exit { +probe kprocess.exit { log(pp()) log(sprint(code)) } -probe process.release { +probe kprocess.release { log(pp()) log(sprint(task)) } diff --git a/testsuite/systemtap.examples/process/proc_snoop.stp b/testsuite/systemtap.examples/process/proc_snoop.stp index 06425d45..9a3768c2 100755 --- a/testsuite/systemtap.examples/process/proc_snoop.stp +++ b/testsuite/systemtap.examples/process/proc_snoop.stp @@ -18,30 +18,30 @@ function id:string(task:long) { task_execname(task)) } -probe process.create { +probe kprocess.create { report(sprintf("create %s", id(task))) } -probe process.start { +probe kprocess.start { report("start") } -probe process.exec { +probe kprocess.exec { report(sprintf("exec %s", filename)) } -probe process.exec_complete { +probe kprocess.exec_complete { if (success) report("exec success") else report(sprintf("exec failed %d (%s)", errno, errno_str(errno))) } -probe process.exit { +probe kprocess.exit { report(sprintf("exit %d", code)) } -probe process.release { +probe kprocess.release { report(sprintf("remove %s", id(task))) } diff --git a/testsuite/systemtap.stress/whitelist.exp b/testsuite/systemtap.stress/whitelist.exp index 4a31c124..70973978 100644 --- a/testsuite/systemtap.stress/whitelist.exp +++ b/testsuite/systemtap.stress/whitelist.exp @@ -96,6 +96,7 @@ set init_probes_all_script { udp.*.return, tcp.*, tcp.*.return, + kprocess.*, process.*, nfs.fop.*, nfs.aop.*, -- cgit From 7a51212ca1895b85f400fafe0e5198525996af1d Mon Sep 17 00:00:00 2001 From: William Cohen Date: Tue, 14 Apr 2009 17:37:19 -0400 Subject: Minor formatting to avoid line wrap, added tcpdumplike.meta file, and regenerated index files. --- testsuite/systemtap.examples/index.html | 3 +++ testsuite/systemtap.examples/index.txt | 8 ++++++++ testsuite/systemtap.examples/keyword-index.html | 6 ++++++ testsuite/systemtap.examples/keyword-index.txt | 16 ++++++++++++++++ testsuite/systemtap.examples/network/tcpdumplike.meta | 12 ++++++++++++ testsuite/systemtap.examples/network/tcpdumplike.stp | 10 +++++----- 6 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 testsuite/systemtap.examples/network/tcpdumplike.meta diff --git a/testsuite/systemtap.examples/index.html b/testsuite/systemtap.examples/index.html index 3287458a..a03b8dcc 100644 --- a/testsuite/systemtap.examples/index.html +++ b/testsuite/systemtap.examples/index.html @@ -97,6 +97,9 @@ keywords: NETWORK network/tcp_connections.stp - Track Creation of Incoming TCP Connections
keywords: NETWORK TCP SOCKET

The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.

+
  • network/tcpdumplike.stp - Dump of Received TCP Packets
    +keywords: NETWORK TRAFFIC
    +

    The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

  • process/errsnoop.stp - tabulate system call errors
    keywords: PROCESS SYSCALL

    The script prints a periodic tabular report about failing system calls, by process and by syscall failure. The first optional argument specifies the reporting interval (in seconds, default 5); the second optional argument gives a screen height (number of lines in the report, default 20).

    • diff --git a/testsuite/systemtap.examples/index.txt b/testsuite/systemtap.examples/index.txt index d538d760..d24232e7 100644 --- a/testsuite/systemtap.examples/index.txt +++ b/testsuite/systemtap.examples/index.txt @@ -182,6 +182,14 @@ keywords: network tcp socket originator of the request. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + process/errsnoop.stp - tabulate system call errors keywords: process syscall diff --git a/testsuite/systemtap.examples/keyword-index.html b/testsuite/systemtap.examples/keyword-index.html index 2254fd25..e65ed19d 100644 --- a/testsuite/systemtap.examples/keyword-index.html +++ b/testsuite/systemtap.examples/keyword-index.html @@ -159,6 +159,9 @@ keywords: NETWORK network/tcp_connections.stp - Track Creation of Incoming TCP Connections
    keywords: NETWORK TCP SOCKET

    The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.

    +
  • network/tcpdumplike.stp - Dump of Received TCP Packets
    +keywords: NETWORK TRAFFIC
    +

    The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

    • PER-PROCESS

      @@ -288,6 +291,9 @@ keywords: TRACE network/nettop.stp - Periodic Listing of Processes Using Network Interfaces
      keywords: NETWORK TRAFFIC PER-PROCESS

      Every five seconds the nettop.stp script prints out a list of processed (PID and command) with the number of packets sent/received and the amount of data sent/received by the process during that interval.

      +
    • network/tcpdumplike.stp - Dump of Received TCP Packets
      +keywords: NETWORK TRAFFIC
      +

      The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

    USE

      diff --git a/testsuite/systemtap.examples/keyword-index.txt b/testsuite/systemtap.examples/keyword-index.txt index 8fd8e0d8..40b5276f 100644 --- a/testsuite/systemtap.examples/keyword-index.txt +++ b/testsuite/systemtap.examples/keyword-index.txt @@ -281,6 +281,14 @@ keywords: network tcp socket originator of the request. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + = PER-PROCESS = network/nettop.stp - Periodic Listing of Processes Using Network Interfaces @@ -597,6 +605,14 @@ keywords: network traffic per-process interval. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + = USE = general/graphs.stp - Graphing Disk and CPU Utilization diff --git a/testsuite/systemtap.examples/network/tcpdumplike.meta b/testsuite/systemtap.examples/network/tcpdumplike.meta new file mode 100644 index 00000000..8fb9fccb --- /dev/null +++ b/testsuite/systemtap.examples/network/tcpdumplike.meta @@ -0,0 +1,12 @@ +title: Dump of Received TCP Packets +name: tcpdumplike.stp +version: 1.0 +author: anonymous +keywords: network traffic +subsystem: network +status: production +exit: user-controlled +output: timed +scope: system-wide +description: The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags. +test_installcheck: stap tcpdumplike.stp -c "sleep 1" diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp index 533c71b9..de3899d6 100755 --- a/testsuite/systemtap.examples/network/tcpdumplike.stp +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -3,12 +3,12 @@ // A TCP dump like example probe begin, timer.s(1) { - printf("-----------------------------------------------------------------\n"); - printf(" Source IP Dest IP SPort DPort U A P R S F \n"); - printf("-----------------------------------------------------------------\n"); + printf("-----------------------------------------------------------------\n") + printf(" Source IP Dest IP SPort DPort U A P R S F \n") + printf("-----------------------------------------------------------------\n") } probe tcp.receive { - printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", - saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) + printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", + saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) } -- cgit