From 1f65cc4ffd1bd362b10d7f07d1cb9c4e7de68027 Mon Sep 17 00:00:00 2001
From: Josh Stone <jistone@redhat.com>
Date: Tue, 14 Apr 2009 12:34:12 -0700
Subject: PR9953: split up the two process.* tapsets

The overlapping process.* tapsets are now separated.  Those probe points
documented in stapprobes(3stap) remain the same.  Those that were formerly
in stapprobes.process(3stap) have been renamed to kprocess, to reflect
their kernel perspective on processes.
---
 doc/SystemTap_Beginners_Guide/en-US/References.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'doc/SystemTap_Beginners_Guide')

diff --git a/doc/SystemTap_Beginners_Guide/en-US/References.xml b/doc/SystemTap_Beginners_Guide/en-US/References.xml
index ff993df2..6ab74f17 100644
--- a/doc/SystemTap_Beginners_Guide/en-US/References.xml
+++ b/doc/SystemTap_Beginners_Guide/en-US/References.xml
@@ -43,7 +43,7 @@
 The <filename>stapprobes</filename> man page enumerates a variety of probe points supported by SystemTap, along with additional aliases 
 defined by the SystemTap tapset library. The bottom of the man page includes a list of other man pages 
 enumerating similar probe points for specific system components, such as
-	  <filename>stapprobes.scsi</filename>, <filename>stapprobes.process</filename>, 
+	  <filename>stapprobes.scsi</filename>, <filename>stapprobes.kprocess</filename>, 
 <filename>stapprobes.signal</filename>, etc.
 </para>
 </listitem>
-- 
cgit 


From 06cc786840951d8467553a60c0e603a5086fc488 Mon Sep 17 00:00:00 2001
From: ddomingo <ddomingo@redhat.com>
Date: Thu, 30 Apr 2009 15:56:47 +1000
Subject: added tcp_connections.stp

---
 .../en-US/Useful_Scripts-tcp_connections.xml       | 86 ++++++++++++++++++++++
 .../en-US/Useful_SystemTap_Scripts.xml             |  2 +
 2 files changed, 88 insertions(+)
 create mode 100644 doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcp_connections.xml

(limited to 'doc/SystemTap_Beginners_Guide')

diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcp_connections.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcp_connections.xml
new file mode 100644
index 00000000..c25465b4
--- /dev/null
+++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcp_connections.xml
@@ -0,0 +1,86 @@
+<?xml version='1.0'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+
+	<section id="tcpconnectionssect">
+		<title>Monitoring Incoming TCP Connections</title>
+<indexterm>
+<primary>script examples</primary>
+<secondary>monitoring incoming TCP connections</secondary>
+</indexterm>
+
+<indexterm>
+<primary>examples of SystemTap scripts</primary>
+<secondary>monitoring incoming TCP connections</secondary>
+</indexterm>
+
+<indexterm>
+<primary>monitoring incoming TCP connections</primary>
+<secondary>examples of SystemTap scripts</secondary>
+</indexterm>		
+<indexterm>
+	<primary>TCP connections (incoming), monitoring</primary>
+	<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+<indexterm>
+	<primary>incoming TCP connections, monitoring</primary>
+	<secondary>examples of SystemTap scripts</secondary>
+</indexterm>	
+<!--				
+<indexterm>
+	<primary>script examples</primary>
+	<secondary>net/socket.c, tracing functions from</secondary>
+</indexterm>
+
+<indexterm>
+	<primary>examples of SystemTap scripts</primary>
+	<secondary>net/socket.c, tracing functions from</secondary>
+</indexterm>
+
+<indexterm>
+	<primary>net/socket.c, tracing functions from</primary>
+	<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+-->
+
+<para>
+	This section illustrates how to monitor incoming TCP connections. This task is useful in 
+	identifying any unauthorized, suspicious, or otherwise unwanted network access requests
+	in real time. 
+</para>
+
+<formalpara id="tcpconnections">
+		<title>tcp_connections.stp</title>
+<para>
+<programlisting>
+<xi:include parse="text" href="extras/testsuite/systemtap.examples/network/tcp_connections.stp" xmlns:xi="http://www.w3.org/2001/XInclude" />
+</programlisting>
+</para>
+</formalpara>		
+
+<para>
+	While <xref linkend="tcpconnections"/> is running, it will print out the following information
+	about any incoming TCP connections accepted by the system in real time:
+</para>
+
+<itemizedlist>
+	<listitem><para>Current <command>UID</command></para></listitem>
+	<listitem><para><command>CMD</command> - the command accepting the connection</para></listitem>
+	<listitem><para><command>PID</command> of the command</para></listitem>
+	<listitem><para>Port used by the connection</para></listitem>
+	<listitem><para>IP address from which the TCP connection originated</para></listitem>
+</itemizedlist>
+	
+	
+<example id="tcpconnectionsoutput">
+	<title><xref linkend="tcpconnections"/> Sample Output</title>
+<screen>
+UID            CMD    PID   PORT        IP_SOURCE
+0             sshd   3165     22      10.64.0.227
+0             sshd   3165     22      10.64.0.227
+</screen>
+</example>
+
+</section>
+
diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
index b18062f3..80e68770 100644
--- a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
+++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
@@ -41,6 +41,8 @@
 	<para>The following sections showcase scripts that trace network-related functions and build a profile of network activity.</para>
 	<xi:include href="Useful_Scripts-nettop.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 	<xi:include href="Useful_Scripts-sockettrace.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+	<xi:include href="Useful_Scripts-tcp_connections.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+
 </section>		
 <section id="mainsect-disk">
 	<title>Disk</title>
-- 
cgit 


From 6820dda776595280e6dc535df32648b47d21e329 Mon Sep 17 00:00:00 2001
From: ddomingo <ddomingo@redhat.com>
Date: Tue, 5 May 2009 15:43:56 +1000
Subject: added ioblktime.stp to guide

---
 .../en-US/Useful_Scripts-ioblktime.xml             | 111 +++++++++++++++++++++
 .../en-US/Useful_SystemTap_Scripts.xml             |   2 +
 2 files changed, 113 insertions(+)
 create mode 100644 doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-ioblktime.xml

(limited to 'doc/SystemTap_Beginners_Guide')

diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-ioblktime.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-ioblktime.xml
new file mode 100644
index 00000000..e586d81a
--- /dev/null
+++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-ioblktime.xml
@@ -0,0 +1,111 @@
+<?xml version='1.0'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+	<section id="ioblktimesect">
+		<title>Periodically Print I/O Block Time</title>
+<indexterm>
+<primary>script examples</primary>
+<secondary>monitoring I/O block time</secondary>
+</indexterm>
+
+<indexterm>
+<primary>examples of SystemTap scripts</primary>
+<secondary>monitoring I/O block time</secondary>
+</indexterm>
+
+<indexterm>
+<primary>monitoring I/O block time</primary>
+<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+
+<indexterm>
+<primary>I/O block time, monitoring</primary>
+<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+
+<indexterm>
+<primary>printing I/O block time (periodically)</primary>
+<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+
+	<para>
+		This section describes how to track the amount of time each block I/O requests spends 
+		waiting for completion. This is useful in determining whether there are too many
+		outstanding block I/O operations at any given time.
+	</para>
+	
+<formalpara id="ioblktime">
+	<title>ioblktime.stp</title>
+<para>
+<programlisting>
+<xi:include parse="text" href="extras/testsuite/systemtap.examples/io/ioblktime.stp" xmlns:xi="http://www.w3.org/2001/XInclude" />
+</programlisting>
+</para>
+</formalpara>
+
+<!-- <remark>what does $count do, specifically?</remark> -->
+
+<para>
+	<xref linkend="ioblktime"/> computes the average waiting time for block I/O per device, 
+	and prints a list every 10 seconds. As always, you can revise this refresh rate by 
+	editing the specified value in <command>probe timer.s(10), end {</command>.
+</para>	
+<para>	
+	In some cases, there can be too many outstanding block 
+	I/O operations, at which point the script can exceed the default number of 
+	<command>MAXMAPENTRIES</command>. <command>MAXMAPENTRIES</command> is the maximum number of 
+	rows in an array if the array size is not specified explicitly when declared. If the script
+	exceeds the default <command>MAXMAPENTRIES</command> value of 2048, run the script again with 
+	the <command>stap</command> option <command>-DMAXMAPENTRIES=10000</command>.
+</para>
+	
+
+<example id="ioblktimeoutput">
+	<title><xref linkend="ioblktime"/> Sample Output</title>
+<screen>
+    device  rw total (us)      count   avg (us)
+       sda   W       9659          6       1609
+      dm-0   W      20278          6       3379
+      dm-0   R      20524          5       4104
+       sda   R      19277          5       3855
+</screen>
+</example>
+
+<para>
+	<xref linkend="ioblktimeoutput"/> displays the device name, operations performed 
+	(<command>rw</command>), total wait time of all operations (<command>total(us)</command>), 
+	number of operations (<command>count</command>), and average
+	wait time for all those operations (<command>avg (us)</command>). The times tallied by the 
+	script are in microseconds.
+</para>	
+	
+<!--
+global reads, writes, total_io
+
+probe kernel.function("vfs_read") {
+reads[execname()] += $count
+}
+
+probe kernel.function("vfs_write") {
+writes[execname()] += $count
+}
+
+# print top 10 IO processes every 5 seconds
+probe timer.s(5) {
+foreach (name in writes)
+total_io[name] += writes[name]
+foreach (name in reads)
+total_io[name] += reads[name]
+printf ("%16s\t%10s\t%10s\n", "Process", "KB Read", "KB Written")
+foreach (name in total_io- limit 10)
+printf("%16s\t%10d\t%10d\n", name,
+reads[name]/1024, writes[name]/1024)
+delete reads
+delete writes
+delete total_io
+print("\n")
+}
+-->
+
+</section>
\ No newline at end of file
diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
index 80e68770..4d999b53 100644
--- a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
+++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
@@ -56,6 +56,7 @@
 <!-- 	<xi:include href="Useful_Scripts-Kernel.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
 	<xi:include href="Useful_Scripts-inodewatch.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 	<xi:include href="Useful_Scripts-inodewatch2.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+	<xi:include condition="fedora" href="Useful_Scripts-ioblktime.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 </section>
 
 <section id="mainsect-profiling">
@@ -71,6 +72,7 @@
 <!-- 	removed; handler function no longer working as expected
 	<xi:include href="Useful_Scripts-kernelprofiling.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
 
+	
 <xi:include href="Useful_Scripts-futexes.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 
 <!--	<xi:include href="Useful_Scripts-Network.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-- 
cgit 


From b29403a9638895ecd9bc515bb47e3881a53168e8 Mon Sep 17 00:00:00 2001
From: ddomingo <ddomingo@redhat.com>
Date: Thu, 7 May 2009 16:02:51 +1000
Subject: added tcpdumplike.stp to Network for Fedora build only

---
 .../en-US/Useful_Scripts-tcpdumplike.xml           | 116 +++++++++++++++++++++
 .../en-US/Useful_SystemTap_Scripts.xml             |   2 +-
 2 files changed, 117 insertions(+), 1 deletion(-)
 create mode 100644 doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcpdumplike.xml

(limited to 'doc/SystemTap_Beginners_Guide')

diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcpdumplike.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcpdumplike.xml
new file mode 100644
index 00000000..cd42edc6
--- /dev/null
+++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-tcpdumplike.xml
@@ -0,0 +1,116 @@
+<?xml version='1.0'?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+
+	<section id="tcpdumplikesect">
+		<title>Monitoring TCP Packets</title>
+<indexterm>
+<primary>script examples</primary>
+<secondary>monitoring TCP packets</secondary>
+</indexterm>
+
+<indexterm>
+<primary>examples of SystemTap scripts</primary>
+<secondary>monitoring TCP packets</secondary>
+</indexterm>
+
+<indexterm>
+<primary>monitoring TCP packets</primary>
+<secondary>examples of SystemTap scripts</secondary>
+</indexterm>		
+<indexterm>
+	<primary>TCP packets, monitoring</primary>
+	<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+<indexterm>
+	<primary>TCP packets, monitoring</primary>
+	<secondary>examples of SystemTap scripts</secondary>
+</indexterm>	
+<!--				
+<indexterm>
+	<primary>script examples</primary>
+	<secondary>net/socket.c, tracing functions from</secondary>
+</indexterm>
+
+<indexterm>
+	<primary>examples of SystemTap scripts</primary>
+	<secondary>net/socket.c, tracing functions from</secondary>
+</indexterm>
+
+<indexterm>
+	<primary>net/socket.c, tracing functions from</primary>
+	<secondary>examples of SystemTap scripts</secondary>
+</indexterm>
+-->
+
+<para>
+	This section illustrates how to monitor TCP packets received by the system. This is useful in 
+	analyzing network traffic generated by applications running on the system.
+</para>
+
+
+<formalpara id="tcpdumplike">
+		<title>tcpdumplike.stp</title>
+<para>
+<programlisting>
+	<xi:include parse="text" href="extras/testsuite/systemtap.examples/network/tcpdumplike.stp" xmlns:xi="http://www.w3.org/2001/XInclude" />
+</programlisting>
+</para>
+</formalpara>		
+
+<para>
+	While <xref linkend="tcpdumplike"/> is running, it will print out the following information
+	about any received TCP packets in real time:
+</para>
+
+<itemizedlist>
+	<listitem><para>Source and destination IP address (<command>saddr</command>,
+	<command>daddr</command>, respectively)</para></listitem>
+	<listitem><para>Source and destination ports (<command>sport</command>, <command>dport</command>,
+	respectively)</para></listitem>
+	<listitem><para>Packet flags</para></listitem>
+</itemizedlist>
+	
+<para>
+	To determine the flags used by the packet, <xref linkend="tcpdumplike"/> uses the following
+	functions:
+</para>
+
+<itemizedlist>
+	<listitem><para><command>urg</command> - urgent</para></listitem>
+	<listitem><para><command>ack</command> - acknowledgement</para></listitem>
+	<listitem><para><command>psh</command> - push</para></listitem>
+	<listitem><para><command>rst</command> - reset</para></listitem>
+	<listitem><para><command>syn</command> - synchronize</para></listitem>
+	<listitem><para><command>fin</command> - finished</para></listitem>
+</itemizedlist>
+
+<para>
+	The aforementioned functions return <command>1</command> or <command>0</command> to 
+	specify whether the packet uses the corresponding flag.
+</para>
+	
+<example id="tcpdumplikeoutput">
+	<title><xref linkend="tcpdumplike"/> Sample Output</title>
+<screen>
+-----------------------------------------------------------------
+       Source IP         Dest IP  SPort  DPort  U  A  P  R  S  F
+-----------------------------------------------------------------
+  209.85.229.147       10.0.2.15     80  20373  0  1  1  0  0  0
+  92.122.126.240       10.0.2.15     80  53214  0  1  0  0  1  0
+  92.122.126.240       10.0.2.15     80  53214  0  1  0  0  0  0
+  209.85.229.118       10.0.2.15     80  63433  0  1  0  0  1  0
+  209.85.229.118       10.0.2.15     80  63433  0  1  0  0  0  0
+  209.85.229.147       10.0.2.15     80  21141  0  1  1  0  0  0
+  209.85.229.147       10.0.2.15     80  21141  0  1  1  0  0  0
+  209.85.229.147       10.0.2.15     80  21141  0  1  1  0  0  0
+  209.85.229.147       10.0.2.15     80  21141  0  1  1  0  0  0
+  209.85.229.147       10.0.2.15     80  21141  0  1  1  0  0  0
+  209.85.229.118       10.0.2.15     80  63433  0  1  1  0  0  0
+[...]
+</screen>
+</example>
+
+</section>
+
diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
index 4d999b53..eeab9b27 100644
--- a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
+++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml
@@ -42,7 +42,7 @@
 	<xi:include href="Useful_Scripts-nettop.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 	<xi:include href="Useful_Scripts-sockettrace.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 	<xi:include href="Useful_Scripts-tcp_connections.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
-
+	<xi:include condition="fedora" href="Useful_Scripts-tcpdumplike.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
 </section>		
 <section id="mainsect-disk">
 	<title>Disk</title>
-- 
cgit