From 869a8e9b1bd528c8fe8b19ea502c1931fd28a7ef Mon Sep 17 00:00:00 2001
From: ddomingo <ddomingo@redhat.com>
Date: Mon, 16 Mar 2009 14:21:51 +1000
Subject: fixed format of non-grabbable comments (for Tapset Reference Guide),
 added tapsetdescription for man page generator (in development)

---
 tapset/tcp.stp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'tapset/tcp.stp')

diff --git a/tapset/tcp.stp b/tapset/tcp.stp
index 995d6abc..1375f115 100644
--- a/tapset/tcp.stp
+++ b/tapset/tcp.stp
@@ -7,7 +7,9 @@
 // redistribute it and/or modify it under the terms of the GNU General
 // Public License (GPL); either version 2, or (at your option) any
 // later version.
-
+// <tapsetdescription>
+// This family of probe points is used to probe events that occur in the TCP layer, 
+// </tapsetdescription>
 %{
 #include <linux/version.h>
 #include <net/sock.h>
-- 
cgit 


From 52064a4bd37f8d81e1f488fe9d32fe6ccee63bd7 Mon Sep 17 00:00:00 2001
From: Breno Leitao <leitao@linux.vnet.ibm.com>
Date: Fri, 20 Mar 2009 11:40:04 -0400
Subject: Added functions to grab IP source and destination from a socket, and
 functions to grab TCP source and destination port from a socket.

Also, used this function inside some TCP probe functions, as recvmsg,
to provide a richer set of fields.
---
 tapset/tcp.stp | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'tapset/tcp.stp')

diff --git a/tapset/tcp.stp b/tapset/tcp.stp
index 1375f115..bb96b0cb 100644
--- a/tapset/tcp.stp
+++ b/tapset/tcp.stp
@@ -73,6 +73,16 @@ function tcp_ts_get_info_state:long(sock:long)
 	CATCH_DEREF_FAULT();
 %}
 
+/* return the TCP destination port for a given sock */
+function __tcp_sock_dport:long (sock:long){
+	return @cast(sock, "inet_sock")->dport
+}
+
+/* return the TCP source port for a given sock */
+function __tcp_sock_sport:long (sock:long){
+	return @cast(sock, "inet_sock")->sport
+}
+
 global sockstate[13], sockstate_init_p
 function tcp_sockstate_str:string (state:long) {
 	if (! sockstate_init_p) {
@@ -182,6 +192,10 @@ probe tcp.sendmsg.return = kernel.function("tcp_sendmsg").return {
  * @name: Name of this probe
  * @sock: Network socket
  * @size: Number of bytes to be received  
+ * @saddr: A string representing the source IP address
+ * @daddr: A string representing the destination IP address
+ * @sport: TCP source port 
+ * @dport: TCP destination port
  * Context:
  *  The process which receives a tcp message
  */
@@ -189,12 +203,20 @@ probe tcp.recvmsg = kernel.function("tcp_recvmsg") {
 	name = "tcp.recvmsg"
 	sock    = $sk
 	size    = $len
+	saddr   = ip_ntop(__ip_sock_saddr($sk))
+	daddr   = ip_ntop(__ip_sock_daddr($sk))
+	sport   = __tcp_sock_sport($sk)
+	dport   = __tcp_sock_dport($sk)
 }
 
 /**
  * probe tcp.recvmsg.return - Receiving TCP message complete
  * @name: Name of this probe
  * @size: Number of bytes received or error code if an error occurred.
+ * @saddr: A string representing the source IP address
+ * @daddr: A string representing the destination IP address
+ * @sport: TCP source port 
+ * @dport: TCP destination port
  *
  * Context:
  *  The process which receives a tcp message
@@ -202,6 +224,10 @@ probe tcp.recvmsg = kernel.function("tcp_recvmsg") {
 probe tcp.recvmsg.return = kernel.function("tcp_recvmsg").return {
 	name = "tcp.recvmsg"
 	size = $return
+	saddr = ip_ntop(__ip_sock_saddr($sk))
+	daddr = ip_ntop(__ip_sock_daddr($sk))
+	sport = __tcp_sock_sport($sk)
+	dport = __tcp_sock_dport($sk)
 }
 
 /**
@@ -209,6 +235,10 @@ probe tcp.recvmsg.return = kernel.function("tcp_recvmsg").return {
  * @name: Name of this probe
  * @sock: Network socket 
  * @flags: TCP flags (e.g. FIN, etc)  
+ * @saddr: A string representing the source IP address
+ * @daddr: A string representing the destination IP address
+ * @sport: TCP source port 
+ * @dport: TCP destination port
  *
  * Context:
  *  The process which disconnects tcp 
@@ -217,6 +247,10 @@ probe tcp.disconnect = kernel.function("tcp_disconnect") {
 	name = "tcp.disconnect"
 	sock  = $sk
 	flags = $flags
+	saddr = ip_ntop(__ip_sock_saddr($sk))
+	daddr = ip_ntop(__ip_sock_daddr($sk))
+	sport = __tcp_sock_sport($sk)
+	dport = __tcp_sock_dport($sk)
 }
 
 /**
-- 
cgit 


From 5e868ddd8263d2f7b61a702891252cc2bacb1c07 Mon Sep 17 00:00:00 2001
From: Andre Detsch <adetsch@br.ibm.com>
Date: Tue, 14 Apr 2009 14:23:59 -0300
Subject: Add new TCP and IP functions

This patch adds some basic functions to the IP and TCP tapsets.
Mainly, it's possible to get the iphdr and tcphdr from a sk_buff structure.

As a consequence, a TCP probe called tcp.receive() was created and
is probed every time a TCP packet is received, and a lot of
useful fields is available, as the TCP flags.

Also a small example that works like tcpdump for received TCP packets was
created.

This patch was tested on x86 and ppc machines, on 2.6.18 kernel and also on
mainline one.

Signed-off-by: Breno Leitao <leitao@linux.vnet.ibm.com>
Signed-off-by: Andre Detsch <adetsch@br.ibm.com>
Signed-off-by: Josh Stone <jistone@redhat.com>
---
 tapset/tcp.stp | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

(limited to 'tapset/tcp.stp')

diff --git a/tapset/tcp.stp b/tapset/tcp.stp
index bb96b0cb..2c5dce7e 100644
--- a/tapset/tcp.stp
+++ b/tapset/tcp.stp
@@ -15,6 +15,7 @@
 #include <net/sock.h>
 #include <net/tcp.h>
 #include <net/ip.h>
+#include <linux/skbuff.h>
 %}
 
 // Get retransmission timeout in usecs. RTO is initialized from default
@@ -78,6 +79,70 @@ function __tcp_sock_dport:long (sock:long){
 	return @cast(sock, "inet_sock")->dport
 }
 
+/* returns the TCP header for recent (<2.6.21) kernel */
+function __get_skb_tcphdr_new:long(skb:long)
+%{ /* pure */
+	struct sk_buff *skb;
+	skb = (struct sk_buff *)(long)THIS->skb;
+	/* as done by skb_transport_header() */
+	#ifdef NET_SKBUFF_DATA_USES_OFFSET
+		THIS->__retvalue = (long)(kread(&(skb->head)) + kread(&(skb->transport_header)));
+	#else
+		THIS->__retvalue = (long)kread(&(skb->transport_header));
+	#endif
+	CATCH_DEREF_FAULT();
+%}
+
+/* returns the TCP header for a given sk_buff structure */
+function __get_skb_tcphdr:long(skb:long){
+%( kernel_v < "2.6.21" %?
+	tcphdr = @cast(skb, "sk_buff")->h->raw
+	return tcphdr
+%:
+	return __get_skb_tcphdr_new(skb)
+%)
+}
+
+/* returns TCP URG flag for a given sk_buff structure */
+function __tcp_skb_urg:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->urg
+}
+
+/* returns TCP ACK flag for a given sk_buff structure */
+function __tcp_skb_ack:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->ack
+}
+
+/* returns TCP PSH flag for a given sk_buff structure */
+function __tcp_skb_psh:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->psh
+}
+
+/* returns TCP RST flag for a given sk_buff structure */
+function __tcp_skb_rst:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->rst
+}
+
+/* returns TCP SYN flag for a given sk_buff structure */
+function __tcp_skb_syn:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->syn
+}
+
+/* returns TCP FIN flag for a given sk_buff structure */
+function __tcp_skb_fin:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->fin
+}
+
+/* returns TCP source port for a given sk_buff structure */
+function __tcp_skb_sport:long (tcphdr){
+	return ntohs(@cast(tcphdr, "tcphdr")->source)
+}
+
+/* returns TCP destination port for a given sk_buff structure */
+function __tcp_skb_dport:long (tcphdr){
+	return @cast(tcphdr, "tcphdr")->dest
+}
+
 /* return the TCP source port for a given sock */
 function __tcp_sock_sport:long (sock:long){
 	return @cast(sock, "inet_sock")->sport
@@ -300,3 +365,32 @@ probe tcp.setsockopt.return = kernel.function("tcp_setsockopt").return {
 	ret = $return
 }
 
+/**
+ * probe tcp.receive - Called when a TCP packet is received
+ * @saddr: A string representing the source IP address
+ * @daddr: A string representing the destination IP address
+ * @sport: TCP source port
+ * @dport: TCP destination port
+ * @urg: TCP URG flag
+ * @ack: TCP ACK flag
+ * @psh: TCP PSH flag
+ * @rst: TCP RST flag
+ * @syn: TCP SYN flag
+ * @fin: TCP FIN flag
+ */
+probe tcp.receive = kernel.function("tcp_v4_rcv") {
+	iphdr = __get_skb_iphdr($skb)
+	saddr = ip_ntop(__ip_skb_saddr(iphdr))
+	daddr = ip_ntop(__ip_skb_daddr(iphdr))
+	protocol = __ip_skb_proto(iphdr)
+
+	tcphdr = __get_skb_tcphdr($skb)
+	dport = __tcp_skb_dport(tcphdr)
+	sport = __tcp_skb_sport(tcphdr)
+	urg = __tcp_skb_urg(tcphdr)
+	ack = __tcp_skb_ack(tcphdr)
+	psh = __tcp_skb_psh(tcphdr)
+	rst = __tcp_skb_rst(tcphdr)
+	syn = __tcp_skb_syn(tcphdr)
+	fin = __tcp_skb_fin(tcphdr)
+}
-- 
cgit