From 5e868ddd8263d2f7b61a702891252cc2bacb1c07 Mon Sep 17 00:00:00 2001 From: Andre Detsch Date: Tue, 14 Apr 2009 14:23:59 -0300 Subject: Add new TCP and IP functions This patch adds some basic functions to the IP and TCP tapsets. Mainly, it's possible to get the iphdr and tcphdr from a sk_buff structure. As a consequence, a TCP probe called tcp.receive() was created and is probed every time a TCP packet is received, and a lot of useful fields is available, as the TCP flags. Also a small example that works like tcpdump for received TCP packets was created. This patch was tested on x86 and ppc machines, on 2.6.18 kernel and also on mainline one. Signed-off-by: Breno Leitao Signed-off-by: Andre Detsch Signed-off-by: Josh Stone --- testsuite/systemtap.examples/network/tcpdumplike.stp | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 testsuite/systemtap.examples/network/tcpdumplike.stp (limited to 'testsuite') diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp new file mode 100644 index 00000000..4026e7a7 --- /dev/null +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -0,0 +1,12 @@ +// A TCP dump like example + +probe begin, timer.s(1) { + printf("-----------------------------------------------------------------\n"); + printf(" Source IP Dest IP SPort DPort U A P R S F \n"); + printf("-----------------------------------------------------------------\n"); +} + +probe tcp.receive { + printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", + saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) +} -- cgit From b9c1e0228f6c629e278820caf40870cdad285441 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 11:00:05 -0700 Subject: Make tcpdumplike.stp executable --- testsuite/systemtap.examples/network/tcpdumplike.stp | 2 ++ 1 file changed, 2 insertions(+) mode change 100644 => 100755 testsuite/systemtap.examples/network/tcpdumplike.stp (limited to 'testsuite') diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp old mode 100644 new mode 100755 index 4026e7a7..533c71b9 --- a/testsuite/systemtap.examples/network/tcpdumplike.stp +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -1,3 +1,5 @@ +#! /usr/bin/env stap + // A TCP dump like example probe begin, timer.s(1) { -- cgit From 1f65cc4ffd1bd362b10d7f07d1cb9c4e7de68027 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Tue, 14 Apr 2009 12:34:12 -0700 Subject: PR9953: split up the two process.* tapsets The overlapping process.* tapsets are now separated. Those probe points documented in stapprobes(3stap) remain the same. Those that were formerly in stapprobes.process(3stap) have been renamed to kprocess, to reflect their kernel perspective on processes. --- testsuite/buildok/process-all-probes.stp | 12 ++++++------ testsuite/buildok/process_test.stp | 12 ++++++------ testsuite/systemtap.examples/process/proc_snoop.stp | 12 ++++++------ testsuite/systemtap.stress/whitelist.exp | 1 + 4 files changed, 19 insertions(+), 18 deletions(-) (limited to 'testsuite') diff --git a/testsuite/buildok/process-all-probes.stp b/testsuite/buildok/process-all-probes.stp index 91a96514..c754462b 100755 --- a/testsuite/buildok/process-all-probes.stp +++ b/testsuite/buildok/process-all-probes.stp @@ -2,11 +2,11 @@ // Tests if all probes in the process tapset are resolvable. -probe process.create, - process.start, - process.exec, - process.exec_complete, - process.exit, - process.release +probe kprocess.create, + kprocess.start, + kprocess.exec, + kprocess.exec_complete, + kprocess.exit, + kprocess.release { } diff --git a/testsuite/buildok/process_test.stp b/testsuite/buildok/process_test.stp index 90de8b69..ba3fadf1 100755 --- a/testsuite/buildok/process_test.stp +++ b/testsuite/buildok/process_test.stp @@ -1,31 +1,31 @@ #! stap -p4 -probe process.create { +probe kprocess.create { log(pp()) log(sprint(task)) } -probe process.start { +probe kprocess.start { log(pp()) } -probe process.exec { +probe kprocess.exec { log(pp()) log(filename) } -probe process.exec_complete { +probe kprocess.exec_complete { log(pp()) log(sprint(errno)) log(sprint(success)) } -probe process.exit { +probe kprocess.exit { log(pp()) log(sprint(code)) } -probe process.release { +probe kprocess.release { log(pp()) log(sprint(task)) } diff --git a/testsuite/systemtap.examples/process/proc_snoop.stp b/testsuite/systemtap.examples/process/proc_snoop.stp index 06425d45..9a3768c2 100755 --- a/testsuite/systemtap.examples/process/proc_snoop.stp +++ b/testsuite/systemtap.examples/process/proc_snoop.stp @@ -18,30 +18,30 @@ function id:string(task:long) { task_execname(task)) } -probe process.create { +probe kprocess.create { report(sprintf("create %s", id(task))) } -probe process.start { +probe kprocess.start { report("start") } -probe process.exec { +probe kprocess.exec { report(sprintf("exec %s", filename)) } -probe process.exec_complete { +probe kprocess.exec_complete { if (success) report("exec success") else report(sprintf("exec failed %d (%s)", errno, errno_str(errno))) } -probe process.exit { +probe kprocess.exit { report(sprintf("exit %d", code)) } -probe process.release { +probe kprocess.release { report(sprintf("remove %s", id(task))) } diff --git a/testsuite/systemtap.stress/whitelist.exp b/testsuite/systemtap.stress/whitelist.exp index 4a31c124..70973978 100644 --- a/testsuite/systemtap.stress/whitelist.exp +++ b/testsuite/systemtap.stress/whitelist.exp @@ -96,6 +96,7 @@ set init_probes_all_script { udp.*.return, tcp.*, tcp.*.return, + kprocess.*, process.*, nfs.fop.*, nfs.aop.*, -- cgit From 7a51212ca1895b85f400fafe0e5198525996af1d Mon Sep 17 00:00:00 2001 From: William Cohen Date: Tue, 14 Apr 2009 17:37:19 -0400 Subject: Minor formatting to avoid line wrap, added tcpdumplike.meta file, and regenerated index files. --- testsuite/systemtap.examples/index.html | 3 +++ testsuite/systemtap.examples/index.txt | 8 ++++++++ testsuite/systemtap.examples/keyword-index.html | 6 ++++++ testsuite/systemtap.examples/keyword-index.txt | 16 ++++++++++++++++ testsuite/systemtap.examples/network/tcpdumplike.meta | 12 ++++++++++++ testsuite/systemtap.examples/network/tcpdumplike.stp | 10 +++++----- 6 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 testsuite/systemtap.examples/network/tcpdumplike.meta (limited to 'testsuite') diff --git a/testsuite/systemtap.examples/index.html b/testsuite/systemtap.examples/index.html index 3287458a..a03b8dcc 100644 --- a/testsuite/systemtap.examples/index.html +++ b/testsuite/systemtap.examples/index.html @@ -97,6 +97,9 @@ keywords: NETWORK network/tcp_connections.stp - Track Creation of Incoming TCP Connections
keywords: NETWORK TCP SOCKET

The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.

+
  • network/tcpdumplike.stp - Dump of Received TCP Packets
    +keywords: NETWORK TRAFFIC
    +

    The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

  • process/errsnoop.stp - tabulate system call errors
    keywords: PROCESS SYSCALL

    The script prints a periodic tabular report about failing system calls, by process and by syscall failure. The first optional argument specifies the reporting interval (in seconds, default 5); the second optional argument gives a screen height (number of lines in the report, default 20).

    • diff --git a/testsuite/systemtap.examples/index.txt b/testsuite/systemtap.examples/index.txt index d538d760..d24232e7 100644 --- a/testsuite/systemtap.examples/index.txt +++ b/testsuite/systemtap.examples/index.txt @@ -182,6 +182,14 @@ keywords: network tcp socket originator of the request. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + process/errsnoop.stp - tabulate system call errors keywords: process syscall diff --git a/testsuite/systemtap.examples/keyword-index.html b/testsuite/systemtap.examples/keyword-index.html index 2254fd25..e65ed19d 100644 --- a/testsuite/systemtap.examples/keyword-index.html +++ b/testsuite/systemtap.examples/keyword-index.html @@ -159,6 +159,9 @@ keywords: NETWORK network/tcp_connections.stp - Track Creation of Incoming TCP Connections
    keywords: NETWORK TCP SOCKET

    The tcp_connections.stp script prints information for each new incoming TCP connection accepted by the computer. The information includes the UID, the command accepting the connection, the PID of the command, the port the connection is on, and the IP address of the originator of the request.

    +
  • network/tcpdumplike.stp - Dump of Received TCP Packets
    +keywords: NETWORK TRAFFIC
    +

    The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

    • PER-PROCESS

      @@ -288,6 +291,9 @@ keywords: TRACE network/nettop.stp - Periodic Listing of Processes Using Network Interfaces
      keywords: NETWORK TRAFFIC PER-PROCESS

      Every five seconds the nettop.stp script prints out a list of processed (PID and command) with the number of packets sent/received and the amount of data sent/received by the process during that interval.

      +
    • network/tcpdumplike.stp - Dump of Received TCP Packets
      +keywords: NETWORK TRAFFIC
      +

      The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags.

    USE

      diff --git a/testsuite/systemtap.examples/keyword-index.txt b/testsuite/systemtap.examples/keyword-index.txt index 8fd8e0d8..40b5276f 100644 --- a/testsuite/systemtap.examples/keyword-index.txt +++ b/testsuite/systemtap.examples/keyword-index.txt @@ -281,6 +281,14 @@ keywords: network tcp socket originator of the request. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + = PER-PROCESS = network/nettop.stp - Periodic Listing of Processes Using Network Interfaces @@ -597,6 +605,14 @@ keywords: network traffic per-process interval. +network/tcpdumplike.stp - Dump of Received TCP Packets +keywords: network traffic + + The tcpdumplike.stp prints out a line for each TCP packet received. + Each line includes the source and destination IP addresses, the + source and destination ports, and flags. + + = USE = general/graphs.stp - Graphing Disk and CPU Utilization diff --git a/testsuite/systemtap.examples/network/tcpdumplike.meta b/testsuite/systemtap.examples/network/tcpdumplike.meta new file mode 100644 index 00000000..8fb9fccb --- /dev/null +++ b/testsuite/systemtap.examples/network/tcpdumplike.meta @@ -0,0 +1,12 @@ +title: Dump of Received TCP Packets +name: tcpdumplike.stp +version: 1.0 +author: anonymous +keywords: network traffic +subsystem: network +status: production +exit: user-controlled +output: timed +scope: system-wide +description: The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags. +test_installcheck: stap tcpdumplike.stp -c "sleep 1" diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp index 533c71b9..de3899d6 100755 --- a/testsuite/systemtap.examples/network/tcpdumplike.stp +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -3,12 +3,12 @@ // A TCP dump like example probe begin, timer.s(1) { - printf("-----------------------------------------------------------------\n"); - printf(" Source IP Dest IP SPort DPort U A P R S F \n"); - printf("-----------------------------------------------------------------\n"); + printf("-----------------------------------------------------------------\n") + printf(" Source IP Dest IP SPort DPort U A P R S F \n") + printf("-----------------------------------------------------------------\n") } probe tcp.receive { - printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", - saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) + printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", + saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) } -- cgit