This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: No saddr, daddr, dport for udp.recvmsg, udp.sendmsg
- From: AZX AMN <az1029az1029az at gmail dot com>
- To: "Frank Ch. Eigler" <fche at redhat dot com>
- Cc: systemtap at sourceware dot org
- Date: Fri, 26 Feb 2016 13:19:39 -0800
- Subject: Re: No saddr, daddr, dport for udp.recvmsg, udp.sendmsg
- Authentication-results: sourceware.org; auth=none
- References: <CAP768GDcKXHpiBL23XoMDnXVi1=QTG5yCRtYt-n3v_wxn6oi0w at mail dot gmail dot com> <y0megbzgu1a dot fsf at fche dot csb>
> I'm seeing similar behaviour here on Fedora 22 (kernel 4.3-ish). It
> appears that the incoming $sk, in its inet_sock cast, sometimes passes
> within the kernel without that data. For example, I get 0.0.0.0 IP
> addresses for some broadcast traffic such as mdns / rwho.
>
> Does this match your observations? Are you sure there is a problem?
>
I'm seeing this for regular unicast traffic although it does seem to
depend on the application. For example traffic of the OpenVPN
application always has only sport and so do DNS lookups from nslookup.
However lookups from dnsmasq have both saddr and sport (and still no
daddr or dport) and the same goes for ntp. Traffic from netcat ("nc -u
...") shows all fields properly.
> Compare also to this script, which operates at a different layer in the
> kernel:
>
> probe netfilter.ipv*.* {
> if (protocol==ipproto_udp)
> printd(" ", pp(), saddr, sport, daddr, dport, "\n")
> }
Indeed, this shows it all properly. But shouldn't recvmsg and sendmsg
also do it for normal unicast traffic?