This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
udp.sendmsg
- From: <webman at manfbraun dot de>
- To: <systemtap at sourceware dot org>
- Date: Sun, 10 Jul 2016 22:57:07 +0200
- Subject: udp.sendmsg
- Authentication-results: sourceware.org; auth=none
Hi !
Not sure, if this is a developer list or something I can ask
about some unexpected behavior of Systemtap.
I am using Systemtap 2.6/0.159 on debian 8.5 with kernel
3.16.0-4.
My script does not produce any errors, but it definitively
does not catch all packets! The core is just this:
probe udp.sendmsg {
if ( dport == 53 ) {
printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
}
}
This should provide me with all processes which make DNS calls (per UDP).
This is similar to examples on the examples site. What I see are packets
bei user applications like iceweasel and thought, everything ok. Wrong.
Then I took nslookup and it's call was NOT to see. I fired up a tcpdump for
dst port 53 and this show the nslookup's outgoing call. There is plenty
of memory free (usually about 8 GB) und loadavg is below 0.5
Additionally, outgoing calls from LXC containers are not seen - but they
dont use remote tunneled ports, they use the local bridges. tcpdump
shows these packets too.
It not easy to provide a complete environment, but to note, that there
is additionally to regard:
- a mix of total 10 network interfaces on the box
- 3 x eth'xx (physical) in use
- OpenVswitch, which provides two bridges with ports to a total of that 10.
- the server uses port bonding under control of OpenVswitch
I found something similar in a serverfault.com discussion
(http://serverfault.com/questions/192893/how-i-can-identify-which-process-is
-making-udp-traffic-on-linux )
which is:
# stap -e 'probe netfilter.ip.local_out {
if (dport == 53) # or parametrize
printf("%s[%d] %s:%d\n", execname(), pid(), daddr, dport)
}'
Same problem.
Ther are no extra net namespaces in use!
Any hints, thoughts or pointers are welcome.
Best regards,
Manfred