From 397c575b2789fe65d3c02b968d56fe788f37bec0 Mon Sep 17 00:00:00 2001 From: "Frank Ch. Eigler" Date: Wed, 26 Jun 2013 12:49:20 -0400 Subject: [PATCH] udp tapset: add source/dest ip/port variables, akin to those of tcp * systemtap.examples/network/tcpdumplike.stp: Slightly extended to demo this. --- tapset/linux/udp.stp | 80 +++++++++++++++++++ .../network/tcpdumplike.meta | 10 +-- .../network/tcpdumplike.stp | 5 ++ 3 files changed, 87 insertions(+), 8 deletions(-) diff --git a/tapset/linux/udp.stp b/tapset/linux/udp.stp index 9ff34f453..6327be364 100644 --- a/tapset/linux/udp.stp +++ b/tapset/linux/udp.stp @@ -1,5 +1,6 @@ // UDP tapset // Copyright (C) 2006 Intel Corporation. +// Copyright (C) 2013 Red Hat, Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General @@ -9,11 +10,28 @@ // This family of probe points is used to probe events that occur in the UDP layer. // +/* Helper functions analogous (or even identical) those in tcp.stp */ +function __get_skb_udphdr:long (skb:long) { return __get_skb_tcphdr(skb) } +function __udp_sock_sport (sock) { return __tcp_sock_sport (sock) } +function __udp_sock_dport (sock) { return __tcp_sock_dport (sock) } + +function __udp_skb_dport(udphdr) { return ntohs(@cast(udphdr, "udphdr")->dest) } +function __udp_skb_sport(udphdr) { return ntohs(@cast(udphdr, "udphdr")->source) } + + + + + /** * probe udp.sendmsg - Fires whenever a process sends a UDP message * @name: The name of this probe * @sock: Network socket used by the process * @size: Number of bytes sent by the process + * @family: IP address family + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: UDP source port + * @dport: UDP destination port * * Context: * The process which sent a UDP message @@ -22,6 +40,13 @@ probe udp.sendmsg = kernel.function("udp_sendmsg") { name = "udp.sendmsg" sock = $sk size = $len + %( systemtap_v >= "2.3" %? + family = __ip_sock_family($sk) + saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) + daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) + sport = __udp_sock_sport($sk) + dport = __udp_sock_dport($sk) + %) } /** @@ -35,6 +60,13 @@ probe udp.sendmsg = kernel.function("udp_sendmsg") { probe udp.sendmsg.return = kernel.function("udp_sendmsg").return { name = "udp.sendmsg" size = $return + %( systemtap_v >= "2.3" %? + family = __ip_sock_family($sk) + saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) + daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) + sport = __udp_sock_sport($sk) + dport = __udp_sock_dport($sk) + %) } /** @@ -42,6 +74,11 @@ probe udp.sendmsg.return = kernel.function("udp_sendmsg").return { * @name: The name of this probe * @sock: Network socket used by the process * @size: Number of bytes received by the process + * @family: IP address family + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: UDP source port + * @dport: UDP destination port * * Context: * The process which received a UDP message @@ -50,12 +87,24 @@ probe udp.recvmsg = kernel.function("udp_recvmsg") { name = "udp.recvmsg" sock = $sk size = $len + %( systemtap_v >= "2.3" %? + family = __ip_sock_family($sk) + saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) + daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) + sport = __udp_sock_sport($sk) + dport = __udp_sock_dport($sk) + %) } /** * probe udp.recvmsg.return - Fires whenever an attempt to receive a UDP message received is completed * @name: The name of this probe * @size: Number of bytes received by the process + * @family: IP address family + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: UDP source port + * @dport: UDP destination port * * Context: * The process which received a UDP message @@ -63,6 +112,13 @@ probe udp.recvmsg = kernel.function("udp_recvmsg") { probe udp.recvmsg.return = kernel.function("udp_recvmsg").return { name = "udp.recvmsg" size = $return + %( systemtap_v >= "2.3" %? + family = __ip_sock_family($sk) + saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) + daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) + sport = __udp_sock_sport($sk) + dport = __udp_sock_dport($sk) + %) } /** @@ -70,6 +126,11 @@ probe udp.recvmsg.return = kernel.function("udp_recvmsg").return { * @name: The name of this probe * @sock: Network socket used by the process * @flags: Flags (e.g. FIN, etc) + * @family: IP address family + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: UDP source port + * @dport: UDP destination port * * Context: * The process which requests a UDP disconnection @@ -78,12 +139,24 @@ probe udp.disconnect = kernel.function("udp_disconnect") { name = "udp.disconnect" sock = $sk flags = $flags + %( systemtap_v >= "2.3" %? + family = __ip_sock_family($sk) + saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) + daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) + sport = __udp_sock_sport($sk) + dport = __udp_sock_dport($sk) + %) } /** * probe udp.disconnect.return - UDP has been disconnected successfully * @name: The name of this probe * @ret: Error code (0: no error) + * @family: IP address family + * @saddr: A string representing the source IP address + * @daddr: A string representing the destination IP address + * @sport: UDP source port + * @dport: UDP destination port * * Context: * The process which requested a UDP disconnection @@ -91,4 +164,11 @@ probe udp.disconnect = kernel.function("udp_disconnect") { probe udp.disconnect.return = kernel.function("udp_disconnect").return { name = "udp.disconnect" ret = $return + %( systemtap_v >= "2.3" %? + family = __ip_sock_family($sk) + saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) + daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) + sport = __udp_sock_sport($sk) + dport = __udp_sock_dport($sk) + %) } diff --git a/testsuite/systemtap.examples/network/tcpdumplike.meta b/testsuite/systemtap.examples/network/tcpdumplike.meta index f5975aa68..ce14e9de1 100644 --- a/testsuite/systemtap.examples/network/tcpdumplike.meta +++ b/testsuite/systemtap.examples/network/tcpdumplike.meta @@ -1,13 +1,7 @@ -title: Dump of Received TCP Packets +title: Dump of Received UDP/TCP Packets name: tcpdumplike.stp -version: 1.0 -author: anonymous keywords: network traffic subsystem: network -status: production -exit: user-controlled -output: timed -scope: system-wide -description: The tcpdumplike.stp prints out a line for each TCP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags. +description: The tcpdumplike.stp prints out a line for each TCP & UDP packet received. Each line includes the source and destination IP addresses, the source and destination ports, and flags. test_check: stap -p4 tcpdumplike.stp test_installcheck: stap tcpdumplike.stp -c "sleep 0.2" diff --git a/testsuite/systemtap.examples/network/tcpdumplike.stp b/testsuite/systemtap.examples/network/tcpdumplike.stp index de3899d69..8bca5a097 100755 --- a/testsuite/systemtap.examples/network/tcpdumplike.stp +++ b/testsuite/systemtap.examples/network/tcpdumplike.stp @@ -8,6 +8,11 @@ probe begin, timer.s(1) { printf("-----------------------------------------------------------------\n") } +probe udp.recvmsg /* ,udp.sendmsg */ { + printf(" %15s %15s %5d %5d UDP\n", + saddr, daddr, sport, dport) +} + probe tcp.receive { printf(" %15s %15s %5d %5d %d %d %d %d %d %d\n", saddr, daddr, sport, dport, urg, ack, psh, rst, syn, fin) -- 2.43.5