This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

tcp_connects script redux


Here's a more completed version of tcp_connects script. This version has been tested with RHEL4 i386 and FC4 i386. The output would look like this

stap -g tcp_connects_wa.stp
UID     CMD             PID             PORT    IP_SOURCE
0       sshd            1961             22     9.47.18.87
0       sshd            1961             22     9.47.67.99

Note: the tcp_connect_wa.stp has a work around for the $retvalue bug is fixed. After the $retvalue bug is fixed we should use the tcp_connects.stp script.

Hien.

%{
#include <linux/version.h>
#include <net/sock.h>
#include <net/tcp.h>

#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11) 
#define LPORT	(inet->inet.num)
#define DADDR	(&inet->inet.daddr)
#else 
#define LPORT 	(inet->num)
#define DADDR	(&inet->daddr)
#endif
%}


function _get_eax () %{
	if (CONTEXT && CONTEXT->regs)
		THIS->__retvalue = CONTEXT->regs->eax;
	else
		THIS->__retvalue = -1;
%} 

function get_local_port:long(sock) 
%{
	unsigned long ptr = (unsigned long) THIS->sock;

	struct inet_sock *inet = (struct inet_sock *) ptr;
	THIS->__retvalue = (long long) LPORT;
%}

function get_ip_source:string(sock)
%{
	unsigned long ptr = (unsigned long) THIS->sock;
	struct inet_sock *inet = (struct inet_sock *) ptr;
	unsigned char addr[4];
	memcpy(addr, DADDR, sizeof(addr));
	sprintf(THIS->__retvalue, "%d.%d.%d.%d", 
		addr[0], addr[1],  addr[2], addr[3]); 

%}

function get_eax() {
	return _get_eax() + 0
}

probe begin {
	log ("UID\tCMD\t\tPID\t\tPORT\tIP_SOURCE")
}
probe kernel.function("tcp_accept").return {
	sock = get_eax() 
	if (sock != 0)
		log(string(uid())."\t".
			execname()."\t\t".
			string(pid())."\t\t ".
			string(get_local_port(sock))."\t".
 			get_ip_source(sock))
}
%{
#include <linux/version.h>
#include <net/sock.h>
#include <net/tcp.h>

#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11) 
#define LPORT	(inet->inet.num)
#define DADDR	(&inet->inet.daddr)
#else 
#define LPORT 	(inet->num)
#define DADDR	(&inet->daddr)
#endif
%}

function get_local_port:long(sock) 
%{
	unsigned long ptr = (unsigned long) THIS->sock;

	struct inet_sock *inet = (struct inet_sock *) ptr;
	THIS->__retvalue = (long long) LPORT;
%}

function get_ip_source:string(sock)
%{
	unsigned long ptr = (unsigned long) THIS->sock;
	struct inet_sock *inet = (struct inet_sock *) ptr;
	unsigned char addr[4];
	memcpy(addr, DADDR, sizeof(addr));
	sprintf(THIS->__retvalue, "%d.%d.%d.%d", 
		addr[0], addr[1],  addr[2], addr[3]); 

%}


probe begin {
	log ("UID\tCMD\t\tPID\t\tPORT\tIP_SOURCE")
}

probe kernel.function("tcp_accept").return {
	sock = $retvalue 
	if (sock != 0)
		log(string(uid())."\t".
			execname()."\t\t".
			string(pid())."\t\t ".
			string(get_local_port(sock))."\t".
 			get_ip_source(sock))
}

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]