<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Jessica, <br>
<br>
I am ccing the list because this is relevant and I am hoping someone
yells at me: "No you're wrong!" It's a great way to learn. <br>
<div class="moz-cite-prefix">On 13-06-28 03:33 PM, Jessica Foest
wrote:<br>
</div>
<blockquote
cite="mid:CAPxN80D7K-DXgxNcPOFrfmpOeEvL0q-sELmsUR8gF_8MWd2yfg@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div dir="ltr">
<div>
<div>
<div>
<div>hi Matthew,<br>
</div>
<div>thanks for your response <br>
</div>
<div><br>
</div>
i'm using ubuntu distribution.<br>
</div>
your solution seems to be a good one but i'm not sure that i
understand what do you mean by <tt>"check later events to
infer if enabled is true" , can your explain to me how can
i do it ? <br>
</tt></div>
</div>
</div>
</blockquote>
<br>
<tt>Ok, you can do it in may ways technically, also I am far from
being an expert on the subject of promiscuity, you may want to
consult with people in security for less <br>
<br>
let's say you have the following events<br>
<br>
file_read, net_set_promiscuous, file_read, file_write,
net_copy_whole_packet_to_cpu, file_touch<br>
<br>
these are obviously made up events, but it's to give you an idea
of what's going on. <br>
<br>
you know the mode is set when net_set_promiscuous is called, you
don't know if it's changed or not, someone can be calling true or
false constantly. <br>
you know that net_copy_whole_packet_to_cpu is only callable when
the card is in promiscuous mode.<br>
let's say there's a second set promiscous mode and nothing saying
before that the card was in promiscuous mode, could it be safe to
assume that it was not? <br>
<br>
When you get the second packet, you know the mode. <br>
<br>
function receive_event(event event_){<br>
if( event.is_promiscuous() == true) {<br>
flags.new_promiscuous_mode = true; <br>
</tt><tt><tt> flags.new_promiscuous_time = event.ts;<br>
</tt>
}<br>
if(
event.is_an_event_that_will_only_happen_in_promiscuous_mode() ) {<br>
if( </tt><tt><tt>flags.new_promiscuous_mode == true) {<br>
</tt></tt><tt><tt><tt> flags.new_promiscuous_mode = false;<br>
flags.promiscuous = true;<br>
}<br>
</tt></tt>}<br>
}</tt><br>
<br>
This is by the way one of the interesting use cases of the state
systems available in eclipse and the awesome LTTv. You read the
trace once, infer more information then the analysis tools will give
you pertinent info, instead of sifting through a detailed events
list like this <a class="moz-txt-link-freetext" href="http://youtu.be/3vAnuBtyEYE">http://youtu.be/3vAnuBtyEYE</a>. <br>
<br>
best regards, <br>
<br>
Matthew<br>
<br>
<blockquote
cite="mid:CAPxN80D7K-DXgxNcPOFrfmpOeEvL0q-sELmsUR8gF_8MWd2yfg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div><tt><br>
</tt></div>
<tt>regards<br>
</tt></div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/6/27 Matthew Khouzam <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:matthew.khouzam@ericsson.com" target="_blank">matthew.khouzam@ericsson.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <tt>Hi, <br>
<br>
Welcome to LTTng-dev.<br>
</tt><br>
<tt><tt>What distro are you using? <br>
<br>
</tt>I am looking at the tracepoints, I see system tap
has probe:netdev.set_promiscuity, it's probably not in
the default list but it hooked onto set_promiscuity.<br>
<br>
Maybe you can use a kprobe on set_promiscuity and then
check later events to infer if enabled is true. I'm
sorry, I work more on the trace viewing side than the
kernel side so my knowledge is rather limited. <br>
<br>
Hope this helps and please keep us updated, this is an
interesting problem.<span class="HOEnZb"><font
color="#888888"><br>
<br>
Matthew<br>
<br>
<br>
</font></span></tt>
<div>
<div class="h5">
<div>On 13-06-26 04:14 PM, Jessica Foest wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">
<div>
<div>
<div>Hi<br>
<br>
when use lttng network tracepoint it didn't
display network interface mode (like
promiscuous mode or other ) . did i miss
some tracepoint option or it's a limitation
?<br>
</div>
</div>
</div>
regard</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/6/26 Jessica Foest <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:jessica.foest@gmail.com"
target="_blank">jessica.foest@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Hi<br>
<br>
when use lttng network tracepoint it
didn't display network interface mode
(like promiscuous mode or other ) .
did i miss some tracepoint option or
it's a limitation ?<br>
</div>
</div>
</div>
regard<br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<div class="im">
<pre>_______________________________________________
lttng-dev mailing list
<a moz-do-not-send="true" href="mailto:lttng-dev@lists.lttng.org" target="_blank">lttng-dev@lists.lttng.org</a>
<a moz-do-not-send="true" href="http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev" target="_blank">http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev</a>
</pre>
</div>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>