[ltt-dev] [PATCH 4/4] Add probes for detailed tracing of network traffic

Benjamin Poirier benjamin.poirier at polymtl.ca
Wed Oct 21 16:51:40 EDT 2009 

Allows to choose probes that record many header fields from TCP and UDP
messages. This can provide some pcap-like functionality within LTTng. It
can also allow offline synchronization of distributed traces.

Signed-off-by: Benjamin Poirier <benjamin.poirier at polymtl.ca>
---
 include/linux/ltt-type-serializer.h |   49 ++++++++++++
 ltt/probes/Makefile                 |    3 +-
 ltt/probes/net-extended-trace.c     |  143 +++++++++++++++++++++++++++++++++++
 3 files changed, 194 insertions(+), 1 deletions(-)
 create mode 100644 ltt/probes/net-extended-trace.c

diff --git a/include/linux/ltt-type-serializer.h b/include/linux/ltt-type-serializer.h
index 3b2b1c9..e27fdb8 100644
--- a/include/linux/ltt-type-serializer.h
+++ b/include/linux/ltt-type-serializer.h
@@ -134,4 +134,53 @@ struct serialize_long_long_sizet_int_int {
 	unsigned char end_field[0];
 } LTT_ALIGN;
 
+struct serialize_lllscssllccccc {
+	unsigned long f1;
+	unsigned long f2;
+	unsigned long f3;
+	unsigned short f4;
+	unsigned char f5;
+	unsigned short f6;
+	unsigned short f7;
+	unsigned long f8;
+	unsigned long f9;
+	unsigned char f10;
+	unsigned char f11;
+	unsigned char f12;
+	unsigned char f13;
+	unsigned char f14;
+	unsigned char end_field[0];
+} LTT_ALIGN;
+
+struct serialize_lscllscssllccccc {
+	unsigned long f1;
+	unsigned short f2;
+	unsigned char f3;
+	unsigned long f4;
+	unsigned long f5;
+	unsigned short f6;
+	unsigned char f7;
+	unsigned short f8;
+	unsigned short f9;
+	unsigned long f10;
+	unsigned long f11;
+	unsigned char f12;
+	unsigned char f13;
+	unsigned char f14;
+	unsigned char f15;
+	unsigned char f16;
+	unsigned char end_field[0];
+} LTT_ALIGN;
+
+struct serialize_lllcsssL {
+	unsigned long f1;
+	unsigned long f2;
+	unsigned long f3;
+	unsigned char f4;
+	unsigned short f5;
+	unsigned short f6;
+	unsigned short f7;
+	unsigned long long f8;
+	unsigned char end_field[0];
+} LTT_ALIGN;
 #endif /* _LTT_TYPE_SERIALIZER_H */
diff --git a/ltt/probes/Makefile b/ltt/probes/Makefile
index 7b16c02..56c4fff 100644
--- a/ltt/probes/Makefile
+++ b/ltt/probes/Makefile
@@ -19,8 +19,9 @@ obj-$(CONFIG_LTT_TRACEPROBES)	+= kernel-trace.o mm-trace.o fs-trace.o \
 ifeq ($(CONFIG_NET),y)
 ifdef CONFIG_FTRACE
 CFLAGS_REMOVE_net-trace.o = -pg
+CFLAGS_REMOVE_net-extended-trace.o = -pg
 endif
-obj-$(CONFIG_LTT_TRACEPROBES)	+= net-trace.o
+obj-$(CONFIG_LTT_TRACEPROBES)	+= net-trace.o net-extended-trace.o
 endif
 
 ifdef CONFIG_JBD2
diff --git a/ltt/probes/net-extended-trace.c b/ltt/probes/net-extended-trace.c
new file mode 100644
index 0000000..470a039
--- /dev/null
+++ b/ltt/probes/net-extended-trace.c
@@ -0,0 +1,143 @@
+/*
+ * ltt/probes/net-extended-trace.c
+ *
+ * Net tracepoint extended probes.
+ *
+ * These probes record many header fields from TCP and UDP messages. Here are
+ * the consequences of this:
+ * 1) it allows analyzing network traffic to provide some pcap-like
+ *    functionality within LTTng
+ * 2) it allows offline synchronization of a group of concurrent traces
+ *    recorded on different nodes
+ * 3) it increases tracing overhead
+ *
+ * You can leave out these probes or not activate them if you are not
+ * especially interested in the details of network traffic and do not wish to
+ * synchronize distributed traces.
+ */
+
+#include <linux/in_route.h>
+#include <linux/ip.h>
+#include <linux/ltt-type-serializer.h>
+#include <linux/module.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+#include <net/route.h>
+#include <trace/net.h>
+
+void probe_net_dev_xmit_extended(struct sk_buff *skb);
+
+DEFINE_MARKER_TP(net, dev_xmit_extended, net_dev_xmit,
+	probe_net_dev_xmit_extended, "skb %p network_protocol #n2u%hu "
+	"transport_protocol #1u%u saddr #n4u%lu daddr #n4u%lu "
+	"tot_len #n2u%hu ihl #1u%u source #n2u%hu dest #n2u%hu seq #n4u%lu "
+	"ack_seq #n4u%lu doff #1u%u ack #1u%u rst #1u%u syn #1u%u fin #1u%u");
+
+notrace void probe_net_dev_xmit_extended(struct sk_buff *skb)
+{
+	struct marker *marker;
+	struct serialize_lscllscssllccccc data;
+	struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *th = tcp_hdr(skb);
+
+	data.f1 = (unsigned long)skb;
+	data.f2 = skb->protocol;
+
+	if (ntohs(skb->protocol) == ETH_P_IP) {
+		data.f3 = ip_hdr(skb)->protocol;
+		data.f4 = iph->saddr;
+		data.f5 = iph->daddr;
+		data.f6 = iph->tot_len;
+		data.f7 = iph->ihl;
+
+		if (data.f3 == IPPROTO_TCP) {
+			data.f8 = th->source;
+			data.f9 = th->dest;
+			data.f10 = th->seq;
+			data.f11 = th->ack_seq;
+			data.f12 = th->doff;
+			data.f13 = th->ack;
+			data.f14 = th->rst;
+			data.f15 = th->syn;
+			data.f16 = th->fin;
+		}
+	}
+
+	marker = &GET_MARKER(net, dev_xmit_extended);
+	ltt_specialized_trace(marker, marker->single.probe_private,
+		&data, serialize_sizeof(data), sizeof(long));
+}
+
+void probe_tcpv4_rcv_extended(struct sk_buff *skb);
+
+DEFINE_MARKER_TP(net, tcpv4_rcv_extended, net_tcpv4_rcv,
+	probe_tcpv4_rcv_extended, "skb %p saddr #n4u%lu daddr #n4u%lu "
+	"tot_len #n2u%hu ihl #1u%u source #n2u%hu dest #n2u%hu seq #n4u%lu "
+	"ack_seq #n4u%lu doff #1u%u ack #1u%u rst #1u%u syn #1u%u fin #1u%u");
+
+notrace void probe_tcpv4_rcv_extended(struct sk_buff *skb)
+{
+	struct marker *marker;
+	struct serialize_lllscssllccccc data;
+	struct iphdr *iph = ip_hdr(skb);
+	struct tcphdr *th = tcp_hdr(skb);
+
+	data.f1 = (unsigned long)skb;
+	data.f2 = iph->saddr;
+	data.f3 = iph->daddr;
+	data.f4 = iph->tot_len;
+	data.f5 = iph->ihl;
+	data.f6 = th->source;
+	data.f7 = th->dest;
+	data.f8 = th->seq;
+	data.f9 = th->ack_seq;
+	data.f10 = th->doff;
+	data.f11 = th->ack;
+	data.f12 = th->rst;
+	data.f13 = th->syn;
+	data.f14 = th->fin;
+
+	marker = &GET_MARKER(net, tcpv4_rcv_extended);
+	ltt_specialized_trace(marker, marker->single.probe_private,
+		&data, serialize_sizeof(data), sizeof(long));
+}
+
+void probe_udpv4_rcv_extended(struct sk_buff *skb);
+
+DEFINE_MARKER_TP(net, udpv4_rcv_extended, net_udpv4_rcv,
+	probe_udpv4_rcv_extended, "skb %p saddr #n4u%lu daddr #n4u%lu "
+	"unicast #1u%u ulen #n2u%hu source #n2u%hu dest #n2u%hu "
+	"data_start #8u%lx");
+
+notrace void probe_udpv4_rcv_extended(struct sk_buff *skb)
+{
+	struct marker *marker;
+	struct serialize_lllcsssL data;
+	struct iphdr *iph = ip_hdr(skb);
+	struct rtable *rt = skb_rtable(skb);
+	struct udphdr *uh = udp_hdr(skb);
+
+	data.f1 = (unsigned long)skb;
+	data.f2 = iph->saddr;
+	data.f3 = iph->daddr;
+	data.f4 = rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST) ? 0 : 1;
+	data.f5 = uh->len;
+	data.f6 = uh->source;
+	data.f7 = uh->dest;
+	/* UDP header has not been pulled from skb->data, read the first 8
+	 * bytes of UDP data if they are not in a fragment*/
+	data.f8 = 0;
+	if (skb_headlen(skb) >= sizeof(struct udphdr) + 8)
+		data.f8 = *(unsigned long long *)(skb->data + sizeof(*uh));
+	else if (skb_headlen(skb) >= sizeof(struct udphdr))
+		memcpy(&data.f8, skb->data + sizeof(struct udphdr),
+			skb_headlen(skb) - sizeof(struct udphdr));
+
+	marker = &GET_MARKER(net, udpv4_rcv_extended);
+	ltt_specialized_trace(marker, marker->single.probe_private,
+		&data, serialize_sizeof(data), sizeof(unsigned long long));
+}
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Benjamin Poirier");
+MODULE_DESCRIPTION("Net Tracepoint Extended Probes");
-- 
1.6.3.3

More information about the lttng-dev mailing list