[ltt-dev] [PATCH 4/4] Add probes for detailed tracing of network traffic

Fri Oct 23 10:31:01 EDT 2009

* Benjamin Poirier (benjamin.poirier at polymtl.ca) wrote:
> Allows to choose probes that record many header fields from TCP and UDP
> messages. This can provide some pcap-like functionality within LTTng. It
> can also allow offline synchronization of distributed traces.
> 
> Signed-off-by: Benjamin Poirier <benjamin.poirier at polymtl.ca>
> ---
>  include/linux/ltt-type-serializer.h |   49 ++++++++++++
>  ltt/probes/Makefile                 |    3 +-
>  ltt/probes/net-extended-trace.c     |  143 +++++++++++++++++++++++++++++++++++
>  3 files changed, 194 insertions(+), 1 deletions(-)
>  create mode 100644 ltt/probes/net-extended-trace.c
> 
> diff --git a/include/linux/ltt-type-serializer.h b/include/linux/ltt-type-serializer.h
> index 3b2b1c9..e27fdb8 100644
> --- a/include/linux/ltt-type-serializer.h
> +++ b/include/linux/ltt-type-serializer.h
> @@ -134,4 +134,53 @@ struct serialize_long_long_sizet_int_int {
>  	unsigned char end_field[0];
>  } LTT_ALIGN;
>  
> +struct serialize_lllscssllccccc {
> +	unsigned long f1;
> +	unsigned long f2;

sizeof(unsigned long) != 4 on 64-bit machines. I just fixed these by
using the appropriate uint32_t, uint16_t and uint8_t when required.

Mathieu

> +	unsigned long f3;
> +	unsigned short f4;
> +	unsigned char f5;
> +	unsigned short f6;
> +	unsigned short f7;
> +	unsigned long f8;
> +	unsigned long f9;
> +	unsigned char f10;
> +	unsigned char f11;
> +	unsigned char f12;
> +	unsigned char f13;
> +	unsigned char f14;
> +	unsigned char end_field[0];
> +} LTT_ALIGN;
> +
> +struct serialize_lscllscssllccccc {
> +	unsigned long f1;
> +	unsigned short f2;
> +	unsigned char f3;
> +	unsigned long f4;
> +	unsigned long f5;
> +	unsigned short f6;
> +	unsigned char f7;
> +	unsigned short f8;
> +	unsigned short f9;
> +	unsigned long f10;
> +	unsigned long f11;
> +	unsigned char f12;
> +	unsigned char f13;
> +	unsigned char f14;
> +	unsigned char f15;
> +	unsigned char f16;
> +	unsigned char end_field[0];
> +} LTT_ALIGN;
> +
> +struct serialize_lllcsssL {
> +	unsigned long f1;
> +	unsigned long f2;
> +	unsigned long f3;
> +	unsigned char f4;
> +	unsigned short f5;
> +	unsigned short f6;
> +	unsigned short f7;
> +	unsigned long long f8;
> +	unsigned char end_field[0];
> +} LTT_ALIGN;
>  #endif /* _LTT_TYPE_SERIALIZER_H */
> diff --git a/ltt/probes/Makefile b/ltt/probes/Makefile
> index 7b16c02..56c4fff 100644
> --- a/ltt/probes/Makefile
> +++ b/ltt/probes/Makefile
> @@ -19,8 +19,9 @@ obj-$(CONFIG_LTT_TRACEPROBES)	+= kernel-trace.o mm-trace.o fs-trace.o \
>  ifeq ($(CONFIG_NET),y)
>  ifdef CONFIG_FTRACE
>  CFLAGS_REMOVE_net-trace.o = -pg
> +CFLAGS_REMOVE_net-extended-trace.o = -pg
>  endif
> -obj-$(CONFIG_LTT_TRACEPROBES)	+= net-trace.o
> +obj-$(CONFIG_LTT_TRACEPROBES)	+= net-trace.o net-extended-trace.o
>  endif
>  
>  ifdef CONFIG_JBD2
> diff --git a/ltt/probes/net-extended-trace.c b/ltt/probes/net-extended-trace.c
> new file mode 100644
> index 0000000..470a039
> --- /dev/null
> +++ b/ltt/probes/net-extended-trace.c
> @@ -0,0 +1,143 @@
> +/*
> + * ltt/probes/net-extended-trace.c
> + *
> + * Net tracepoint extended probes.
> + *
> + * These probes record many header fields from TCP and UDP messages. Here are
> + * the consequences of this:
> + * 1) it allows analyzing network traffic to provide some pcap-like
> + *    functionality within LTTng
> + * 2) it allows offline synchronization of a group of concurrent traces
> + *    recorded on different nodes
> + * 3) it increases tracing overhead
> + *
> + * You can leave out these probes or not activate them if you are not
> + * especially interested in the details of network traffic and do not wish to
> + * synchronize distributed traces.
> + */
> +
> +#include <linux/in_route.h>
> +#include <linux/ip.h>
> +#include <linux/ltt-type-serializer.h>
> +#include <linux/module.h>
> +#include <linux/tcp.h>
> +#include <linux/udp.h>
> +#include <net/route.h>
> +#include <trace/net.h>
> +
> +void probe_net_dev_xmit_extended(struct sk_buff *skb);
> +
> +DEFINE_MARKER_TP(net, dev_xmit_extended, net_dev_xmit,
> +	probe_net_dev_xmit_extended, "skb %p network_protocol #n2u%hu "
> +	"transport_protocol #1u%u saddr #n4u%lu daddr #n4u%lu "
> +	"tot_len #n2u%hu ihl #1u%u source #n2u%hu dest #n2u%hu seq #n4u%lu "
> +	"ack_seq #n4u%lu doff #1u%u ack #1u%u rst #1u%u syn #1u%u fin #1u%u");
> +
> +notrace void probe_net_dev_xmit_extended(struct sk_buff *skb)
> +{
> +	struct marker *marker;
> +	struct serialize_lscllscssllccccc data;
> +	struct iphdr *iph = ip_hdr(skb);
> +	struct tcphdr *th = tcp_hdr(skb);
> +
> +	data.f1 = (unsigned long)skb;
> +	data.f2 = skb->protocol;
> +
> +	if (ntohs(skb->protocol) == ETH_P_IP) {
> +		data.f3 = ip_hdr(skb)->protocol;
> +		data.f4 = iph->saddr;
> +		data.f5 = iph->daddr;
> +		data.f6 = iph->tot_len;
> +		data.f7 = iph->ihl;
> +
> +		if (data.f3 == IPPROTO_TCP) {
> +			data.f8 = th->source;
> +			data.f9 = th->dest;
> +			data.f10 = th->seq;
> +			data.f11 = th->ack_seq;
> +			data.f12 = th->doff;
> +			data.f13 = th->ack;
> +			data.f14 = th->rst;
> +			data.f15 = th->syn;
> +			data.f16 = th->fin;
> +		}
> +	}
> +
> +	marker = &GET_MARKER(net, dev_xmit_extended);
> +	ltt_specialized_trace(marker, marker->single.probe_private,
> +		&data, serialize_sizeof(data), sizeof(long));
> +}
> +
> +void probe_tcpv4_rcv_extended(struct sk_buff *skb);
> +
> +DEFINE_MARKER_TP(net, tcpv4_rcv_extended, net_tcpv4_rcv,
> +	probe_tcpv4_rcv_extended, "skb %p saddr #n4u%lu daddr #n4u%lu "
> +	"tot_len #n2u%hu ihl #1u%u source #n2u%hu dest #n2u%hu seq #n4u%lu "
> +	"ack_seq #n4u%lu doff #1u%u ack #1u%u rst #1u%u syn #1u%u fin #1u%u");
> +
> +notrace void probe_tcpv4_rcv_extended(struct sk_buff *skb)
> +{
> +	struct marker *marker;
> +	struct serialize_lllscssllccccc data;
> +	struct iphdr *iph = ip_hdr(skb);
> +	struct tcphdr *th = tcp_hdr(skb);
> +
> +	data.f1 = (unsigned long)skb;
> +	data.f2 = iph->saddr;
> +	data.f3 = iph->daddr;
> +	data.f4 = iph->tot_len;
> +	data.f5 = iph->ihl;
> +	data.f6 = th->source;
> +	data.f7 = th->dest;
> +	data.f8 = th->seq;
> +	data.f9 = th->ack_seq;
> +	data.f10 = th->doff;
> +	data.f11 = th->ack;
> +	data.f12 = th->rst;
> +	data.f13 = th->syn;
> +	data.f14 = th->fin;
> +
> +	marker = &GET_MARKER(net, tcpv4_rcv_extended);
> +	ltt_specialized_trace(marker, marker->single.probe_private,
> +		&data, serialize_sizeof(data), sizeof(long));
> +}
> +
> +void probe_udpv4_rcv_extended(struct sk_buff *skb);
> +
> +DEFINE_MARKER_TP(net, udpv4_rcv_extended, net_udpv4_rcv,
> +	probe_udpv4_rcv_extended, "skb %p saddr #n4u%lu daddr #n4u%lu "
> +	"unicast #1u%u ulen #n2u%hu source #n2u%hu dest #n2u%hu "
> +	"data_start #8u%lx");
> +
> +notrace void probe_udpv4_rcv_extended(struct sk_buff *skb)
> +{
> +	struct marker *marker;
> +	struct serialize_lllcsssL data;
> +	struct iphdr *iph = ip_hdr(skb);
> +	struct rtable *rt = skb_rtable(skb);
> +	struct udphdr *uh = udp_hdr(skb);
> +
> +	data.f1 = (unsigned long)skb;
> +	data.f2 = iph->saddr;
> +	data.f3 = iph->daddr;
> +	data.f4 = rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST) ? 0 : 1;
> +	data.f5 = uh->len;
> +	data.f6 = uh->source;
> +	data.f7 = uh->dest;
> +	/* UDP header has not been pulled from skb->data, read the first 8
> +	 * bytes of UDP data if they are not in a fragment*/
> +	data.f8 = 0;
> +	if (skb_headlen(skb) >= sizeof(struct udphdr) + 8)
> +		data.f8 = *(unsigned long long *)(skb->data + sizeof(*uh));
> +	else if (skb_headlen(skb) >= sizeof(struct udphdr))
> +		memcpy(&data.f8, skb->data + sizeof(struct udphdr),
> +			skb_headlen(skb) - sizeof(struct udphdr));
> +
> +	marker = &GET_MARKER(net, udpv4_rcv_extended);
> +	ltt_specialized_trace(marker, marker->single.probe_private,
> +		&data, serialize_sizeof(data), sizeof(unsigned long long));
> +}
> +
> +MODULE_LICENSE("GPL");
> +MODULE_AUTHOR("Benjamin Poirier");
> +MODULE_DESCRIPTION("Net Tracepoint Extended Probes");
> -- 
> 1.6.3.3
> 
> 
> _______________________________________________
> ltt-dev mailing list
> ltt-dev at lists.casi.polymtl.ca
> http://lists.casi.polymtl.ca/cgi-bin/mailman/listinfo/ltt-dev
> 

-- 
Mathieu Desnoyers
OpenPGP key fingerprint: 8CD5 52C3 8E3C 4140 715F  BA06 3F25 A8FE 3BAE 9A68