Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New filtered version of netif_receive_skb #1

Open
wants to merge 57 commits into
base: addons
from

Conversation

@tuxology
Copy link

commented Oct 30, 2014

A new module for you. I thought it might be interesting to do this. I have some plans to extend this with better filtering approaches.

giraldeau added 30 commits Jun 26, 2012
This module aims at recording network events and relate them to user-space
processes. It includes the following instrumentation.

 * records connect and accept to match client and server socks objects
 * records sock create, clone and delete
 * records hints about TCP packets sent and received

Instrumentation is performed with kprobe, by overriding the netfamilly IPV4 and
by means of netfilter hooks.
Thanks to Geneviève Bastien for this patch.
In older kernel < 3.6 function sock_from_file is not exported. Copy the
function to make it work.
Shift TCP flags according to endianness.

Thanks to Genevieve Bastien for this patch

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Character '-' is invalid in event name, replace it with underscore
Define sequence event type and write dummy event content.
Use save_stack_trace() kernel function to get address functions. Symbol name
resolution is left to the reader.

The callstack saved is of fixed length in this current state.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Pass same arguments to get_size_arg() than to record(). This new
operation has the same effect than get_size(), and the client code can
implement either one.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Ring buffer context is allocated on the stack and is thus interrupt and preempt
coherent. Use it to store a custom data pointer that a variable size event
context can use to store state information between call to get_size_arg() and
record().

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Plain syscall ID recording with a short int, do not record parameters, don't
try to do anything fancy.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Three commands: load, unload and reload. For unload to work, there must be no
tracing session running and lttng-sessiond must be stopped.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Scan the stack to check for addresses that looks like return addresses. Code to
evaluate overhead and precision of this technique.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Using code block for macro parameters allows to run arbitrary code in addition
to return value. The function stack_trace_get_size() computes the actual stack
trace, while stack_trace_get_entries() return previously computed values. We
disable preemption to make sure the code stays on the same CPU for the whole
duration of tracepoint execution. Since sys_entry can't be called from IRQ
context, no nesting can occur.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Avoid calling save_stack_trace_user() if the tracepoint is not enabled.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
giraldeau and others added 18 commits Apr 29, 2014
Record event only if there is a state change.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
The field tcph->cwr was duplicated, while tcph->fin was missing. Fixes
cross-endianness packet matching.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Test if the code path ttwu_local is missing.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
This module is deprecated.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Temp work around, because the show must go on.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
The field tcph->cwr was duplicated, while tcph->fin was missing. Fixes
cross-endianness packet matching.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
 * 3ce9c4c Unregister jprobe on module exit
 * b0cf83a Adding experimental support for ttwu_local
Socket tracepoints instrumentation from module involves overriding TCPv4 family
and many kprobes, and access symbols not exported. These tracepoints has no
chance to get into mainline lttng. Therefore, these tracepoints are deprecated
from now on.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
The layout of TCP header structure is network order in memory. Instead if
accessing individual members and shifting, copy directly two bytes at the
correct offset inside the TCP header.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
TCP event in/out are exactly the same, except for their name. Simplify the code
by using template.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Remove unused variables

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
Addons modules register tracepoints, and the register/unregister functions
needs to be exported for linux >= 3.15.

Signed-off-by: Francis Giraldeau <francis.giraldeau@gmail.com>
This allows to uniquely identify which machines are involved in the exchange

Signed-off-by: Geneviève Bastien <gbastien+lttng@versatic.net>
Only allows events to be recorded if the net device is "lo"
@giraldeau giraldeau force-pushed the giraldeau:addons branch 2 times, most recently from 79af5a0 to 802f91d Nov 26, 2014
@giraldeau giraldeau force-pushed the giraldeau:addons branch 2 times, most recently from 0032916 to 2c4d715 Jun 17, 2015
@giraldeau giraldeau force-pushed the giraldeau:addons branch from 61fc50d to a8ee7ae Jul 15, 2015
@giraldeau giraldeau force-pushed the giraldeau:addons branch from a8ee7ae to 629c32e Aug 7, 2015
@giraldeau giraldeau force-pushed the giraldeau:addons branch from 629c32e to f10902c Aug 22, 2015
@giraldeau giraldeau force-pushed the giraldeau:addons branch from 480bae1 to 950d883 Oct 9, 2015
@giraldeau giraldeau force-pushed the giraldeau:addons branch from 950d883 to 0b4fd8f Oct 26, 2015
@giraldeau giraldeau force-pushed the giraldeau:addons branch from 9a45fc9 to f5039f2 Feb 26, 2016
@giraldeau giraldeau force-pushed the giraldeau:addons branch from e8e79bc to 28298f9 Jun 28, 2016
@giraldeau giraldeau force-pushed the giraldeau:addons branch from 28298f9 to d29e12b Jul 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.