Hello, I''m looking for the way to monitor network activity by zone, maybe I''m wrong, but since tools such SNMP agents use kernel stats, and kernel stats are global, I can''t use this way. That''s I''m looking for a way to do that with dtrace. In a brendan''s dtrace script (I don''t remember which one by heart), I see he used mib probes. So I wonder if the following code mib:::tcpOutDataBytes { @tcpout[ zonename ] = sum(args[0]); } mib:::tcpRetransBytes { @tcpout[ zonename ] = sum(args[0]); } mib:::tcpInDataInorderBytes { @tcpin[ zonename ] = sum(args[0]); } mib:::tcpInDataDupBytes { @tcpin[ zonename ] = sum(args[0]); } mib:::tcpInDataUnorderBytes { @tcpin[ zonename ] = sum(args[0]); } mib:::udpInDatagrams { @udpin[ zonename ] = sum(args[0]); } mib:::udpInErrors { @udpin[ zonename ] = sum(args[0]); } mib:::udpInCksumErrs { @udpin_err[ zonename ] = sum(args[0]); } mib:::udpOutDatagrams { @udpout[ zonename ]= sum(args[0]); } mib:::udpOutErrors { @udpout_err = sum(args[0]); } is sufficient to monitor TCP/UDP traffic ? I also thinking about use ip_input / ip_output, but I must confess I have difficulties to find the size of ip data in both functions. But if you think it''s the better way I''ll read the code more carefully. Thanks -- http://asyd.net/home/
On Sun, Feb 12, 2006 at 11:00:00AM +0100, Bruno Bonfils wrote:> > Hello, > > I''m looking for the way to monitor network activity by zone, maybe I''m > wrong, but since tools such SNMP agents use kernel stats, and kernel > stats are global, I can''t use this way. > > That''s I''m looking for a way to do that with dtrace. In a brendan''s > dtrace script (I don''t remember which one by heart), I see he used mib > probes. > > So I wonder if the following code > > mib:::tcpOutDataBytes { @tcpout[ zonename ] = sum(args[0]); } > mib:::tcpRetransBytes { @tcpout[ zonename ] = sum(args[0]); } > mib:::tcpInDataInorderBytes { @tcpin[ zonename ] = sum(args[0]); } > mib:::tcpInDataDupBytes { @tcpin[ zonename ] = sum(args[0]); } > mib:::tcpInDataUnorderBytes { @tcpin[ zonename ] = sum(args[0]); } > mib:::udpInDatagrams { @udpin[ zonename ] = sum(args[0]); } > mib:::udpInErrors { @udpin[ zonename ] = sum(args[0]); } > mib:::udpInCksumErrs { @udpin_err[ zonename ] = sum(args[0]); } > mib:::udpOutDatagrams { @udpout[ zonename ]= sum(args[0]); } > mib:::udpOutErrors { @udpout_err = sum(args[0]); } > > is sufficient to monitor TCP/UDP traffic ?This approach will not work; the context of MIB provider probes is not guaranteed to be the context the data is going to/coming from. Cheers, - jonathan> I also thinking about use ip_input / ip_output, but I must confess I > have difficulties to find the size of ip data in both functions. But > if you think it''s the better way I''ll read the code more carefully. > > Thanks > -- > http://asyd.net/home/ > > _______________________________________________ > dtrace-discuss mailing list > dtrace-discuss at opensolaris.org-- Jonathan Adams, Solaris Kernel Development
G''Day Folks, On Mon, 13 Feb 2006, Jonathan Adams wrote:> On Sun, Feb 12, 2006 at 11:00:00AM +0100, Bruno Bonfils wrote: > > > > Hello, > > > > I''m looking for the way to monitor network activity by zone, maybe I''m > > wrong, but since tools such SNMP agents use kernel stats, and kernel > > stats are global, I can''t use this way. > > > > That''s I''m looking for a way to do that with dtrace. In a brendan''s > > dtrace script (I don''t remember which one by heart), I see he used mib > > probes. > > > > So I wonder if the following code > > > > mib:::tcpOutDataBytes { @tcpout[ zonename ] = sum(args[0]); } > > mib:::tcpRetransBytes { @tcpout[ zonename ] = sum(args[0]); } > > mib:::tcpInDataInorderBytes { @tcpin[ zonename ] = sum(args[0]); } > > mib:::tcpInDataDupBytes { @tcpin[ zonename ] = sum(args[0]); } > > mib:::tcpInDataUnorderBytes { @tcpin[ zonename ] = sum(args[0]); } > > mib:::udpInDatagrams { @udpin[ zonename ] = sum(args[0]); } > > mib:::udpInErrors { @udpin[ zonename ] = sum(args[0]); } > > mib:::udpInCksumErrs { @udpin_err[ zonename ] = sum(args[0]); } > > mib:::udpOutDatagrams { @udpout[ zonename ]= sum(args[0]); } > > mib:::udpOutErrors { @udpout_err = sum(args[0]); } > > > > is sufficient to monitor TCP/UDP traffic ? > > This approach will not work; the context of MIB provider probes is not > guaranteed to be the context the data is going to/coming from.Exactly. I never use mib probes for by-process (or by-zone), only for by-system. If you want to tackle network properly from DTrace, then my advice would be this: write the test cases before you write the DTrace. Think of all the variety of network traffic and how you can generate known quantities. THEN write the DTrace. DTracing network traffic leads to enormous pain (no fault of DTrace) just the variety of different ways that Solaris can process packets (many to improve performance). And since it involves using many fbt probes, it can (and has) changed during updates of Solaris 10. Once a net provider has been written, this will all be much easier. Brendan