Brendan Gregg - Sun Microsystems
2007-Dec-20 22:41 UTC
[dtrace-discuss] DTrace IP provider, step 1
G''Day All,
I''m putting together a PSARC case to begin integration of the DTrace
network
providers. I''ve drawn up a rough plan which splits this project into
over a
dozen smaller steps, as documented on the network provider page:
http://www.opensolaris.org/os/community/dtrace/NetworkProvider#Plan
Below is a draft PSARC document for task 1, IP provider send/receive probes.
I''m looking to integrate this in the coming weeks, and then to move
straight
onto tasks 2 and 3 - TCP and UDP providers.
------------------------------------------------------------
A. INTRODUCTION
This case adds a DTrace ''ip'' provider with probes for send and
receive for
both IPv4 and IPv6 protocols. This is intended for use by customers for
network observability and troubleshooting, and is the first component of
a suite of planned providers for the network stack.
B. DESCRIPTION
This will introduce the following probes for the ''ip''
provider:
ip:::send
ip:::receive
The arguments to these probes are:
args[0] pktinfo_t * packet info
args[1] csinfo_t * connection state info
args[2] ipinfo_t * generic IP info
args[3] illinfo_t * interface info
args[4] ipv4info_t * IPv4 header
args[5] ipv6info_t * IPv6 header
The order and content has been chosen for consistency with other planned
network providers, and to also leave room to accommodate future
enhancements to the network stack.
The arguments contain:
/*
* pktinfo is where packet ID info can be made available for deeper
* analysis if packet IDs become supported by the kernel in the future.
*/
typedef struct pktinfo {
uint64_t pkt_id;
uintptr_t pkt_addr;
} pktinfo_t;
/*
* csinfo is where connection state info can be made available if
* connection IDs become supported by the kernel in the future.
*/
typedef struct csinfo {
uintptr_t cs_addr;
} csinfo_t;
/*
* ipinfo contains common IP info for both IPv4 and IPv6.
*/
typedef struct ipinfo {
uint8_t ip_ver; /* IP version (4, 6) */
uint16_t ip_plength; /* payload length */
string ip_saddr; /* source address */
string ip_daddr; /* destination address */
} ipinfo_t;
/*
* illinfo contains IP Lower Layer info.
*/
typedef struct illinfo {
string ill_name; /* interface name */
int8_t ill_local; /* is local */
netstackid_t ill_ipstack; /* ipstack ID */
uintptr_t ill_addr; /* pointer to raw ill_t */
} illinfo_t;
/*
* ipv4info is a translated version of the IPv4 header (with raw pointer).
*/
typedef struct ipv4info {
uint8_t ipv4_ver; /* IP version (4) */
uint8_t ipv4_ihl; /* header length, bytes */
uint8_t ipv4_tos; /* type of service field */
uint16_t ipv4_length; /* length (header + payload) */
uint16_t ipv4_ident; /* identification */
uint8_t ipv4_flags; /* IP flags */
uint16_t ipv4_offset; /* fragment offset */
uint8_t ipv4_ttl; /* time to live */
uint8_t ipv4_protocol; /* next level protocol */
uint16_t ipv4_checksum; /* header checksum */
ipaddr_t ipv4_src; /* source address */
ipaddr_t ipv4_dst; /* destination address */
string ipv4_saddr; /* source address, string */
string ipv4_daddr; /* destination address, string */
ipha_t *ipv4_hdr; /* pointer to raw header */
} ipv4info_t;
/*
* ipv6info is a translated version of the IPv6 header (with raw pointer).
*/
typedef struct ipv6info {
uint8_t ipv6_ver; /* IP version (6) */
uint8_t ipv6_tclass; /* traffic class */
uint32_t ipv6_flow; /* flow label */
uint16_t ipv6_plen; /* payload length */
uint8_t ipv6_next; /* next level protocol */
uint8_t ipv6_hlim; /* hop limit */
in6_addr_t *ipv6_src; /* source address */
in6_addr_t *ipv6_dst; /* destination address */
string ipv6_saddr; /* source address, string */
string ipv6_daddr; /* destination address, string */
ip6_t *ipv6_hdr; /* pointer to raw header */
} ipv6info_t;
C. EXAMPLES
This DTrace one-liner counts received packets by host:
# dtrace -n ''ip:::receive { @[args[2]->ip_saddr] = count();
}''
dtrace: description ''ip:::receive '' matched 4 probes
^C
192.168.1.5 1
192.168.1.185 4
fe80::214:4fff:fe3b:76c8 9
127.0.0.1 14
192.168.1.109 28
This DTrace one-liner prints distribution plots of sent payload size
by destination:
# dtrace -n ''ip:::send { @[args[2]->ip_daddr]
quantize(args[2]->ip_plength); }''
dtrace: description ''ip:::send '' matched 11 probes
^C
192.168.2.27
value ------------- Distribution ------------- count
8 | 0
16 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 7
32 |@@@@ 1
64 |@@@@ 1
128 | 0
192.168.1.109
value ------------- Distribution ------------- count
8 | 0
16 |@@@@@ 5
32 |@@@ 3
64 |@@@@@@@@@@@@@@@@@@@@@@@@@@ 24
128 |@ 1
256 |@ 1
512 |@@ 2
1024 |@ 1
2048 | 0
This DTrace script uses the ip provider to show packets as they pass in
and out of tunnels:
# ./ipio.d
CPU DELTA(us) SOURCE DEST INT BYTES
1 598913 10.1.100.123 -> 192.168.10.75 ip.tun0 68
1 73 192.168.1.108 -> 192.168.5.1 nge0 140
1 18325 192.168.1.108 <- 192.168.5.1 nge0 140
1 69 10.1.100.123 <- 192.168.10.75 ip.tun0 68
0 102921 10.1.100.123 -> 192.168.10.75 ip.tun0 20
0 79 192.168.1.108 -> 192.168.5.1 nge0 92
This DTrace script provides a neat summary for both send and receive
IP traffic:
# ./ipproto.d
Tracing... Hit Ctrl-C to end.
^C
SADDR DADDR PROTO COUNT
192.168.1.108 192.168.155.32 UDP 1
192.168.1.108 192.168.17.55 UDP 1
192.168.1.108 192.168.228.54 UDP 1
192.168.1.108 192.168.1.5 UDP 1
192.168.1.108 192.168.2.27 ICMP 1
192.168.1.200 192.168.3.255 UDP 1
192.168.1.5 192.168.1.108 UDP 1
192.168.2.27 192.168.1.108 ICMP 1
fe80::214:4fff:fe3b:76c8 ff02::1 ICMPV6 1
fe80::2e0:81ff:fe5e:8308 fe80::214:4fff:fe3b:76c8 ICMPV6 1
fe80::2e0:81ff:fe5e:8308 ff02::1:2 UDP 1
192.168.1.185 192.168.1.255 UDP 2
192.168.1.211 192.168.1.255 UDP 3
192.168.1.109 192.168.1.108 TCP 428
192.168.1.108 192.168.1.109 TCP 789
D. REFERENCES
The suite of planned providers is described on the following website,
which includes demonstrations and source from previous prototypes:
http://www.opensolaris.org/os/community/dtrace/NetworkProvider
These providers have also been discussed in the past on both
dtrace-discuss and networking-discuss.
E. DOCUMENTATION
A new chapter in the Solaris Dynamic Tracing Guide will be added to
document this ip provider.
http://wikis.sun.com/display/DTrace/Documentation
------------------------------------------------------------
Brendan
--
Brendan
[CA, USA]
Brendan Gregg - Sun Microsystems
2008-Jan-01 00:41 UTC
[dtrace-discuss] DTrace IP provider, step 1
G''Day All, The DTrace ip provider is almost ready for putback into Solaris Nevada. Recapping, the following steps were performed in preperation for this: 1) Submitted proposals to dtrace-discuss and network-discuss. 2) Wrote and demonstrated prototypes of the provider. 3) Drew up a plan for how it fits with similar providers: http://www.opensolaris.org/os/community/dtrace/NetworkProvider#Plan 4) Wrote documentation for the Dynamic Tracing Guide: http://wikis.sun.com/display/DTrace/ip+Provider I''ve attached the case document, which is ready for PSARC. I''ll be looking to have this closed approved-automatic and integrated in about a week. This is the first of many steps for network stack DTrace instrumention, as documented on the opensolaris website. The next steps are TCP and UDP providers, so I''ll begin proposal discussion and prototypes after this is putback. cheers, Brendan On Thu, Dec 20, 2007 at 02:41:32PM -0800, Brendan Gregg - Sun Microsystems wrote:> G''Day All, > > I''m putting together a PSARC case to begin integration of the DTrace network > providers. I''ve drawn up a rough plan which splits this project into over a > dozen smaller steps, as documented on the network provider page: > > http://www.opensolaris.org/os/community/dtrace/NetworkProvider#Plan > > Below is a draft PSARC document for task 1, IP provider send/receive probes. > I''m looking to integrate this in the coming weeks, and then to move straight > onto tasks 2 and 3 - TCP and UDP providers.[...] -- Brendan [CA, USA] -------------- next part -------------- A. INTRODUCTION This case adds a DTrace ''ip'' provider with probes for send and receive for both IPv4 and IPv6 protocols. This is intended for use by customers for network observability and troubleshooting, and is the first component of a suite of planned providers for the network stack. These providers have previously been discussed on public mailing lists: see section D for references. B. DESCRIPTION This will introduce the following probes for the ''ip'' provider: ip:::send ip:::receive The arguments to these probes are: args[0] pktinfo_t * packet info args[1] csinfo_t * connection state info args[2] ipinfo_t * generic IP info args[3] illinfo_t * interface info args[4] ipv4info_t * IPv4 header args[5] ipv6info_t * IPv6 header The order and content has been chosen for consistency with other planned network providers, and to also leave room to accommodate future enhancements to the network stack. The arguments contain: /* * pktinfo is where packet ID info can be made available for deeper * analysis if packet IDs become supported by the kernel in the future. * The pkt_addr member is currently always NULL. */ typedef struct pktinfo { uintptr_t pkt_addr; } pktinfo_t; /* * csinfo is where connection state info can be made available if * connection IDs become supported by the kernel in the future. * The cs_addr member is currently always NULL. */ typedef struct csinfo { uintptr_t cs_addr; } csinfo_t; /* * ipinfo contains common IP info for both IPv4 and IPv6. */ typedef struct ipinfo { uint8_t ip_ver; /* IP version (4, 6) */ uint16_t ip_plength; /* payload length */ string ip_saddr; /* source address */ string ip_daddr; /* destination address */ } ipinfo_t; /* * illinfo contains IP Lower Layer info. */ typedef struct illinfo { string ill_name; /* interface name */ int8_t ill_local; /* is local */ netstackid_t ill_ipstack; /* ipstack ID */ uintptr_t ill_addr; /* pointer to raw ill_t */ } illinfo_t; /* * ipv4info is a translated version of the IPv4 header (with raw pointer). * These values are NULL if the packet is not IPv4. */ typedef struct ipv4info { uint8_t ipv4_ver; /* IP version (4) */ uint8_t ipv4_ihl; /* header length, bytes */ uint8_t ipv4_tos; /* type of service field */ uint16_t ipv4_length; /* length (header + payload) */ uint16_t ipv4_ident; /* identification */ uint8_t ipv4_flags; /* IP flags */ uint16_t ipv4_offset; /* fragment offset */ uint8_t ipv4_ttl; /* time to live */ uint8_t ipv4_protocol; /* next level protocol */ uint16_t ipv4_checksum; /* header checksum */ ipaddr_t ipv4_src; /* source address */ ipaddr_t ipv4_dst; /* destination address */ string ipv4_saddr; /* source address, string */ string ipv4_daddr; /* destination address, string */ ipha_t *ipv4_hdr; /* pointer to raw header */ } ipv4info_t; /* * ipv6info is a translated version of the IPv6 header (with raw pointer). * These values are NULL if the packet is not IPv6. */ typedef struct ipv6info { uint8_t ipv6_ver; /* IP version (6) */ uint8_t ipv6_tclass; /* traffic class */ uint32_t ipv6_flow; /* flow label */ uint16_t ipv6_plen; /* payload length */ uint8_t ipv6_next; /* next level protocol */ uint8_t ipv6_hlim; /* hop limit */ in6_addr_t *ipv6_src; /* source address */ in6_addr_t *ipv6_dst; /* destination address */ string ipv6_saddr; /* source address, string */ string ipv6_daddr; /* destination address, string */ ip6_t *ipv6_hdr; /* pointer to raw header */ } ipv6info_t; C. EXAMPLES This DTrace one-liner counts received packets by host: # dtrace -n ''ip:::receive { @[args[2]->ip_saddr] = count(); }'' dtrace: description ''ip:::receive '' matched 4 probes ^C 192.168.1.5 1 192.168.1.185 4 fe80::214:4fff:fe3b:76c8 9 127.0.0.1 14 192.168.1.109 28 This DTrace one-liner prints distribution plots of sent payload size by destination: # dtrace -n ''ip:::send { @[args[2]->ip_daddr] quantize(args[2]->ip_plength); }'' dtrace: description ''ip:::send '' matched 11 probes ^C 192.168.2.27 value ------------- Distribution ------------- count 8 | 0 16 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 7 32 |@@@@ 1 64 |@@@@ 1 128 | 0 192.168.1.109 value ------------- Distribution ------------- count 8 | 0 16 |@@@@@ 5 32 |@@@ 3 64 |@@@@@@@@@@@@@@@@@@@@@@@@@@ 24 128 |@ 1 256 |@ 1 512 |@@ 2 1024 |@ 1 2048 | 0 This DTrace script uses the ip provider to show packets as they pass in and out of tunnels: # ./ipio.d CPU DELTA(us) SOURCE DEST INT BYTES 1 598913 10.1.100.123 -> 192.168.10.75 ip.tun0 68 1 73 192.168.1.108 -> 192.168.5.1 nge0 140 1 18325 192.168.1.108 <- 192.168.5.1 nge0 140 1 69 10.1.100.123 <- 192.168.10.75 ip.tun0 68 0 102921 10.1.100.123 -> 192.168.10.75 ip.tun0 20 0 79 192.168.1.108 -> 192.168.5.1 nge0 92 This DTrace script provides a neat summary for both send and receive IP traffic: # ./ipproto.d Tracing... Hit Ctrl-C to end. ^C SADDR DADDR PROTO COUNT 192.168.1.108 192.168.155.32 UDP 1 192.168.1.108 192.168.17.55 UDP 1 192.168.1.108 192.168.228.54 UDP 1 192.168.1.108 192.168.1.5 UDP 1 192.168.1.108 192.168.2.27 ICMP 1 192.168.1.200 192.168.3.255 UDP 1 192.168.1.5 192.168.1.108 UDP 1 192.168.2.27 192.168.1.108 ICMP 1 fe80::214:4fff:fe3b:76c8 ff02::1 ICMPV6 1 fe80::2e0:81ff:fe5e:8308 fe80::214:4fff:fe3b:76c8 ICMPV6 1 fe80::2e0:81ff:fe5e:8308 ff02::1:2 UDP 1 192.168.1.185 192.168.1.255 UDP 2 192.168.1.211 192.168.1.255 UDP 3 192.168.1.109 192.168.1.108 TCP 428 192.168.1.108 192.168.1.109 TCP 789 D. REFERENCES The suite of planned providers is described on the following website, which includes demonstrations and source from previous prototypes: http://www.opensolaris.org/os/community/dtrace/NetworkProvider These providers have also been discussed in the past on both dtrace-discuss and networking-discuss: http://www.opensolaris.org/jive/thread.jspa?messageID=57666 http://www.opensolaris.org/jive/thread.jspa?messageID=128518😆 E. DOCUMENTATION A new chapter has been added to the current Solaris Dynamic Tracing Guide for this proposed provider: http://wikis.sun.com/display/DTrace/Documentation # DTrace Guide http://wikis.sun.com/display/DTrace/ip+Provider # ip Provider chapter
Hello Brendan,
Great!
Would it also properly work with pid, ppid, execname, etc. ?
--
Best regards,
Robert Milkowski mailto:rmilkowski at task.gda.pl
http://milek.blogspot.com
Brendan Gregg - Sun Microsystems
2008-Jan-02 19:06 UTC
[dtrace-discuss] DTrace IP provider, step 1
G''Day Robert, On Wed, Jan 02, 2008 at 10:44:02AM +0000, Robert Milkowski wrote:> Hello Brendan, > > > Great! > > Would it also properly work with pid, ppid, execname, etc. ?By the end of the plan, yes: http://www.opensolaris.org/os/community/dtrace/NetworkProvider/#Plan But not for this first step - ip:::{send|receive}. Associating IP events with processes is likely to depend on the packet IDs, socket provider and connection IDs. It''s something that I really want to get done... Brendan -- Brendan [CA, USA]
Brendan Gregg - Sun Microsystems
2008-Apr-30 22:15 UTC
[dtrace-discuss] [networking-discuss] DTrace IP provider, step 1
G''Day All,
I''ve attached an updated draft PSARC document for the IP provider.
Please
comment by May 6th, which is when we plan to file and close this case.
The only change to this draft was the addition of two new string members:
string ipv4_protostr; /* next level protocol, as a string */
string ipv6_nextstr; /* next header protocol, as a string */
cheers,
Brendan
On Mon, Dec 31, 2007 at 04:41:41PM -0800, Brendan Gregg - Sun Microsystems
wrote:> G''Day All,
>
> The DTrace ip provider is almost ready for putback into Solaris Nevada.
> Recapping, the following steps were performed in preperation for this:
[...]> On Thu, Dec 20, 2007 at 02:41:32PM -0800, Brendan Gregg - Sun Microsystems
wrote:
> > G''Day All,
> >
> > I''m putting together a PSARC case to begin integration of the
DTrace network
> > providers. I''ve drawn up a rough plan which splits this
project into over a
> > dozen smaller steps, as documented on the network provider page:
> >
> > http://www.opensolaris.org/os/community/dtrace/NetworkProvider#Plan
> >
> > Below is a draft PSARC document for task 1, IP provider send/receive
probes.
> > I''m looking to integrate this in the coming weeks, and then
to move straight
> > onto tasks 2 and 3 - TCP and UDP providers.
> [...]
>
> --
> Brendan
> [CA, USA]
--
Brendan
[CA, USA]
-------------- next part --------------
A. INTRODUCTION
This case adds a DTrace ''ip'' provider with probes for send and
receive for
both IPv4 and IPv6 protocols. This is intended for use by customers for
network observability and troubleshooting, and is the first component of
a suite of planned providers for the network stack. These providers have
previously been discussed on public mailing lists: see section D for
references.
B. DESCRIPTION
This will introduce the following probes for the ''ip''
provider:
ip:::send
ip:::receive
The arguments to these probes are:
args[0] pktinfo_t * packet info
args[1] csinfo_t * connection state info
args[2] ipinfo_t * generic IP info
args[3] illinfo_t * interface info
args[4] ipv4info_t * IPv4 header
args[5] ipv6info_t * IPv6 header
The order and content has been chosen for consistency with other planned
network providers, and to also leave room to accommodate future
enhancements to the network stack.
The arguments contain:
/*
* pktinfo is where packet ID info can be made available for deeper
* analysis if packet IDs become supported by the kernel in the future.
* The pkt_addr member is currently always NULL.
*/
typedef struct pktinfo {
uintptr_t pkt_addr;
} pktinfo_t;
/*
* csinfo is where connection state info can be made available if
* connection IDs become supported by the kernel in the future.
* The cs_addr member is currently always NULL.
*/
typedef struct csinfo {
uintptr_t cs_addr;
} csinfo_t;
/*
* ipinfo contains common IP info for both IPv4 and IPv6.
*/
typedef struct ipinfo {
uint8_t ip_ver; /* IP version (4, 6) */
uint16_t ip_plength; /* payload length */
string ip_saddr; /* source address */
string ip_daddr; /* destination address */
} ipinfo_t;
/*
* illinfo contains IP Lower Layer info.
*/
typedef struct illinfo {
string ill_name; /* interface name */
int8_t ill_local; /* is local */
netstackid_t ill_ipstack; /* ipstack ID */
uintptr_t ill_addr; /* pointer to raw ill_t */
} illinfo_t;
/*
* ipv4info is a translated version of the IPv4 header (with raw pointer).
* These values are NULL if the packet is not IPv4.
*/
typedef struct ipv4info {
uint8_t ipv4_ver; /* IP version (4) */
uint8_t ipv4_ihl; /* header length, bytes */
uint8_t ipv4_tos; /* type of service field */
uint16_t ipv4_length; /* length (header + payload) */
uint16_t ipv4_ident; /* identification */
uint8_t ipv4_flags; /* IP flags */
uint16_t ipv4_offset; /* fragment offset */
uint8_t ipv4_ttl; /* time to live */
uint8_t ipv4_protocol; /* next level protocol */
string ipv4_protostr; /* next level protocol, as a string */
uint16_t ipv4_checksum; /* header checksum */
ipaddr_t ipv4_src; /* source address */
ipaddr_t ipv4_dst; /* destination address */
string ipv4_saddr; /* source address, string */
string ipv4_daddr; /* destination address, string */
ipha_t *ipv4_hdr; /* pointer to raw header */
} ipv4info_t;
/*
* ipv6info is a translated version of the IPv6 header (with raw pointer).
* These values are NULL if the packet is not IPv6.
*/
typedef struct ipv6info {
uint8_t ipv6_ver; /* IP version (6) */
uint8_t ipv6_tclass; /* traffic class */
uint32_t ipv6_flow; /* flow label */
uint16_t ipv6_plen; /* payload length */
uint8_t ipv6_nexthdr; /* next header protocol */
string ipv6_nextstr; /* next header protocol, as a string */
uint8_t ipv6_hlim; /* hop limit */
in6_addr_t *ipv6_src; /* source address */
in6_addr_t *ipv6_dst; /* destination address */
string ipv6_saddr; /* source address, string */
string ipv6_daddr; /* destination address, string */
ip6_t *ipv6_hdr; /* pointer to raw header */
} ipv6info_t;
C. EXAMPLES
This DTrace one-liner counts received packets by host:
# dtrace -n ''ip:::receive { @[args[2]->ip_saddr] = count();
}''
dtrace: description ''ip:::receive '' matched 4 probes
^C
192.168.1.5 1
192.168.1.185 4
fe80::214:4fff:fe3b:76c8 9
127.0.0.1 14
192.168.1.109 28
This DTrace one-liner prints distribution plots of sent payload size
by destination:
# dtrace -n ''ip:::send { @[args[2]->ip_daddr]
quantize(args[2]->ip_plength); }''
dtrace: description ''ip:::send '' matched 11 probes
^C
192.168.2.27
value ------------- Distribution ------------- count
8 | 0
16 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 7
32 |@@@@ 1
64 |@@@@ 1
128 | 0
192.168.1.109
value ------------- Distribution ------------- count
8 | 0
16 |@@@@@ 5
32 |@@@ 3
64 |@@@@@@@@@@@@@@@@@@@@@@@@@@ 24
128 |@ 1
256 |@ 1
512 |@@ 2
1024 |@ 1
2048 | 0
This DTrace script uses the ip provider to show packets as they pass in
and out of tunnels:
# ./ipio.d
CPU DELTA(us) SOURCE DEST INT BYTES
1 598913 10.1.100.123 -> 192.168.10.75 ip.tun0 68
1 73 192.168.1.108 -> 192.168.5.1 nge0 140
1 18325 192.168.1.108 <- 192.168.5.1 nge0 140
1 69 10.1.100.123 <- 192.168.10.75 ip.tun0 68
0 102921 10.1.100.123 -> 192.168.10.75 ip.tun0 20
0 79 192.168.1.108 -> 192.168.5.1 nge0 92
This DTrace script provides a neat summary for both send and receive
IP traffic:
# ./ipproto.d
Tracing... Hit Ctrl-C to end.
^C
SADDR DADDR PROTO COUNT
192.168.1.108 192.168.155.32 UDP 1
192.168.1.108 192.168.17.55 UDP 1
192.168.1.108 192.168.228.54 UDP 1
192.168.1.108 192.168.1.5 UDP 1
192.168.1.108 192.168.2.27 ICMP 1
192.168.1.200 192.168.3.255 UDP 1
192.168.1.5 192.168.1.108 UDP 1
192.168.2.27 192.168.1.108 ICMP 1
fe80::214:4fff:fe3b:76c8 ff02::1 ICMPV6 1
fe80::2e0:81ff:fe5e:8308 fe80::214:4fff:fe3b:76c8 ICMPV6 1
fe80::2e0:81ff:fe5e:8308 ff02::1:2 UDP 1
192.168.1.185 192.168.1.255 UDP 2
192.168.1.211 192.168.1.255 UDP 3
192.168.1.109 192.168.1.108 TCP 428
192.168.1.108 192.168.1.109 TCP 789
D. REFERENCES
The suite of planned providers is described on the following website,
which includes demonstrations and source from previous prototypes:
http://www.opensolaris.org/os/community/dtrace/NetworkProvider
These providers have also been discussed in the past on both
dtrace-discuss and networking-discuss:
http://www.opensolaris.org/jive/thread.jspa?messageID=57666
http://www.opensolaris.org/jive/thread.jspa?messageID=128518😆
E. DOCUMENTATION
A new chapter has been added to the current Solaris Dynamic Tracing Guide
for this proposed provider:
http://wikis.sun.com/display/DTrace/Documentation # DTrace Guide
http://wikis.sun.com/display/DTrace/ip+Provider # ip Provider chapter
Brendan Gregg - Sun Microsystems
2008-May-01 01:13 UTC
[dtrace-discuss] [networking-discuss] DTrace IP provider, step 1
G''Day, Sorry - I missed a change in that document; I''ve attached a newer copy which has the following minor update: illinfo_t renamed to ifinfo_t Brendan On Wed, Apr 30, 2008 at 03:15:07PM -0700, Brendan Gregg - Sun Microsystems wrote:> G''Day All, > > I''ve attached an updated draft PSARC document for the IP provider. Please > comment by May 6th, which is when we plan to file and close this case. > > The only change to this draft was the addition of two new string members: > > string ipv4_protostr; /* next level protocol, as a string */ > string ipv6_nextstr; /* next header protocol, as a string */ > > cheers, > > Brendan[...] -- Brendan [CA, USA] -------------- next part -------------- A. INTRODUCTION This case adds a DTrace ''ip'' provider with probes for send and receive for both IPv4 and IPv6 protocols. This is intended for use by customers for network observability and troubleshooting, and is the first component of a suite of planned providers for the network stack. These providers have previously been discussed on public mailing lists: see section D for references. B. DESCRIPTION This will introduce the following probes for the ''ip'' provider: ip:::send ip:::receive The arguments to these probes are: args[0] pktinfo_t * packet info args[1] csinfo_t * connection state info args[2] ipinfo_t * generic IP info args[3] ifinfo_t * interface info args[4] ipv4info_t * IPv4 header args[5] ipv6info_t * IPv6 header The order and content has been chosen for consistency with other planned network providers, and to also leave room to accommodate future enhancements to the network stack. The arguments contain: /* * pktinfo is where packet ID info can be made available for deeper * analysis if packet IDs become supported by the kernel in the future. * The pkt_addr member is currently always NULL. */ typedef struct pktinfo { uintptr_t pkt_addr; } pktinfo_t; /* * csinfo is where connection state info can be made available if * connection IDs become supported by the kernel in the future. * The cs_addr member is currently always NULL. */ typedef struct csinfo { uintptr_t cs_addr; } csinfo_t; /* * ipinfo contains common IP info for both IPv4 and IPv6. */ typedef struct ipinfo { uint8_t ip_ver; /* IP version (4, 6) */ uint16_t ip_plength; /* payload length */ string ip_saddr; /* source address */ string ip_daddr; /* destination address */ } ipinfo_t; /* * ifinfo contains network interface info. */ typedef struct ifinfo { string if_name; /* interface name */ int8_t if_local; /* is delivered locally */ netstackid_t if_ipstack; /* ipstack ID */ uintptr_t if_addr; /* pointer to raw ill_t */ } ifinfo_t; /* * ipv4info is a translated version of the IPv4 header (with raw pointer). * These values are NULL if the packet is not IPv4. */ typedef struct ipv4info { uint8_t ipv4_ver; /* IP version (4) */ uint8_t ipv4_ihl; /* header length, bytes */ uint8_t ipv4_tos; /* type of service field */ uint16_t ipv4_length; /* length (header + payload) */ uint16_t ipv4_ident; /* identification */ uint8_t ipv4_flags; /* IP flags */ uint16_t ipv4_offset; /* fragment offset */ uint8_t ipv4_ttl; /* time to live */ uint8_t ipv4_protocol; /* next level protocol */ string ipv4_protostr; /* next level protocol, as a string */ uint16_t ipv4_checksum; /* header checksum */ ipaddr_t ipv4_src; /* source address */ ipaddr_t ipv4_dst; /* destination address */ string ipv4_saddr; /* source address, string */ string ipv4_daddr; /* destination address, string */ ipha_t *ipv4_hdr; /* pointer to raw header */ } ipv4info_t; /* * ipv6info is a translated version of the IPv6 header (with raw pointer). * These values are NULL if the packet is not IPv6. */ typedef struct ipv6info { uint8_t ipv6_ver; /* IP version (6) */ uint8_t ipv6_tclass; /* traffic class */ uint32_t ipv6_flow; /* flow label */ uint16_t ipv6_plen; /* payload length */ uint8_t ipv6_nexthdr; /* next header protocol */ string ipv6_nextstr; /* next header protocol, as a string */ uint8_t ipv6_hlim; /* hop limit */ in6_addr_t *ipv6_src; /* source address */ in6_addr_t *ipv6_dst; /* destination address */ string ipv6_saddr; /* source address, string */ string ipv6_daddr; /* destination address, string */ ip6_t *ipv6_hdr; /* pointer to raw header */ } ipv6info_t; C. EXAMPLES This DTrace one-liner counts received packets by host: # dtrace -n ''ip:::receive { @[args[2]->ip_saddr] = count(); }'' dtrace: description ''ip:::receive '' matched 4 probes ^C 192.168.1.5 1 192.168.1.185 4 fe80::214:4fff:fe3b:76c8 9 127.0.0.1 14 192.168.1.109 28 This DTrace one-liner prints distribution plots of sent payload size by destination: # dtrace -n ''ip:::send { @[args[2]->ip_daddr] quantize(args[2]->ip_plength); }'' dtrace: description ''ip:::send '' matched 11 probes ^C 192.168.2.27 value ------------- Distribution ------------- count 8 | 0 16 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 7 32 |@@@@ 1 64 |@@@@ 1 128 | 0 192.168.1.109 value ------------- Distribution ------------- count 8 | 0 16 |@@@@@ 5 32 |@@@ 3 64 |@@@@@@@@@@@@@@@@@@@@@@@@@@ 24 128 |@ 1 256 |@ 1 512 |@@ 2 1024 |@ 1 2048 | 0 This DTrace script uses the ip provider to show packets as they pass in and out of tunnels: # ./ipio.d CPU DELTA(us) SOURCE DEST INT BYTES 1 598913 10.1.100.123 -> 192.168.10.75 ip.tun0 68 1 73 192.168.1.108 -> 192.168.5.1 nge0 140 1 18325 192.168.1.108 <- 192.168.5.1 nge0 140 1 69 10.1.100.123 <- 192.168.10.75 ip.tun0 68 0 102921 10.1.100.123 -> 192.168.10.75 ip.tun0 20 0 79 192.168.1.108 -> 192.168.5.1 nge0 92 This DTrace script provides a neat summary for both send and receive IP traffic: # ./ipproto.d Tracing... Hit Ctrl-C to end. ^C SADDR DADDR PROTO COUNT 192.168.1.108 192.168.155.32 UDP 1 192.168.1.108 192.168.17.55 UDP 1 192.168.1.108 192.168.228.54 UDP 1 192.168.1.108 192.168.1.5 UDP 1 192.168.1.108 192.168.2.27 ICMP 1 192.168.1.200 192.168.3.255 UDP 1 192.168.1.5 192.168.1.108 UDP 1 192.168.2.27 192.168.1.108 ICMP 1 fe80::214:4fff:fe3b:76c8 ff02::1 ICMPV6 1 fe80::2e0:81ff:fe5e:8308 fe80::214:4fff:fe3b:76c8 ICMPV6 1 fe80::2e0:81ff:fe5e:8308 ff02::1:2 UDP 1 192.168.1.185 192.168.1.255 UDP 2 192.168.1.211 192.168.1.255 UDP 3 192.168.1.109 192.168.1.108 TCP 428 192.168.1.108 192.168.1.109 TCP 789 D. REFERENCES The suite of planned providers is described on the following website, which includes demonstrations and source from previous prototypes: http://www.opensolaris.org/os/community/dtrace/NetworkProvider These providers have also been discussed in the past on both dtrace-discuss and networking-discuss: http://www.opensolaris.org/jive/thread.jspa?messageID=57666 http://www.opensolaris.org/jive/thread.jspa?messageID=128518😆 E. DOCUMENTATION A new chapter has been added to the current Solaris Dynamic Tracing Guide for this proposed provider: http://wikis.sun.com/display/DTrace/Documentation # DTrace Guide http://wikis.sun.com/display/DTrace/ip+Provider # ip Provider chapter
Adam Leventhal
2008-May-03 01:16 UTC
[dtrace-discuss] [networking-discuss] DTrace IP provider, step 1
Brendan, this looks great. Nice job. Adam On Apr 30, 2008, at 6:13 PM, Brendan Gregg - Sun Microsystems wrote:> G''Day, > > Sorry - I missed a change in that document; I''ve attached a newer > copy which > has the following minor update: > > illinfo_t renamed to ifinfo_t > > Brendan > > On Wed, Apr 30, 2008 at 03:15:07PM -0700, Brendan Gregg - Sun > Microsystems wrote: >> G''Day All, >> >> I''ve attached an updated draft PSARC document for the IP provider. >> Please >> comment by May 6th, which is when we plan to file and close this >> case. >> >> The only change to this draft was the addition of two new string >> members: >> >> string ipv4_protostr; /* next level protocol, as a >> string */ >> string ipv6_nextstr; /* next header protocol, as a >> string */ >> >> cheers, >> >> Brendan > [...] > > -- > Brendan > [CA, USA] > <psarc_step01.txt>_______________________________________________ > dtrace-discuss mailing list > dtrace-discuss at opensolaris.org-- Adam Leventhal, Fishworks http://blogs.sun.com/ahl