dtrace discuss - Mar 2009 - Using dtrace to read flow records table?

Hello All,

I am pretty new with OpenSolaris and trying to explore the possibility
of using OS for one of my project.

For my project I need to know the total number of bytes sent and
received by an ip including that of ongoing sessions. OS records these
information in a flow table and outputs to disk after end of each
session. So out of box I can only get the count of completed sessions,
and not that of ongoing sessions.

Solaris documentation states that

"The flowacct module gathers information about flows in a flow table
that is composed of flow records. Each entry in the table contains one
flow record. You cannot display a flow table."

But my requirement needs the data from the current session also at the
time of reading. Can dtrace help me to gather flow records that are
stored in flow table?

Since I am pretty new to OS and dtrace is bit daunting at first look,
some pointers where I can start working would be very helpful

thanks and regards,

raj

On Wed, Mar 18, 2009 at 12:02:23PM +0530, Rajkumar S
wrote:
> Hello All,
> 
> I am pretty new with OpenSolaris and trying to explore the possibility
> of using OS for one of my project.
> 
> For my project I need to know the total number of bytes sent and
> received by an ip including that of ongoing sessions. OS records these
> information in a flow table and outputs to disk after end of each
> session. So out of box I can only get the count of completed sessions,
> and not that of ongoing sessions.
> 
> Solaris documentation states that
> 
> "The flowacct module gathers information about flows in a flow table
> that is composed of flow records. Each entry in the table contains one
> flow record. You cannot display a flow table."
> 
> But my requirement needs the data from the current session also at the
> time of reading. Can dtrace help me to gather flow records that are
> stored in flow table?
Hi Rajkumar,

Well, looking at the code, flowacct_update_flows_tbl() is the nexus of
updating stats.  so use:

fbt::flowacct_update_flows_tbl:entry

args[0] has the extracted information about the new element, in the form of a
header_t (defined in uts/common/ipp/flowacct/flowacct_impl.h)

Start with a script:

--- cut here ---
#!/usr/sbin/dtrace -s

#pragma D option quiet

BEGIN
{
	printf("%-10s %-10s %10s\n", "SADDR", "DADDR",
"PKTLEN");
}

fbt::flowacct_update_flows_tbl:entry 
/args[0]->isv4/
{
	/* ugly, but this is how it is stored */
	this->saddr = inet_ntoa((ipaddr_t *)&args[0]->saddr.s6_addr32[3]);
	this->daddr = inet_ntoa((ipaddr_t *)&args[0]->daddr.s6_addr32[3]);

	printf("%-10s %-10s %10d\n", this->saddr, this->daddr,
args[0]->pktlen);
}

fbt::flowacct_update_flows_tbl:entry 
/!args[0]->isv4/
{
	this->saddr = inet_ntoa6(&args[0]->saddr);
	this->daddr = inet_ntoa6(&args[0]->daddr);

	printf("%-10s %-10s %10d\n", this->saddr, this->daddr,
args[0]->pktlen);
}
--- cut here ---

(this is untested, but I think it will work)  To change the data you want to
collect, just change the printf()s.

Cheers,
- jonathan
> Since I am pretty new to OS and dtrace is bit daunting at first look,
> some pointers where I can start working would be very helpful
> 
> thanks and regards,
> 
> raj
> _______________________________________________
> dtrace-discuss mailing list
> dtrace-discuss at opensolaris.org