dtrace_udp (4)
Leading comments
Copyright (c) 2015 Mark Johnston <markj@FreeBSD.org> All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the docum...
NAME
dtrace_udp - a DTrace provider for tracing events related to the UDP protocolSYNOPSIS
Fn udp:::receive pktinfo_t * csinfo_t * ipinfo_t * udpsinfo_t *udpinfo_t * Fn udp:::send pktinfo_t * csinfo_t * ipinfo_t * udpsinfo_t *
udpinfo_t *
DESCRIPTION
The DTrace udp provider allows users to trace events in the udp(4) protocol implementation. The Fn udp:::send probe fires whenever the kernel prepares to transmit a UDP packet, and the Fn udp:::receive probe fires whenever the kernel receives a UDP packet. The arguments to these probes can be used to obtain detailed information about the IP and UDP headers of the corresponding packet.ARGUMENTS
The Vt pktinfo_t argument is currently unimplemented and is included for compatibility with other implementations of this provider. Its fields are:- Vt uintptr_t pkt_addr
- Always set to 0.
The Vt csinfo_t argument is currently unimplemented and is included for compatibility with other implementations of this provider. Its fields are:
- Vt uintptr_t cs_addr
- Always set to 0.
- Vt uint64_t cs_cid
- A pointer to the Vt struct inpcb for this packet, or NULL
- Vt pid_t cs_pid
- Always set to 0.
The Vt ipinfo_t argument contains IP fields common to both IPv4 and IPv6 packets. Its fields are:
- Vt uint8_t ip_ver
- IP version of the packet, 4 for IPv4 packets and 6 for IPv6 packets.
- Vt uint32_t ip_plength
- IP payload size. This does not include the size of the IP header or IPv6 option headers.
- Vt string ip_saddr
- IP source address.
- Vt string ip_daddr
- IP destination address.
The Vt udpsinfo_t argument contains the state of the UDP connection associated with the packet. Its fields are:
- Vt uintptr_t udps_addr
- Pointer to the Vt struct inpcb containing the IP state for the associated socket.
- Vt uint16_t udps_lport
- Local UDP port.
- Vt uint16_t udps_rport
- Remote UDP port.
- Vt string udps_laddr
- Local IPv4 or IPv6 address.
- Vt string udps_raddr
- Remote IPv4 or IPv6 address.
The Vt udpinfo_t argument is the raw UDP header of the packet, with all fields in host order. Its fields are:
- Vt uint16_t udp_sport
- Source UDP port.
- Vt uint16_t udp_dport
- Destination UDP port.
- Vt uint16_t udp_length
- Length of the UDP header and payload, in bytes.
- Vt uint16_t udp_checksum
- A checksum of the UDP header and payload, or 0 if no checksum was calculated.
- Vt struct udphdr *udp_hdr
- A pointer to the raw UDP header.
FILES
- /usr/lib/dtrace/udp.d
- DTrace type and translator definitions for the udp provider.
EXAMPLES
The following script counts transmitted packets by destination port.udp:::send { @num[args[4]->udp_dport] = count(); }
This script will print some details of each UDP packet as it is sent or received by the kernel:
#pragma D option quiet #pragma D option switchrate=10Hz dtrace:::BEGIN { printf(" %10s %36s %-36s %6s\n", "DELTA(us)", "SOURCE", "DEST", "BYTES"); last = timestamp; } udp:::send { this->elapsed = (timestamp - last) / 1000; self->dest = strjoin(strjoin(args[2]->ip_daddr, ":"), lltostr(args[4]->udp_dport)); printf(" %10d %30s:%-5d -> %-36s %6d\n", this->elapsed, args[2]->ip_saddr, args[4]->udp_sport, self->dest, args[4]->udp_length); last = timestamp; } udp:::receive { this->elapsed = (timestamp - last) / 1000; self->dest = strjoin(strjoin(args[2]->ip_saddr, ":"), lltostr(args[4]->udp_sport)); printf(" %10d %30s:%-5d <- %-36s %6d\n", this->elapsed, args[2]->ip_daddr, args[4]->udp_dport, self->dest, args[4]->udp_length); last = timestamp; }