| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Dec 2014 16:15:24 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Martin Lau <kafai@...com> Cc: Eric Dumazet <eric.dumazet@...il.com>, Blake Matheny <bmatheny@...com>, Laurent Chavey <chavey@...gle.com>, Yuchung Cheng <ycheng@...gle.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net>, Hannes Frederic Sowa <hannes@...essinduktion.org>, Steven Rostedt <rostedt@...dmis.org>, Lawrence Brakmo <brakmo@...com>, Josef Bacik <jbacik@...com>, Kernel Team <Kernel-team@...com> Subject: Re: [RFC PATCH net-next 0/5] tcp: TCP tracer On Tue, Dec 16, 2014 at 10:28 AM, Martin Lau <kafai@...com> wrote: > We can consider to reuse the events's format (tracing/events/*/format). I think > blktrace.c is using similar approach in trace-cmd. yes. tcp_trace is a carbon copy of blktrace applied to tcp. >> >> I think systemtap like scripting on top of patches 1 and 3 >> >> should solve your use case ? > We have quite a few different versions running in the production. It may not > be operationally easy. different versions of kernel or different versions of tcp_tracer ? > Having a getsockopt will be useful for the new application/library to take > advantage of. > > For the continuous monitoring/logging purpose, ftrace can provide event > triggered tracing instead of periodically consulting ss. so both getsockopt tcp_info approach and ftrace+tcp_trace approach can provide the same set of stats per flow, right? And the only difference is 'ss' needs polling and ftrace collects all events? Since they're stats anyway, the polling interval shouldn't matter. Just like lost trace events? from patch 5 commit log: "Define probes and register them to the TCP tracepoints. The probes collect the data defined in struct tcp_sk_trace and record them to the tracing's ring_buffer. " so two trace_seq_printf() from patch 5 and two new 'struct tcp_trace_stats' and 'tcp_trace_basic' from patch 4 will become permanent user api. At the same time the commit log is saying: "It is still missing a few things that we currently have, like: - why the sender is blocked? and how long for each reason? - some TCP Congestion Control data" Does it mean that these printf and structs would have to change? Can 'struct tcp_info' be extended instead of adding 'struct tcp_trace_stats' ? Then getsockopt and ftrace+tcp_trace will be returning the same structs. It feels that for stats collection only, tracepoints+tcp_trace do not add much additional value vs extending tcp_info and using ss. I see the value in tracepoints on its own, since we'll be able to use dynamic tracing to do event aggregation, filtering, etc. That was my alternative suggestion to add only tracepoints from patches 1 and 3. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists