lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211118124812.106538-1-imagedong@tencent.com>
Date:   Thu, 18 Nov 2021 20:48:10 +0800
From:   menglong8.dong@...il.com
To:     kuba@...nel.org, rostedt@...dmis.org
Cc:     davem@...emloft.net, mingo@...hat.com, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, imagedong@...cent.com, ycheng@...gle.com,
        kuniyu@...zon.co.jp, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org
Subject: [PATCH v2 net-next 0/2] net: snmp: tracepoint support for snmp

From: Menglong Dong <imagedong@...cent.com>

snmp is the network package statistics module in kernel, and it is
useful in network issue diagnosis, such as packet drop.

However, it is hard to get the detail information about the packet.
For example, we can know that there is something wrong with the
checksum of udp packet though 'InCsumErrors' of UDP protocol in
/proc/net/snmp, but we can't figure out the ip and port of the packet
that this error is happening on.

Add tracepoint for snmp. Therefor, users can use some tools (such as
eBPF) to get the information of the exceptional packet.

In the first patch, the frame of snmp-tracepoint is created. And in
the second patch, tracepoint for udp-snmp is introduced.

Changes since v1:
- use a single trace event for all statistics type, and special
  statistics can be filter by type (procotol) and field.

Now, it will looks like this for udp statistics:
$ cat trace
$ tracer: nop
$
$ entries-in-buffer/entries-written: 4/4   #P:1
$
$                                _-----=> irqs-off
$                               / _----=> need-resched
$                              | / _---=> hardirq/softirq
$                              || / _--=> preempt-depth
$                              ||| / _-=> migrate-disable
$                              |||| /     delay
$           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
$              | |         |   |||||     |         |
              nc-171     [000] ..s1.    35.952997: snmp: skbaddr=(____ptrval____), type=9, field=2, val=1
              nc-171     [000] .N...    35.957006: snmp: skbaddr=(____ptrval____), type=9, field=4, val=1
              nc-171     [000] ..s1.    35.957822: snmp: skbaddr=(____ptrval____), type=9, field=2, val=1
              nc-171     [000] .....    35.957893: snmp: skbaddr=(____ptrval____), type=9, field=4, val=1

'type=9' means that the event is triggered by udp statistics and 'field=2'
means that this is triggered by 'NoPorts'. 'val=1' means that increases
of statistics (decrease can happen on tcp).


Menglong Dong (2):
  net: snmp: add tracepoint support for snmp
  net: snmp: add snmp tracepoint support for udp

 include/net/udp.h           | 25 ++++++++++++++++-----
 include/trace/events/snmp.h | 44 +++++++++++++++++++++++++++++++++++++
 include/uapi/linux/snmp.h   | 21 ++++++++++++++++++
 net/core/net-traces.c       |  3 +++
 net/ipv4/udp.c              | 28 +++++++++++++----------
 5 files changed, 104 insertions(+), 17 deletions(-)
 create mode 100644 include/trace/events/snmp.h

-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ