lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 27 Oct 2017 22:38:10 +0200
From:   Alban Crequy <alban.crequy@...il.com>
To:     Song Liu <songliubraving@...com>
Cc:     alexei.starovoitov@...il.com, kafai@...com, ast@...com,
        netdev@...r.kernel.org, liu.song.a23@...il.com
Subject: Re: [PATCH net-next] tcp: add tracepoint trace_tcp_retransmit_synack()

Hi,

On 25 October 2017 at 01:57, Song Liu <songliubraving@...com> wrote:
> This tracepoint can be used to trace synack retransmits. It maintains
> pointer to struct request_sock.
>
> We cannot simply reuse trace_tcp_retransmit_skb() here, because the
> sk here is the LISTEN socket. The IP addresses and ports should be
> extracted from struct request_sock.
>
> Signed-off-by: Song Liu <songliubraving@...com>
> ---
>  include/trace/events/tcp.h | 56 ++++++++++++++++++++++++++++++++++++++++++++++
>  net/ipv4/tcp_output.c      |  1 +
>  2 files changed, 57 insertions(+)
>
> diff --git a/include/trace/events/tcp.h b/include/trace/events/tcp.h
> index 03699ba..07cccca 100644
> --- a/include/trace/events/tcp.h
> +++ b/include/trace/events/tcp.h
> @@ -237,6 +237,62 @@ TRACE_EVENT(tcp_set_state,
>                   show_tcp_state_name(__entry->newstate))
>  );
>
> +TRACE_EVENT(tcp_retransmit_synack,
> +
> +       TP_PROTO(const struct sock *sk, const struct request_sock *req),
> +
> +       TP_ARGS(sk, req),
> +
> +       TP_STRUCT__entry(
> +               __field(const void *, skaddr)
> +               __field(const void *, req)
> +               __field(__u16, sport)
> +               __field(__u16, dport)
> +               __array(__u8, saddr, 4)
> +               __array(__u8, daddr, 4)
> +               __array(__u8, saddr_v6, 16)
> +               __array(__u8, daddr_v6, 16)

Would it make sense to add the inode of the network namespace that
owns the socket? (along with the major/minor of the nsfs)

If the kernel later gains tracepoints for TCP connect, accept, close
including the netns ino, then I might be able to replace some
ebpf-kprobes code by ebpf-tracepoints code :)

> [...]

Thanks,
Alban

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ