| SystemTap Tapset ReferenceChapter 11. Networking Tapset- probe::netdev.receive - Data received from network device.
- probe::netdev.transmit - Network device transmitting buffer
- probe::netdev.change_mtu - Called when the netdev MTU is changed
- probe::netdev.open - Called when the device is opened
- probe::netdev.close - Called when the device is closed
- probe::netdev.hard_transmit - Called when the devices is going to TX (hard)
- probe::netdev.rx - Called when the device is going to receive a packet
- probe::netdev.change_rx_flag - Called when the device RX flag will be changed
- probe::netdev.set_promiscuity - Called when the device enters/leaves promiscuity
- probe::netdev.ioctl - Called when the device suffers an IOCTL
- probe::netdev.register - Called when the device is registered
- probe::netdev.unregister - Called when the device is being unregistered
- probe::netdev.get_stats - Called when someone asks the device statistics
- probe::netdev.change_mac - Called when the netdev_name has the MAC changed
- probe::tcp.sendmsg - Sending a tcp message
- probe::tcp.sendmsg.return - Sending TCP message is done
- probe::tcp.recvmsg - Receiving TCP message
- probe::tcp.recvmsg.return - Receiving TCP message complete
- probe::tcp.disconnect - TCP socket disconnection
- probe::tcp.disconnect.return - TCP socket disconnection complete
- probe::tcp.setsockopt - Call to
setsockopt - probe::tcp.setsockopt.return - Return from
setsockopt - probe::tcp.receive - Called when a TCP packet is received
- probe::udp.sendmsg - Fires whenever a process sends a UDP message
- probe::udp.sendmsg.return - Fires whenever an attempt to send a UDP message is completed
- probe::udp.recvmsg - Fires whenever a UDP message is received
- probe::udp.recvmsg.return - Fires whenever an attempt to receive a UDP message received is completed
- probe::udp.disconnect - Fires when a process requests for a UDP disconnection
- probe::udp.disconnect.return - UDP has been disconnected successfully
- function::ip_ntop - returns a string representation from an integer IP number
This family of probe points is used to probe the activities of the network device and protocol layers. Nameprobe::netdev.receive - Data received from network device. ValuesprotocolProtocol of received packet. dev_nameThe name of the device. e.g: eth0, ath1. lengthThe length of the receiving buffer.
Nameprobe::netdev.transmit - Network device transmitting buffer ValuesprotocolThe protocol of this packet(defined in include/linux/if_ether.h). dev_nameThe name of the device. e.g: eth0, ath1. lengthThe length of the transmit buffer. truesizeThe size of the data to be transmitted.
Nameprobe::netdev.change_mtu - Called when the netdev MTU is changed Synopsisnetdev.change_mtu Valuesdev_nameThe device that will have the MTU changed new_mtuold_mtu
Nameprobe::netdev.open - Called when the device is opened Valuesdev_nameThe device that is going to be opened
Nameprobe::netdev.close - Called when the device is closed Valuesdev_nameThe device that is going to be closed
Nameprobe::netdev.hard_transmit - Called when the devices is going to TX (hard) Synopsisnetdev.hard_transmit ValuesprotocolThe protocol used in the transmission dev_nameThe device scheduled to transmit lengthThe length of the transmit buffer. truesizeThe size of the data to be transmitted.
Nameprobe::netdev.rx - Called when the device is going to receive a packet Valuesprotocoldev_nameThe device received the packet
Nameprobe::netdev.change_rx_flag - Called when the device RX flag will be changed Synopsisnetdev.change_rx_flag Valuesdev_nameThe device that will be changed flags
Nameprobe::netdev.set_promiscuity - Called when the device enters/leaves promiscuity Synopsisnetdev.set_promiscuity Valuesdev_nameThe device that is entering/leaving promiscuity mode enableIf the device is entering promiscuity mode incCount the number of promiscuity openers disableIf the device is leaving promiscuity mode
Nameprobe::netdev.ioctl - Called when the device suffers an IOCTL ValuescmdargThe IOCTL argument (usually the netdev interface)
Nameprobe::netdev.register - Called when the device is registered Valuesdev_nameThe device that is going to be registered
Nameprobe::netdev.unregister - Called when the device is being unregistered Synopsisnetdev.unregister Valuesdev_nameThe device that is going to be unregistered
Nameprobe::netdev.get_stats - Called when someone asks the device statistics Valuesdev_nameThe device that is going to provide the statistics
Nameprobe::netdev.change_mac - Called when the netdev_name has the MAC changed Synopsisnetdev.change_mac Valuesdev_nameThe device that will have the MTU changed new_macmac_lenold_mac
Nameprobe::tcp.sendmsg - Sending a tcp message ContextThe process which sends a tcp message
Nameprobe::tcp.sendmsg.return - Sending TCP message is done Synopsistcp.sendmsg.return ValuesnamesizeNumber of bytes sent or error code if an error occurred.
ContextThe process which sends a tcp message
Nameprobe::tcp.recvmsg - Receiving TCP message ValuessaddrA string representing the source IP address daddrA string representing the destination IP address namesportdportsizeNumber of bytes to be received sock
ContextThe process which receives a tcp message
Nameprobe::tcp.recvmsg.return - Receiving TCP message complete Synopsistcp.recvmsg.return ValuessaddrA string representing the source IP address daddrA string representing the destination IP address namesportdportsizeNumber of bytes received or error code if an error occurred.
ContextThe process which receives a tcp message
Nameprobe::tcp.disconnect - TCP socket disconnection ValuessaddrA string representing the source IP address daddrA string representing the destination IP address flagsTCP flags (e.g. FIN, etc) namesportdportsock
ContextThe process which disconnects tcp
Nameprobe::tcp.disconnect.return - TCP socket disconnection complete Synopsistcp.disconnect.return ContextThe process which disconnects tcp
Nameprobe::tcp.setsockopt - Call to setsockopt ValuesoptstrResolves optname to a human-readable format levelThe level at which the socket options will be manipulated optlenUsed to access values for setsockoptnameoptnameTCP socket options (e.g. TCP_NODELAY, TCP_MAXSEG, etc) sock
ContextThe process which calls setsockopt
Nameprobe::tcp.setsockopt.return - Return from setsockopt Synopsistcp.setsockopt.return ContextThe process which calls setsockopt
Nameprobe::tcp.receive - Called when a TCP packet is received ValuesurgprotocolPacket protocol from driver pshnamerstdportsaddrA string representing the source IP address daddrA string representing the destination IP address ackfinsynsportiphdr
Nameprobe::udp.sendmsg - Fires whenever a process sends a UDP message ValuesnamesizeNumber of bytes sent by the process sockNetwork socket used by the process
ContextThe process which sent a UDP message
Nameprobe::udp.sendmsg.return - Fires whenever an attempt to send a UDP message is completed Synopsisudp.sendmsg.return ValuesnamesizeNumber of bytes sent by the process
ContextThe process which sent a UDP message
Nameprobe::udp.recvmsg - Fires whenever a UDP message is received ValuesnamesizeNumber of bytes received by the process sockNetwork socket used by the process
ContextThe process which received a UDP message
Nameprobe::udp.recvmsg.return - Fires whenever an attempt to receive a UDP message received is completed Synopsisudp.recvmsg.return ValuesnamesizeNumber of bytes received by the process
ContextThe process which received a UDP message
Nameprobe::udp.disconnect - Fires when a process requests for a UDP disconnection ValuesflagsnamesockNetwork socket used by the process
ContextThe process which requests a UDP disconnection
Nameprobe::udp.disconnect.return - UDP has been disconnected successfully Synopsisudp.disconnect.return ContextThe process which requested a UDP disconnection
Namefunction::ip_ntop - returns a string representation from an integer IP number Synopsisfunction ip_ntop:string(addr:long) Argumentsaddrthe ip represented as an integer
Chapter 12. Socket Tapset- probe::socket.send - Message sent on a socket.
- probe::socket.receive - Message received on a socket.
- probe::socket.sendmsg - Message is currently being sent on a socket.
- probe::socket.sendmsg.return - Return from socket.sendmsg.
- probe::socket.recvmsg - Message being received on socket
- probe::socket.recvmsg.return - Return from Message being received on socket
- probe::socket.aio_write - Message send via
sock_aio_write - probe::socket.aio_write.return - Conclusion of message send via
sock_aio_write - probe::socket.aio_read - Receiving message via
sock_aio_read - probe::socket.aio_read.return - Conclusion of message received via
sock_aio_read - probe::socket.writev - Message sent via
socket_writev - probe::socket.writev.return - Conclusion of message sent via
socket_writev - probe::socket.readv - Receiving a message via
sock_readv - probe::socket.readv.return - Conclusion of receiving a message via
sock_readv - probe::socket.create - Creation of a socket
- probe::socket.create.return - Return from Creation of a socket
- probe::socket.close - Close a socket
- probe::socket.close.return - Return from closing a socket
- function::sock_prot_num2str - Given a protocol number, return a string representation.
- function::sock_prot_str2num - Given a protocol name (string), return the corresponding protocol number.
- function::sock_fam_num2str - Given a protocol family number, return a string representation.
- function::sock_fam_str2num - Given a protocol family name (string), return the corresponding
- function::sock_state_num2str - Given a socket state number, return a string representation.
- function::sock_state_str2num - Given a socket state string, return the corresponding state number.
This family of probe points is used to probe socket activities. It contains the following probe points: Nameprobe::socket.send - Message sent on a socket. ValuessuccessWas send successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message sent (in bytes) or error code if success = 0 typefamily
Nameprobe::socket.receive - Message received on a socket. ValuessuccessWas send successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message received (in bytes) or error code if success = 0 typefamily
Nameprobe::socket.sendmsg - Message is currently being sent on a socket. Valuesprotocolflagsnamestatesizetypefamily
DescriptionFires at the beginning of sending a message on a socket via the sock_sendmsg function
Nameprobe::socket.sendmsg.return - Return from socket.sendmsg. Synopsissocket.sendmsg.return ValuessuccessWas send successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message sent (in bytes) or error code if success = 0 typefamily
DescriptionFires at the conclusion of sending a message on a socket via the sock_sendmsg function
Nameprobe::socket.recvmsg - Message being received on socket Valuesprotocolflagsnamestatesizetypefamily
DescriptionFires at the beginning of receiving a message on a socket via the sock_recvmsg function
Nameprobe::socket.recvmsg.return - Return from Message being received on socket Synopsissocket.recvmsg.return ValuessuccessWas receive successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message received (in bytes) or error code if success = 0 typefamily
DescriptionFires at the conclusion of receiving a message on a socket via the sock_recvmsg function.
Nameprobe::socket.aio_write - Message send via sock_aio_write Valuesprotocolflagsnamestatesizetypefamily
DescriptionFires at the beginning of sending a message on a socket via the sock_aio_write function
Nameprobe::socket.aio_write.return - Conclusion of message send via sock_aio_write Synopsissocket.aio_write.return ValuessuccessWas receive successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message received (in bytes) or error code if success = 0 typefamily
DescriptionFires at the conclusion of sending a message on a socket via the sock_aio_write function
Nameprobe::socket.aio_read - Receiving message via sock_aio_read Valuesprotocolflagsnamestatesizetypefamily
DescriptionFires at the beginning of receiving a message on a socket via the sock_aio_read function
Nameprobe::socket.aio_read.return - Conclusion of message received via sock_aio_read Synopsissocket.aio_read.return ValuessuccessWas receive successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message received (in bytes) or error code if success = 0 typefamily
DescriptionFires at the conclusion of receiving a message on a socket via the sock_aio_read function
Nameprobe::socket.writev - Message sent via socket_writev Valuesprotocolflagsnamestatesizetypefamily
DescriptionFires at the beginning of sending a message on a socket via the sock_writev function
Nameprobe::socket.writev.return - Conclusion of message sent via socket_writev Synopsissocket.writev.return ValuessuccessWas send successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message sent (in bytes) or error code if success = 0 typefamily
DescriptionFires at the conclusion of sending a message on a socket via the sock_writev function
Nameprobe::socket.readv - Receiving a message via sock_readv Valuesprotocolflagsnamestatesizetypefamily
DescriptionFires at the beginning of receiving a message on a socket via the sock_readv function
Nameprobe::socket.readv.return - Conclusion of receiving a message via sock_readv Synopsissocket.readv.return ValuessuccessWas receive successful? (1 = yes, 0 = no) protocolflagsnamestatesizeSize of message received (in bytes) or error code if success = 0 typefamily
DescriptionFires at the conclusion of receiving a message on a socket via the sock_readv function
Nameprobe::socket.create - Creation of a socket ValuesprotocolnamerequesterRequested by user process or the kernel (1 = kernel, 0 = user) typefamily
ContextThe requester (see requester variable) DescriptionFires at the beginning of creating a socket.
Nameprobe::socket.create.return - Return from Creation of a socket Synopsissocket.create.return ValuessuccessWas socket creation successful? (1 = yes, 0 = no) protocolerrError code if success == 0 namerequesterRequested by user process or the kernel (1 = kernel, 0 = user) typefamily
ContextThe requester (user process or kernel) DescriptionFires at the conclusion of creating a socket.
Nameprobe::socket.close - Close a socket Valuesprotocolflagsnamestatetypefamily
ContextThe requester (user process or kernel) DescriptionFires at the beginning of closing a socket.
Nameprobe::socket.close.return - Return from closing a socket Synopsissocket.close.return ContextThe requester (user process or kernel) DescriptionFires at the conclusion of closing a socket.
Namefunction::sock_prot_num2str - Given a protocol number, return a string representation. Synopsisfunction sock_prot_num2str:string(proto:long)
Namefunction::sock_prot_str2num - Given a protocol name (string), return the corresponding protocol number. Synopsisfunction sock_prot_str2num:long(proto:string)
Namefunction::sock_fam_num2str - Given a protocol family number, return a string representation. Synopsisfunction sock_fam_num2str:string(family:long)
Namefunction::sock_fam_str2num - Given a protocol family name (string), return the corresponding Synopsisfunction sock_fam_str2num:long(family:string)
Namefunction::sock_state_num2str - Given a socket state number, return a string representation. Synopsisfunction sock_state_num2str:string(state:long)
Namefunction::sock_state_str2num - Given a socket state string, return the corresponding state number. Synopsisfunction sock_state_str2num:long(state:string) Chapter 13. Kernel Process Tapset- probe::kprocess.create - Fires whenever a new process is successfully created
- probe::kprocess.start - Starting new process
- probe::kprocess.exec - Attempt to exec to a new program
- probe::kprocess.exec_complete - Return from exec to a new program
- probe::kprocess.exit - Exit from process
- probe::kprocess.release - Process released
This family of probe points is used to probe process-related activities. It contains the following probe points: Nameprobe::kprocess.create - Fires whenever a new process is successfully created Valuesnew_pidThe PID of the newly created process
ContextParent of the created process. DescriptionFires whenever a new process is successfully created, either as a result of fork (or one of its syscall variants), or a new kernel thread.
Nameprobe::kprocess.start - Starting new process DescriptionFires immediately before a new process begins execution.
Nameprobe::kprocess.exec - Attempt to exec to a new program ValuesfilenameThe path to the new executable
DescriptionFires whenever a process attempts to exec to a new program.
Nameprobe::kprocess.exec_complete - Return from exec to a new program Synopsiskprocess.exec_complete ValuessuccessA boolean indicating whether the exec was successful errnoThe error number resulting from the exec
ContextOn success, the context of the new executable. On failure, remains in the context of the caller. DescriptionFires at the completion of an exec call.
Nameprobe::kprocess.exit - Exit from process ValuescodeThe exit code of the process
ContextThe process which is terminating. DescriptionFires when a process terminates. This will always be followed by a kprocess.release, though the latter may be delayed if the process waits in a zombie state.
Nameprobe::kprocess.release - Process released ValuespidPID of the process being released taskA task handle to the process being released
ContextThe context of the parent, if it wanted notification of this process' termination, else the context of the process itself. DescriptionFires when a process is released from the kernel. This always follows a kprocess.exit, though it may be delayed somewhat if the process waits in a zombie state. |
| |
|
