Created
August 16, 2016 23:45
-
-
Save brendangregg/eebe3455fd8e528bb14d193a93d43b59 to your computer and use it in GitHub Desktop.
tcp dport fetching with ftrace on linux 3.13 x86_64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using my perf-tools just to wrap ftrace: | |
| # ./perf-tools/bin/kprobe 'p:tcp_v4_connect skc_dport=+2(%si):u16' | |
| Tracing kprobe tcp_v4_connect. Ctrl-C to end. | |
| telnet-9723 [001] d... 62326244.175951: tcp_v4_connect: (tcp_v4_connect+0x0/0x480) skc_dport=1600 | |
| telnet-9725 [001] d... 62326246.502760: tcp_v4_connect: (tcp_v4_connect+0x0/0x480) skc_dport=1700 | |
| telnet-9726 [001] d... 62326247.861937: tcp_v4_connect: (tcp_v4_connect+0x0/0x480) skc_dport=100 | |
| telnet-9727 [001] d... 62326249.220740: tcp_v4_connect: (tcp_v4_connect+0x0/0x480) skc_dport=e803 | |
| Now a crappy ntohs() to process the dport string: | |
| # ./perf-tools/bin/kprobe 'p:tcp_v4_connect skc_dport=+2(%si):u16' | perl -ne 'chomp; if (/.*=(.*)/) { $n = "000" . $1; print "port: " . hex(substr($n, -2, 2) . substr($n, -4, 2)) . "\n"}' | |
| port: 22 | |
| port: 23 | |
| port: 1 | |
| port: 1000 | |
| And that matches my known workload. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment