Skip to content

Instantly share code, notes, and snippets.

Junzhe Lin linjunzhe

  • China
Block or report user

Report or block linjunzhe

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View probe check if syn_queue is full
probe begin {
printf("time (us) \tacceptq\tqmax\tlocal addr\tremote_addr\n")
}
function skb_get_remote_v4addr:string(skb:long)
{
return format_ipaddr(__ip_skb_daddr(__get_skb_iphdr(skb)), 2 /* AF_INET */)
}
function skb_get_remote_port:long(skb:long)
@linjunzhe
linjunzhe / probe tcp_peer_is_proven
Created Nov 29, 2018
when net.ipv4.tcp_tw_recycle is enabled, kernel will check SYN packets using tcp_peer_is_proven. If it return false, kernel will drop the packet https://elixir.bootlin.com/linux/v3.10/source/net/ipv4/tcp_ipv4.c#L1555. This systemtap script will output the last timestamp and the new request timestamp in tcp_peer_is_proven when it return false.
View probe tcp_peer_is_proven
global tm_tcpm_ts
probe begin {
printf("Starting detecting...\n")
}
// $tm can't read in function tcp_peer_is_proven in our envirionment (kernel 3.10.0-693.11.1.el7.x86_64).
// So the alternative way is read it from another function tcpm_check_stamp which is called in tcp_peer_is_proven.
probe kernel.function("tcpm_check_stamp").return {
tm_tcpm_ts = $tm->tcpm_ts;
You can’t perform that action at this time.