FreeBSD dwatch profile: gource-net-raw

1. # -*- tab-width: 4 -*- ;; Emacs
2. # vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
3. ############################################################ IDENT(1)
4. #
5. # $Title: dwatch(8) gource module for network activity $
6. # $Copyright: 2014-2018 Devin Teske. All rights reserved. $
7. # $FrauBSD$
8. #
9. ############################################################ DESCRIPTION
10. #
11. # Produce gource custom log format for network activity
12. #
13. ############################################################ PROBE
14.  
15. : ${PROBE:=$( echo \
16.     tcp:::debug-user, \
17.     udp:::send, \
18.     fbt::soreceive_dgram:entry )}
19.  
20. ############################################################ EVENT ACTION
21.  
22. EVENT_TEST='this->event != ""'
23.  
24. ############################################################ ACTIONS
25.  
26. exec 9<<EOF
27. this string details;
28. this string event;
29. this string family;
30. this string local;
31. this string remote;
32. this u_char local6;
33. this u_char remote6;
34. this uint16_t   lport;
35. this uint16_t   rport;
36. this uint32_t   length;
37.  
38. struct socket * urecv_socket;
39. struct inpcb *  urecv_inpcb;
40. string      urecv_local;
41. string      urecv_remote;
42. u_char      urecv_local6;
43. u_char      urecv_remote6;
44. uint16_t    urecv_lport;
45. uint16_t    urecv_rport;
46. uint32_t    urecv_length;
47.  
48. /****************************** TCP ******************************/
49.  
50. tcp:::send,
51. tcp:::receive /* probe ID $ID */
52. {${TRACE:+
53.     printf("<$ID>");}
54.         this->length = (uint32_t)args[2]->ip_plength -
55.                 (uint8_t)args[4]->tcp_offset;
56. }
57.  
58. tcp:::debug-user /* probe ID $(( $ID + 1 )) */
59. {${TRACE:+
60.     printf("<$(( $ID + 1 ))>");
61. }
62.     /*
63.      * tcpsinfo_t *
64.      */
65.     this->local  = args[0]->tcps_laddr;
66.     this->lport  = args[0]->tcps_lport;
67.     this->remote = args[0]->tcps_raddr;
68.     this->rport  = args[0]->tcps_rport;
69.  
70.     /*
71.      * IPv6 support
72.      */
73.     this->local6 = strstr(this->local, ":") != NULL ? 1 : 0;
74.     this->remote6 = strstr(this->remote, ":") != NULL ? 1 : 0;
75.     this->local = strjoin(strjoin(this->local6 ? "[" : "",
76.         this->local), this->local6 ? "]" : "");
77.     this->remote = strjoin(strjoin(this->remote6 ? "[" : "",
78.         this->remote), this->remote6 ? "]" : "");
79.  
80.     this->family = "tcp";
81.     this->event = prureq_string[arg1];
82.     this->details = this->event == "SEND" || this->event == "RCVD" ?
83.         strjoin(strjoin(" ", lltostr(this->length)),
84.             strjoin(" byte", this->length == 1 ? "" : "s")) : "";
85. }
86.  
87. /****************************** UDP ******************************/
88.  
89. udp:::send /* probe ID $(( $ID + 2 )) */
90. {${TRACE:+
91.     printf("<$(( $ID + 2 ))>");
92. }
93.     /*
94.      * ipinfo_t *
95.      */
96.     this->local  = args[2]->ip_saddr;
97.     this->remote = args[2]->ip_daddr;
98.  
99.     /*
100.      * udpinfo_t *
101.      */
102.     this->length = (uint16_t)args[4]->udp_length;
103.     this->lport  = args[4]->udp_sport;
104.     this->rport  = args[4]->udp_dport;
105.  
106.     /*
107.      * IPv6 support
108.      */
109.     this->local6 = strstr(this->local, ":") != NULL ? 1 : 0;
110.     this->remote6 = strstr(this->remote, ":") != NULL ? 1 : 0;
111.     this->local = strjoin(strjoin(this->local6 ? "[" : "",
112.         this->local), this->local6 ? "]" : "");
113.     this->remote = strjoin(strjoin(this->remote6 ? "[" : "",
114.         this->remote), this->remote6 ? "]" : "");
115.  
116.     this->family = "udp";
117.     this->event = "SEND";
118.     this->details = strjoin(strjoin(" ", lltostr(this->length)),
119.         strjoin(" byte", this->length == 1 ? "" : "s"));
120. }
121.  
122. udp:::receive /* probe ID $(( $ID + 3 )) */
123. {${TRACE:+
124.     printf("<$(( $ID + 3 ))>");
125. }
126.     /*
127.      * csinfo_t *
128.      */
129.     urecv_inpcb = (struct inpcb *)args[1]->cs_cid;
130.     urecv_socket = urecv_inpcb->inp_socket;
131.  
132.     /*
133.      * ipinfo_t *
134.      */
135.     urecv_local  = args[2]->ip_daddr;
136.     urecv_remote = args[2]->ip_saddr;
137.  
138.     /*
139.      * udpinfo_t *
140.      */
141.     urecv_length = (uint16_t)args[4]->udp_length;
142.     urecv_lport  = args[4]->udp_dport;
143.     urecv_rport  = args[4]->udp_sport;
144.  
145.     /*
146.      * IPv6 support
147.      */
148.     urecv_local6 = strstr(urecv_local, ":") != NULL ? 1 : 0;
149.     urecv_remote6 = strstr(urecv_remote, ":") != NULL ? 1 : 0;
150.     urecv_local = strjoin(strjoin(urecv_local6 ? "[" : "",
151.         urecv_local), urecv_local6 ? "]" : "");
152.     urecv_remote = strjoin(strjoin(urecv_remote6 ? "[" : "",
153.         urecv_remote), urecv_remote6 ? "]" : "");
154.  
155. }
156.  
157. fbt::soreceive_dgram:entry /args[0] == urecv_socket/ {
158.     this->local = urecv_local;
159.     this->remote = urecv_remote;
160.     this->length = urecv_length;
161.     this->lport = urecv_lport;
162.     this->rport = urecv_rport;
163.     this->local6 = urecv_local6;
164.     this->remote6 = urecv_remote6;
165.  
166.     this->event = "RCVD";
167.     this->family = "udp";
168.     this->details = strjoin(strjoin(" ", lltostr(this->length)),
169.             strjoin(" byte", this->length == 1 ? "" : "s"));
170. }
171. EOF
172. ACTIONS=$( cat <&9 )
173. ID=$(( $ID + 4 ))
174.  
175. ############################################################ EVENT DETAILS
176.  
177. exec 9<<EOF
178.     /*
179.      * Print path details
180.      */
181.     printf("%u %s %s:%u %s %s:%u%s",
182.         walltimestamp / 1000000000,
183.         this->family,
184.         this->local,
185.         this->lport,
186.         this->event,
187.         this->remote,
188.         this->rport,
189.         this->details);
190.  
191.     this->event = "";
192. EOF
193. EVENT_DETAILS=$( cat <&9 )
194.  
195. ################################################################################
196. # END
197. ################################################################################