Message ID | 202402271050366715988@zte.com.cn |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel+bounces-82631-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id bq27csp2459636dyb; Mon, 26 Feb 2024 18:58:32 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWPeXuJJlp6QWAfbJ5UGopDRccbGRDReZmFw+m9ZxXIySQOHnDjTKoh8qyhsxu8F2xxw+Xv8MHVC2NZjEgW8AG2N6TQNw== X-Google-Smtp-Source: AGHT+IHsW8f+9Gq/T+0sA00RPnLvNq8BExiUFULzwlXsTaJQm4cPZ8js7NI55W2c4b7HNrbmys/i X-Received: by 2002:a25:bc85:0:b0:dcb:ccf3:b69 with SMTP id e5-20020a25bc85000000b00dcbccf30b69mr1057525ybk.35.1709002712647; Mon, 26 Feb 2024 18:58:32 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709002712; cv=pass; d=google.com; s=arc-20160816; b=qJEPBgGPsFooFlZfXosaFrubzaRfXic4riOCQIF2brHXF2HG+Mrz+fJyVhXSZ48O3J 0cRJrul/NheYOmrvAUPRz5GtoGx6BfEWRK2Ygw8X0XWabCvwj/sA+8dUb1er0eUHlnmO MohSbJ07kSBgm3Xo23iZewFn93txlTNio0bjjO/mZYsOqGrhOJoj/koI5VUtWRFSUmPy Nf+6iviqUzEn2gnh+03nLNiI2OzS9Emx0pPX6LQHrFpH+W9fEbyGHUWBz0Drzib0naq7 gmr0XFpg7Hp6Vx61wzZAI/MhwCoh3v1tabEGCAWKlMIEQ0N2PRiqrrn+DI6t9j9+2G3i Ixow== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:cc:to:from:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:date; bh=bOfYOjmv91Fe9XchjNYZtGgBI7ThEgeKUrwmZfR5FFk=; fh=F+6RK3muUIgj50sc6QhA3KLN5auuWXsmXirdvwwYhQg=; b=iWDj5xdMvtroE6DFIBNtlEh6vDpETg1q1uOHpVTHvJlQ6YeyNIDlXt9x3xV2yapCgl JbpKJeL9yiUYeRPy+FjHqom4wVeZyuFEHjbPaLmpSdkxOLxq5eDHBBfqTX06T260YSmM SKC9ZXsxFxYXCLyKm2r30hoaPPoK5vMnTrCUfosVcH3y5rQiffilFWEKvSPudOSk+QZj F/dEWAkS3XwazXLueW6yIukRKA9Jd+vvB0YEp/2E3ghs+d2HXkbaQ66/3QEG6qJ29Ksw 4kPb1rqeSXth/Q2Y4A/+yIYOvyx2LXiPGyDWPnVf0VQE7wx8EWUlmtPU7Wrth3t2/Koz mQvw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=zte.com.cn dmarc=pass fromdomain=zte.com.cn); spf=pass (google.com: domain of linux-kernel+bounces-82631-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82631-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zte.com.cn Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id q141-20020a632a93000000b005dc4e7d879csi4739333pgq.66.2024.02.26.18.58.32 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 18:58:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-82631-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=zte.com.cn dmarc=pass fromdomain=zte.com.cn); spf=pass (google.com: domain of linux-kernel+bounces-82631-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82631-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=zte.com.cn Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 50C4F282982 for <ouuuleilei@gmail.com>; Tue, 27 Feb 2024 02:58:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 546A51DA2E; Tue, 27 Feb 2024 02:58:16 +0000 (UTC) Received: from mxct.zte.com.cn (mxct.zte.com.cn [58.251.27.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82373610D; Tue, 27 Feb 2024 02:58:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=58.251.27.85 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709002694; cv=none; b=XNIJE4rGMdAzCe4cbsGIot1HsuDNZvtaNaKa1VQMgapl+Yc6yxP7duSz9nPfeqXzePRMr9yCzOSJTw6zCG+pT16M3BYcPSH7B83CTdlytbvxKfseMXVu26AEtstCqwopjDh2cAGn7UEgqFrWXQLU/LoXE/aVO5jMLHv8j9+3/bg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709002694; c=relaxed/simple; bh=AaZ7qsvOSZA9cbUPNq84VziHt8N0O2Mp93ysaLF45VM=; h=Date:Message-ID:Mime-Version:From:To:Cc:Subject:Content-Type; b=D2Tq0I5JA7WDgiJmLj3Km47ywXHcyCTNHRoaIlsC4iQVWzRFQ4xPZAbjkelhRwiUrfUMhgDnw6Bo7Gex8NzeCERhTf0WGeh4Oo6bSUORRQyet9wTTECGXUsMuHbeYM0CUU67jv87snIjqaZKhXOJXDr2ZGC7ZZBpX31AH1d95QQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zte.com.cn; spf=pass smtp.mailfrom=zte.com.cn; arc=none smtp.client-ip=58.251.27.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zte.com.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zte.com.cn Received: from mxde.zte.com.cn (unknown [10.35.20.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxct.zte.com.cn (FangMail) with ESMTPS id 4TkMSC0LSwzCh15; Tue, 27 Feb 2024 10:51:07 +0800 (CST) Received: from mxhk.zte.com.cn (unknown [192.168.250.137]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mxde.zte.com.cn (FangMail) with ESMTPS id 4TkMS20jVpzCHrX8; Tue, 27 Feb 2024 10:50:58 +0800 (CST) Received: from mse-fl1.zte.com.cn (unknown [10.5.228.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxhk.zte.com.cn (FangMail) with ESMTPS id 4TkMRp0Q4Sz8XrRN; Tue, 27 Feb 2024 10:50:46 +0800 (CST) Received: from xaxapp01.zte.com.cn ([10.88.99.176]) by mse-fl1.zte.com.cn with SMTP id 41R2oZRh081486; Tue, 27 Feb 2024 10:50:35 +0800 (+08) (envelope-from xu.xin16@zte.com.cn) Received: from mapi (xaxapp03[null]) by mapi (Zmail) with MAPI id mid32; Tue, 27 Feb 2024 10:50:36 +0800 (CST) Date: Tue, 27 Feb 2024 10:50:36 +0800 (CST) X-Zmail-TransId: 2afb65dd4dfc2c8-53c3e X-Mailer: Zmail v1.0 Message-ID: <202402271050366715988@zte.com.cn> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> Mime-Version: 1.0 From: <xu.xin16@zte.com.cn> To: <davem@davemloft.net> Cc: <rostedt@goodmis.org>, <mhiramat@kernel.org>, <dsahern@kernel.org>, <edumazet@google.com>, <kuba@kernel.org>, <linux-kernel@vger.kernel.org>, <linux-trace-kernel@vger.kernel.org>, <netdev@vger.kernel.org>, <yang.yang29@zte.com.cn>, <xu.xin16@zte.com.cn>, <he.peilin@zte.com.cn>, <liu.chun2@zte.com.cn>, <jiang.xuexin@zte.com.cn>, <zhang.yunkai@zte.com.cn> Subject: =?utf-8?q?=5BPATCH=5D_net/ipv4=3A_add_tracepoint_for_icmp=5Fsend?= Content-Type: text/plain; charset="UTF-8" X-MAIL: mse-fl1.zte.com.cn 41R2oZRh081486 X-Fangmail-Gw-Spam-Type: 0 X-Fangmail-Anti-Spam-Filtered: true X-Fangmail-MID-QID: 65DD4E19.000/4TkMSC0LSwzCh15 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1792019228798980764 X-GMAIL-MSGID: 1792019228798980764 |
Series |
net/ipv4: add tracepoint for icmp_send
|
|
Commit Message
xu.xin16@zte.com.cn
Feb. 27, 2024, 2:50 a.m. UTC
From: xu xin <xu.xin16@zte.com.cn> Introduce a tracepoint for icmp_send, which can help users to get more detail information conveniently when icmp abnormal events happen. 1. Giving an usecase example: ============================= When an application experiences packet loss due to an unreachable UDP destination port, the kernel will send an exception message through the icmp_send function. By adding a trace point for icmp_send, developers or system administrators can obtain the detailed information easily about the UDP packet loss, including the type, code, source address, destination address, source port, and destination port. This facilitates the trouble-shooting of packet loss issues especially for those complicated network-service applications. 2. Operation Instructions: ========================== Switch to the tracing directory. cd /sys/kernel/debug/tracing Filter for destination port unreachable. echo "type==3 && code==3" > events/icmp/icmp_send/filter Enable trace event. echo 1 > events/icmp/icmp_send/enable 3. Result View: ================ udp_client_erro-11370 [002] ...s.12 124.728002: icmp_send: icmp_send: type=3, code=3.From 127.0.0.1:41895 to 127.0.0.1:6666 ulen=23 skbaddr=00000000589b167a Signed-off-by: He Peilin <he.peilin@zte.com.cn> Reviewed-by: xu xin <xu.xin16@zte.com.cn> Reviewed-by: Yunkai Zhang <zhang.yunkai@zte.com.cn> Cc: Yang Yang <yang.yang29@zte.com.cn> Cc: Liu Chun <liu.chun2@zte.com.cn> Cc: Xuexin Jiang <jiang.xuexin@zte.com.cn> --- include/trace/events/icmp.h | 57 +++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/icmp.c | 4 ++++ 2 files changed, 61 insertions(+) create mode 100644 include/trace/events/icmp.h
Comments
On Tue, Feb 27, 2024 at 3:50 AM <xu.xin16@zte.com.cn> wrote: > > From: xu xin <xu.xin16@zte.com.cn> > > Introduce a tracepoint for icmp_send, which can help users to get more > detail information conveniently when icmp abnormal events happen. > > 1. Giving an usecase example: > ============================= > When an application experiences packet loss due to an unreachable UDP > destination port, the kernel will send an exception message through the > icmp_send function. By adding a trace point for icmp_send, developers or > system administrators can obtain the detailed information easily about the > UDP packet loss, including the type, code, source address, destination > address, source port, and destination port. This facilitates the > trouble-shooting of packet loss issues especially for those complicated > network-service applications. > > 2. Operation Instructions: > ========================== > Switch to the tracing directory. > cd /sys/kernel/debug/tracing > Filter for destination port unreachable. > echo "type==3 && code==3" > events/icmp/icmp_send/filter > Enable trace event. > echo 1 > events/icmp/icmp_send/enable > > 3. Result View: > ================ > udp_client_erro-11370 [002] ...s.12 124.728002: icmp_send: > icmp_send: type=3, code=3.From 127.0.0.1:41895 to 127.0.0.1:6666 ulen=23 > skbaddr=00000000589b167a > > Signed-off-by: He Peilin <he.peilin@zte.com.cn> > Reviewed-by: xu xin <xu.xin16@zte.com.cn> > Reviewed-by: Yunkai Zhang <zhang.yunkai@zte.com.cn> > Cc: Yang Yang <yang.yang29@zte.com.cn> > Cc: Liu Chun <liu.chun2@zte.com.cn> > Cc: Xuexin Jiang <jiang.xuexin@zte.com.cn> > --- > include/trace/events/icmp.h | 57 +++++++++++++++++++++++++++++++++++++++++++++ > net/ipv4/icmp.c | 4 ++++ > 2 files changed, 61 insertions(+) > create mode 100644 include/trace/events/icmp.h > > diff --git a/include/trace/events/icmp.h b/include/trace/events/icmp.h > new file mode 100644 > index 000000000000..3d9af5769bc3 > --- /dev/null > +++ b/include/trace/events/icmp.h > @@ -0,0 +1,57 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#undef TRACE_SYSTEM > +#define TRACE_SYSTEM icmp > + > +#if !defined(_TRACE_ICMP_H) || defined(TRACE_HEADER_MULTI_READ) > +#define _TRACE_ICMP_H > + > +#include <linux/icmp.h> > +#include <linux/tracepoint.h> > + > +TRACE_EVENT(icmp_send, > + > + TP_PROTO(const struct sk_buff *skb, int type, int code), > + > + TP_ARGS(skb, type, code), > + > + TP_STRUCT__entry( > + __field(__u16, sport) > + __field(__u16, dport) > + __field(unsigned short, ulen) > + __field(const void *, skbaddr) > + __field(int, type) > + __field(int, code) > + __array(__u8, saddr, 4) > + __array(__u8, daddr, 4) > + ), > + > + TP_fast_assign( > + // Get UDP header > + struct udphdr *uh = udp_hdr(skb); > + struct iphdr *iph = ip_hdr(skb); > + __be32 *p32; > + > + __entry->sport = ntohs(uh->source); > + __entry->dport = ntohs(uh->dest); > + __entry->ulen = ntohs(uh->len); > + __entry->skbaddr = skb; > + __entry->type = type; > + __entry->code = code; > + > + p32 = (__be32 *) __entry->saddr; > + *p32 = iph->saddr; > + > + p32 = (__be32 *) __entry->daddr; > + *p32 = iph->daddr; > + ), > + FYI, ICMP can be generated for many other protocols than UDP. > + TP_printk("icmp_send: type=%d, code=%d. From %pI4:%u to %pI4:%u ulen=%d skbaddr=%p", > + __entry->type, __entry->code, > + __entry->saddr, __entry->sport, __entry->daddr, > + __entry->dport, __entry->ulen, __entry->skbaddr) > +); > + > +#endif /* _TRACE_ICMP_H */ > + > +/* This part must be outside protection */ > +#include <trace/define_trace.h> > diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c > index e63a3bf99617..437bdb7e2650 100644 > --- a/net/ipv4/icmp.c > +++ b/net/ipv4/icmp.c > @@ -92,6 +92,8 @@ > #include <net/inet_common.h> > #include <net/ip_fib.h> > #include <net/l3mdev.h> > +#define CREATE_TRACE_POINTS > +#include <trace/events/icmp.h> > > /* > * Build xmit assembly blocks > @@ -599,6 +601,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, > struct net *net; > struct sock *sk; > > + trace_icmp_send(skb_in, type, code); I think you missed many sanity checks between lines 622 and 676 Honestly, a kprobe BPF based solution would be less risky, and less maintenance for us.
On Tue, Feb 27, 2024 at 1:49 PM Eric Dumazet <edumazet@google.com> wrote: > > On Tue, Feb 27, 2024 at 3:50 AM <xu.xin16@zte.com.cn> wrote: > > > > From: xu xin <xu.xin16@zte.com.cn> > > > > Introduce a tracepoint for icmp_send, which can help users to get more > > detail information conveniently when icmp abnormal events happen. > > > > 1. Giving an usecase example: > > ============================= > > When an application experiences packet loss due to an unreachable UDP > > destination port, the kernel will send an exception message through the > > icmp_send function. By adding a trace point for icmp_send, developers or > > system administrators can obtain the detailed information easily about the > > UDP packet loss, including the type, code, source address, destination > > address, source port, and destination port. This facilitates the > > trouble-shooting of packet loss issues especially for those complicated > > network-service applications. > > > > 2. Operation Instructions: > > ========================== > > Switch to the tracing directory. > > cd /sys/kernel/debug/tracing > > Filter for destination port unreachable. > > echo "type==3 && code==3" > events/icmp/icmp_send/filter > > Enable trace event. > > echo 1 > events/icmp/icmp_send/enable > > > > 3. Result View: > > ================ > > udp_client_erro-11370 [002] ...s.12 124.728002: icmp_send: > > icmp_send: type=3, code=3.From 127.0.0.1:41895 to 127.0.0.1:6666 ulen=23 > > skbaddr=00000000589b167a > > > > Signed-off-by: He Peilin <he.peilin@zte.com.cn> > > Reviewed-by: xu xin <xu.xin16@zte.com.cn> > > Reviewed-by: Yunkai Zhang <zhang.yunkai@zte.com.cn> > > Cc: Yang Yang <yang.yang29@zte.com.cn> > > Cc: Liu Chun <liu.chun2@zte.com.cn> > > Cc: Xuexin Jiang <jiang.xuexin@zte.com.cn> > > --- > > include/trace/events/icmp.h | 57 +++++++++++++++++++++++++++++++++++++++++++++ > > net/ipv4/icmp.c | 4 ++++ > > 2 files changed, 61 insertions(+) > > create mode 100644 include/trace/events/icmp.h > > > > diff --git a/include/trace/events/icmp.h b/include/trace/events/icmp.h > > new file mode 100644 > > index 000000000000..3d9af5769bc3 > > --- /dev/null > > +++ b/include/trace/events/icmp.h > > @@ -0,0 +1,57 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +#undef TRACE_SYSTEM > > +#define TRACE_SYSTEM icmp > > + > > +#if !defined(_TRACE_ICMP_H) || defined(TRACE_HEADER_MULTI_READ) > > +#define _TRACE_ICMP_H > > + > > +#include <linux/icmp.h> > > +#include <linux/tracepoint.h> > > + > > +TRACE_EVENT(icmp_send, > > + > > + TP_PROTO(const struct sk_buff *skb, int type, int code), > > + > > + TP_ARGS(skb, type, code), > > + > > + TP_STRUCT__entry( > > + __field(__u16, sport) > > + __field(__u16, dport) > > + __field(unsigned short, ulen) > > + __field(const void *, skbaddr) > > + __field(int, type) > > + __field(int, code) > > + __array(__u8, saddr, 4) > > + __array(__u8, daddr, 4) > > + ), > > + > > + TP_fast_assign( > > + // Get UDP header > > + struct udphdr *uh = udp_hdr(skb); > > + struct iphdr *iph = ip_hdr(skb); > > + __be32 *p32; > > + > > + __entry->sport = ntohs(uh->source); > > + __entry->dport = ntohs(uh->dest); > > + __entry->ulen = ntohs(uh->len); > > + __entry->skbaddr = skb; > > + __entry->type = type; > > + __entry->code = code; > > + > > + p32 = (__be32 *) __entry->saddr; > > + *p32 = iph->saddr; > > + > > + p32 = (__be32 *) __entry->daddr; > > + *p32 = iph->daddr; > > + ), > > + > > FYI, ICMP can be generated for many other protocols than UDP. > > > + TP_printk("icmp_send: type=%d, code=%d. From %pI4:%u to %pI4:%u ulen=%d skbaddr=%p", > > + __entry->type, __entry->code, > > + __entry->saddr, __entry->sport, __entry->daddr, > > + __entry->dport, __entry->ulen, __entry->skbaddr) > > +); > > + > > +#endif /* _TRACE_ICMP_H */ > > + > > +/* This part must be outside protection */ > > +#include <trace/define_trace.h> > > diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c > > index e63a3bf99617..437bdb7e2650 100644 > > --- a/net/ipv4/icmp.c > > +++ b/net/ipv4/icmp.c > > @@ -92,6 +92,8 @@ > > #include <net/inet_common.h> > > #include <net/ip_fib.h> > > #include <net/l3mdev.h> > > +#define CREATE_TRACE_POINTS > > +#include <trace/events/icmp.h> > > > > /* > > * Build xmit assembly blocks > > @@ -599,6 +601,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, > > struct net *net; > > struct sock *sk; > > > > + trace_icmp_send(skb_in, type, code); > > I think you missed many sanity checks between lines 622 and 676 [...] > > Honestly, a kprobe BPF based solution would be less risky, and less > maintenance for us. > I agreed. I wonder if we can remove some trace_* at the very beginning of its caller function since they can be easily replaced with bpf tools and then we make less effort to maintain them, say, trace_tcp_probe(), trace_tcp_rcv_space_adjust, etc. Thanks, Jason
On Tue, 27 Feb 2024 10:50:36 +0800 (CST) <xu.xin16@zte.com.cn> wrote: > include/trace/events/icmp.h | 57 +++++++++++++++++++++++++++++++++++++++++++++ > net/ipv4/icmp.c | 4 ++++ > 2 files changed, 61 insertions(+) > create mode 100644 include/trace/events/icmp.h > > diff --git a/include/trace/events/icmp.h b/include/trace/events/icmp.h > new file mode 100644 > index 000000000000..3d9af5769bc3 > --- /dev/null > +++ b/include/trace/events/icmp.h > @@ -0,0 +1,57 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#undef TRACE_SYSTEM > +#define TRACE_SYSTEM icmp > + > +#if !defined(_TRACE_ICMP_H) || defined(TRACE_HEADER_MULTI_READ) > +#define _TRACE_ICMP_H > + > +#include <linux/icmp.h> > +#include <linux/tracepoint.h> > + > +TRACE_EVENT(icmp_send, > + > + TP_PROTO(const struct sk_buff *skb, int type, int code), > + > + TP_ARGS(skb, type, code), > + > + TP_STRUCT__entry( > + __field(__u16, sport) 2 bytes > + __field(__u16, dport) 2 bytes > + __field(unsigned short, ulen) 2 bytes [ 2 byte hole for alignment ] > + __field(const void *, skbaddr) 4/8 bytes It's best to keep the holes at the end of the TP_STRUCT__entry(). That is, I would move ulen to the end of the structure. It doesn't affect anything else. -- Steve > + __field(int, type) > + __field(int, code) > + __array(__u8, saddr, 4) > + __array(__u8, daddr, 4) > + ), > + > + TP_fast_assign( > + // Get UDP header > + struct udphdr *uh = udp_hdr(skb); > + struct iphdr *iph = ip_hdr(skb); > + __be32 *p32; > + > + __entry->sport = ntohs(uh->source); > + __entry->dport = ntohs(uh->dest); > + __entry->ulen = ntohs(uh->len); > + __entry->skbaddr = skb; > + __entry->type = type; > + __entry->code = code; > + > + p32 = (__be32 *) __entry->saddr; > + *p32 = iph->saddr; > + > + p32 = (__be32 *) __entry->daddr; > + *p32 = iph->daddr; > + ), > + > + TP_printk("icmp_send: type=%d, code=%d. From %pI4:%u to %pI4:%u ulen=%d skbaddr=%p", > + __entry->type, __entry->code, > + __entry->saddr, __entry->sport, __entry->daddr, > + __entry->dport, __entry->ulen, __entry->skbaddr) > +); > + > +#endif /* _TRACE_ICMP_H */ > + > +/* This part must be outside protection */ > +#include <trace/define_trace.h> > diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c > index e63a3bf99617..437bdb7e2650 100644 > --- a/net/ipv4/icmp.c > +++ b/net/ipv4/icmp.c > @@ -92,6 +92,8 @@ > #include <net/inet_common.h> > #include <net/ip_fib.h> > #include <net/l3mdev.h> > +#define CREATE_TRACE_POINTS > +#include <trace/events/icmp.h> > > /* > * Build xmit assembly blocks > @@ -599,6 +601,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, > struct net *net; > struct sock *sk; > > + trace_icmp_send(skb_in, type, code); > + > if (!rt) > goto out; >
> > include/trace/events/icmp.h | 57 +++++++++++++++++++++++++++++++++++++++++++++ > > net/ipv4/icmp.c | 4 ++++ > > 2 files changed, 61 insertions(+) > > create mode 100644 include/trace/events/icmp.h > > > > diff --git a/include/trace/events/icmp.h b/include/trace/events/icmp.h > > new file mode 100644 > > index 000000000000..3d9af5769bc3 > > --- /dev/null > > +++ b/include/trace/events/icmp.h > > @@ -0,0 +1,57 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +#undef TRACE_SYSTEM > > +#define TRACE_SYSTEM icmp > > + > > +#if !defined(_TRACE_ICMP_H) || defined(TRACE_HEADER_MULTI_READ) > > +#define _TRACE_ICMP_H > > + > > +#include <linux/icmp.h> > > +#include <linux/tracepoint.h> > > + > > +TRACE_EVENT(icmp_send, > > + > > + TP_PROTO(const struct sk_buff *skb, int type, int code), > > + > > + TP_ARGS(skb, type, code), > > + > > + TP_STRUCT__entry( > > + __field(__u16, sport) > > + __field(__u16, dport) > > + __field(unsigned short, ulen) > > + __field(const void *, skbaddr) > > + __field(int, type) > > + __field(int, code) > > + __array(__u8, saddr, 4) > > + __array(__u8, daddr, 4) > > + ), > > + > > + TP_fast_assign( > > + // Get UDP header > > + struct udphdr *uh = udp_hdr(skb); > > + struct iphdr *iph = ip_hdr(skb); > > + __be32 *p32; > > + > > + __entry->sport = ntohs(uh->source); > > + __entry->dport = ntohs(uh->dest); > > + __entry->ulen = ntohs(uh->len); > > + __entry->skbaddr = skb; > > + __entry->type = type; > > + __entry->code = code; > > + > > + p32 = (__be32 *) __entry->saddr; > > + *p32 = iph->saddr; > > + > > + p32 = (__be32 *) __entry->daddr; > > + *p32 = iph->daddr; > > + ), > > + > > FYI, ICMP can be generated for many other protocols than UDP. We have noted this issue. Therefore, a UDP judgment confition has been added in TP_fast_assign.This condition will only track abnormal messages when icmp_send is called with the UDP protocol. Otherwise, it will simply print the abnormal type and code. As follows: if(proto_4 == IPPROTO_UDP) { struct udphdr *uh = udp_hdr(skb); __entry->sport = nthos(uh->source); __entry_dport = nthos(uh->dest); __entry->ulen = nthos(uh->len); } else { __entry->sport = 0; __entry_dport = 0; __entry->ulen = 0; } > > > + TP_printk("icmp_send: type=%d, code=%d. From %pI4:%u to %pI4:%u ulen=%d skbaddr=%p", > > + __entry->type, __entry->code, > > + __entry->saddr, __entry->sport, __entry->daddr, > > + __entry->dport, __entry->ulen, __entry->skbaddr) > > +); > > + > > +#endif /* _TRACE_ICMP_H */ > > + > > +/* This part must be outside protection */ > > +#include <trace/define_trace.h> > > diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c > > index e63a3bf99617..437bdb7e2650 100644 > > --- a/net/ipv4/icmp.c > > +++ b/net/ipv4/icmp.c > > @@ -92,6 +92,8 @@ > > #include <net/inet_common.h> > > #include <net/ip_fib.h> > > #include <net/l3mdev.h> > > +#define CREATE_TRACE_POINTS > > +#include <trace/events/icmp.h> > > > > /* > > * Build xmit assembly blocks > > @@ -599,6 +601,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, > > struct net *net; > > struct sock *sk; > > > > + trace_icmp_send(skb_in, type, code); > > I think you missed many sanity checks between lines 622 and 676 Thank you for the reminder. The next step is to move the trace point to line 676. > Honestly, a kprobe BPF based solution would be less risky, and less > maintenance for us. emm, yeah, but tracepoints has advantages on its convienice, especially for those Embedded Linux which doesn't support EBPF.
> > include/trace/events/icmp.h | 57 +++++++++++++++++++++++++++++++++++++++++++++ > > net/ipv4/icmp.c | 4 ++++ > > 2 files changed, 61 insertions(+) > > create mode 100644 include/trace/events/icmp.h > > > > diff --git a/include/trace/events/icmp.h b/include/trace/events/icmp.h > > new file mode 100644 > > index 000000000000..3d9af5769bc3 > > --- /dev/null > > +++ b/include/trace/events/icmp.h > > @@ -0,0 +1,57 @@ > > +/* SPDX-License-Identifier: GPL-2.0 */ > > +#undef TRACE_SYSTEM > > +#define TRACE_SYSTEM icmp > > + > > +#if !defined(_TRACE_ICMP_H) || defined(TRACE_HEADER_MULTI_READ) > > +#define _TRACE_ICMP_H > > + > > +#include <linux/icmp.h> > > +#include <linux/tracepoint.h> > > + > > +TRACE_EVENT(icmp_send, > > + > > + TP_PROTO(const struct sk_buff *skb, int type, int code), > > + > > + TP_ARGS(skb, type, code), > > + > > + TP_STRUCT__entry( > > + __field(__u16, sport) > > 2 bytes > > > + __field(__u16, dport) > > 2 bytes > > > + __field(unsigned short, ulen) > > 2 bytes > > [ 2 byte hole for alignment ] > > > + __field(const void *, skbaddr) > > 4/8 bytes > > It's best to keep the holes at the end of the TP_STRUCT__entry(). > > That is, I would move ulen to the end of the structure. It doesn't affect > anything else. > > -- Steve Thank you for pointing that out. The next step is to move __field(unsigned short, ulen) to the end of TP_STRUCT__entry(). > > > + __field(int, type) > > + __field(int, code) > > + __array(__u8, saddr, 4) > > + __array(__u8, daddr, 4) > > + ), > > + > > + TP_fast_assign( > > + // Get UDP header > > + struct udphdr *uh = udp_hdr(skb); > > + struct iphdr *iph = ip_hdr(skb); > > + __be32 *p32; > > + > > + __entry->sport = ntohs(uh->source); > > + __entry->dport = ntohs(uh->dest); > > + __entry->ulen = ntohs(uh->len); > > + __entry->skbaddr = skb; > > + __entry->type = type; > > + __entry->code = code; > > + > > + p32 = (__be32 *) __entry->saddr; > > + *p32 = iph->saddr; > > + > > + p32 = (__be32 *) __entry->daddr; > > + *p32 = iph->daddr; > > + ), > > + > > + TP_printk("icmp_send: type=%d, code=%d. From %pI4:%u to %pI4:%u ulen=%d skbaddr=%p", > > + __entry->type, __entry->code, > > + __entry->saddr, __entry->sport, __entry->daddr, > > + __entry->dport, __entry->ulen, __entry->skbaddr) > > +); > > + > > +#endif /* _TRACE_ICMP_H */ > > + > > +/* This part must be outside protection */ > > +#include <trace/define_trace.h> > > diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c > > index e63a3bf99617..437bdb7e2650 100644 > > --- a/net/ipv4/icmp.c > > +++ b/net/ipv4/icmp.c > > @@ -92,6 +92,8 @@ > > #include <net/inet_common.h> > > #include <net/ip_fib.h> > > #include <net/l3mdev.h> > > +#define CREATE_TRACE_POINTS > > +#include <trace/events/icmp.h> > > > > /* > > * Build xmit assembly blocks > > @@ -599,6 +601,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, > > struct net *net; > > struct sock *sk; > > > > + trace_icmp_send(skb_in, type, code); > > + > > if (!rt) > > goto out; > >
diff --git a/include/trace/events/icmp.h b/include/trace/events/icmp.h new file mode 100644 index 000000000000..3d9af5769bc3 --- /dev/null +++ b/include/trace/events/icmp.h @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#undef TRACE_SYSTEM +#define TRACE_SYSTEM icmp + +#if !defined(_TRACE_ICMP_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_ICMP_H + +#include <linux/icmp.h> +#include <linux/tracepoint.h> + +TRACE_EVENT(icmp_send, + + TP_PROTO(const struct sk_buff *skb, int type, int code), + + TP_ARGS(skb, type, code), + + TP_STRUCT__entry( + __field(__u16, sport) + __field(__u16, dport) + __field(unsigned short, ulen) + __field(const void *, skbaddr) + __field(int, type) + __field(int, code) + __array(__u8, saddr, 4) + __array(__u8, daddr, 4) + ), + + TP_fast_assign( + // Get UDP header + struct udphdr *uh = udp_hdr(skb); + struct iphdr *iph = ip_hdr(skb); + __be32 *p32; + + __entry->sport = ntohs(uh->source); + __entry->dport = ntohs(uh->dest); + __entry->ulen = ntohs(uh->len); + __entry->skbaddr = skb; + __entry->type = type; + __entry->code = code; + + p32 = (__be32 *) __entry->saddr; + *p32 = iph->saddr; + + p32 = (__be32 *) __entry->daddr; + *p32 = iph->daddr; + ), + + TP_printk("icmp_send: type=%d, code=%d. From %pI4:%u to %pI4:%u ulen=%d skbaddr=%p", + __entry->type, __entry->code, + __entry->saddr, __entry->sport, __entry->daddr, + __entry->dport, __entry->ulen, __entry->skbaddr) +); + +#endif /* _TRACE_ICMP_H */ + +/* This part must be outside protection */ +#include <trace/define_trace.h> diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index e63a3bf99617..437bdb7e2650 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -92,6 +92,8 @@ #include <net/inet_common.h> #include <net/ip_fib.h> #include <net/l3mdev.h> +#define CREATE_TRACE_POINTS +#include <trace/events/icmp.h> /* * Build xmit assembly blocks @@ -599,6 +601,8 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, struct net *net; struct sock *sk; + trace_icmp_send(skb_in, type, code); + if (!rt) goto out;