1/* 2 * tcpprobe - Observe the TCP flow with kprobes. 3 * 4 * The idea for this came from Werner Almesberger's umlsim 5 * Copyright (C) 2004, Stephen Hemminger <shemminger@osdl.org> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20 */ 21 22#include <linux/kernel.h> 23#include <linux/kprobes.h> 24#include <linux/socket.h> 25#include <linux/tcp.h> 26#include <linux/proc_fs.h> 27#include <linux/module.h> 28#include <linux/kfifo.h> 29#include <linux/ktime.h> 30#include <linux/time.h> 31#include <linux/vmalloc.h> 32 33#include <net/tcp.h> 34 35MODULE_AUTHOR("Stephen Hemminger <shemminger@linux-foundation.org>"); 36MODULE_DESCRIPTION("TCP cwnd snooper"); 37MODULE_LICENSE("GPL"); 38 39static int port __read_mostly = 0; 40MODULE_PARM_DESC(port, "Port to match (0=all)"); 41module_param(port, int, 0); 42 43static int bufsize __read_mostly = 64*1024; 44MODULE_PARM_DESC(bufsize, "Log buffer size (default 64k)"); 45module_param(bufsize, int, 0); 46 47static int full __read_mostly; 48MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)"); 49module_param(full, int, 0); 50 51static const char procname[] = "tcpprobe"; 52 53struct { 54 struct kfifo *fifo; 55 spinlock_t lock; 56 wait_queue_head_t wait; 57 ktime_t start; 58 u32 lastcwnd; 59} tcpw; 60 61static void printl(const char *fmt, ...) 62 __attribute__ ((format (printf, 1, 2))); 63 64static void printl(const char *fmt, ...) 65{ 66 va_list args; 67 int len; 68 struct timespec tv; 69 char tbuf[256]; 70 71 va_start(args, fmt); 72 /* want monotonic time since start of tcp_probe */ 73 tv = ktime_to_timespec(ktime_sub(ktime_get(), tcpw.start)); 74 75 len = sprintf(tbuf, "%lu.%09lu ", 76 (unsigned long) tv.tv_sec, (unsigned long) tv.tv_nsec); 77 len += vscnprintf(tbuf+len, sizeof(tbuf)-len, fmt, args); 78 va_end(args); 79 80 kfifo_put(tcpw.fifo, tbuf, len); 81 wake_up(&tcpw.wait); 82} 83 84/* 85 * Hook inserted to be called before each receive packet. 86 * Note: arguments must match tcp_rcv_established()! 87 */ 88static int jtcp_rcv_established(struct sock *sk, struct sk_buff *skb, 89 struct tcphdr *th, unsigned len) 90{ 91 const struct tcp_sock *tp = tcp_sk(sk); 92 const struct inet_sock *inet = inet_sk(sk); 93 94 /* Only update if port matches */ 95 if ((port == 0 || ntohs(inet->dport) == port || ntohs(inet->sport) == port) 96 && (full || tp->snd_cwnd != tcpw.lastcwnd)) { 97 printl("%d.%d.%d.%d:%u %d.%d.%d.%d:%u %d %#x %#x %u %u %u %u\n", 98 NIPQUAD(inet->saddr), ntohs(inet->sport), 99 NIPQUAD(inet->daddr), ntohs(inet->dport), 100 skb->len, tp->snd_nxt, tp->snd_una, 101 tp->snd_cwnd, tcp_current_ssthresh(sk), 102 tp->snd_wnd, tp->srtt >> 3); 103 tcpw.lastcwnd = tp->snd_cwnd; 104 } 105 106 jprobe_return(); 107 return 0; 108} 109 110static struct jprobe tcp_probe = { 111 .kp = { 112 .symbol_name = "tcp_rcv_established", 113 }, 114 .entry = JPROBE_ENTRY(jtcp_rcv_established), 115}; 116 117 118static int tcpprobe_open(struct inode * inode, struct file * file) 119{ 120 kfifo_reset(tcpw.fifo); 121 tcpw.start = ktime_get(); 122 return 0; 123} 124 125static ssize_t tcpprobe_read(struct file *file, char __user *buf, 126 size_t len, loff_t *ppos) 127{ 128 int error = 0, cnt = 0; 129 unsigned char *tbuf; 130 131 if (!buf || len < 0) 132 return -EINVAL; 133 134 if (len == 0) 135 return 0; 136 137 tbuf = vmalloc(len); 138 if (!tbuf) 139 return -ENOMEM; 140 141 error = wait_event_interruptible(tcpw.wait, 142 __kfifo_len(tcpw.fifo) != 0); 143 if (error) 144 goto out_free; 145 146 cnt = kfifo_get(tcpw.fifo, tbuf, len); 147 error = copy_to_user(buf, tbuf, cnt); 148 149out_free: 150 vfree(tbuf); 151 152 return error ? error : cnt; 153} 154 155static const struct file_operations tcpprobe_fops = { 156 .owner = THIS_MODULE, 157 .open = tcpprobe_open, 158 .read = tcpprobe_read, 159}; 160 161static __init int tcpprobe_init(void) 162{ 163 int ret = -ENOMEM; 164 165 init_waitqueue_head(&tcpw.wait); 166 spin_lock_init(&tcpw.lock); 167 tcpw.fifo = kfifo_alloc(bufsize, GFP_KERNEL, &tcpw.lock); 168 if (IS_ERR(tcpw.fifo)) 169 return PTR_ERR(tcpw.fifo); 170 171 if (!proc_net_fops_create(procname, S_IRUSR, &tcpprobe_fops)) 172 goto err0; 173 174 ret = register_jprobe(&tcp_probe); 175 if (ret) 176 goto err1; 177 178 pr_info("TCP watch registered (port=%d)\n", port); 179 return 0; 180 err1: 181 proc_net_remove(procname); 182 err0: 183 kfifo_free(tcpw.fifo); 184 return ret; 185} 186module_init(tcpprobe_init); 187 188static __exit void tcpprobe_exit(void) 189{ 190 kfifo_free(tcpw.fifo); 191 proc_net_remove(procname); 192 unregister_jprobe(&tcp_probe); 193 194} 195module_exit(tcpprobe_exit); 196