xref: /freebsd/share/man/man4/dtrace_ip.4 (revision 1c324569538099af34419e6818fbfde4779efd33)
1.\" Copyright (c) 2015 Mark Johnston <markj@FreeBSD.org>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd September 14, 2015
28.Dt DTRACE_IP 4
29.Os
30.Sh NAME
31.Nm dtrace_ip
32.Nd a DTrace provider for tracing events related to the IPv4 and IPv6 protocols
33.Sh SYNOPSIS
34.Fn ip:::receive "pktinfo_t *" "csinfo_t *" "ipinfo_t *" "ifinfo_t *" \
35    "ipv4info_t *" "ipv6info_t *"
36.Fn ip:::send "pktinfo_t *" "csinfo_t *" "ipinfo_t *" "ifinfo_t *" \
37    "ipv4info_t *" "ipv6info_t *"
38.Sh DESCRIPTION
39The DTrace
40.Nm ip
41provider allows users to trace events in the
42.Xr ip 4
43and
44.Xr ip6 4
45protocol implementations.
46The
47.Fn ip:::send
48probe fires whenever the kernel prepares to transmit an IP packet, and the
49.Fn ip:::receive
50probe fires whenever the kernel receives an IP packet.
51The arguments to these probes can be used to obtain detailed information about
52the IP headers of the corresponding packet, as well as the network interface on
53which the packet was sent or received.
54Unlike the
55.Xr dtrace_tcp 4
56and
57.Xr dtrace_udp 4
58providers,
59.Nm ip
60provider probes are triggered by forwarded packets.
61That is, the probes will fire on packets that are not destined to the local
62host.
63.Sh ARGUMENTS
64The
65.Vt pktinfo_t
66argument is currently unimplemented and is included for compatibility with other
67implementations of this provider.
68Its fields are:
69.Bl -tag -width "uintptr_t pkt_addr" -offset indent
70.It Vt uintptr_t pkt_addr
71Always set to 0.
72.El
73.Pp
74The
75.Vt csinfo_t
76argument is currently unimplemented and is included for compatibility with other
77implementations of this provider.
78Its fields are:
79.Bl -tag -width "uintptr_t cs_addr" -offset indent
80.It Vt uintptr_t cs_addr
81Always set to 0.
82.It Vt uint64_t cs_cid
83A pointer to the
84.Vt struct inpcb
85for this packet, or
86.Dv NULL .
87.It Vt pid_t cs_pid
88Always set to 0.
89.El
90.Pp
91The
92.Vt ipinfo_t
93argument contains IP fields common to both IPv4 and IPv6 packets.
94Its fields are:
95.Bl -tag -width "uint32_t ip_plength" -offset indent
96.It Vt uint8_t ip_ver
97IP version of the packet, 4 for IPv4 packets and 6 for IPv6 packets.
98.It Vt uint32_t ip_plength
99IP payload size.
100This does not include the size of the IP header or IPv6 option headers.
101.It Vt string ip_saddr
102IP source address.
103.It Vt string ip_daddr
104IP destination address.
105.El
106.Pp
107The
108.Vt ifinfo_t
109argument describes the outgoing and incoming interfaces for the packet in the
110.Fn ip:::send
111and
112.Fn ip:::receive
113probes respectively.
114Its fields are:
115.Bl -tag -width "uintptr_t if_addr" -offset indent
116.It Vt string if_name
117The interface name.
118.It Vt int8_t if_local
119A boolean value indicating whether or not the interface is a loopback interface.
120.It Vt uintptr_t if_addr
121A pointer to the
122.Vt struct ifnet
123which describes the interface.
124See the
125.Xr ifnet 9
126manual page.
127.El
128.Pp
129The
130.Vt ipv4info_t
131argument contains the fields of the IP header for IPv4 packets.
132This argument is
133.Dv NULL
134for IPv6 packets.
135DTrace scripts should use the
136.Fn ip_ver
137field in the
138.Vt ipinfo_t
139argument to determine whether to use this argument.
140Its fields are:
141.Bl -tag -width "uint16_t ipv4_checksum" -offset indent
142.It Vt uint8_t ipv4_ver
143IP version.
144This will always be 4 for IPv4 packets.
145.It Vt uint8_t ipv4_ihl
146The IP header length, including options, in 32-bit words.
147.It Vt uint8_t ipv4_tos
148IP type of service field.
149.It Vt uint16_t ipv4_length
150The total packet length, including the header, in bytes.
151.It Vt uint16_t ipv4_ident
152Identification field.
153.It Vt uint8_t ipv4_flags
154The IP flags.
155.It Vt uint16_t ipv4_offset
156The fragment offset of the packet.
157.It Vt uint8_t ipv4_ttl
158Time to live field.
159.It Vt uint8_t ipv4_protocol
160Next-level protocol ID.
161.It Vt string ipv4_protostr
162A string containing the name of the encapsulated protocol.
163The protocol strings are defined in the
164.Va protocol
165array in
166.Pa /usr/lib/dtrace/ip.d
167.It Vt uint16_t ipv4_checksum
168The IP checksum.
169.It Vt ipaddr_t ipv4_src
170IPv4 source address.
171.It Vt ipaddr_t ipv4_dst
172IPv4 destination address.
173.It Vt string ipv4_saddr
174A string representation of the source address.
175.It Vt string ipv4_daddr
176A string representation of the destination address.
177.It Vt ipha_t *ipv4_hdr
178A pointer to the raw IPv4 header.
179.El
180.Pp
181The
182.Vt ipv6info_t
183argument contains the fields of the IP header for IPv6 packets.
184Its fields are not set for IPv4 packets; as with the
185.Vt ipv4info_t
186argument, the
187.Fn ip_ver
188field should be used to determine whether this argument is valid.
189Its fields are:
190.Bl -tag -width "uint16_t ipv4_checksum" -offset indent
191.It Vt uint8_t ipv6_ver
192IP version.
193This will always be 6 for IPv6 packets.
194.It Vt uint8_t ipv6_tclass
195The traffic class, used to set the differentiated services codepoint and
196extended congestion notification flags.
197.It Vt uint32_t ipv6_flow
198The flow label of the packet.
199.It Vt uint16_t ipv6_plen
200The IP payload size, including extension headers, in bytes.
201.It Vt uint8_t ipv6_nexthdr
202An identifier for the type of the next header.
203.It Vt string ipv6_nextstr
204A string representation of the type of the next header.
205.It Vt uint8_t ipv6_hlim
206The hop limit.
207.It Vt ip6_addr_t *ipv6_src
208IPv6 source address.
209.It Vt ip6_addr_t *ipv6_dst
210IPv6 destination address.
211.It Vt string ipv6_saddr
212A string representation of the source address.
213.It Vt string ipv6_daddr
214A string representation of the destination address.
215.It Vt struct ip6_hdr *ipv6_hdr
216A pointer to the raw IPv6 header.
217.El
218.Sh FILES
219.Bl -tag -width "/usr/lib/dtrace/ip.d" -compact
220.It Pa /usr/lib/dtrace/ip.d
221DTrace type and translator definitions for the
222.Nm ip
223provider.
224.El
225.Sh EXAMPLES
226The following script counts received packets by remote host address.
227.Bd -literal -offset indent
228ip:::receive
229{
230        @num[args[2]->ip_saddr] = count();
231}
232.Ed
233.Pp
234This script will print some details of each IP packet as it is sent or received
235by the kernel:
236.Bd -literal -offset indent
237#pragma D option quiet
238#pramga D option switchrate=10Hz
239
240dtrace:::BEGIN
241{
242        printf(" %10s %30s    %-30s %8s %6s\\n", "DELTA(us)", "SOURCE",
243            "DEST", "INT", "BYTES");
244        last = timestamp;
245}
246
247ip:::send
248{
249        this->elapsed = (timestamp - last) / 1000;
250        printf(" %10d %30s -> %-30s %8s %6d\\n", this->elapsed,
251            args[2]->ip_saddr, args[2]->ip_daddr, args[3]->if_name,
252            args[2]->ip_plength);
253        last = timestamp;
254}
255
256ip:::receive
257{
258        this->elapsed = (timestamp - last) / 1000;
259        printf(" %10d %30s <- %-30s %8s %6d\\n", this->elapsed,
260            args[2]->ip_daddr, args[2]->ip_saddr, args[3]->if_name,
261            args[2]->ip_plength);
262        last = timestamp;
263}
264.Ed
265.Sh COMPATIBILITY
266This provider is compatible with the
267.Nm ip
268providers found in Solaris and Darwin.
269.Sh SEE ALSO
270.Xr dtrace 1 ,
271.Xr dtrace_tcp 4 ,
272.Xr dtrace_udp 4 ,
273.Xr ip 4 ,
274.Xr ip6 4 ,
275.Xr ifnet 9 ,
276.Xr SDT 9
277.Sh HISTORY
278The
279.Nm ip
280provider first appeared in
281.Fx
28210.0.
283.Sh AUTHORS
284This manual page was written by
285.An Mark Johnston Aq Mt markj@FreeBSD.org .
286