1.\" Copyright (c) 2015 Mark Johnston <markj@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.Dd September 14, 2015 26.Dt DTRACE_IP 4 27.Os 28.Sh NAME 29.Nm dtrace_ip 30.Nd a DTrace provider for tracing events related to the IPv4 and IPv6 protocols 31.Sh SYNOPSIS 32.Fn ip:::receive "pktinfo_t *" "csinfo_t *" "ipinfo_t *" "ifinfo_t *" \ 33 "ipv4info_t *" "ipv6info_t *" 34.Fn ip:::send "pktinfo_t *" "csinfo_t *" "ipinfo_t *" "ifinfo_t *" \ 35 "ipv4info_t *" "ipv6info_t *" 36.Sh DESCRIPTION 37The DTrace 38.Nm ip 39provider allows users to trace events in the 40.Xr ip 4 41and 42.Xr ip6 4 43protocol implementations. 44The 45.Fn ip:::send 46probe fires whenever the kernel prepares to transmit an IP packet, and the 47.Fn ip:::receive 48probe fires whenever the kernel receives an IP packet. 49The arguments to these probes can be used to obtain detailed information about 50the IP headers of the corresponding packet, as well as the network interface on 51which the packet was sent or received. 52Unlike the 53.Xr dtrace_tcp 4 54and 55.Xr dtrace_udp 4 56providers, 57.Nm ip 58provider probes are triggered by forwarded packets. 59That is, the probes will fire on packets that are not destined to the local 60host. 61.Sh ARGUMENTS 62The 63.Vt pktinfo_t 64argument is currently unimplemented and is included for compatibility with other 65implementations of this provider. 66Its fields are: 67.Bl -tag -width "uintptr_t pkt_addr" -offset indent 68.It Vt uintptr_t pkt_addr 69Always set to 0. 70.El 71.Pp 72The 73.Vt csinfo_t 74argument is currently unimplemented and is included for compatibility with other 75implementations of this provider. 76Its fields are: 77.Bl -tag -width "uintptr_t cs_addr" -offset indent 78.It Vt uintptr_t cs_addr 79Always set to 0. 80.It Vt uint64_t cs_cid 81A pointer to the 82.Vt struct inpcb 83for this packet, or 84.Dv NULL . 85.It Vt pid_t cs_pid 86Always set to 0. 87.El 88.Pp 89The 90.Vt ipinfo_t 91argument contains IP fields common to both IPv4 and IPv6 packets. 92Its fields are: 93.Bl -tag -width "uint32_t ip_plength" -offset indent 94.It Vt uint8_t ip_ver 95IP version of the packet, 4 for IPv4 packets and 6 for IPv6 packets. 96.It Vt uint32_t ip_plength 97IP payload size. 98This does not include the size of the IP header or IPv6 option headers. 99.It Vt string ip_saddr 100IP source address. 101.It Vt string ip_daddr 102IP destination address. 103.El 104.Pp 105The 106.Vt ifinfo_t 107argument describes the outgoing and incoming interfaces for the packet in the 108.Fn ip:::send 109and 110.Fn ip:::receive 111probes respectively. 112Its fields are: 113.Bl -tag -width "uintptr_t if_addr" -offset indent 114.It Vt string if_name 115The interface name. 116.It Vt int8_t if_local 117A boolean value indicating whether or not the interface is a loopback interface. 118.It Vt uintptr_t if_addr 119A pointer to the 120.Vt struct ifnet 121which describes the interface. 122See the 123.Xr ifnet 9 124manual page. 125.El 126.Pp 127The 128.Vt ipv4info_t 129argument contains the fields of the IP header for IPv4 packets. 130This argument is 131.Dv NULL 132for IPv6 packets. 133DTrace scripts should use the 134.Fn ip_ver 135field in the 136.Vt ipinfo_t 137argument to determine whether to use this argument. 138Its fields are: 139.Bl -tag -width "uint16_t ipv4_checksum" -offset indent 140.It Vt uint8_t ipv4_ver 141IP version. 142This will always be 4 for IPv4 packets. 143.It Vt uint8_t ipv4_ihl 144The IP header length, including options, in 32-bit words. 145.It Vt uint8_t ipv4_tos 146IP type of service field. 147.It Vt uint16_t ipv4_length 148The total packet length, including the header, in bytes. 149.It Vt uint16_t ipv4_ident 150Identification field. 151.It Vt uint8_t ipv4_flags 152The IP flags. 153.It Vt uint16_t ipv4_offset 154The fragment offset of the packet. 155.It Vt uint8_t ipv4_ttl 156Time to live field. 157.It Vt uint8_t ipv4_protocol 158Next-level protocol ID. 159.It Vt string ipv4_protostr 160A string containing the name of the encapsulated protocol. 161The protocol strings are defined in the 162.Va protocol 163array in 164.Pa /usr/lib/dtrace/ip.d 165.It Vt uint16_t ipv4_checksum 166The IP checksum. 167.It Vt ipaddr_t ipv4_src 168IPv4 source address. 169.It Vt ipaddr_t ipv4_dst 170IPv4 destination address. 171.It Vt string ipv4_saddr 172A string representation of the source address. 173.It Vt string ipv4_daddr 174A string representation of the destination address. 175.It Vt ipha_t *ipv4_hdr 176A pointer to the raw IPv4 header. 177.El 178.Pp 179The 180.Vt ipv6info_t 181argument contains the fields of the IP header for IPv6 packets. 182Its fields are not set for IPv4 packets; as with the 183.Vt ipv4info_t 184argument, the 185.Fn ip_ver 186field should be used to determine whether this argument is valid. 187Its fields are: 188.Bl -tag -width "uint16_t ipv4_checksum" -offset indent 189.It Vt uint8_t ipv6_ver 190IP version. 191This will always be 6 for IPv6 packets. 192.It Vt uint8_t ipv6_tclass 193The traffic class, used to set the differentiated services codepoint and 194extended congestion notification flags. 195.It Vt uint32_t ipv6_flow 196The flow label of the packet. 197.It Vt uint16_t ipv6_plen 198The IP payload size, including extension headers, in bytes. 199.It Vt uint8_t ipv6_nexthdr 200An identifier for the type of the next header. 201.It Vt string ipv6_nextstr 202A string representation of the type of the next header. 203.It Vt uint8_t ipv6_hlim 204The hop limit. 205.It Vt ip6_addr_t *ipv6_src 206IPv6 source address. 207.It Vt ip6_addr_t *ipv6_dst 208IPv6 destination address. 209.It Vt string ipv6_saddr 210A string representation of the source address. 211.It Vt string ipv6_daddr 212A string representation of the destination address. 213.It Vt struct ip6_hdr *ipv6_hdr 214A pointer to the raw IPv6 header. 215.El 216.Sh FILES 217.Bl -tag -width "/usr/lib/dtrace/ip.d" -compact 218.It Pa /usr/lib/dtrace/ip.d 219DTrace type and translator definitions for the 220.Nm ip 221provider. 222.El 223.Sh EXAMPLES 224The following script counts received packets by remote host address. 225.Bd -literal -offset indent 226ip:::receive 227{ 228 @num[args[2]->ip_saddr] = count(); 229} 230.Ed 231.Pp 232This script will print some details of each IP packet as it is sent or received 233by the kernel: 234.Bd -literal -offset indent 235#pragma D option quiet 236#pragma D option switchrate=10Hz 237 238dtrace:::BEGIN 239{ 240 printf(" %10s %30s %-30s %8s %6s\\n", "DELTA(us)", "SOURCE", 241 "DEST", "INT", "BYTES"); 242 last = timestamp; 243} 244 245ip:::send 246{ 247 this->elapsed = (timestamp - last) / 1000; 248 printf(" %10d %30s -> %-30s %8s %6d\\n", this->elapsed, 249 args[2]->ip_saddr, args[2]->ip_daddr, args[3]->if_name, 250 args[2]->ip_plength); 251 last = timestamp; 252} 253 254ip:::receive 255{ 256 this->elapsed = (timestamp - last) / 1000; 257 printf(" %10d %30s <- %-30s %8s %6d\\n", this->elapsed, 258 args[2]->ip_daddr, args[2]->ip_saddr, args[3]->if_name, 259 args[2]->ip_plength); 260 last = timestamp; 261} 262.Ed 263.Sh COMPATIBILITY 264This provider is compatible with the 265.Nm ip 266providers found in Solaris and Darwin. 267.Sh SEE ALSO 268.Xr dtrace 1 , 269.Xr dtrace_tcp 4 , 270.Xr dtrace_udp 4 , 271.Xr ip 4 , 272.Xr ip6 4 , 273.Xr ifnet 9 , 274.Xr SDT 9 275.Sh HISTORY 276The 277.Nm ip 278provider first appeared in 279.Fx 28010.0. 281.Sh AUTHORS 282This manual page was written by 283.An Mark Johnston Aq Mt markj@FreeBSD.org . 284