xref: /freebsd/share/man/man4/dtrace_ip.4 (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1.\" Copyright (c) 2015 Mark Johnston <markj@FreeBSD.org>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.Dd September 14, 2015
26.Dt DTRACE_IP 4
27.Os
28.Sh NAME
29.Nm dtrace_ip
30.Nd a DTrace provider for tracing events related to the IPv4 and IPv6 protocols
31.Sh SYNOPSIS
32.Fn ip:::receive "pktinfo_t *" "csinfo_t *" "ipinfo_t *" "ifinfo_t *" \
33    "ipv4info_t *" "ipv6info_t *"
34.Fn ip:::send "pktinfo_t *" "csinfo_t *" "ipinfo_t *" "ifinfo_t *" \
35    "ipv4info_t *" "ipv6info_t *"
36.Sh DESCRIPTION
37The DTrace
38.Nm ip
39provider allows users to trace events in the
40.Xr ip 4
41and
42.Xr ip6 4
43protocol implementations.
44The
45.Fn ip:::send
46probe fires whenever the kernel prepares to transmit an IP packet, and the
47.Fn ip:::receive
48probe fires whenever the kernel receives an IP packet.
49The arguments to these probes can be used to obtain detailed information about
50the IP headers of the corresponding packet, as well as the network interface on
51which the packet was sent or received.
52Unlike the
53.Xr dtrace_tcp 4
54and
55.Xr dtrace_udp 4
56providers,
57.Nm ip
58provider probes are triggered by forwarded packets.
59That is, the probes will fire on packets that are not destined to the local
60host.
61.Sh ARGUMENTS
62The
63.Vt pktinfo_t
64argument is currently unimplemented and is included for compatibility with other
65implementations of this provider.
66Its fields are:
67.Bl -tag -width "uintptr_t pkt_addr" -offset indent
68.It Vt uintptr_t pkt_addr
69Always set to 0.
70.El
71.Pp
72The
73.Vt csinfo_t
74argument is currently unimplemented and is included for compatibility with other
75implementations of this provider.
76Its fields are:
77.Bl -tag -width "uintptr_t cs_addr" -offset indent
78.It Vt uintptr_t cs_addr
79Always set to 0.
80.It Vt uint64_t cs_cid
81A pointer to the
82.Vt struct inpcb
83for this packet, or
84.Dv NULL .
85.It Vt pid_t cs_pid
86Always set to 0.
87.El
88.Pp
89The
90.Vt ipinfo_t
91argument contains IP fields common to both IPv4 and IPv6 packets.
92Its fields are:
93.Bl -tag -width "uint32_t ip_plength" -offset indent
94.It Vt uint8_t ip_ver
95IP version of the packet, 4 for IPv4 packets and 6 for IPv6 packets.
96.It Vt uint32_t ip_plength
97IP payload size.
98This does not include the size of the IP header or IPv6 option headers.
99.It Vt string ip_saddr
100IP source address.
101.It Vt string ip_daddr
102IP destination address.
103.El
104.Pp
105The
106.Vt ifinfo_t
107argument describes the outgoing and incoming interfaces for the packet in the
108.Fn ip:::send
109and
110.Fn ip:::receive
111probes respectively.
112Its fields are:
113.Bl -tag -width "uintptr_t if_addr" -offset indent
114.It Vt string if_name
115The interface name.
116.It Vt int8_t if_local
117A boolean value indicating whether or not the interface is a loopback interface.
118.It Vt uintptr_t if_addr
119A pointer to the
120.Vt struct ifnet
121which describes the interface.
122See the
123.Xr ifnet 9
124manual page.
125.El
126.Pp
127The
128.Vt ipv4info_t
129argument contains the fields of the IP header for IPv4 packets.
130This argument is
131.Dv NULL
132for IPv6 packets.
133DTrace scripts should use the
134.Fn ip_ver
135field in the
136.Vt ipinfo_t
137argument to determine whether to use this argument.
138Its fields are:
139.Bl -tag -width "uint16_t ipv4_checksum" -offset indent
140.It Vt uint8_t ipv4_ver
141IP version.
142This will always be 4 for IPv4 packets.
143.It Vt uint8_t ipv4_ihl
144The IP header length, including options, in 32-bit words.
145.It Vt uint8_t ipv4_tos
146IP type of service field.
147.It Vt uint16_t ipv4_length
148The total packet length, including the header, in bytes.
149.It Vt uint16_t ipv4_ident
150Identification field.
151.It Vt uint8_t ipv4_flags
152The IP flags.
153.It Vt uint16_t ipv4_offset
154The fragment offset of the packet.
155.It Vt uint8_t ipv4_ttl
156Time to live field.
157.It Vt uint8_t ipv4_protocol
158Next-level protocol ID.
159.It Vt string ipv4_protostr
160A string containing the name of the encapsulated protocol.
161The protocol strings are defined in the
162.Va protocol
163array in
164.Pa /usr/lib/dtrace/ip.d
165.It Vt uint16_t ipv4_checksum
166The IP checksum.
167.It Vt ipaddr_t ipv4_src
168IPv4 source address.
169.It Vt ipaddr_t ipv4_dst
170IPv4 destination address.
171.It Vt string ipv4_saddr
172A string representation of the source address.
173.It Vt string ipv4_daddr
174A string representation of the destination address.
175.It Vt ipha_t *ipv4_hdr
176A pointer to the raw IPv4 header.
177.El
178.Pp
179The
180.Vt ipv6info_t
181argument contains the fields of the IP header for IPv6 packets.
182Its fields are not set for IPv4 packets; as with the
183.Vt ipv4info_t
184argument, the
185.Fn ip_ver
186field should be used to determine whether this argument is valid.
187Its fields are:
188.Bl -tag -width "uint16_t ipv4_checksum" -offset indent
189.It Vt uint8_t ipv6_ver
190IP version.
191This will always be 6 for IPv6 packets.
192.It Vt uint8_t ipv6_tclass
193The traffic class, used to set the differentiated services codepoint and
194extended congestion notification flags.
195.It Vt uint32_t ipv6_flow
196The flow label of the packet.
197.It Vt uint16_t ipv6_plen
198The IP payload size, including extension headers, in bytes.
199.It Vt uint8_t ipv6_nexthdr
200An identifier for the type of the next header.
201.It Vt string ipv6_nextstr
202A string representation of the type of the next header.
203.It Vt uint8_t ipv6_hlim
204The hop limit.
205.It Vt ip6_addr_t *ipv6_src
206IPv6 source address.
207.It Vt ip6_addr_t *ipv6_dst
208IPv6 destination address.
209.It Vt string ipv6_saddr
210A string representation of the source address.
211.It Vt string ipv6_daddr
212A string representation of the destination address.
213.It Vt struct ip6_hdr *ipv6_hdr
214A pointer to the raw IPv6 header.
215.El
216.Sh FILES
217.Bl -tag -width "/usr/lib/dtrace/ip.d" -compact
218.It Pa /usr/lib/dtrace/ip.d
219DTrace type and translator definitions for the
220.Nm ip
221provider.
222.El
223.Sh EXAMPLES
224The following script counts received packets by remote host address.
225.Bd -literal -offset indent
226ip:::receive
227{
228        @num[args[2]->ip_saddr] = count();
229}
230.Ed
231.Pp
232This script will print some details of each IP packet as it is sent or received
233by the kernel:
234.Bd -literal -offset indent
235#pragma D option quiet
236#pragma D option switchrate=10Hz
237
238dtrace:::BEGIN
239{
240        printf(" %10s %30s    %-30s %8s %6s\\n", "DELTA(us)", "SOURCE",
241            "DEST", "INT", "BYTES");
242        last = timestamp;
243}
244
245ip:::send
246{
247        this->elapsed = (timestamp - last) / 1000;
248        printf(" %10d %30s -> %-30s %8s %6d\\n", this->elapsed,
249            args[2]->ip_saddr, args[2]->ip_daddr, args[3]->if_name,
250            args[2]->ip_plength);
251        last = timestamp;
252}
253
254ip:::receive
255{
256        this->elapsed = (timestamp - last) / 1000;
257        printf(" %10d %30s <- %-30s %8s %6d\\n", this->elapsed,
258            args[2]->ip_daddr, args[2]->ip_saddr, args[3]->if_name,
259            args[2]->ip_plength);
260        last = timestamp;
261}
262.Ed
263.Sh COMPATIBILITY
264This provider is compatible with the
265.Nm ip
266providers found in Solaris and Darwin.
267.Sh SEE ALSO
268.Xr dtrace 1 ,
269.Xr dtrace_tcp 4 ,
270.Xr dtrace_udp 4 ,
271.Xr ip 4 ,
272.Xr ip6 4 ,
273.Xr ifnet 9 ,
274.Xr SDT 9
275.Sh HISTORY
276The
277.Nm ip
278provider first appeared in
279.Fx
28010.0.
281.Sh AUTHORS
282This manual page was written by
283.An Mark Johnston Aq Mt markj@FreeBSD.org .
284