This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: udp.sendmsg


Hi !

Thanks for reply - any sorry for my late answer. The mail lands
unexpectedly in my spam folder ...

In the meantime I build a little better usable script.
But something changed my Systemtap (no idea in mind).
The system tap script now failing after some time,
but was running for weeks without any problems. The
error is:

UDP53 1471300316.1471300316458  192.168.26.254 6071(iceweasel/DNS Res~ver
#60) 1(systemd)
ERROR: kernel string copy fault at 0x00000000000004f0 [man error::fault]
near identifier 'kernel_string' at
/usr/share/systemtap/tapset/linux/conversions.stp:18:10
WARNING: Number of errors: 1, skipped probes: 1
WARNING: /usr/bin/staprun exited with status: 1
Pass 5: run failed.  [man error::pass5]

May be, I am deeping into too much details, whithout
the right knowledge .... no time ...

I gave up with tracking port53 access - too difficult.
I'll house all webbrowsers now inside a LXC VM where
each has its own dns-proxy, which blocks, what I want.
All my other machines are generally blocked for dns.
I had to lern, that control over such things is the
same bad level like in windows.

Even my thougths were really incomplete: If I know, that,
say firefoy, made the request xyz, I do not know, from
wich tab or page. The only way to get control is to use
a browser plugin ... Ok, the other reason for my script
was to see, who makes dns calls at all - this part is
ok and I saw the "DNS Res~er #205" which must be some
system tool, but nothing about it to configure.

Thanks anyway,
Manfred



> -----Original Message-----
> From: Frank Ch. Eigler [mailto:fche@redhat.com]
> Sent: Tuesday, July 19, 2016 4:42 PM
> To: webman@manfbraun.de
> Cc: systemtap@sourceware.org
> Subject: Re: udp.sendmsg
> 
> <webman@manfbraun.de> writes:
> 
> > [...]
> > probe udp.sendmsg {
> >   if ( dport == 53 ) {
> > [...]
> > This should provide me with all processes which make DNS calls (per
> UDP).
> 
> Yeah.  This should be more reliable.  Sometimes, the port number data
> is not available to systemtap due to debuginfo quality or related
> problems.  Once we solve
> https://sourceware.org/bugzilla/show_bug.cgi?id=19753
> (redirect udp.* probes to netfilter.* probes), it should become reliable.
> 
> > # stap -e 'probe netfilter.ip.local_out {
> >   if (dport == 53) # or parametrize
> > [...]
> > Same problem.
> 
> That part should be working.  Are you getting probe hits (e.g.,
> counted via stap -t ...), just wrong dport values, for the dns
> traffic?
> 
> 
> - FChE



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]