This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: udp.sendmsg

From: Timo Juhani Lindfors <timo dot lindfors at iki dot fi>
To: <systemtap at sourceware dot org>
Date: Mon, 11 Jul 2016 13:08:43 +0300
Subject: Re: udp.sendmsg
Authentication-results: sourceware.org; auth=none
References: <!&!AAAAAAAAAAAYAAAAAAAAAOosgHnoPqdNlUO2DUrQ/DfCgAAAEAAAALIQ9N06hUJCikHNx7UT8tIBAAAAAA==@manfbraun.de>

<webman@manfbraun.de> writes:
> probe udp.sendmsg {
>   if ( dport == 53 ) {
>     printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
>   }
> }

On my system I see the call but dport == 0. Note that nslookup uses the
write syscall to send the data. If you want to simulate how programs
normally make DNS queries you should e.g. "getent hosts
www.google.com". That will use the sendto syscall and seems to help
systemtap get the port right.

$ nslookup www.google.com

PID 29910 (nslookup) sent UDP to         0.0.0.0 0
 0xffffffff81481770 : udp_sendmsg+0x0/0x910 [kernel]
 0xffffffff81405fbb : sock_sendmsg+0x8b/0xc0 [kernel]
 0xffffffff81406776 : ___sys_sendmsg+0x376/0x390 [kernel]
 0xffffffff81406e1e : __sys_sendmsg+0x3e/0x80 [kernel]
 0xffffffff8151420d : system_call_fast_compare_end+0x10/0x15 [kernel]

$ getent hosts www.google.com

PID 29905 (getent) sent UDP to [REDACTED] 53
 0xffffffff81481770 : udp_sendmsg+0x0/0x910 [kernel]
 0xffffffff81405fbb : sock_sendmsg+0x8b/0xc0 [kernel]
 0xffffffff81406121 : SYSC_sendto+0xf1/0x180 [kernel]
 0xffffffff8151420d : system_call_fast_compare_end+0x10/0x15 [kernel]

References:
- udp.sendmsg
  - From: webman

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]