This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: udp.sendmsg
- From: Timo Juhani Lindfors <timo dot lindfors at iki dot fi>
- To: <systemtap at sourceware dot org>
- Date: Mon, 11 Jul 2016 13:08:43 +0300
- Subject: Re: udp.sendmsg
- Authentication-results: sourceware.org; auth=none
- References: <!&!AAAAAAAAAAAYAAAAAAAAAOosgHnoPqdNlUO2DUrQ/DfCgAAAEAAAALIQ9N06hUJCikHNx7UT8tIBAAAAAA==@manfbraun.de>
<webman@manfbraun.de> writes:
> probe udp.sendmsg {
> if ( dport == 53 ) {
> printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
> }
> }
On my system I see the call but dport == 0. Note that nslookup uses the
write syscall to send the data. If you want to simulate how programs
normally make DNS queries you should e.g. "getent hosts
www.google.com". That will use the sendto syscall and seems to help
systemtap get the port right.
$ nslookup www.google.com
PID 29910 (nslookup) sent UDP to 0.0.0.0 0
0xffffffff81481770 : udp_sendmsg+0x0/0x910 [kernel]
0xffffffff81405fbb : sock_sendmsg+0x8b/0xc0 [kernel]
0xffffffff81406776 : ___sys_sendmsg+0x376/0x390 [kernel]
0xffffffff81406e1e : __sys_sendmsg+0x3e/0x80 [kernel]
0xffffffff8151420d : system_call_fast_compare_end+0x10/0x15 [kernel]
$ getent hosts www.google.com
PID 29905 (getent) sent UDP to [REDACTED] 53
0xffffffff81481770 : udp_sendmsg+0x0/0x910 [kernel]
0xffffffff81405fbb : sock_sendmsg+0x8b/0xc0 [kernel]
0xffffffff81406121 : SYSC_sendto+0xf1/0x180 [kernel]
0xffffffff8151420d : system_call_fast_compare_end+0x10/0x15 [kernel]