Loading...
Note: File does not exist in v6.8.
1/*
2 * tcpprobe - Observe the TCP flow with kprobes.
3 *
4 * The idea for this came from Werner Almesberger's umlsim
5 * Copyright (C) 2004, Stephen Hemminger <shemminger@osdl.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
22
23#include <linux/kernel.h>
24#include <linux/kprobes.h>
25#include <linux/socket.h>
26#include <linux/tcp.h>
27#include <linux/slab.h>
28#include <linux/proc_fs.h>
29#include <linux/module.h>
30#include <linux/ktime.h>
31#include <linux/time.h>
32#include <net/net_namespace.h>
33
34#include <net/tcp.h>
35
36MODULE_AUTHOR("Stephen Hemminger <shemminger@linux-foundation.org>");
37MODULE_DESCRIPTION("TCP cwnd snooper");
38MODULE_LICENSE("GPL");
39MODULE_VERSION("1.1");
40
41static int port __read_mostly;
42MODULE_PARM_DESC(port, "Port to match (0=all)");
43module_param(port, int, 0);
44
45static unsigned int bufsize __read_mostly = 4096;
46MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)");
47module_param(bufsize, uint, 0);
48
49static unsigned int fwmark __read_mostly;
50MODULE_PARM_DESC(fwmark, "skb mark to match (0=no mark)");
51module_param(fwmark, uint, 0);
52
53static int full __read_mostly;
54MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)");
55module_param(full, int, 0);
56
57static const char procname[] = "tcpprobe";
58
59struct tcp_log {
60 ktime_t tstamp;
61 union {
62 struct sockaddr raw;
63 struct sockaddr_in v4;
64 struct sockaddr_in6 v6;
65 } src, dst;
66 u16 length;
67 u32 snd_nxt;
68 u32 snd_una;
69 u32 snd_wnd;
70 u32 rcv_wnd;
71 u32 snd_cwnd;
72 u32 ssthresh;
73 u32 srtt;
74};
75
76static struct {
77 spinlock_t lock;
78 wait_queue_head_t wait;
79 ktime_t start;
80 u32 lastcwnd;
81
82 unsigned long head, tail;
83 struct tcp_log *log;
84} tcp_probe;
85
86static inline int tcp_probe_used(void)
87{
88 return (tcp_probe.head - tcp_probe.tail) & (bufsize - 1);
89}
90
91static inline int tcp_probe_avail(void)
92{
93 return bufsize - tcp_probe_used() - 1;
94}
95
96#define tcp_probe_copy_fl_to_si4(inet, si4, mem) \
97 do { \
98 si4.sin_family = AF_INET; \
99 si4.sin_port = inet->inet_##mem##port; \
100 si4.sin_addr.s_addr = inet->inet_##mem##addr; \
101 } while (0) \
102
103/*
104 * Hook inserted to be called before each receive packet.
105 * Note: arguments must match tcp_rcv_established()!
106 */
107static void jtcp_rcv_established(struct sock *sk, struct sk_buff *skb,
108 const struct tcphdr *th, unsigned int len)
109{
110 const struct tcp_sock *tp = tcp_sk(sk);
111 const struct inet_sock *inet = inet_sk(sk);
112
113 /* Only update if port or skb mark matches */
114 if (((port == 0 && fwmark == 0) ||
115 ntohs(inet->inet_dport) == port ||
116 ntohs(inet->inet_sport) == port ||
117 (fwmark > 0 && skb->mark == fwmark)) &&
118 (full || tp->snd_cwnd != tcp_probe.lastcwnd)) {
119
120 spin_lock(&tcp_probe.lock);
121 /* If log fills, just silently drop */
122 if (tcp_probe_avail() > 1) {
123 struct tcp_log *p = tcp_probe.log + tcp_probe.head;
124
125 p->tstamp = ktime_get();
126 switch (sk->sk_family) {
127 case AF_INET:
128 tcp_probe_copy_fl_to_si4(inet, p->src.v4, s);
129 tcp_probe_copy_fl_to_si4(inet, p->dst.v4, d);
130 break;
131 case AF_INET6:
132 memset(&p->src.v6, 0, sizeof(p->src.v6));
133 memset(&p->dst.v6, 0, sizeof(p->dst.v6));
134#if IS_ENABLED(CONFIG_IPV6)
135 p->src.v6.sin6_family = AF_INET6;
136 p->src.v6.sin6_port = inet->inet_sport;
137 p->src.v6.sin6_addr = inet6_sk(sk)->saddr;
138
139 p->dst.v6.sin6_family = AF_INET6;
140 p->dst.v6.sin6_port = inet->inet_dport;
141 p->dst.v6.sin6_addr = sk->sk_v6_daddr;
142#endif
143 break;
144 default:
145 BUG();
146 }
147
148 p->length = skb->len;
149 p->snd_nxt = tp->snd_nxt;
150 p->snd_una = tp->snd_una;
151 p->snd_cwnd = tp->snd_cwnd;
152 p->snd_wnd = tp->snd_wnd;
153 p->rcv_wnd = tp->rcv_wnd;
154 p->ssthresh = tcp_current_ssthresh(sk);
155 p->srtt = tp->srtt_us >> 3;
156
157 tcp_probe.head = (tcp_probe.head + 1) & (bufsize - 1);
158 }
159 tcp_probe.lastcwnd = tp->snd_cwnd;
160 spin_unlock(&tcp_probe.lock);
161
162 wake_up(&tcp_probe.wait);
163 }
164
165 jprobe_return();
166}
167
168static struct jprobe tcp_jprobe = {
169 .kp = {
170 .symbol_name = "tcp_rcv_established",
171 },
172 .entry = jtcp_rcv_established,
173};
174
175static int tcpprobe_open(struct inode *inode, struct file *file)
176{
177 /* Reset (empty) log */
178 spin_lock_bh(&tcp_probe.lock);
179 tcp_probe.head = tcp_probe.tail = 0;
180 tcp_probe.start = ktime_get();
181 spin_unlock_bh(&tcp_probe.lock);
182
183 return 0;
184}
185
186static int tcpprobe_sprint(char *tbuf, int n)
187{
188 const struct tcp_log *p
189 = tcp_probe.log + tcp_probe.tail;
190 struct timespec64 ts
191 = ktime_to_timespec64(ktime_sub(p->tstamp, tcp_probe.start));
192
193 return scnprintf(tbuf, n,
194 "%lu.%09lu %pISpc %pISpc %d %#x %#x %u %u %u %u %u\n",
195 (unsigned long)ts.tv_sec,
196 (unsigned long)ts.tv_nsec,
197 &p->src, &p->dst, p->length, p->snd_nxt, p->snd_una,
198 p->snd_cwnd, p->ssthresh, p->snd_wnd, p->srtt, p->rcv_wnd);
199}
200
201static ssize_t tcpprobe_read(struct file *file, char __user *buf,
202 size_t len, loff_t *ppos)
203{
204 int error = 0;
205 size_t cnt = 0;
206
207 if (!buf)
208 return -EINVAL;
209
210 while (cnt < len) {
211 char tbuf[256];
212 int width;
213
214 /* Wait for data in buffer */
215 error = wait_event_interruptible(tcp_probe.wait,
216 tcp_probe_used() > 0);
217 if (error)
218 break;
219
220 spin_lock_bh(&tcp_probe.lock);
221 if (tcp_probe.head == tcp_probe.tail) {
222 /* multiple readers race? */
223 spin_unlock_bh(&tcp_probe.lock);
224 continue;
225 }
226
227 width = tcpprobe_sprint(tbuf, sizeof(tbuf));
228
229 if (cnt + width < len)
230 tcp_probe.tail = (tcp_probe.tail + 1) & (bufsize - 1);
231
232 spin_unlock_bh(&tcp_probe.lock);
233
234 /* if record greater than space available
235 return partial buffer (so far) */
236 if (cnt + width >= len)
237 break;
238
239 if (copy_to_user(buf + cnt, tbuf, width))
240 return -EFAULT;
241 cnt += width;
242 }
243
244 return cnt == 0 ? error : cnt;
245}
246
247static const struct file_operations tcpprobe_fops = {
248 .owner = THIS_MODULE,
249 .open = tcpprobe_open,
250 .read = tcpprobe_read,
251 .llseek = noop_llseek,
252};
253
254static __init int tcpprobe_init(void)
255{
256 int ret = -ENOMEM;
257
258 /* Warning: if the function signature of tcp_rcv_established,
259 * has been changed, you also have to change the signature of
260 * jtcp_rcv_established, otherwise you end up right here!
261 */
262 BUILD_BUG_ON(__same_type(tcp_rcv_established,
263 jtcp_rcv_established) == 0);
264
265 init_waitqueue_head(&tcp_probe.wait);
266 spin_lock_init(&tcp_probe.lock);
267
268 if (bufsize == 0)
269 return -EINVAL;
270
271 bufsize = roundup_pow_of_two(bufsize);
272 tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL);
273 if (!tcp_probe.log)
274 goto err0;
275
276 if (!proc_create(procname, S_IRUSR, init_net.proc_net, &tcpprobe_fops))
277 goto err0;
278
279 ret = register_jprobe(&tcp_jprobe);
280 if (ret)
281 goto err1;
282
283 pr_info("probe registered (port=%d/fwmark=%u) bufsize=%u\n",
284 port, fwmark, bufsize);
285 return 0;
286 err1:
287 remove_proc_entry(procname, init_net.proc_net);
288 err0:
289 kfree(tcp_probe.log);
290 return ret;
291}
292module_init(tcpprobe_init);
293
294static __exit void tcpprobe_exit(void)
295{
296 remove_proc_entry(procname, init_net.proc_net);
297 unregister_jprobe(&tcp_jprobe);
298 kfree(tcp_probe.log);
299}
300module_exit(tcpprobe_exit);