| /* |
| * tcpprobe - Observe the TCP flow with kprobes. |
| * |
| * The idea for this came from Werner Almesberger's umlsim |
| * Copyright (C) 2004, Stephen Hemminger <shemminger@osdl.org> |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2 of the License. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| */ |
| |
| #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
| |
| #include <linux/kernel.h> |
| #include <linux/kprobes.h> |
| #include <linux/socket.h> |
| #include <linux/tcp.h> |
| #include <linux/slab.h> |
| #include <linux/proc_fs.h> |
| #include <linux/module.h> |
| #include <linux/ktime.h> |
| #include <linux/time.h> |
| #include <net/net_namespace.h> |
| |
| #include <net/tcp.h> |
| |
| MODULE_AUTHOR("Stephen Hemminger <shemminger@linux-foundation.org>"); |
| MODULE_DESCRIPTION("TCP cwnd snooper"); |
| MODULE_LICENSE("GPL"); |
| MODULE_VERSION("1.1"); |
| |
| static int port __read_mostly; |
| MODULE_PARM_DESC(port, "Port to match (0=all)"); |
| module_param(port, int, 0); |
| |
| static unsigned int bufsize __read_mostly = 4096; |
| MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)"); |
| module_param(bufsize, uint, 0); |
| |
| static unsigned int fwmark __read_mostly; |
| MODULE_PARM_DESC(fwmark, "skb mark to match (0=no mark)"); |
| module_param(fwmark, uint, 0); |
| |
| static int full __read_mostly; |
| MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)"); |
| module_param(full, int, 0); |
| |
| static const char procname[] = "tcpprobe"; |
| |
| struct tcp_log { |
| ktime_t tstamp; |
| union { |
| struct sockaddr raw; |
| struct sockaddr_in v4; |
| struct sockaddr_in6 v6; |
| } src, dst; |
| u16 length; |
| u32 snd_nxt; |
| u32 snd_una; |
| u32 snd_wnd; |
| u32 rcv_wnd; |
| u32 snd_cwnd; |
| u32 ssthresh; |
| u32 srtt; |
| }; |
| |
| static struct { |
| spinlock_t lock; |
| wait_queue_head_t wait; |
| ktime_t start; |
| u32 lastcwnd; |
| |
| unsigned long head, tail; |
| struct tcp_log *log; |
| } tcp_probe; |
| |
| static inline int tcp_probe_used(void) |
| { |
| return (tcp_probe.head - tcp_probe.tail) & (bufsize - 1); |
| } |
| |
| static inline int tcp_probe_avail(void) |
| { |
| return bufsize - tcp_probe_used() - 1; |
| } |
| |
| #define tcp_probe_copy_fl_to_si4(inet, si4, mem) \ |
| do { \ |
| si4.sin_family = AF_INET; \ |
| si4.sin_port = inet->inet_##mem##port; \ |
| si4.sin_addr.s_addr = inet->inet_##mem##addr; \ |
| } while (0) \ |
| |
| /* |
| * Hook inserted to be called before each receive packet. |
| * Note: arguments must match tcp_rcv_established()! |
| */ |
| static void jtcp_rcv_established(struct sock *sk, struct sk_buff *skb, |
| const struct tcphdr *th, unsigned int len) |
| { |
| const struct tcp_sock *tp = tcp_sk(sk); |
| const struct inet_sock *inet = inet_sk(sk); |
| |
| /* Only update if port or skb mark matches */ |
| if (((port == 0 && fwmark == 0) || |
| ntohs(inet->inet_dport) == port || |
| ntohs(inet->inet_sport) == port || |
| (fwmark > 0 && skb->mark == fwmark)) && |
| (full || tp->snd_cwnd != tcp_probe.lastcwnd)) { |
| |
| spin_lock_bh(&tcp_probe.lock); |
| /* If log fills, just silently drop */ |
| if (tcp_probe_avail() > 1) { |
| struct tcp_log *p = tcp_probe.log + tcp_probe.head; |
| |
| p->tstamp = ktime_get(); |
| switch (sk->sk_family) { |
| case AF_INET: |
| tcp_probe_copy_fl_to_si4(inet, p->src.v4, s); |
| tcp_probe_copy_fl_to_si4(inet, p->dst.v4, d); |
| break; |
| case AF_INET6: |
| memset(&p->src.v6, 0, sizeof(p->src.v6)); |
| memset(&p->dst.v6, 0, sizeof(p->dst.v6)); |
| #if IS_ENABLED(CONFIG_IPV6) |
| p->src.v6.sin6_family = AF_INET6; |
| p->src.v6.sin6_port = inet->inet_sport; |
| p->src.v6.sin6_addr = inet6_sk(sk)->saddr; |
| |
| p->dst.v6.sin6_family = AF_INET6; |
| p->dst.v6.sin6_port = inet->inet_dport; |
| p->dst.v6.sin6_addr = sk->sk_v6_daddr; |
| #endif |
| break; |
| default: |
| BUG(); |
| } |
| |
| p->length = skb->len; |
| p->snd_nxt = tp->snd_nxt; |
| p->snd_una = tp->snd_una; |
| p->snd_cwnd = tp->snd_cwnd; |
| p->snd_wnd = tp->snd_wnd; |
| p->rcv_wnd = tp->rcv_wnd; |
| p->ssthresh = tcp_current_ssthresh(sk); |
| p->srtt = tp->srtt_us >> 3; |
| |
| tcp_probe.head = (tcp_probe.head + 1) & (bufsize - 1); |
| } |
| tcp_probe.lastcwnd = tp->snd_cwnd; |
| spin_unlock_bh(&tcp_probe.lock); |
| |
| wake_up(&tcp_probe.wait); |
| } |
| |
| jprobe_return(); |
| } |
| |
| static struct jprobe tcp_jprobe = { |
| .kp = { |
| .symbol_name = "tcp_rcv_established", |
| }, |
| .entry = jtcp_rcv_established, |
| }; |
| |
| static int tcpprobe_open(struct inode *inode, struct file *file) |
| { |
| /* Reset (empty) log */ |
| spin_lock_bh(&tcp_probe.lock); |
| tcp_probe.head = tcp_probe.tail = 0; |
| tcp_probe.start = ktime_get(); |
| spin_unlock_bh(&tcp_probe.lock); |
| |
| return 0; |
| } |
| |
| static int tcpprobe_sprint(char *tbuf, int n) |
| { |
| const struct tcp_log *p |
| = tcp_probe.log + tcp_probe.tail; |
| struct timespec64 ts |
| = ktime_to_timespec64(ktime_sub(p->tstamp, tcp_probe.start)); |
| |
| return scnprintf(tbuf, n, |
| "%lu.%09lu %pISpc %pISpc %d %#x %#x %u %u %u %u %u\n", |
| (unsigned long)ts.tv_sec, |
| (unsigned long)ts.tv_nsec, |
| &p->src, &p->dst, p->length, p->snd_nxt, p->snd_una, |
| p->snd_cwnd, p->ssthresh, p->snd_wnd, p->srtt, p->rcv_wnd); |
| } |
| |
| static ssize_t tcpprobe_read(struct file *file, char __user *buf, |
| size_t len, loff_t *ppos) |
| { |
| int error = 0; |
| size_t cnt = 0; |
| |
| if (!buf) |
| return -EINVAL; |
| |
| while (cnt < len) { |
| char tbuf[256]; |
| int width; |
| |
| /* Wait for data in buffer */ |
| error = wait_event_interruptible(tcp_probe.wait, |
| tcp_probe_used() > 0); |
| if (error) |
| break; |
| |
| spin_lock_bh(&tcp_probe.lock); |
| if (tcp_probe.head == tcp_probe.tail) { |
| /* multiple readers race? */ |
| spin_unlock_bh(&tcp_probe.lock); |
| continue; |
| } |
| |
| width = tcpprobe_sprint(tbuf, sizeof(tbuf)); |
| |
| if (cnt + width < len) |
| tcp_probe.tail = (tcp_probe.tail + 1) & (bufsize - 1); |
| |
| spin_unlock_bh(&tcp_probe.lock); |
| |
| /* if record greater than space available |
| return partial buffer (so far) */ |
| if (cnt + width >= len) |
| break; |
| |
| if (copy_to_user(buf + cnt, tbuf, width)) |
| return -EFAULT; |
| cnt += width; |
| } |
| |
| return cnt == 0 ? error : cnt; |
| } |
| |
| static const struct file_operations tcpprobe_fops = { |
| .owner = THIS_MODULE, |
| .open = tcpprobe_open, |
| .read = tcpprobe_read, |
| .llseek = noop_llseek, |
| }; |
| |
| static __init int tcpprobe_init(void) |
| { |
| int ret = -ENOMEM; |
| |
| /* Warning: if the function signature of tcp_rcv_established, |
| * has been changed, you also have to change the signature of |
| * jtcp_rcv_established, otherwise you end up right here! |
| */ |
| BUILD_BUG_ON(__same_type(tcp_rcv_established, |
| jtcp_rcv_established) == 0); |
| |
| init_waitqueue_head(&tcp_probe.wait); |
| spin_lock_init(&tcp_probe.lock); |
| |
| if (bufsize == 0) |
| return -EINVAL; |
| |
| bufsize = roundup_pow_of_two(bufsize); |
| tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL); |
| if (!tcp_probe.log) |
| goto err0; |
| |
| if (!proc_create(procname, S_IRUSR, init_net.proc_net, &tcpprobe_fops)) |
| goto err0; |
| |
| ret = register_jprobe(&tcp_jprobe); |
| if (ret) |
| goto err1; |
| |
| pr_info("probe registered (port=%d/fwmark=%u) bufsize=%u\n", |
| port, fwmark, bufsize); |
| return 0; |
| err1: |
| remove_proc_entry(procname, init_net.proc_net); |
| err0: |
| kfree(tcp_probe.log); |
| return ret; |
| } |
| module_init(tcpprobe_init); |
| |
| static __exit void tcpprobe_exit(void) |
| { |
| remove_proc_entry(procname, init_net.proc_net); |
| unregister_jprobe(&tcp_jprobe); |
| kfree(tcp_probe.log); |
| } |
| module_exit(tcpprobe_exit); |