SystemTap Tapset: common used functions - 2
背景
function::format_ipaddr — Returns a string representation for an IP address
function::ip_ntop — Returns a string representation for an IPv4 address
把数字格式的IP地址转换成字符串格式. 例子可参考:
http://blog.163.com/digoal@126/blog/static/16387704020139153195701/
function::htonl — Convert 32-bit long from host to network order
function::htonll — Convert 64-bit long long from host to network order
function::htons — Convert 16-bit short from host to network order
function::ntohl — Convert 32-bit long from network to host order
function::ntohll — Convert 64-bit long long from network to host order
function::ntohs — Convert 16-bit short from network to host order
主机与网络传输字节顺序的相互转化函数.
function::inet_get_ip_source — Provide IP source address string for a kernel socket
function::inet_get_local_port — Provide local port number for a kernel socket
从socket中获取远程ip地址以及本地端口
[root@db-172-16-3-150 ~]# stap -e 'probe tcp.recvmsg {println(inet_get_ip_source($sk)); exit()}'
172.16.8.31
[root@db-172-16-3-150 ~]# stap -e 'probe tcp.sendmsg {println(inet_get_ip_source($sock->sk)); exit()}'
172.16.8.31
[root@db-172-16-3-150 ~]# stap -e 'probe tcp.recvmsg {println(inet_get_local_port($sk)); exit()}'
22
获取IP和端口用得更多的是
saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk))
daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk))
sport = __tcp_sock_sport($sk)
dport = __tcp_sock_dport($sk)
function::MAJOR — Extract major device number from a kernel device number (kdev_t)
function::MINOR — Extract minor device number from a kernel device number (kdev_t)
function::MKDEV — Creates a value that can be compared to a kernel device number (kdev_t)
function::usrdev2kerndev — Converts a user-space device number into the format used in the kernel
获取设备的major id和minor id. 创建一个内核设备, 等.
例子 :
[root@db-172-16-3-150 tapset]# stap -e 'probe vfs.read {if (devname != "N/A") {printdln(".", MAJOR(dev), MINOR(dev), devname); exit()}}'
8.1.sda1
[root@db-172-16-3-150 tapset]# ll /dev/sda1
brw-rw---- 1 root disk 8, 1 Oct 17 14:44 /dev/sda1
https://sourceware.org/systemtap/SystemTap_Beginners_Guide/traceio2sect.html
#! /usr/bin/env stap
global device_of_interest
probe begin {
/* The following is not the most efficient way to do this.
One could directly put the result of usrdev2kerndev()
into device_of_interest. However, want to test out
the other device functions */
dev = usrdev2kerndev($1)
device_of_interest = MKDEV(MAJOR(dev), MINOR(dev))
}
probe vfs.write, vfs.read
{
if (dev == device_of_interest)
printf ("%s(%d) %s 0x%x\n",
execname(), pid(), probefunc(), dev)
}
function::error — Send an error message
function::exit — Start shutting down probing script.
function::ftrace — Send a message to the ftrace ring-buffer
function::log — Send a line to the common trace buffer
function::printk — Send a message to the kernel trace buffer
function::warn — Send a line to the warning stream
用于往各个目标发布消息, 例如error用以发布错误消息, 如果MAXERRORS=1将退出stap.
[root@db-172-16-3-150 tapset]# stap -e 'probe begin {
try {
error("Hello, ")
}
catch(msg) {
println(msg)
exit()
}
}'
Hello,
function::randint — Return a random number between [0,n)
返回>=0, <n 的一个随机数字.
[root@db-172-16-3-150 tapset]# stap -e 'probe begin {
for(i=0;i<10;i++)
println(randint(99))
exit()
}'
51
57
82
85
4
70
79
37
69
97
function::atomic_long_read — Retrieves an atomic long variable from kernel memory
function::atomic_read — Retrieves an atomic variable from kernel memory
function::kernel_char — Retrieves a char value stored in kernel memory
function::kernel_int — Retrieves an int value stored in kernel memory
function::kernel_long — Retrieves a long value stored in kernel memory
function::kernel_pointer — Retrieves a pointer value stored in kernel memory
function::kernel_short — Retrieves a short value stored in kernel memory
function::kernel_string — Retrieves string from kernel memory
function::kernel_string2 — Retrieves string from kernel memory with alternative error string
function::kernel_string2_utf16 — Retrieves UTF-16 string from kernel memory with alternative error string
function::kernel_string2_utf32 — Retrieves UTF-32 string from kernel memory with alternative error string
function::kernel_string_n — Retrieves string of given length from kernel memory
function::kernel_string_utf16 — Retrieves UTF-16 string from kernel memory
function::kernel_string_utf32 — Retrieves UTF-32 string from kernel memory
function::user_char — Retrieves a char value stored in user space
function::user_char_warn — Retrieves a char value stored in user space
function::user_int — Retrieves an int value stored in user space
function::user_int16 — Retrieves a 16-bit integer value stored in user space
function::user_int32 — Retrieves a 32-bit integer value stored in user space
function::user_int64 — Retrieves a 64-bit integer value stored in user space
function::user_int8 — Retrieves a 8-bit integer value stored in user space
function::user_int_warn — Retrieves an int value stored in user space
function::user_long — Retrieves a long value stored in user space
function::user_long_warn — Retrieves a long value stored in user space
function::user_short — Retrieves a short value stored in user space
function::user_short_warn — Retrieves a short value stored in user space
function::user_string — Retrieves string from user space
function::user_string2 — Retrieves string from user space with alternative error string
function::user_string2_utf16 — Retrieves UTF-16 string from user memory with alternative error string
function::user_string2_utf32 — Retrieves UTF-32 string from user memory with alternative error string
function::user_string_n — Retrieves string of given length from user space
function::user_string_n2 — Retrieves string of given length from user space
function::user_string_n_quoted — Retrieves and quotes string from user space
function::user_string_n_warn — Retrieves string from user space
function::user_string_quoted — Retrieves and quotes string from user space
function::user_string_utf16 — Retrieves UTF-16 string from user memory
function::user_string_utf32 — Retrieves UTF-32 string from user memory
function::user_string_warn — Retrieves string from user space
function::user_uint16 — Retrieves an unsigned 16-bit integer value stored in user space
function::user_uint32 — Retrieves an unsigned 32-bit integer value stored in user space
function::user_uint64 — Retrieves an unsigned 64-bit integer value stored in user space
function::user_uint8 — Retrieves an unsigned 8-bit integer value stored in user space
function::user_ushort — Retrieves an unsigned short value stored in user space
function::user_ushort_warn — Retrieves an unsigned short value stored in user space
从用户空间地址或内核内存地址中取出相应类型的值, 取出字符串长度受stap -D MAXSTRINGLEN 限制. 如果输出长度截断, 可以增加MAXSTRINGLEN 值.
例如 :
[root@db-172-16-3-150 ~]# stap -e '
probe process("/home/pg93/pgsql9.3.1/bin/postgres").mark("query__start") {
printdln("**", sprintf("%p",$arg1), user_string($arg1))
exit()
}'
输出 :
0x1b6f280**select * from t1 limit 1;
SQL语句 :
digoal=# select * from t1 limit 1;
id | info
----+----------------------------------
1 | 006f3673faa5991478e6db0c01c88716
(1 row)
截断输出:
[root@db-172-16-3-150 ~]# stap -D MAXSTRINGLEN=5 -e '
probe process("/home/pg93/pgsql9.3.1/bin/postgres").mark("query__start") {
printdln("**", sprintf("%p",$arg1), user_string($arg1))
exit()
}'
0x1b**sele
因为MAXSTRINGLEN=5, 所以截断后只有4个字符, 需要减去字符串\0占位符
function::set_kernel_char — Writes a char value to kernel memory
function::set_kernel_int — Writes an int value to kernel memory
function::set_kernel_long — Writes a long value to kernel memory
function::set_kernel_pointer — Writes a pointer value to kernel memory.
function::set_kernel_short — Writes a short value to kernel memory
function::set_kernel_string — Writes a string to kernel memory
function::set_kernel_string_n — Writes a string of given length to kernel memory
往指定内核内存地址中写入各种类型的值, 非常危险, 只能在-g模式下使用.
例如
[root@db-172-16-3-150 ~]# stap -g -e '
probe process("/home/pg93/pgsql9.3.1/bin/postgres").mark("query__start") {
printdln("**", sprintf("%p",$arg1), user_string($arg1))
set_kernel_string($arg1, "delete from t1;")
exit()
}'
0x1b6f280**select * from t1 limit 1;
在数据库中执行select * from t1 limit 1;, 但是这个内容已被改写成"delete from t1;", 所以实际执行的操作是删除操作.
digoal=# select * from t1 limit 1;
DELETE 5635072
digoal=# select * from t1 limit 1;
id | info
----+------
(0 rows)
相当危险, 执行完后数据没了.
function::mdelay — millisecond delay
function::panic — trigger a panic
function::udelay — microsecond delay
延迟函数, 类似数据库中的pg_sleep(), 因此只能在stap guru模式中才可以使用.
[root@db-172-16-3-150 tapset]# stap -g -e 'probe begin {
ts1=gettimeofday_ms()
mdelay(100)
ts2=gettimeofday_ms()
printdln("**",ts1,ts2,ts2-ts1)
exit()
}'
1381999610011**1381999610111**100
panic向内核发出kernel panic消息.
将导致系统重启, 千万不要胡乱使用.
[root@db-172-16-3-150 tapset]# stap -g -e 'probe begin {
panic("this is a test")
exit()
}'
function::isdigit — Checks for a digit
function::isinstr — Returns whether a string is a substring of another string
function::str_replace — str_replace Replaces all instances of a substring with another
function::stringat — Returns the char at a given position in the string
function::strlen — Returns the length of a string
function::strtol — strtol - Convert a string to a long
function::substr — Returns a substring
function::text_str — Escape any non-printable chars in a string
function::text_strn — Escape any non-printable chars in a string
function::tokenize — Return the next non-empty token in a string
一系列字符和数字的操作函数, 检查字符串首字符是否为数字, 判断字符串是否在另一个字符串中, 字符串替换, 字符串长度, 字符转数字, substr等, 类似数据库中的一些字符操作函数.
[root@db-172-16-3-150 ~]# stap -e 'probe begin
{
print(isinstr("hello ", "el"))
exit()
}'
1[root@db-172-16-3-150 ~]#
[root@db-172-16-3-150 ~]# stap -e 'probe begin
{
print(isinstr("hello ", "H"))
exit()
}'
0
function::ansi_clear_screen — Move cursor to top left and clear screen.
function::ansi_cursor_hide — Hides the cursor.
function::ansi_cursor_move — Move cursor to new coordinates.
function::ansi_cursor_restore — Restores a previously saved cursor position.
function::ansi_cursor_save — Saves the cursor position.
function::ansi_cursor_show — Shows the cursor.
function::ansi_new_line — Move cursor to new line.
function::ansi_reset_color — Resets Select Graphic Rendition mode.
function::ansi_set_color — Set the ansi Select Graphic Rendition mode.
function::ansi_set_color2 — Set the ansi Select Graphic Rendition mode.
function::ansi_set_color3 — Set the ansi Select Graphic Rendition mode.
function::indent — returns an amount of space to indent
function::thread_indent — returns an amount of space with the current task information
与输出格式相关的一些函数, 例如清屏, 缩进格式等.
参考
1. https://sourceware.org/systemtap/tapsets/