SystemTap Tapset: common used functions - 2

6 minute read

背景

function::format_ipaddr — Returns a string representation for an IP address  
function::ip_ntop — Returns a string representation for an IPv4 address  

把数字格式的IP地址转换成字符串格式. 例子可参考:

http://blog.163.com/digoal@126/blog/static/16387704020139153195701/

function::htonl — Convert 32-bit long from host to network order  
function::htonll — Convert 64-bit long long from host to network order  
function::htons — Convert 16-bit short from host to network order  
function::ntohl — Convert 32-bit long from network to host order  
function::ntohll — Convert 64-bit long long from network to host order  
function::ntohs — Convert 16-bit short from network to host order  
主机与网络传输字节顺序的相互转化函数.  
  
function::inet_get_ip_source — Provide IP source address string for a kernel socket  
function::inet_get_local_port — Provide local port number for a kernel socket  
从socket中获取远程ip地址以及本地端口  
[root@db-172-16-3-150 ~]# stap -e 'probe tcp.recvmsg {println(inet_get_ip_source($sk)); exit()}'  
172.16.8.31  
[root@db-172-16-3-150 ~]# stap -e 'probe tcp.sendmsg {println(inet_get_ip_source($sock->sk)); exit()}'  
172.16.8.31  
[root@db-172-16-3-150 ~]# stap -e 'probe tcp.recvmsg {println(inet_get_local_port($sk)); exit()}'  
22  
获取IP和端口用得更多的是  
saddr   = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk))  
daddr   = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk))  
sport = __tcp_sock_sport($sk)  
dport = __tcp_sock_dport($sk)  
  
function::MAJOR — Extract major device number from a kernel device number (kdev_t)  
function::MINOR — Extract minor device number from a kernel device number (kdev_t)  
function::MKDEV — Creates a value that can be compared to a kernel device number (kdev_t)  
function::usrdev2kerndev — Converts a user-space device number into the format used in the kernel  
获取设备的major id和minor id. 创建一个内核设备, 等.  
例子 :   
[root@db-172-16-3-150 tapset]# stap -e 'probe vfs.read {if (devname != "N/A") {printdln(".", MAJOR(dev), MINOR(dev), devname); exit()}}'  
8.1.sda1  
[root@db-172-16-3-150 tapset]# ll /dev/sda1  
brw-rw---- 1 root disk 8, 1 Oct 17 14:44 /dev/sda1  

https://sourceware.org/systemtap/SystemTap_Beginners_Guide/traceio2sect.html

#! /usr/bin/env stap  
  
global device_of_interest  
  
probe begin {  
  /* The following is not the most efficient way to do this.  
      One could directly put the result of usrdev2kerndev()  
      into device_of_interest.  However, want to test out  
      the other device functions */  
  dev = usrdev2kerndev($1)  
  device_of_interest = MKDEV(MAJOR(dev), MINOR(dev))  
}  
  
probe vfs.write, vfs.read  
{  
  if (dev == device_of_interest)  
    printf ("%s(%d) %s 0x%x\n",  
            execname(), pid(), probefunc(), dev)  
}  
  
function::error — Send an error message  
function::exit — Start shutting down probing script.  
function::ftrace — Send a message to the ftrace ring-buffer  
function::log — Send a line to the common trace buffer  
function::printk — Send a message to the kernel trace buffer  
function::warn — Send a line to the warning stream  
用于往各个目标发布消息, 例如error用以发布错误消息, 如果MAXERRORS=1将退出stap.  
[root@db-172-16-3-150 tapset]# stap -e 'probe begin {  
try {  
  error("Hello, ")  
}  
catch(msg) {  
  println(msg)  
  exit()  
}  
}'  
Hello,   
  
function::randint — Return a random number between [0,n)  
返回>=0, <n 的一个随机数字.  
[root@db-172-16-3-150 tapset]# stap -e 'probe begin {  
  for(i=0;i<10;i++)  
    println(randint(99))  
  exit()  
}'  
51  
57  
82  
85  
4  
70  
79  
37  
69  
97  
  
function::atomic_long_read — Retrieves an atomic long variable from kernel memory  
function::atomic_read — Retrieves an atomic variable from kernel memory  
function::kernel_char — Retrieves a char value stored in kernel memory  
function::kernel_int — Retrieves an int value stored in kernel memory  
function::kernel_long — Retrieves a long value stored in kernel memory  
function::kernel_pointer — Retrieves a pointer value stored in kernel memory  
function::kernel_short — Retrieves a short value stored in kernel memory  
function::kernel_string — Retrieves string from kernel memory  
function::kernel_string2 — Retrieves string from kernel memory with alternative error string  
function::kernel_string2_utf16 — Retrieves UTF-16 string from kernel memory with alternative error string  
function::kernel_string2_utf32 — Retrieves UTF-32 string from kernel memory with alternative error string  
function::kernel_string_n — Retrieves string of given length from kernel memory  
function::kernel_string_utf16 — Retrieves UTF-16 string from kernel memory  
function::kernel_string_utf32 — Retrieves UTF-32 string from kernel memory  
function::user_char — Retrieves a char value stored in user space  
function::user_char_warn — Retrieves a char value stored in user space  
function::user_int — Retrieves an int value stored in user space  
function::user_int16 — Retrieves a 16-bit integer value stored in user space  
function::user_int32 — Retrieves a 32-bit integer value stored in user space  
function::user_int64 — Retrieves a 64-bit integer value stored in user space  
function::user_int8 — Retrieves a 8-bit integer value stored in user space  
function::user_int_warn — Retrieves an int value stored in user space  
function::user_long — Retrieves a long value stored in user space  
function::user_long_warn — Retrieves a long value stored in user space  
function::user_short — Retrieves a short value stored in user space  
function::user_short_warn — Retrieves a short value stored in user space  
function::user_string — Retrieves string from user space  
function::user_string2 — Retrieves string from user space with alternative error string  
function::user_string2_utf16 — Retrieves UTF-16 string from user memory with alternative error string  
function::user_string2_utf32 — Retrieves UTF-32 string from user memory with alternative error string  
function::user_string_n — Retrieves string of given length from user space  
function::user_string_n2 — Retrieves string of given length from user space  
function::user_string_n_quoted — Retrieves and quotes string from user space  
function::user_string_n_warn — Retrieves string from user space  
function::user_string_quoted — Retrieves and quotes string from user space  
function::user_string_utf16 — Retrieves UTF-16 string from user memory  
function::user_string_utf32 — Retrieves UTF-32 string from user memory  
function::user_string_warn — Retrieves string from user space  
function::user_uint16 — Retrieves an unsigned 16-bit integer value stored in user space  
function::user_uint32 — Retrieves an unsigned 32-bit integer value stored in user space  
function::user_uint64 — Retrieves an unsigned 64-bit integer value stored in user space  
function::user_uint8 — Retrieves an unsigned 8-bit integer value stored in user space  
function::user_ushort — Retrieves an unsigned short value stored in user space  
function::user_ushort_warn — Retrieves an unsigned short value stored in user space  
从用户空间地址或内核内存地址中取出相应类型的值, 取出字符串长度受stap -D MAXSTRINGLEN 限制. 如果输出长度截断, 可以增加MAXSTRINGLEN 值.  
例如 :   
[root@db-172-16-3-150 ~]# stap -e '  
probe process("/home/pg93/pgsql9.3.1/bin/postgres").mark("query__start") {  
  printdln("**", sprintf("%p",$arg1), user_string($arg1))  
  exit()  
}'  
输出 :   
0x1b6f280**select * from t1 limit 1;  
SQL语句 :   
digoal=# select * from t1 limit 1;  
 id |               info                 
----+----------------------------------  
  1 | 006f3673faa5991478e6db0c01c88716  
(1 row)  
截断输出:  
[root@db-172-16-3-150 ~]# stap -D MAXSTRINGLEN=5 -e '  
probe process("/home/pg93/pgsql9.3.1/bin/postgres").mark("query__start") {  
  printdln("**", sprintf("%p",$arg1), user_string($arg1))                     
  exit()  
}'  
0x1b**sele  
因为MAXSTRINGLEN=5, 所以截断后只有4个字符, 需要减去字符串\0占位符  
  
function::set_kernel_char — Writes a char value to kernel memory  
function::set_kernel_int — Writes an int value to kernel memory  
function::set_kernel_long — Writes a long value to kernel memory  
function::set_kernel_pointer — Writes a pointer value to kernel memory.  
function::set_kernel_short — Writes a short value to kernel memory  
function::set_kernel_string — Writes a string to kernel memory  
function::set_kernel_string_n — Writes a string of given length to kernel memory  
往指定内核内存地址中写入各种类型的值, 非常危险, 只能在-g模式下使用.  
例如  
[root@db-172-16-3-150 ~]# stap -g -e '                 
probe process("/home/pg93/pgsql9.3.1/bin/postgres").mark("query__start") {  
  printdln("**", sprintf("%p",$arg1), user_string($arg1))  
  set_kernel_string($arg1, "delete from t1;")  
  exit()  
}'  
0x1b6f280**select * from t1 limit 1;  
在数据库中执行select * from t1 limit 1;, 但是这个内容已被改写成"delete from t1;", 所以实际执行的操作是删除操作.  
digoal=# select * from t1 limit 1;  
DELETE 5635072  
digoal=# select * from t1 limit 1;  
 id | info   
----+------  
(0 rows)  
相当危险, 执行完后数据没了.  
  
function::mdelay — millisecond delay  
function::panic — trigger a panic  
function::udelay — microsecond delay  
延迟函数, 类似数据库中的pg_sleep(), 因此只能在stap guru模式中才可以使用.   
[root@db-172-16-3-150 tapset]# stap -g -e 'probe begin {  
ts1=gettimeofday_ms()  
mdelay(100)  
ts2=gettimeofday_ms()  
printdln("**",ts1,ts2,ts2-ts1)  
exit()  
}'  
1381999610011**1381999610111**100  
panic向内核发出kernel panic消息.  
将导致系统重启, 千万不要胡乱使用.  
[root@db-172-16-3-150 tapset]# stap -g -e 'probe begin {  
panic("this is a test")  
exit()       
}'  
  
function::isdigit — Checks for a digit  
function::isinstr — Returns whether a string is a substring of another string  
function::str_replace — str_replace Replaces all instances of a substring with another  
function::stringat — Returns the char at a given position in the string  
function::strlen — Returns the length of a string  
function::strtol — strtol - Convert a string to a long  
function::substr — Returns a substring  
function::text_str — Escape any non-printable chars in a string  
function::text_strn — Escape any non-printable chars in a string  
function::tokenize — Return the next non-empty token in a string  
一系列字符和数字的操作函数, 检查字符串首字符是否为数字, 判断字符串是否在另一个字符串中, 字符串替换, 字符串长度, 字符转数字, substr等, 类似数据库中的一些字符操作函数.  
[root@db-172-16-3-150 ~]# stap -e 'probe begin  
{  
print(isinstr("hello ", "el"))  
exit()  
}'  
1[root@db-172-16-3-150 ~]#   
[root@db-172-16-3-150 ~]# stap -e 'probe begin  
{  
print(isinstr("hello ", "H"))   
exit()  
}'  
0  
  
function::ansi_clear_screen — Move cursor to top left and clear screen.  
function::ansi_cursor_hide — Hides the cursor.  
function::ansi_cursor_move — Move cursor to new coordinates.  
function::ansi_cursor_restore — Restores a previously saved cursor position.  
function::ansi_cursor_save — Saves the cursor position.  
function::ansi_cursor_show — Shows the cursor.  
function::ansi_new_line — Move cursor to new line.  
function::ansi_reset_color — Resets Select Graphic Rendition mode.  
function::ansi_set_color — Set the ansi Select Graphic Rendition mode.  
function::ansi_set_color2 — Set the ansi Select Graphic Rendition mode.  
function::ansi_set_color3 — Set the ansi Select Graphic Rendition mode.  
function::indent — returns an amount of space to indent  
function::thread_indent — returns an amount of space with the current task information  
与输出格式相关的一些函数, 例如清屏, 缩进格式等.  

参考

1. https://sourceware.org/systemtap/tapsets/

Flag Counter

digoal’s 大量PostgreSQL文章入口