1/* 2 * tcpprobe - Observe the TCP flow with kprobes. 3 * 4 * The idea for this came from Werner Almesberger's umlsim 5 * Copyright (C) 2004, Stephen Hemminger <shemminger@osdl.org> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 */ 20 21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 22 23#include <linux/kernel.h> 24#include <linux/kprobes.h> 25#include <linux/socket.h> 26#include <linux/tcp.h> 27#include <linux/slab.h> 28#include <linux/proc_fs.h> 29#include <linux/module.h> 30#include <linux/ktime.h> 31#include <linux/time.h> 32#include <net/net_namespace.h> 33 34#include <net/tcp.h> 35 36MODULE_AUTHOR("Stephen Hemminger <shemminger@linux-foundation.org>"); 37MODULE_DESCRIPTION("TCP cwnd snooper"); 38MODULE_LICENSE("GPL"); 39MODULE_VERSION("1.1"); 40 41static int port __read_mostly; 42MODULE_PARM_DESC(port, "Port to match (0=all)"); 43module_param(port, int, 0); 44 45static unsigned int bufsize __read_mostly = 4096; 46MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)"); 47module_param(bufsize, uint, 0); 48 49static unsigned int fwmark __read_mostly; 50MODULE_PARM_DESC(fwmark, "skb mark to match (0=no mark)"); 51module_param(fwmark, uint, 0); 52 53static int full __read_mostly; 54MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)"); 55module_param(full, int, 0); 56 57static const char procname[] = "tcpprobe"; 58 59struct tcp_log { 60 ktime_t tstamp; 61 union { 62 struct sockaddr raw; 63 struct sockaddr_in v4; 64 struct sockaddr_in6 v6; 65 } src, dst; 66 u16 length; 67 u32 snd_nxt; 68 u32 snd_una; 69 u32 snd_wnd; 70 u32 rcv_wnd; 71 u32 snd_cwnd; 72 u32 ssthresh; 73 u32 srtt; 74}; 75 76static struct { 77 spinlock_t lock; 78 wait_queue_head_t wait; 79 ktime_t start; 80 u32 lastcwnd; 81 82 unsigned long head, tail; 83 struct tcp_log *log; 84} tcp_probe; 85 86static inline int tcp_probe_used(void) 87{ 88 return (tcp_probe.head - tcp_probe.tail) & (bufsize - 1); 89} 90 91static inline int tcp_probe_avail(void) 92{ 93 return bufsize - tcp_probe_used() - 1; 94} 95 96#define tcp_probe_copy_fl_to_si4(inet, si4, mem) \ 97 do { \ 98 si4.sin_family = AF_INET; \ 99 si4.sin_port = inet->inet_##mem##port; \ 100 si4.sin_addr.s_addr = inet->inet_##mem##addr; \ 101 } while (0) \ 102 103/* 104 * Hook inserted to be called before each receive packet. 105 * Note: arguments must match tcp_rcv_established()! 106 */ 107static void jtcp_rcv_established(struct sock *sk, struct sk_buff *skb, 108 const struct tcphdr *th, unsigned int len) 109{ 110 const struct tcp_sock *tp = tcp_sk(sk); 111 const struct inet_sock *inet = inet_sk(sk); 112 113 /* Only update if port or skb mark matches */ 114 if (((port == 0 && fwmark == 0) || 115 ntohs(inet->inet_dport) == port || 116 ntohs(inet->inet_sport) == port || 117 (fwmark > 0 && skb->mark == fwmark)) && 118 (full || tp->snd_cwnd != tcp_probe.lastcwnd)) { 119 120 spin_lock(&tcp_probe.lock); 121 /* If log fills, just silently drop */ 122 if (tcp_probe_avail() > 1) { 123 struct tcp_log *p = tcp_probe.log + tcp_probe.head; 124 125 p->tstamp = ktime_get(); 126 switch (sk->sk_family) { 127 case AF_INET: 128 tcp_probe_copy_fl_to_si4(inet, p->src.v4, s); 129 tcp_probe_copy_fl_to_si4(inet, p->dst.v4, d); 130 break; 131 case AF_INET6: 132 memset(&p->src.v6, 0, sizeof(p->src.v6)); 133 memset(&p->dst.v6, 0, sizeof(p->dst.v6)); 134#if IS_ENABLED(CONFIG_IPV6) 135 p->src.v6.sin6_family = AF_INET6; 136 p->src.v6.sin6_port = inet->inet_sport; 137 p->src.v6.sin6_addr = inet6_sk(sk)->saddr; 138 139 p->dst.v6.sin6_family = AF_INET6; 140 p->dst.v6.sin6_port = inet->inet_dport; 141 p->dst.v6.sin6_addr = sk->sk_v6_daddr; 142#endif 143 break; 144 default: 145 BUG(); 146 } 147 148 p->length = skb->len; 149 p->snd_nxt = tp->snd_nxt; 150 p->snd_una = tp->snd_una; 151 p->snd_cwnd = tp->snd_cwnd; 152 p->snd_wnd = tp->snd_wnd; 153 p->rcv_wnd = tp->rcv_wnd; 154 p->ssthresh = tcp_current_ssthresh(sk); 155 p->srtt = tp->srtt_us >> 3; 156 157 tcp_probe.head = (tcp_probe.head + 1) & (bufsize - 1); 158 } 159 tcp_probe.lastcwnd = tp->snd_cwnd; 160 spin_unlock(&tcp_probe.lock); 161 162 wake_up(&tcp_probe.wait); 163 } 164 165 jprobe_return(); 166} 167 168static struct jprobe tcp_jprobe = { 169 .kp = { 170 .symbol_name = "tcp_rcv_established", 171 }, 172 .entry = jtcp_rcv_established, 173}; 174 175static int tcpprobe_open(struct inode *inode, struct file *file) 176{ 177 /* Reset (empty) log */ 178 spin_lock_bh(&tcp_probe.lock); 179 tcp_probe.head = tcp_probe.tail = 0; 180 tcp_probe.start = ktime_get(); 181 spin_unlock_bh(&tcp_probe.lock); 182 183 return 0; 184} 185 186static int tcpprobe_sprint(char *tbuf, int n) 187{ 188 const struct tcp_log *p 189 = tcp_probe.log + tcp_probe.tail; 190 struct timespec tv 191 = ktime_to_timespec(ktime_sub(p->tstamp, tcp_probe.start)); 192 193 return scnprintf(tbuf, n, 194 "%lu.%09lu %pISpc %pISpc %d %#x %#x %u %u %u %u %u\n", 195 (unsigned long)tv.tv_sec, 196 (unsigned long)tv.tv_nsec, 197 &p->src, &p->dst, p->length, p->snd_nxt, p->snd_una, 198 p->snd_cwnd, p->ssthresh, p->snd_wnd, p->srtt, p->rcv_wnd); 199} 200 201static ssize_t tcpprobe_read(struct file *file, char __user *buf, 202 size_t len, loff_t *ppos) 203{ 204 int error = 0; 205 size_t cnt = 0; 206 207 if (!buf) 208 return -EINVAL; 209 210 while (cnt < len) { 211 char tbuf[256]; 212 int width; 213 214 /* Wait for data in buffer */ 215 error = wait_event_interruptible(tcp_probe.wait, 216 tcp_probe_used() > 0); 217 if (error) 218 break; 219 220 spin_lock_bh(&tcp_probe.lock); 221 if (tcp_probe.head == tcp_probe.tail) { 222 /* multiple readers race? */ 223 spin_unlock_bh(&tcp_probe.lock); 224 continue; 225 } 226 227 width = tcpprobe_sprint(tbuf, sizeof(tbuf)); 228 229 if (cnt + width < len) 230 tcp_probe.tail = (tcp_probe.tail + 1) & (bufsize - 1); 231 232 spin_unlock_bh(&tcp_probe.lock); 233 234 /* if record greater than space available 235 return partial buffer (so far) */ 236 if (cnt + width >= len) 237 break; 238 239 if (copy_to_user(buf + cnt, tbuf, width)) 240 return -EFAULT; 241 cnt += width; 242 } 243 244 return cnt == 0 ? error : cnt; 245} 246 247static const struct file_operations tcpprobe_fops = { 248 .owner = THIS_MODULE, 249 .open = tcpprobe_open, 250 .read = tcpprobe_read, 251 .llseek = noop_llseek, 252}; 253 254static __init int tcpprobe_init(void) 255{ 256 int ret = -ENOMEM; 257 258 /* Warning: if the function signature of tcp_rcv_established, 259 * has been changed, you also have to change the signature of 260 * jtcp_rcv_established, otherwise you end up right here! 261 */ 262 BUILD_BUG_ON(__same_type(tcp_rcv_established, 263 jtcp_rcv_established) == 0); 264 265 init_waitqueue_head(&tcp_probe.wait); 266 spin_lock_init(&tcp_probe.lock); 267 268 if (bufsize == 0) 269 return -EINVAL; 270 271 bufsize = roundup_pow_of_two(bufsize); 272 tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL); 273 if (!tcp_probe.log) 274 goto err0; 275 276 if (!proc_create(procname, S_IRUSR, init_net.proc_net, &tcpprobe_fops)) 277 goto err0; 278 279 ret = register_jprobe(&tcp_jprobe); 280 if (ret) 281 goto err1; 282 283 pr_info("probe registered (port=%d/fwmark=%u) bufsize=%u\n", 284 port, fwmark, bufsize); 285 return 0; 286 err1: 287 remove_proc_entry(procname, init_net.proc_net); 288 err0: 289 kfree(tcp_probe.log); 290 return ret; 291} 292module_init(tcpprobe_init); 293 294static __exit void tcpprobe_exit(void) 295{ 296 remove_proc_entry(procname, init_net.proc_net); 297 unregister_jprobe(&tcp_jprobe); 298 kfree(tcp_probe.log); 299} 300module_exit(tcpprobe_exit); 301