The udp provider provides probes for tracing the UDP protocol.
The udp probes are described in the table below.
|
The send and receive probes trace datagrams on physical interfaces and also packets on loopback interfaces that are processed by udp.
The argument types for the udp probes are listed in the table below. The arguments are described in the following section.
|
The pktinfo_t structure is where packet ID info can be made available for deeper analysis if packet IDs become supported by the kernel in the future.
The pkt_addr member is currently always NULL.
typedef struct pktinfo { uintptr_t pkt_addr; /* currently always NULL */ } pktinfo_t;
The csinfo_t structure is where connection state info is made available. It contains a unique (system-wide) connection ID, and the process ID and zone ID associated with the connection.
typedef struct csinfo { uintptr_t cs_addr; uint64_t cs_cid; pid_t cs_pid; zoneid_t cs_zoneid; } csinfo_t;
|
The ipinfo_t structure contains common IP info for both IPv4 and IPv6.
typedef struct ipinfo { uint8_t ip_ver; /* IP version (4, 6) */ uint16_t ip_plength; /* payload length */ string ip_saddr; /* source address */ string ip_daddr; /* destination address */ } ipinfo_t;
These values are read at the time the probe fired in UDP, and so ip_plength is the expected IP payload length - however the IP layer may add headers (such as AH and ESP) which will increase the actual payload length. To examine this, also trace packets using the ip provider.
|
The udpsinfo_t structure contains udp state info.
typedef struct udpsinfo { uintptr_t udps_addr; uint16_t upds_lport; /* local port */ uint16_t udps_fport; /* remote port */ string udps_laddr; /* local address, as a string */ string udps_faddr; /* remote address, as a string */ } udpsinfo_t;
|
The udpinfo_t structure is a DTrace translated version of the UDP header.
typedef struct udpinfo { uint16_t udp_sport; /* source port */ uint16_t udp_dport; /* destination port */ uint16_t udp_length; /* total length */ uint16_t udp_checksum; /* headers + data checksum */ udpha_t *udp_hdr; /* raw UDP header */ } udpinfo_t;
|
See RFC-768 for a detailed explanation of the standard UDP header fields and flags.
Some simple examples of udp provider usage follow.
This DTrace one-liner counts UDP received packets by host address:
# dtrace -n 'udp:::receive { @[args[2]->ip_saddr] = count(); }' dtrace: description 'udp:::receive ' matched 5 probes ^C 127.0.0.1 7 fe80::214:4fff:fe8d:59aa 14 192.168.2.30 43 192.168.1.109 44 192.168.2.88 3722
The output above shows that 7 UDP packets were received from 127.0.0.1, 14 UDP packets from the IPv6 host fe80::214:4fff:fe8d:59aa, etc.
This DTrace one-liner counts UDP received packets by the local UDP port:
# dtrace -n 'udp:::receive { @[args[4]->udp_dport] = count(); }' dtrace: description 'udp:::receive ' matched 1 probe ^C 33294 1 33822 1 38961 1 44433 1 46258 1 46317 1 47511 1 50581 1 54685 1 56491 1 59056 1 62171 1 62769 1 64231 1
The output above shows that 1 packet was received for port 33294, 1 packet was received for port 33822, etc.
This DTrace one-liner prints distribution plots of IP payload size by destination, for UDP sends:
# dtrace -n 'udp:::send { @[args[2]->ip_daddr] = quantize(args[2]->ip_plength); }' dtrace: description 'udp:::send ' matched 6 probes ^C 129.156.86.11 value ------------- Distribution ------------- count 16 | 0 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 14 64 | 0
The udp provider uses DTrace's stability mechanism to describe its stabilities, as shown in the following table. For more information about the stability mechanism, see Chapter 18, Stability.
|