Chapter 11. Networking Tapset

probe::netdev.receive — Data received from network device.
probe::netdev.transmit — Network device transmitting buffer
probe::netdev.change_mtu — Called when the netdev MTU is changed
probe::netdev.open — Called when the device is opened
probe::netdev.close — Called when the device is closed
probe::netdev.hard_transmit — Called when the devices is going to TX (hard)
probe::netdev.rx — Called when the device is going to receive a packet
probe::netdev.change_rx_flag — Called when the device RX flag will be changed
probe::netdev.set_promiscuity — Called when the device enters/leaves promiscuity
probe::netdev.ioctl — Called when the device suffers an IOCTL
probe::netdev.register — Called when the device is registered
probe::netdev.unregister — Called when the device is being unregistered
probe::netdev.get_stats — Called when someone asks the device statistics
probe::netdev.change_mac — Called when the netdev_name has the MAC changed
probe::tcp.sendmsg — Sending a tcp message
probe::tcp.sendmsg.return — Sending TCP message is done
probe::tcp.recvmsg — Receiving TCP message
probe::tcp.recvmsg.return — Receiving TCP message complete
probe::tcp.disconnect — TCP socket disconnection
probe::tcp.disconnect.return — TCP socket disconnection complete
probe::tcp.setsockopt — Call to setsockopt
probe::tcp.setsockopt.return — Return from setsockopt
probe::tcp.receive — Called when a TCP packet is received
probe::udp.sendmsg — Fires whenever a process sends a UDP message
probe::udp.sendmsg.return — Fires whenever an attempt to send a UDP message is completed
probe::udp.recvmsg — Fires whenever a UDP message is received
probe::udp.recvmsg.return — Fires whenever an attempt to receive a UDP message received is completed
probe::udp.disconnect — Fires when a process requests for a UDP disconnection
probe::udp.disconnect.return — UDP has been disconnected successfully
function::ip_ntop — returns a string representation from an integer IP number

This family of probe points is used to probe the activities of the network device and protocol layers.

Name

probe::netdev.receive — Data received from network device.

Synopsis

netdev.receive

Values

protocol: Protocol of received packet.
dev_name: The name of the device. e.g: eth0, ath1.
length: The length of the receiving buffer.

Name

probe::netdev.transmit — Network device transmitting buffer

Synopsis

netdev.transmit

Values

protocol: The protocol of this packet(defined in include/linux/if_ether.h).
dev_name: The name of the device. e.g: eth0, ath1.
length: The length of the transmit buffer.
truesize: The size of the data to be transmitted.

Name

probe::netdev.change_mtu — Called when the netdev MTU is changed

Synopsis

netdev.change_mtu

Values

dev_name: The device that will have the MTU changed
new_mtu: The new MTU
old_mtu: The current MTU

Name

probe::netdev.open — Called when the device is opened

Synopsis

netdev.open

Values

dev_name: The device that is going to be opened

Name

probe::netdev.close — Called when the device is closed

Synopsis

netdev.close

Values

dev_name: The device that is going to be closed

Name

probe::netdev.hard_transmit — Called when the devices is going to TX (hard)

Synopsis

netdev.hard_transmit

Values

protocol: The protocol used in the transmission
dev_name: The device scheduled to transmit
length: The length of the transmit buffer.
truesize: The size of the data to be transmitted.

Name

probe::netdev.rx — Called when the device is going to receive a packet

Synopsis

netdev.rx

Values

protocol: The packet protocol
dev_name: The device received the packet

Name

probe::netdev.change_rx_flag — Called when the device RX flag will be changed

Synopsis

netdev.change_rx_flag

Values

dev_name: The device that will be changed
flags: The new flags

Name

probe::netdev.set_promiscuity — Called when the device enters/leaves promiscuity

Synopsis

netdev.set_promiscuity

Values

dev_name: The device that is entering/leaving promiscuity mode
enable: If the device is entering promiscuity mode
inc: Count the number of promiscuity openers
disable: If the device is leaving promiscuity mode

Name

probe::netdev.ioctl — Called when the device suffers an IOCTL

Synopsis

netdev.ioctl

Values

cmd: The IOCTL request
arg: The IOCTL argument (usually the netdev interface)

Name

probe::netdev.register — Called when the device is registered

Synopsis

netdev.register

Values

dev_name: The device that is going to be registered

Name

probe::netdev.unregister — Called when the device is being unregistered

Synopsis

netdev.unregister

Values

dev_name: The device that is going to be unregistered

Name

probe::netdev.get_stats — Called when someone asks the device statistics

Synopsis

netdev.get_stats

Values

dev_name: The device that is going to provide the statistics

Name

probe::netdev.change_mac — Called when the netdev_name has the MAC changed

Synopsis

netdev.change_mac

Values

dev_name: The device that will have the MTU changed
new_mac: The new MAC address
mac_len: The MAC length
old_mac: The current MAC address

Name

probe::tcp.sendmsg — Sending a tcp message

Synopsis

tcp.sendmsg

Values

name: Name of this probe
size: Number of bytes to send
sock: Network socket

Context

The process which sends a tcp message

Name

probe::tcp.sendmsg.return — Sending TCP message is done

Synopsis

tcp.sendmsg.return

Values

name: Name of this probe
size: Number of bytes sent or error code if an error occurred.

Context

The process which sends a tcp message

Name

probe::tcp.recvmsg — Receiving TCP message

Synopsis

tcp.recvmsg

Values

saddr: A string representing the source IP address
daddr: A string representing the destination IP address
name: Name of this probe
sport: TCP source port
dport: TCP destination port
size: Number of bytes to be received
sock: Network socket

Context

The process which receives a tcp message

Name

probe::tcp.recvmsg.return — Receiving TCP message complete

Synopsis

tcp.recvmsg.return

Values

saddr: A string representing the source IP address
daddr: A string representing the destination IP address
name: Name of this probe
sport: TCP source port
dport: TCP destination port
size: Number of bytes received or error code if an error occurred.

Context

The process which receives a tcp message

Name

probe::tcp.disconnect — TCP socket disconnection

Synopsis

tcp.disconnect

Values

saddr: A string representing the source IP address
daddr: A string representing the destination IP address
flags: TCP flags (e.g. FIN, etc)
name: Name of this probe
sport: TCP source port
dport: TCP destination port
sock: Network socket

Context

The process which disconnects tcp

Name

probe::tcp.disconnect.return — TCP socket disconnection complete

Synopsis

tcp.disconnect.return

Values

ret: Error code (0: no error)
name: Name of this probe

Context

The process which disconnects tcp

Name

probe::tcp.setsockopt — Call to setsockopt

Synopsis

tcp.setsockopt

Values

optstr: Resolves optname to a human-readable format
level: The level at which the socket options will be manipulated
optlen: Used to access values for setsockopt
name: Name of this probe
optname: TCP socket options (e.g. TCP_NODELAY, TCP_MAXSEG, etc)
sock: Network socket

Context

The process which calls setsockopt

Name

probe::tcp.setsockopt.return — Return from setsockopt

Synopsis

tcp.setsockopt.return

Values

ret: Error code (0: no error)
name: Name of this probe

Context

The process which calls setsockopt

Name

probe::tcp.receive — Called when a TCP packet is received

Synopsis

tcp.receive

Values

urg: TCP URG flag
protocol: Packet protocol from driver
psh: TCP PSH flag
name: Name of the probe point
rst: TCP RST flag
dport: TCP destination port
saddr: A string representing the source IP address
daddr: A string representing the destination IP address
ack: TCP ACK flag
fin: TCP FIN flag
syn: TCP SYN flag
sport: TCP source port
iphdr: IP header address

Name

probe::udp.sendmsg — Fires whenever a process sends a UDP message

Synopsis

udp.sendmsg

Values

name: The name of this probe
size: Number of bytes sent by the process
sock: Network socket used by the process

Context

The process which sent a UDP message

Name

probe::udp.sendmsg.return — Fires whenever an attempt to send a UDP message is completed

Synopsis

udp.sendmsg.return

Values

name: The name of this probe
size: Number of bytes sent by the process

Context

The process which sent a UDP message

Name

probe::udp.recvmsg — Fires whenever a UDP message is received

Synopsis

udp.recvmsg

Values

name: The name of this probe
size: Number of bytes received by the process
sock: Network socket used by the process

Context

The process which received a UDP message

Name

probe::udp.recvmsg.return — Fires whenever an attempt to receive a UDP message received is completed

Synopsis

udp.recvmsg.return

Values

name: The name of this probe
size: Number of bytes received by the process

Context

The process which received a UDP message

Name

probe::udp.disconnect — Fires when a process requests for a UDP disconnection

Synopsis

udp.disconnect

Values

flags: Flags (e.g. FIN, etc)
name: The name of this probe
sock: Network socket used by the process

Context

The process which requests a UDP disconnection

Name

probe::udp.disconnect.return — UDP has been disconnected successfully

Synopsis

udp.disconnect.return

Values

ret: Error code (0: no error)
name: The name of this probe

Context

The process which requested a UDP disconnection

Name

function::ip_ntop — returns a string representation from an integer IP number

Synopsis

function ip_ntop:string(addr:long)

Arguments

addr: the ip represented as an integer