Full tracing of gethostbyXXX calls.

The gethostbyname.d “one liner” is now no longer anywhere near a one liner as to not be funny. It does however do all the things you would want it to do. Printing the entire hostent1 structure on success and all the h_error values on failure.

: enoexec.eu FSS 257 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts www.ibm.com

129.42.56.216	www.ibm.com www.ibm.com.cs186.net
Look up: www.ibm.com: took 3276803us
Host: www.ibm.com
	h_alias[0]: www.ibm.com.cs186.net
	h_address[0]: 129.42.56.216

: enoexec.eu FSS 258 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts this.host.does.not.exist.sun.com
Look up: this.host.does.not.exist.sun.com: took 31789us
gethostbyname_r failed. h_errno: 1: Host not found

: enoexec.eu FSS 259 $;  pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts 127.0.0.1
127.0.0.1	localhost
Look up: 127.0.0.1 took 247882us:
Host: localhost
	h_address[0]: 127.0.0.1

: enoexec.eu FSS 260 $; 

I learned some useful things while writing this:

  1. Writing userland scripts is much harder than kernel scripts. If your script has “#include <xxxx.h> in it then you are entering a world of hurt. Specifically make sure you set the data model of dtrace to match that of the application you are scripting.

  2. The various copyin() routines write into scratch memory. Scratch memory is only good during the current clause so if you want to move the data from clause to clause you need to store it. Thanks again to Jon for pointing this out.

  3. How cool would “follow fork” be for dtrace? Very.

  4. It would be really nice to bundle this script up as “getXXXbyYYY.d and include all the other getXXXbyYYY routines that there are (getpwbyname, getpwbyuid etc etc) however even this script is on the edge of producing DIF that is to large for the standard settings so having more probes would make it unworkable. Anyway they make a good exercise for the reader.

The script is here: gethostbyXXXX.d



1Well only the first 10 host name aliases and the first 10 IP addresses are printed. Adding more is trivial but you will need to up the size of the DIF that the kernel is prepared to accept.

Comments:

[Trackback] When I wrote the D script to decode gethostbyname() and gethostbyaddr() library calls I fully intended to proactive write the script to do getipnodebyname() and getipnodebyaddr() and for that matter all the getXbyY routines. However that spare fi...

Posted by The dot in ... --- ... on December 02, 2009 at 09:19 AM GMT #

Post a Comment:
Comments are closed for this entry.
About

This is the old blog of Chris Gerhard. It has mostly moved to http://chrisgerhard.wordpress.com

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today