The simple things in life are still cool


I've been messing around with DTrace for some time now and, as with most things in life, a certain level of intimacy means that I've began take the old boy a bit for granted. What was incredibly cool at first becomes normal after a while even though it is still mind boggling. A simple example that came up today reminded me of how the simple things are still incredibly cool.

A colleague of mine was wanting to see the http interaction in a web infrastructure he's developing. On a Solaris 10 system he has multiple zones with portal server, access manager and various other JES pieces. He had never touched DTrace before but being a bright chap he went and got the manual and knocked some stuff up to just look at the write() calls being made. He wanted to just look for http GETs at first but was having a slight problem getting his predicates right. To look for all http GETs being issued by firefox (for example) he just needed this:

#!/usr/sbin/dtrace -s

#pragma D option quiet
#pragma D option strsize=2048

syscall::write:entry
/execname == "firefox-bin" && stringof(copyin(arg1, 3)) == "GET"/
{
	printf("%s\\n\\n", copyinstr(arg1));
}


All we are saying here is that when a write system call is made, print out the write buffer if firefox made the write and if the first 3 characters being written are "GET". Really simple but a great demonstration of the ability to prune data at source provided by the predicate mechanism. Firefox makes thousands of write calls but I can specify exactly which ones I'm interested in with no post processing at all. Still cool.

For those that like to see output, the above script produces the following sample bumph when loading up www.sun.com:

GET http://www.sun.com/ HTTP/1.1
Host: www.sun.com
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7) Gecko/20041221
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,\*/\*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cookie: ...


GET http://www.sun.com/2005-0329/images/b3_staroffice8.jpg HTTP/1.1
Host: www.sun.com
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7) Gecko/20041221
Accept: image/png,\*/\*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,\*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.sun.com/
Cookie: ...


Comments:

DTrace is indeed great tool, much much better than truss and strace. However, in your colleague's case, he/she may want to consider the following options instead of writing D-script (which can only run as root). The following stuff are portable everywhere. http://livehttpheaders.mozdev.org/ http://sockspy.sourceforge.net/sockspy.html

Posted by Chi Hung Chan on December 08, 2005 at 11:52 PM GMT+00:00 #

Post a Comment:
  • HTML Syntax: NOT allowed
About

jonh

Search

Categories
Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today