Skip to content

Full tracing of gethostbyXXX calls.

July 7, 2008

The gethostbyname.d “one liner” is now no longer anywhere near a one liner as to not be funny. It does however do all the things you would want it to do. Printing the entire hostent1 structure on success and all the h_error values on failure.

: enoexec.eu FSS 257 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts www.ibm.com  129.42.56.216	www.ibm.com www.ibm.com.cs186.net Look up: www.ibm.com: took 3276803us Host: www.ibm.com 	h_alias[0]: www.ibm.com.cs186.net 	h_address[0]: 129.42.56.216  : enoexec.eu FSS 258 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts this.host.does.not.exist.sun.com Look up: this.host.does.not.exist.sun.com: took 31789us gethostbyname_r failed. h_errno: 1: Host not found  : enoexec.eu FSS 259 $;  pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts 127.0.0.1 127.0.0.1	localhost Look up: 127.0.0.1 took 247882us: Host: localhost 	h_address[0]: 127.0.0.1  : enoexec.eu FSS 260 $;  

I learned some useful things while writing this:

  1. Writing userland scripts is much harder than kernel scripts. If your script has “#include <xxxx.h> in it then you are entering a world of hurt. Specifically make sure you set the data model of dtrace to match that of the application you are scripting.

  2. The various copyin() routines write into scratch memory. Scratch memory is only good during the current clause so if you want to move the data from clause to clause you need to store it. Thanks again to Jon for pointing this out.

  3. How cool would “follow fork” be for dtrace? Very.

  4. It would be really nice to bundle this script up as “getXXXbyYYY.d and include all the other getXXXbyYYY routines that there are (getpwbyname, getpwbyuid etc etc) however even this script is on the edge of producing DIF that is to large for the standard settings so having more probes would make it unworkable. Anyway they make a good exercise for the reader.

The script is here: gethostbyXXXX.d



1Well only the first 10 host name aliases and the first 10 IP addresses are printed. Adding more is trivial but you will need to up the size of the DIF that the kernel is prepared to accept.

Advertisements

From → Solaris

One Comment
  1. [Trackback] When I wrote the
    D script to decode gethostbyname() and gethostbyaddr() library
    calls I fully intended to proactive write the script to do
    getipnodebyname() and getipnodebyaddr() and for that matter all the
    getXbyY routines. However that spare fi…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: