Full tracing of gethostbyXXX calls.
The gethostbyname.d “one liner” is now no longer anywhere near a one liner as to not be funny. It does however do all the things you would want it to do. Printing the entire hostent1 structure on success and all the h_error values on failure.
: enoexec.eu FSS 257 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts www.ibm.com
129.42.56.216 www.ibm.com www.ibm.com.cs186.net
Look up: www.ibm.com: took 3276803us
Host: www.ibm.com
h_alias[0]: www.ibm.com.cs186.net
h_address[0]: 129.42.56.216
: enoexec.eu FSS 258 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts this.host.does.not.exist.sun.com
Look up: this.host.does.not.exist.sun.com:
took 31789us gethostbyname_r failed.
h_errno: 1:
Host not found
: enoexec.eu FSS 259 $; pfexec /usr/sbin/dtrace -32 -CZs gethostbyXXXX.d -c getent hosts 127.0.0.1
127.0.0.1 localhost
Look up: 127.0.0.1 took 247882us:
Host: localhost
h_address[0]: 127.0.0.1
: enoexec.eu FSS 260 $;
I learned some useful things while writing this:
-
Writing userland scripts is much harder than kernel scripts. If your script has “#include in it then you are entering a world of hurt. Specifically make sure you set the data model of dtrace to match that of the application you are scripting.
-
The various copyin() routines write into scratch memory. Scratch memory is only good during the current clause so if you want to move the data from clause to clause you need to store it. Thanks again to Jon for pointing this out.
-
How cool would “follow fork” be for dtrace? Very.
-
It would be really nice to bundle this script up as “getXXXbyYYY.d and include all the other getXXXbyYYY routines that there are (getpwbyname, getpwbyuid etc etc) however even this script is on the edge of producing DIF that is to large for the standard settings so having more probes would make it unworkable. Anyway they make a good exercise for the reader.
The script is here: gethostbyXXXX.d
1Well only the first 10 host name aliases and the first 10 IP addresses are printed. Adding more is trivial but you will need to up the size of the DIF that the kernel is prepared to accept.
[Trackback] When I wrote the
D script to decode gethostbyname() and gethostbyaddr() library
calls I fully intended to proactive write the script to do
getipnodebyname() and getipnodebyaddr() and for that matter all the
getXbyY routines. However that spare fi…