SlideShare a Scribd company logo

A little systemtap

yang bingwu, profile picture
yang bingwu

This document discusses the Linux tracing tool systemtap. It provides an overview of systemtap and what it can be used for, including tracing system calls, kernel functions, and application functions. It also discusses how systemtap works, how it uses debugging symbols, and how RPMs handle separate debug information files. Several examples are given of using systemtap probes to trace requests for Nginx, cURL, Redis, MySQL, and TCP retransmissions. The document concludes by mentioning using DTrace for other languages beyond C, such as MySQL, Python, and Java.

Technology
1 of 28
Downloaded 18 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
a little systemtap detailyang@gmail.com 2016 11-24
什什么是 systemtap Linux 下万能的 Trace ⼯工具。
Linux 下⽬目前的 Tracer
systemtap 能做什什么
跟踪系统调⽤用 stap -e 'probe syscall.open {printf("%s(%d) is opening %sn", execname(), pid(), user_string($filename))}' vminfo(710) is opening /var/run/utmp less(11933) is opening /root/.lesshst cat(12198) is opening /etc/ld.so.cache cat(12198) is opening /lib64/libc.so.6 cat(12198) is opening /usr/lib/locale/locale-archive cat(12198) is opening /tmp/123
跟踪内核态 probe kernel.function("tcp_retransmit_skb") { rto = tcp_get_info_rto($sk) saddr = format_ipaddr(__ip_sock_saddr($sk), __ip_sock_family($sk)) daddr = format_ipaddr(__ip_sock_daddr($sk), __ip_sock_family($sk)) sport = __tcp_sock_sport($sk) dport = __tcp_sock_dport($sk) lastrto = record[saddr, sport, daddr, dport] state = tcp_ts_get_info_state($sk) if (lastrto != rto) { if (lastrto) { printf("%s:%d => %s:%d STATE:%s RTO:%d -> %d (ms)n", saddr, sport, daddr, dport, tcp_sockstate_str(state), lastrto/1000, rto/1000) } else { printf("%s:%d => %s:%d STATE:%s RTO:%d (ms)n", saddr, sport, daddr, dport, tcp_sockstate_str(state), rto/1000) } } record[saddr, sport, daddr, dport] = rto }
跟踪应⽤用程序 probe process(“/usr/bin/redis-server”).function(“getConmmand") { printf(“id:%d %s %sn", $c->id, user_string($c->argv[0]- >ptr), user_string($c->argv[1]->ptr)) } id:2 get abcd id:2 get a
systemtap 安装 yum install -y systemtap 早先的内核版本依赖utrace补丁 3.50 使⽤用内核 uprobes 和 uretprobes
systemtap 原理理
调试符号是什什么 Linux ⽬目前的调试格式 dwarf
调试符号是什什么 源代码中每个对象的名称。例例如变量量、函数、类型等,它们都有⼀一个名称, 以及其它的相关信息:变量量有类型、地址等信息;函数有返回值类型、参 数类型、地址等信息;类型有⻓长度等信息。编译器器在编译每个源⽂文件的时 候都会收集该源⽂文件中的符号的信息,在⽣生成⽬目标⽂文件的时候将这些信息 保存到符号表中。链接器器使⽤用符号表中的信息将各个⽬目标⽂文件链接成可执 ⾏行行⽂文件,同时将多个符号表整合成⼀一个⽂文件,这个⽂文件就是⽤用于调试的符 号⽂文件,它既可以嵌⼊入可执⾏行行⽂文件中,也可以独⽴立存在
stap -L 'process("/usr/bin/redis- server").function("zzlPrev")' process("/usr/bin/redis-server").function("zzlPrev@/usr/ src/debug/redis-2.8.19/src/t_zset.c:720") $zl:unsigned char* $eptr:unsigned char** $sptr:unsigned char**
分离的 debug info 因为程序带上调试符号会⾮非常⼤大,⽽而且不不是所有的⽤用户需要调试符号。 所以有了了分离的 debug info。
RPM的机制 /usr/lib/rpm/find-debuginfo.sh --strict-build-id xx extracting debug info from xx
RPM的机制 奥秘在于⼆二进制中的 build-id objcopy xx xx.debug strip --strip-debug ./xx
RPM的机制 奥秘在于程序中的 build-id objcopy xx xx.debug strip --strip-debug ./xx objdump -s -j .note.gnu.build-id /usr/bin/redis-server
RPM的机制 build-id = 0x13f3f3476a9a652bc2bb96eba1d0e1d89c570d3966
ls /usr/lib/debug/.build-id/13/ f3476a9a652bc2bb96eba1d0e1d89c570d3966 0x13 f3f3476a9a652bc2bb96eba1d0e1d89c570d3966 RPM的机制
ngx-req-watch [root@localhost systemtap-toolkit]# ./ngx-req-watch -p 5614 WARNING: watching /opt/nginx/sbin/nginx(8521 8522 8523 8524) requests nginx(8523) GET URI:/123?a=123 HOST:127.0.0.1 STATUS:200 FROM 127.0.0.1 FD:16 RT: 0ms nginx(8523) GET URI:/123?a=123 HOST:127.0.0.1 STATUS:200 FROM 127.0.0.1 FD:16 RT: 0ms
libcurl-watch-req [root@localhost systemtap-toolkit]# ./libcurl-watch-req WARNING: Tracing libcurl (0) ... curl(23759) URL:http://www.google.com RT:448(ms) RTCODE:0 curl(23767) URL:http://www.facebook.com/asdfasdf RT:596(ms) RTCODE:0 curl(23769) URL:https://www.facebook.com/asdfasdf RT:902(ms) RTCODE:0
redis-watch-req [root@localhost systemtap-toolkit]# ./redis-watch-req -p 23261 WARNING: watching /usr/bin/redis-server(23261) requests redis-server(23261) RT:30(us) REQ: id:2 fd:5 ==> get a #-1 RES: #9 redis-server(23261) RT:23(us) REQ: id:2 fd:5 ==> set a #12 RES: #5
pdomysql-watch-query [root@localhost systemtap-toolkit]# ./pdomysql-watch-query -l /usr/lib64/php/modules/ pdo_mysql.so Tracing pdo-mysql (0) php-fpm(12896) 172.17.10.196:3306@root: SELECT * from person RT:0(ms) RTCODE:1 php-fpm(12896) 172.17.10.196:3306@root: SELECT * from person RT:8(ms) RTCODE:1 php-fpm(12896)172.17.10.196:3306@root: SELECT sleep(5) RT:5012(ms) RTCODE:1
TCP-Retrans [root@localhost systemtap-toolkit]# ./tcp-retrans Printing tcp retransmission 10.0.2.15:49896 -> 172.17.9.41:80 state:TCP_SYN_SENT rto:0 -> 1000 ms 10.0.2.15:49896 -> 172.17.9.41:80 state:TCP_SYN_SENT rto:1000 -> 2000 ms 10.0.2.15:49896 -> 172.17.9.41:80 state:TCP_SYN_SENT rto:2000 -> 4000 ms
beyond c land
MySQL DTRACE
Python DTRACE
Java DTRACE
Q&A

More Related Content

PDF
PFIセミナー資料 H27.10.22
Yuya Takei
 
PDF
Osol Pgsql
Emanuel Calvo
 
PDF
nouka inventry manager
Toshiaki Baba
 
PPTX
agri inventory - nouka data collector / yaoya data convertor
Toshiaki Baba
 
PDF
Killing any security product … using a Mimikatz undocumented feature
Cyber Security Alliance
 
PDF
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
Cyber Security Alliance
 
PDF
The true story_of_hello_world
fantasy zheng
 
PDF
Migrating KSM page causes the VM lock up as the KSM page merging list is too ...
Gavin Guo
 
PFIセミナー資料 H27.10.22
Yuya Takei
 
Osol Pgsql
Emanuel Calvo
 
nouka inventry manager
Toshiaki Baba
 
agri inventory - nouka data collector / yaoya data convertor
Toshiaki Baba
 
Killing any security product … using a Mimikatz undocumented feature
Cyber Security Alliance
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
Cyber Security Alliance
 
The true story_of_hello_world
fantasy zheng
 
Migrating KSM page causes the VM lock up as the KSM page merging list is too ...
Gavin Guo
 

What's hot (19)

ODP
Proxy arp
Marian Marinov
 
PDF
Haproxy - zastosowania
Łukasz Jagiełło
 
ODP
Puppet
Łukasz Jagiełło
 
PPTX
บทท 7
J-Kitipat Vatinivijet
 
PDF
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Gavin Guo
 
PDF
Vm ware fuzzing - defcon russia 20
DefconRussia
 
PDF
Jvm的最小使用内存测试
Zianed Hou
 
PDF
5 issues
m0use
 
ODP
Tools used for debugging
Marian Marinov
 
PDF
Importance of linux system fundamental in technical documentation reading
Kenny (netman)
 
PDF
Recent my sql_performance Test detail
Louis liu
 
PDF
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
 
PDF
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Maarten Mulders
 
PDF
Redis as a message queue
Brandon Lamb
 
PDF
Fixed in drizzle
Henrik Ingo
 
PDF
My sql fabric ha and sharding solutions
Louis liu
 
PDF
37562259 top-consuming-process
skumner
 
PPT
E nodeb useful commands for rf engineer
Vishal Padhya
 
PDF
Chap 19 web
Kenny (netman)
 
Proxy arp
Marian Marinov
 
Haproxy - zastosowania
Łukasz Jagiełło
 
Puppet
Łukasz Jagiełło
 
บทท 7
J-Kitipat Vatinivijet
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Gavin Guo
 
Vm ware fuzzing - defcon russia 20
DefconRussia
 
Jvm的最小使用内存测试
Zianed Hou
 
5 issues
m0use
 
Tools used for debugging
Marian Marinov
 
Importance of linux system fundamental in technical documentation reading
Kenny (netman)
 
Recent my sql_performance Test detail
Louis liu
 
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
 
Building a DSL with GraalVM (VoxxedDays Luxembourg)
Maarten Mulders
 
Redis as a message queue
Brandon Lamb
 
Fixed in drizzle
Henrik Ingo
 
My sql fabric ha and sharding solutions
Louis liu
 
37562259 top-consuming-process
skumner
 
E nodeb useful commands for rf engineer
Vishal Padhya
 
Chap 19 web
Kenny (netman)
 
Ad

Similar to A little systemtap (20)

PDF
Crash_Report_Mechanism_In_Tizen
Lex Yu
 
PDF
Debugging Ruby
Aman Gupta
 
PDF
Debugging Ruby Systems
Engine Yard
 
PDF
Linux Tracing Superpowers by Eugene Pirogov
Pivorak MeetUp
 
PDF
Performance tweaks and tools for Linux (Joe Damato)
Ontico
 
PPT
Systemtap
Feng Yu
 
DOC
X64服务器 lnmp服务器部署标准 new
Yiwei Ma
 
PDF
Kernelvm 201312-dlmopen
Hajime Tazaki
 
PDF
Kernel crashdump
Adrien Mahieux
 
PPTX
hacking-embedded-devices.pptx
ssuserfcf43f
 
PDF
Pentesting111111 Cheat Sheet_OSCP_2023.pdf
faker1842002
 
PPT
Basic Linux kernel
Morteza Nourelahi Alamdari
 
PDF
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
NETWAYS
 
PDF
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
Andrey Kudryavtsev
 
PDF
Kernel Recipes 2015 - Kernel dump analysis
Anne Nicolas
 
PDF
Multipath
Michal Sedlak
 
PDF
Linux: LVM
Michal Sedlak
 
PDF
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
維泰 蔡
 
PPT
Qemu - Raspberry | while42 Singapore #2
While42
 
PPTX
Debug generic process
Vipin Varghese
 
Crash_Report_Mechanism_In_Tizen
Lex Yu
 
Debugging Ruby
Aman Gupta
 
Debugging Ruby Systems
Engine Yard
 
Linux Tracing Superpowers by Eugene Pirogov
Pivorak MeetUp
 
Performance tweaks and tools for Linux (Joe Damato)
Ontico
 
Systemtap
Feng Yu
 
X64服务器 lnmp服务器部署标准 new
Yiwei Ma
 
Kernelvm 201312-dlmopen
Hajime Tazaki
 
Kernel crashdump
Adrien Mahieux
 
hacking-embedded-devices.pptx
ssuserfcf43f
 
Pentesting111111 Cheat Sheet_OSCP_2023.pdf
faker1842002
 
Basic Linux kernel
Morteza Nourelahi Alamdari
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
NETWAYS
 
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
Andrey Kudryavtsev
 
Kernel Recipes 2015 - Kernel dump analysis
Anne Nicolas
 
Multipath
Michal Sedlak
 
Linux: LVM
Michal Sedlak
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
維泰 蔡
 
Qemu - Raspberry | while42 Singapore #2
While42
 
Debug generic process
Vipin Varghese
 
Ad

Recently uploaded (20)

PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Encapsulation theory and applications.pdf
gurumoop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
KodekX | Application Modernization Development
KodekX
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 

A little systemtap