TCP Control Block Logging (tcplog)
Authors:
Original netstat author, Mark Parris (MAP), Michele Clark Weigle (MAC)
Location:
/usr/dirt/src/tcplog/
Contents:
- tcplog - (hacked version of netstat) pull a buffer out of memory and
write to file
- bufdump - process binary file into a text file
- parse.pl - perl file to process a text file
- netinet/ - kernel include files (FreeBSD 2.2.8) that we modified for
tcplog
- examples/ - some of my example scripts for running and processing tcplog
output
Logging Overview:
The tcpstat structure contains various statistics for an interface that
netstat queries. Variables have been added to this structure to hold logging
information. The most important are the buffers, tcps_buff[2]. One buffer
holds data that is currently being logged by the kernel, while the other
buffer is written to disk. Each buffer consists of a circular array of packet
data structures.
Kernel Files Changed:
(look for #ifdef TCP_LOG)
- netinet/tcp_var.h
- netinet/tcp_input.c
- netinet/tcp_output.c
Kernel Files Added:
Usage:
- turn logging on
% sysctl -w net.inet.tcp.log_flags = 1
- start experiment
- start logging
% tcplog -W -l -F file.tcplog
- end experiment
- end logging
- turn logging off
% sysctl -w net.inet.tcp.log_flags = 0
- process the tcplog
% bufdump < file.tcplog > outfile.txt
Bufdump Output:
- local address
- remote address
- timestamp
- time (s)
- sequence number
- sequence number offset
- seq number of last seqment sent
- cwnd (bytes)
- cwnd (segments)
- retransmission flag
- time last packet ACKd sent
The following fields are specific to Sync-TCP
- delay
- min delay
- max delay
- congestion indication
- smoothed queue size
Other
DiRT documents
Author: Michele Weigle