netbsd-bugs: kern/28758: ktrace should record socket addresses

Subject: kern/28758: ktrace should record socket addresses
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <raeburn@raeburn.org>
List: netbsd-bugs
Date: 12/23/2004 03:06:00

>Number:         28758
>Category:       kern
>Synopsis:       ktrace should record socket addreses
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 23 03:06:00 +0000 2004
>Originator:     Ken Raeburn <raeburn@raeburn.org>
>Release:        NetBSD 2.0
>Organization:
	MIT
>Environment:
System: NetBSD raeburn.org 2.0 NetBSD 2.0 (THUD) #0: Mon Dec 13 12:23:18 EST 2004 root@thud:/usr/obj/sys/arch/i386/compile/THUD i386
Architecture: i386
Machine: i386
>Description:

I was trying to monitor the activity of a process.  In various socket
calls, it appears that ktrace does not record the socket addresses
supplied or returned.  So I can see a message is being sent or
received, but can't tell the remote address without also running
tcpdump (or equivalent) and correlating the messages and/or timestamps
from ktrace with those from tcpdump.

...
   856 host     socket(0x2, 0x2, 0)                = 3
   856 host     connect(0x3, 0x12086dc2c, 0x10)    = 0
   856 host     sendto(0x3, 0x1fffdea48, 0x1f, 0, 0, 0) = 31
       "\M^YE\^A\0\0\^A\0\0\0\0\0\0\^Evenix\^Cmit\^Cedu\0\0\^A\0\^A"
   856 host     gettimeofday(0x1fffde2b8, 0)       = 0
   856 host     select(0x4, 0x1fffde338, 0, 0, 0x1fffde2a8) = 1
   856 host     recvfrom(0x3, 0x1fffeea48, 0x10000, 0, 0x1fffde358, 0x1fffde3d8) = 156
       "\M^YE\M^E\M^@\0\^A\0\^A\0\^C\0\^C\^Evenix\^Cmit\^Cedu\0\0\^A\0\^A\M-@\f\0\^A\0\^A\0\0T`\0\^D\^R\^R\^C/\M-@\^R\0\^B\0\^A"
   856 host     close(0x3)                         = 0
...

>How-To-Repeat:

% ktruss host `hostname`

(assuming the local hostname isn't listed in /etc/hosts, you're using
DNS, etc)

>Fix:

Add a new ktrace record type, I assume; write the data out during
syscalls like connect(), sendto(), recvfrom(), getpeername(),
getsockname(), etc, and update ktruss/kdump to display it.  (Including
AF_UNIX, unless *all* the socket calls would result in NAMEI records
being logged.)

Maybe additional -t options controlling whether to record/display
them.

Ideally, it should provide some helpful information if .sa_len doesn't
match the application-supplied length, or the size of the appropriate
sockaddr_foo for the address family, etc.