[tcpdump-workers] Re: Pcap debug at runtime
[Send, second try] On 02/03/2023 09:22, Francois-Xavier Le Bail wrote: > On 01/03/2023 20:28, Denis Ovsienko wrote: >> On Tue, 28 Feb 2023 17:01:51 +0100 >> Francois-Xavier Le Bail wrote: >> >>> In addition to printf()/fprintf(), here is a brand new way to help >>> debugging a program using libpcap, currently only tested on Debian >>> Linux (stable). >>> >>> (Similar method to the one available with tcpdump and tcpslice.) >>> >>> The goal is to generate instrumentation calls for entry and exit to >>> functions. Just after function entry and just before function exit, >>> the profiling functions are called and print the function names with >>> indentation and call level. If entering in a function, print also the >>> calling function name with file name and line number. There may be a >>> small shift in the line number. >>> >>> To use it: >>> (There will be a doc entry based on this topic later.) >> >> Thank you for putting this together. Does the FAQ look the best place >> for such documentation? > > The documentation could be added to the FAQ indeed. The documentation has been added: https://www.tcpdump.org/faq.html#q17 ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On 02/03/2023 09:22, Francois-Xavier Le Bail wrote: > On 01/03/2023 20:28, Denis Ovsienko wrote: >> On Tue, 28 Feb 2023 17:01:51 +0100 >> Francois-Xavier Le Bail wrote: >> >>> In addition to printf()/fprintf(), here is a brand new way to help >>> debugging a program using libpcap, currently only tested on Debian >>> Linux (stable). >>> >>> (Similar method to the one available with tcpdump and tcpslice.) >>> >>> The goal is to generate instrumentation calls for entry and exit to >>> functions. Just after function entry and just before function exit, >>> the profiling functions are called and print the function names with >>> indentation and call level. If entering in a function, print also the >>> calling function name with file name and line number. There may be a >>> small shift in the line number. >>> >>> To use it: >>> (There will be a doc entry based on this topic later.) >> >> Thank you for putting this together. Does the FAQ look the best place >> for such documentation? > > The documentation could be added to the FAQ indeed. The documentation has been added: https://www.tcpdump.org/faq.html#q17 ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On Tue, 14 Mar 2023 08:33:40 +0100 Francois-Xavier Le Bail wrote: > After an update based on a Denis's idea, the configuration use now an > environment variable instead of configurations files. > If the environment variable INSTRUMENT is > - unset or set to an empty string, print nothing, like with no > instrumentation > - set to "all" or "a", print all the functions names > - set to "global" or "g", print only the global functions names > > Note that before the change, the default was to print all functions. > Now it is to print nothing. For posterity, this is where the idea originates: $ LD_DEBUG=help date Valid options for the LD_DEBUG environment variable are: libsdisplay library search paths reloc display relocation processing files display progress for input file symbols display symbol table processing bindingsdisplay information about symbol binding versionsdisplay version dependencies scopes display scope information all all previous options combined statistics display relocation statistics unused determined unused DSOs helpdisplay this help message and exit To direct the debugging output into a file instead of standard output a filename can be specified using the LD_DEBUG_OUTPUT environment variable. -- Denis Ovsienko ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On 28/02/2023 17:01, Francois-Xavier Le Bail wrote: > On 20/02/2023 21:18, Guy Harris wrote: >> On Feb 20, 2023, at 12:15 PM, Paschal Chukwuebuk Amusuo >> wrote: >> >>> Please, is there a way to print out debug statements at runtime when using >>> pcap? >> >> Debug statements in your program? Add printf() or fprintf(stderr, ...) >> or... calls to your program. >> >> Debug statements in libpcap? Get the libpcap source, add printf() or >> fprintf(stderr, ...) or... calls to it, build it, install it, and compile >> your program with it. > > In addition to printf()/fprintf(), here is a brand new way to help debugging > a program using libpcap, currently only tested on Debian Linux (stable). > > (Similar method to the one available with tcpdump and tcpslice.) > > The goal is to generate instrumentation calls for entry and exit to functions. > Just after function entry and just before function exit, the profiling > functions are called and print the function names with indentation and call > level. > If entering in a function, print also the calling function name with file > name and line number. There may be a small shift in the line number. > > To use it: > (There will be a doc entry based on this topic later.) > > 1) sudo apt install binutils-dev > > 2) git clone (or pull) the libpcap project, main branch. > configure and build with: > $ ./autogen.sh > $ ./configure --quiet --enable-instrument-functions > $ make -s clean all > > 3) To test the method, create a project directory in the same parent > directory than libpcap. > |-- libpcap > |-- my_project > > cd in the project directory. > Copy an existing program to test. > $ cp -vai ../libpcap/testprogs/findalldevstest.c my_project.c > > Build with the following Makefile: > [...] [My previous message seems to be lost, send again]. After an update based on a Denis's idea, the configuration use now an environment variable instead of configurations files. If the environment variable INSTRUMENT is - unset or set to an empty string, print nothing, like with no instrumentation - set to "all" or "a", print all the functions names - set to "global" or "g", print only the global functions names Note that before the change, the default was to print all functions. Now it is to print nothing. This allows to run with tcpdump, tcpslice or any program linked to libpcap: $ INSTRUMENT=a ./my_program ... $ INSTRUMENT=g ./my_program ... $ INSTRUMENT= ./my_program ... or $ export INSTRUMENT=global $ ./my_program ... This also allows to run the statically compiled binary on another host after copying it. It is no longer necessary to modify the configuration with: $ make instrument_all $ make instrument_global $ make instrument_off (Targets removed.) ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On 01/03/2023 20:28, Denis Ovsienko wrote: > On Tue, 28 Feb 2023 17:01:51 +0100 > Francois-Xavier Le Bail wrote: > >> In addition to printf()/fprintf(), here is a brand new way to help >> debugging a program using libpcap, currently only tested on Debian >> Linux (stable). >> >> (Similar method to the one available with tcpdump and tcpslice.) >> >> The goal is to generate instrumentation calls for entry and exit to >> functions. Just after function entry and just before function exit, >> the profiling functions are called and print the function names with >> indentation and call level. If entering in a function, print also the >> calling function name with file name and line number. There may be a >> small shift in the line number. >> >> To use it: >> (There will be a doc entry based on this topic later.) > > Thank you for putting this together. Does the FAQ look the best place > for such documentation? The documentation could be added to the FAQ indeed. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On Tue, 28 Feb 2023 17:01:51 +0100 Francois-Xavier Le Bail wrote: > In addition to printf()/fprintf(), here is a brand new way to help > debugging a program using libpcap, currently only tested on Debian > Linux (stable). > > (Similar method to the one available with tcpdump and tcpslice.) > > The goal is to generate instrumentation calls for entry and exit to > functions. Just after function entry and just before function exit, > the profiling functions are called and print the function names with > indentation and call level. If entering in a function, print also the > calling function name with file name and line number. There may be a > small shift in the line number. > > To use it: > (There will be a doc entry based on this topic later.) Thank you for putting this together. Does the FAQ look the best place for such documentation? -- Denis Ovsienko ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On 20/02/2023 21:18, Guy Harris wrote:
> On Feb 20, 2023, at 12:15 PM, Paschal Chukwuebuk Amusuo
> wrote:
>
>> Please, is there a way to print out debug statements at runtime when using
>> pcap?
>
> Debug statements in your program? Add printf() or fprintf(stderr, ...) or...
> calls to your program.
>
> Debug statements in libpcap? Get the libpcap source, add printf() or
> fprintf(stderr, ...) or... calls to it, build it, install it, and compile
> your program with it.
In addition to printf()/fprintf(), here is a brand new way to help debugging a
program using libpcap, currently only tested on Debian Linux (stable).
(Similar method to the one available with tcpdump and tcpslice.)
The goal is to generate instrumentation calls for entry and exit to functions.
Just after function entry and just before function exit, the profiling
functions are called and print the function names with indentation and call
level.
If entering in a function, print also the calling function name with file name
and line number. There may be a small shift in the line number.
To use it:
(There will be a doc entry based on this topic later.)
1) sudo apt install binutils-dev
2) git clone (or pull) the libpcap project, main branch.
configure and build with:
$ ./autogen.sh
$ ./configure --quiet --enable-instrument-functions
$ make -s clean all
3) To test the method, create a project directory in the same parent directory
than libpcap.
|-- libpcap
|-- my_project
cd in the project directory.
Copy an existing program to test.
$ cp -vai ../libpcap/testprogs/findalldevstest.c my_project.c
Build with the following Makefile:
(Also attached.)
--
PROG = my_project
all: $(PROG)
$(PROG): ../libpcap/libpcap.a
gcc -O0 -ggdb -finstrument-functions \
-I../libpcap \
-o $(PROG) $(PROG).c ../libpcap/instrument-functions.c \
-lbfd -no-pie \
../libpcap/libpcap.a \
$$(../libpcap/pcap-config --additional-libs --static-pcap-only)
clean:
@rm $(PROG)
instrument_all:
@rm -f instrument_functions_global.devel
@rm -f instrument_functions_off.devel
instrument_global:
@touch instrument_functions_global.devel
@rm -f instrument_functions_off.devel
instrument_off:
@touch instrument_functions_off.devel
@rm -f instrument_functions_global.devel
--
Run.
You should get something like:
--
[>> main (0)
[>> pcap_findalldevs (1) from main my_project.c:144]
[>> pcap_platform_finddevs (2) from pcap_findalldevs pcap.c:721]
[>> pcap_findalldevs_interfaces (3) from pcap_platform_finddevs
pcap-linux.c:1753]
[>> can_be_bound (4) from pcap_findalldevs_interfaces fad-getad.c:207]
[<< can_be_bound (4)
[>> get_sa_len (4) from pcap_findalldevs_interfaces fad-getad.c:223]
[<< get_sa_len (4)
[>> add_addr_to_if (4) from pcap_findalldevs_interfaces fad-getad.c:266]
[>> find_or_add_if (5) from add_addr_to_if pcap.c:1085]
[>> get_if_description (6) from find_or_add_if pcap.c:1050]
[<< get_if_description (6)
[>> find_or_add_dev (6) from find_or_add_if pcap.c:1049]
{...}
[<< pcap_lookupnet (1)
[>> iptos (1) from main my_project.c:181]
[<< iptos (1)
[>> iptos (1) from main my_project.c:181]
[<< iptos (1)
Preferred device is on network: 192.168.18.0/255.255.255.0
[>> pcap_freealldevs (1) from main my_project.c:186]
[<< pcap_freealldevs (1)
--
By default, all the function calls are printed.
To configure the printing of only the global functions names:
$ make instrument_global
To go back to print all the functions names:
$ make instrument_all
To print nothing, like with no instrumentation:
$ make instrument_off
Hope this help.
PROG = my_project
all: $(PROG)
$(PROG): ../libpcap/libpcap.a
gcc -O0 -ggdb -finstrument-functions \
-I../libpcap \
-o $(PROG) $(PROG).c ../libpcap/instrument-functions.c \
-lbfd -no-pie \
../libpcap/libpcap.a \
$$(../libpcap/pcap-config --additional-libs --static-pcap-only)
clean:
@rm $(PROG)
instrument_all:
@rm -f instrument_functions_global.devel
@rm -f instrument_functions_off.devel
instrument_global:
@touch instrument_functions_global.devel
@rm -f instrument_functions_off.devel
instrument_off:
@touch instrument_functions_off.devel
@rm -f instrument_functions_global.devel
___
tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org
To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
Thank you, I’ll do this. From: Guy Harris Sent: Monday, February 20, 2023 3:18:24 PM To: Paschal Chukwuebuk Amusuo Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Pcap debug at runtime External Email: Use caution with attachments, links, or sharing data On Feb 20, 2023, at 12:15 PM, Paschal Chukwuebuk Amusuo wrote: > Please, is there a way to print out debug statements at runtime when using > pcap? Debug statements in your program? Add printf() or fprintf(stderr, ...) or... calls to your program. Debug statements in libpcap? Get the libpcap source, add printf() or fprintf(stderr, ...) or... calls to it, build it, install it, and compile your program with it. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[tcpdump-workers] Re: Pcap debug at runtime
On Feb 20, 2023, at 12:15 PM, Paschal Chukwuebuk Amusuo wrote: > Please, is there a way to print out debug statements at runtime when using > pcap? Debug statements in your program? Add printf() or fprintf(stderr, ...) or... calls to your program. Debug statements in libpcap? Get the libpcap source, add printf() or fprintf(stderr, ...) or... calls to it, build it, install it, and compile your program with it. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
