iovisor-dev@lists.iovisor.org | Question about inet_set_socket

Home Messages Hashtags Subgroups

This group is locked. No changes can be made to the group while it is locked.

Date Date 1 - 4 of 4

Question about inet_set_socket_state trace point

Raga lahari

#1917

Hi everyone,

I am using inet_set_socket_state trace point to get current establish connection count

Here, incrementing counter value in BPF map when new state is TCP_ESTABLISHED and decrementing when old state is TCP_ESTABLISHED.

But observed that the map count is having discrepancy with what netstat shows. When we start the probe, it looks all fine, but when we leave it running say for 2-3 days we see the difference. And this difference is building over time.

Can someone please help me here if I am missing something?

<code>

TRACEPOINT_PROBE(sock, inet_sock_set_state) {

if (args->newstate >= TCP_ESTABLISHED)

__sync_fetch_and_add(val, 1);

if (args->newstate >= TCP_ESTABLISHED)

__sync_fetch_and_add(val, -1);

}

netstat -tanp | grep -i "EST" | wc -l

Thanks,
Ragalahari

Tristan Mayfield

#1918

Hi Ragalahari,

In your code you seem to not check for "old state" when you're heading to decrement. It looks like you are adding 1 and then immediately subtracting 1 in the same condition. That might be your problem? You never stated what the difference between it and netstat are so I can't be sure.

Tristan

Raga lahari

#1919

Hello,

Correcting typo in code snippet

<code>

TRACEPOINT_PROBE(sock, inet_sock_set_state) {

if (args->newstate == TCP_ESTABLISHED)

__sync_fetch_and_add(val, 1);

if (args->oldstate == TCP_ESTABLISHED)

__sync_fetch_and_add(val, -1);

}

Thanks & Regards,
Ragalahari

Show quoted text

On Wed, Oct 14, 2020 at 10:35 AM Raga lahari <ragalahari.potti@...> wrote:

Hi everyone,

I am using inet_set_socket_state trace point to get current establish connection count

Here, incrementing counter value in BPF map when new state is TCP_ESTABLISHED and decrementing when old state is TCP_ESTABLISHED.

But observed that the map count is having discrepancy with what netstat shows. When we start the probe, it looks all fine, but when we leave it running say for 2-3 days we see the difference. And this difference is building over time.

Can someone please help me here if I am missing something?

<code>

TRACEPOINT_PROBE(sock, inet_sock_set_state) {

if (args->newstate >= TCP_ESTABLISHED)

   __sync_fetch_and_add(val, 1);

   if (args->newstate >= TCP_ESTABLISHED)

   __sync_fetch_and_add(val, -1);

}

netstat -tanp | grep -i "EST" | wc -l

Thanks,
Ragalahari

Raga lahari

#1920

Hi,

Observing established connection counter discrepancy as 20% (30-40 connections mismatch out of 200) in one day that builds to 30% by day-2 and so on.

This observation is with this code

if (args->newstate == TCP_ESTABLISHED)

__sync_fetch_and_add(val, 1);

if (args->oldstate == TCP_ESTABLISHED)

__sync_fetch_and_add(val, -1);

}

There was a typo in my first message.

Regards,
Ragalahari

1 - 4 of 4

Previous Topic Next Topic

Home Hashtags Subgroups Terms