Lawrence Stewart
2007-05-15 04:18:37 UTC
Hi all,
I'm in the process of writing a kernel module to instrument some parts
of the network stack in FreeBSD 6.2. Everything works perfectly, except
that writing the logging info to syslog using printf is too inefficient
for this particular task. Given that log messages need to be generated
for each packet entering/leaving the network stack, my testing thus far
has showed that syslog groans under the load and uses far too much CPU time.
So, I'm looking for a way to manually open up a file from within kernel
space and dump characters into it.
I've come across the following threads that are related to my problem:
http://lists.freebsd.org/pipermail/freebsd-hackers/2007-May/020330.html
http://lists.freebsd.org/pipermail/freebsd-fs/2005-September/001306.html
Neither thread has provided the "ah-ha" information/discovery I'm
needing to get this working, and so I'd be very grateful to anyone that
can shed some light on how to piece this together in the most efficient
way possible.
To summarise the things I've experimented with thus far:
1. Following the "open" syscall down into kernel land and investigating
how the underlying kernel functions work. The "kern_open" function in
"kern/vfs_syscalls.c" seems interesting.
However, all of interesting functions that I've found take a thread
struct pointer as the first argument. I have not been able to figure out
where to get a thread struct pointer from. So perhaps if someone can
shed light on how to go about creating a thread struct suitable for
passing to these functions, I may be able to figure it out. I've tried
creating a new kthread using kthread_create, and got this working, but
this still didn't give me access to a thread struct pointer. I've also
tried accessing the thread queue for process 0 but didn't have any luck
there either (though I could have been accessing it incorrectly!).
2. Following the kernel panic code where it writes a dump out to disk.
This uses very scary low level structs and functions that I couldn't
wrap my head around... appeared to be below the vfs layer in the kernel,
so I suspect its to far below where I want to be at.
3. I followed the ktrace code, but that seemed to lead to a dead end of
passing logging data up to userspace via the ddb subsystem, which is not
what I want to do.
4. I followed coredump code, and this looked very interesting. It
operates directly on vnodes, but once again, the elusive thread struct
pointer is needed.
The "kern/vfs_*" files seem to contain the functions relating to all the
action of creating/writing/reading files (vnodes)... is there a good
document/tutorial somewhere that describes the layering and various
abstractions in the FreeBSD kernel fileystem related code? TCP
Illustrated has been invaluable in describing the layout and structure
of the various network stack components/functions/structs in the kernel.
Something similar for filesystem related tasks would be most useful.
I suspect that once I understand the mechanics of where thread struct
pointers come from and how to get my hands one one from within the
kernel, I'll be able to get the rest going.
Many thanks for your time and help.
Regards,
Lawrence Stewart
I'm in the process of writing a kernel module to instrument some parts
of the network stack in FreeBSD 6.2. Everything works perfectly, except
that writing the logging info to syslog using printf is too inefficient
for this particular task. Given that log messages need to be generated
for each packet entering/leaving the network stack, my testing thus far
has showed that syslog groans under the load and uses far too much CPU time.
So, I'm looking for a way to manually open up a file from within kernel
space and dump characters into it.
I've come across the following threads that are related to my problem:
http://lists.freebsd.org/pipermail/freebsd-hackers/2007-May/020330.html
http://lists.freebsd.org/pipermail/freebsd-fs/2005-September/001306.html
Neither thread has provided the "ah-ha" information/discovery I'm
needing to get this working, and so I'd be very grateful to anyone that
can shed some light on how to piece this together in the most efficient
way possible.
To summarise the things I've experimented with thus far:
1. Following the "open" syscall down into kernel land and investigating
how the underlying kernel functions work. The "kern_open" function in
"kern/vfs_syscalls.c" seems interesting.
However, all of interesting functions that I've found take a thread
struct pointer as the first argument. I have not been able to figure out
where to get a thread struct pointer from. So perhaps if someone can
shed light on how to go about creating a thread struct suitable for
passing to these functions, I may be able to figure it out. I've tried
creating a new kthread using kthread_create, and got this working, but
this still didn't give me access to a thread struct pointer. I've also
tried accessing the thread queue for process 0 but didn't have any luck
there either (though I could have been accessing it incorrectly!).
2. Following the kernel panic code where it writes a dump out to disk.
This uses very scary low level structs and functions that I couldn't
wrap my head around... appeared to be below the vfs layer in the kernel,
so I suspect its to far below where I want to be at.
3. I followed the ktrace code, but that seemed to lead to a dead end of
passing logging data up to userspace via the ddb subsystem, which is not
what I want to do.
4. I followed coredump code, and this looked very interesting. It
operates directly on vnodes, but once again, the elusive thread struct
pointer is needed.
The "kern/vfs_*" files seem to contain the functions relating to all the
action of creating/writing/reading files (vnodes)... is there a good
document/tutorial somewhere that describes the layering and various
abstractions in the FreeBSD kernel fileystem related code? TCP
Illustrated has been invaluable in describing the layout and structure
of the various network stack components/functions/structs in the kernel.
Something similar for filesystem related tasks would be most useful.
I suspect that once I understand the mechanics of where thread struct
pointers come from and how to get my hands one one from within the
kernel, I'll be able to get the rest going.
Many thanks for your time and help.
Regards,
Lawrence Stewart