Date: Sun, 28 Oct 2018 11:56:11 +0100 From: Andreas Longwitz <longwitz@incore.de> To: Mark Johnston <markj@freebsd.org> Cc: "freebsd-dtrace@freebsd.org" <freebsd-dtrace@freebsd.org> Subject: Re: Why my DTrace script does not work after installing a new kernel without reboot Message-ID: <5BD595CB.5030800@incore.de> In-Reply-To: <20181027225339.GA4191@spy> References: <5BD4E965.9040006@incore.de> <20181027225339.GA4191@spy>
next in thread | previous in thread | raw e-mail | index | archive | help
Thans very much for quick answer ! >> I have a simple, probably stupid question. I run FreeBSD 10.4 Stable >> r338093 and use the script >> >> #!/usr/sbin/dtrace -s >> >> dtrace:::BEGIN >> { >> printf("pf_default_rule.timeout[2/16/17]=%d/%d/%d\n", >> kernel`pf_default_rule.timeout[2], kernel`pf_default_rule.timeout[16], >> kernel`pf_default_rule.timeout[17]); >> } >> >> The output normally is >> pf_default_rule.timeout[2/16/17]=86400/6000/12000 >> >> But when I change the sourcefile /sys/netpfil/pf/pf.c trying a patch and >> build and install the new kernel but without reboot, then the output of >> the script is wrong: >> >> pf_default_rule.timeout[2/16/17]=3237216124/0/0 >> >> After reboot everything works again. > > Does your patch change the layout of the timeout structure? If so, the > problem is that dtrace(1) is using the CTF from kern.bootfile, but that > doesn't match the layout of the structures used by the running kernel. My patch does not change data structures, I have added a debug statement for an actual pf problem: --- pf.c.orig 2018-08-14 10:17:41.000000000 +0200 +++ pf.c 2018-10-28 00:04:45.441327000 +0200 @@ -1543,6 +1543,12 @@ if (start) { end = state->rule.ptr->timeout[PFTM_ADAPTIVE_END]; states = counter_u64_fetch(state->rule.ptr->states_cur); + if (bootverbose > 5) { + if (states > 10000) { + bootverbose--; + printf("%s: counter value %u too big ", __func__, states); + } + } } else { start = V_pf_default_rule.timeout[PFTM_ADAPTIVE_START]; end = V_pf_default_rule.timeout[PFTM_ADAPTIVE_END]; If dtrace(1) uses the CTF of kern.bootfile, then everything should work as expected. Normally I have -> sysctl kern.bootfile kern.bootfile: /boot/kernel/kernel and after building and installing the patched kernel I have -> sysctl kern.bootfile kern.bootfile: /boot/kernel.old/kernel and that is correct the file of the actual running kernel. I do not understand the logic of dtrace(1) in handling the kern.bootfile variable. This is done in sourcefile dt_open.c: /* * On FreeBSD the kernel module name can't be hard-coded. The * 'kern.bootfile' sysctl value tells us exactly which file is being * used as the kernel. */ #ifndef illumos { char bootfile[MAXPATHLEN]; char *p; int i; size_t len = sizeof(bootfile); /* This call shouldn't fail, but use a default just in case. */ if (sysctlbyname("kern.bootfile", bootfile, &len, NULL, 0) != 0) strlcpy(bootfile, "kernel", sizeof(bootfile)); if ((p = strrchr(bootfile, '/')) != NULL) p++; else p = bootfile; If I am not comletely wrong this code snippet does not do what can be read in the comment. The function strrchr() returns a pointer to the last occurrence of '/' in bootfile, so we always end with *p="kernel". After cd /boot; mv kernel kernel.new; mv kernel.old kernel my DTrace script works correct again, that means dtrace(1) always uses /boot/kernel/kernel. So there may be a bug in handling the kern.bootfile variable in dtrace. Best regards, Andreas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5BD595CB.5030800>