File Manager

X7ROOT File Manager

Current Path: /usr/share/systemtap/tapset/linux

usr / share / systemtap / tapset / linux /

📁 ..
📁 arm
📁 arm64
📄 atomic.stp(1.53 KB)
📄 aux_syscalls.stp(143.78 KB)
📄 context-caller.stp(3.07 KB)
📄 context-envvar.stp(1.72 KB)
📄 context-symbols.stp(11.99 KB)
📄 context-unwind.stp(2.81 KB)
📄 context.stp(18.57 KB)
📄 context.stpm(125 B)
📄 conversions-guru.stp(5.74 KB)
📄 conversions.stp(15.34 KB)
📄 ctime.stp(5.54 KB)
📄 dentry.stp(10.11 KB)
📄 dev.stp(1.9 KB)
📄 endian.stp(602 B)
📄 guru-delay.stp(1.2 KB)
📄 guru-signal.stp(1.07 KB)
📁 i386
📁 ia64
📄 inet.stp(1.42 KB)
📄 inet.stpm(383 B)
📄 inet_sock.stp(1.25 KB)
📄 ioblock.stp(15.04 KB)
📄 ioscheduler.stp(11.89 KB)
📄 ip.stp(5.35 KB)
📄 ipmib-filter-default.stp(965 B)
📄 ipmib.stp(12.68 KB)
📄 irq.stp(5 KB)
📄 json.stp(8.98 KB)
📄 json.stpm(6.11 KB)
📄 kprocess.stp(4.4 KB)
📄 kretprobe.stp(2.1 KB)
📄 linuxmib-filter-default.stp(876 B)
📄 linuxmib.stp(3.63 KB)
📄 loadavg.stp(1.95 KB)
📄 logging.stp(2.12 KB)
📄 memory.stp(18.74 KB)
📁 mips
📄 netfilter.stp(35.49 KB)
📄 networking.stp(9.37 KB)
📄 nfs.stp(38.06 KB)
📄 nfs_proc.stp(55.46 KB)
📄 nfs_proc.stpm(1.18 KB)
📄 nfsd.stp(46.27 KB)
📄 nfsderrno.stp(11.7 KB)
📄 panic.stp(1.07 KB)
📄 perf.stp(5.16 KB)
📁 powerpc
📄 proc_mem.stp(12.05 KB)
📄 pstrace.stp(773 B)
📄 rcu.stp(928 B)
📄 rlimit.stp(1.35 KB)
📄 rpc.stp(37.67 KB)
📁 s390
📄 scheduler.stp(11.36 KB)
📄 scsi.stp(9.47 KB)
📄 signal.stp(28.69 KB)
📄 socket.stp(34.2 KB)
📄 sysc_accept.stp(7.32 KB)
📄 sysc_accept4.stp(7.24 KB)
📄 sysc_access.stp(2.45 KB)
📄 sysc_acct.stp(2.18 KB)
📄 sysc_add_key.stp(2.91 KB)
📄 sysc_adjtimex.stp(5.28 KB)
📄 sysc_alarm.stp(2.52 KB)
📄 sysc_bdflush.stp(2.75 KB)
📄 sysc_bind.stp(6.43 KB)
📄 sysc_bpf.stp(2.33 KB)
📄 sysc_brk.stp(2.33 KB)
📄 sysc_capget.stp(2.71 KB)
📄 sysc_capset.stp(2.71 KB)
📄 sysc_chdir.stp(2.23 KB)
📄 sysc_chmod.stp(2.51 KB)
📄 sysc_chown.stp(3.27 KB)
📄 sysc_chown16.stp(2.61 KB)
📄 sysc_chroot.stp(2.29 KB)
📄 sysc_clock_adjtime.stp(4.72 KB)
📄 sysc_clock_getres.stp(3.82 KB)
📄 sysc_clock_gettime.stp(3.62 KB)
📄 sysc_clock_nanosleep.stp(7.25 KB)
📄 sysc_clock_settime.stp(5.02 KB)
📄 sysc_clone.stp(6.19 KB)
📄 sysc_close.stp(2.47 KB)
📄 sysc_connect.stp(6.82 KB)
📄 sysc_copy_file_range.stp(3.15 KB)
📄 sysc_creat.stp(2.28 KB)
📄 sysc_delete_module.stp(2.87 KB)
📄 sysc_dup.stp(2.09 KB)
📄 sysc_dup2.stp(2.63 KB)
📄 sysc_dup3.stp(2.66 KB)
📄 sysc_epoll_create.stp(5.29 KB)
📄 sysc_epoll_ctl.stp(3.5 KB)
📄 sysc_epoll_pwait.stp(3.49 KB)
📄 sysc_epoll_wait.stp(4.33 KB)
📄 sysc_eventfd.stp(4.86 KB)
📄 sysc_execve.stp(6.11 KB)
📄 sysc_execveat.stp(6.78 KB)
📄 sysc_exit.stp(1.54 KB)
📄 sysc_exit_group.stp(1.66 KB)
📄 sysc_faccessat.stp(3.2 KB)
📄 sysc_fadvise64.stp(7.43 KB)
📄 sysc_fallocate.stp(3.29 KB)
📄 sysc_fanotify_init.stp(3.02 KB)
📄 sysc_fanotify_mark.stp(5.75 KB)
📄 sysc_fchdir.stp(2.23 KB)
📄 sysc_fchmod.stp(2.52 KB)
📄 sysc_fchmodat.stp(3.2 KB)
📄 sysc_fchown.stp(3.28 KB)
📄 sysc_fchown16.stp(2.59 KB)
📄 sysc_fchownat.stp(3.24 KB)
📄 sysc_fcntl.stp(4.37 KB)
📄 sysc_fdatasync.stp(2.39 KB)
📄 sysc_fgetxattr.stp(2.94 KB)
📄 sysc_finit_module.stp(2.86 KB)
📄 sysc_flistxattr.stp(2.61 KB)
📄 sysc_flock.stp(2.28 KB)
📄 sysc_fork.stp(2.53 KB)
📄 sysc_fremovexattr.stp(2.73 KB)
📄 sysc_fsetxattr.stp(3.34 KB)
📄 sysc_fstat.stp(5.76 KB)
📄 sysc_fstatat.stp(5.21 KB)
📄 sysc_fstatfs.stp(2.94 KB)
📄 sysc_fstatfs64.stp(2.86 KB)
📄 sysc_fsync.stp(2.18 KB)
📄 sysc_ftruncate.stp(5.54 KB)
📄 sysc_futex.stp(5.11 KB)
📄 sysc_futimesat.stp(5.91 KB)
📄 sysc_get_mempolicy.stp(4.1 KB)
📄 sysc_get_robust_list.stp(4.12 KB)
📄 sysc_getcpu.stp(2.63 KB)
📄 sysc_getcwd.stp(2.43 KB)
📄 sysc_getdents.stp(5.18 KB)
📄 sysc_getegid.stp(3.46 KB)
📄 sysc_geteuid.stp(3.4 KB)
📄 sysc_getgid.stp(3.32 KB)
📄 sysc_getgroups.stp(3.91 KB)
📄 sysc_gethostname.stp(1.22 KB)
📄 sysc_getitimer.stp(4.87 KB)
📄 sysc_getpeername.stp(7.01 KB)
📄 sysc_getpgid.stp(2.6 KB)
📄 sysc_getpgrp.stp(2.04 KB)
📄 sysc_getpid.stp(1.98 KB)
📄 sysc_getppid.stp(2.06 KB)
📄 sysc_getpriority.stp(2.62 KB)
📄 sysc_getrandom.stp(2.72 KB)
📄 sysc_getresgid.stp(3.73 KB)
📄 sysc_getresuid.stp(3.54 KB)
📄 sysc_getrlimit.stp(4.08 KB)
📄 sysc_getrusage.stp(3.45 KB)
📄 sysc_getsid.stp(2.26 KB)
📄 sysc_getsockname.stp(7.03 KB)
📄 sysc_getsockopt.stp(7.88 KB)
📄 sysc_gettid.stp(2.01 KB)
📄 sysc_gettimeofday.stp(3.7 KB)
📄 sysc_getuid.stp(3.35 KB)
📄 sysc_getxattr.stp(3 KB)
📄 sysc_init_module.stp(2.76 KB)
📄 sysc_inotify_add_watch.stp(3.25 KB)
📄 sysc_inotify_init.stp(5.26 KB)
📄 sysc_inotify_rm_watch.stp(2.89 KB)
📄 sysc_io_cancel.stp(2.85 KB)
📄 sysc_io_destroy.stp(2.5 KB)
📄 sysc_io_getevents.stp(4.25 KB)
📄 sysc_io_setup.stp(3.43 KB)
📄 sysc_io_submit.stp(3.46 KB)
📄 sysc_ioctl.stp(3.12 KB)
📄 sysc_ioperm.stp(2.41 KB)
📄 sysc_ioprio_get.stp(2.65 KB)
📄 sysc_ioprio_set.stp(2.82 KB)
📄 sysc_kcmp.stp(2.51 KB)
📄 sysc_kexec_file_load.stp(3.35 KB)
📄 sysc_kexec_load.stp(3.96 KB)
📄 sysc_keyctl.stp(3.16 KB)
📄 sysc_kill.stp(2.25 KB)
📄 sysc_lchown.stp(3.34 KB)
📄 sysc_lchown16.stp(2.66 KB)
📄 sysc_lgetxattr.stp(3.05 KB)
📄 sysc_link.stp(2.34 KB)
📄 sysc_linkat.stp(3.26 KB)
📄 sysc_listen.stp(6.17 KB)
📄 sysc_listxattr.stp(2.72 KB)
📄 sysc_llistxattr.stp(2.78 KB)
📄 sysc_llseek.stp(2.81 KB)
📄 sysc_lookup_dcookie.stp(3.39 KB)
📄 sysc_lremovexattr.stp(3.11 KB)
📄 sysc_lseek.stp(3.98 KB)
📄 sysc_lsetxattr.stp(3.22 KB)
📄 sysc_lstat.stp(5.91 KB)
📄 sysc_madvise.stp(2.55 KB)
📄 sysc_mbind.stp(3.69 KB)
📄 sysc_membarrier.stp(2.65 KB)
📄 sysc_memfd_create.stp(2.77 KB)
📄 sysc_migrate_pages.stp(3.83 KB)
📄 sysc_mincore.stp(2.47 KB)
📄 sysc_mkdir.stp(2.38 KB)
📄 sysc_mkdirat.stp(2.92 KB)
📄 sysc_mknod.stp(2.45 KB)
📄 sysc_mknodat.stp(3.07 KB)
📄 sysc_mlock.stp(2.27 KB)
📄 sysc_mlock2.stp(2.47 KB)
📄 sysc_mlockall.stp(2.46 KB)
📄 sysc_mmap2.stp(5.45 KB)
📄 sysc_modify_ldt.stp(2.67 KB)
📄 sysc_mount.stp(3.53 KB)
📄 sysc_move_pages.stp(4.09 KB)
📄 sysc_mprotect.stp(2.55 KB)
📄 sysc_mq_getsetattr.stp(3.95 KB)
📄 sysc_mq_notify.stp(3.51 KB)
📄 sysc_mq_open.stp(4.54 KB)
📄 sysc_mq_timedreceive.stp(5.18 KB)
📄 sysc_mq_timedsend.stp(4.96 KB)
📄 sysc_mq_unlink.stp(2.53 KB)
📄 sysc_mremap.stp(3.01 KB)
📄 sysc_msgctl.stp(7.35 KB)
📄 sysc_msgget.stp(3.73 KB)
📄 sysc_msgrcv.stp(9.48 KB)
📄 sysc_msgsnd.stp(7.81 KB)
📄 sysc_msync.stp(2.44 KB)
📄 sysc_munlock.stp(2.39 KB)
📄 sysc_munlockall.stp(2.29 KB)
📄 sysc_munmap.stp(2.35 KB)
📄 sysc_name_to_handle_at.stp(3.46 KB)
📄 sysc_nanosleep.stp(5.22 KB)
📄 sysc_nfsservctl.stp(2.23 KB)
📄 sysc_ni_syscall.stp(1.4 KB)
📄 sysc_nice.stp(2.15 KB)
📄 sysc_open.stp(3.79 KB)
📄 sysc_open_by_handle_at.stp(3.8 KB)
📄 sysc_openat.stp(3.34 KB)
📄 sysc_pause.stp(2.5 KB)
📄 sysc_perf_event_open.stp(3.24 KB)
📄 sysc_personality.stp(2.74 KB)
📄 sysc_pipe.stp(9.86 KB)
📄 sysc_pivot_root.stp(2.71 KB)
📄 sysc_poll.stp(2.35 KB)
📄 sysc_ppoll.stp(5.38 KB)
📄 sysc_prctl.stp(2.48 KB)
📄 sysc_pread.stp(4.51 KB)
📄 sysc_preadv.stp(4.12 KB)
📄 sysc_preadv2.stp(4.48 KB)
📄 sysc_prlimit64.stp(2.97 KB)
📄 sysc_process_vm_readv.stp(4.08 KB)
📄 sysc_process_vm_writev.stp(4.13 KB)
📄 sysc_pselect6.stp(5.62 KB)
📄 sysc_pselect7.stp(3.58 KB)
📄 sysc_ptrace.stp(3.18 KB)
📄 sysc_pwrite.stp(6.27 KB)
📄 sysc_pwritev.stp(4.23 KB)
📄 sysc_pwritev2.stp(4.58 KB)
📄 sysc_quotactl.stp(4 KB)
📄 sysc_read.stp(3.29 KB)
📄 sysc_readahead.stp(3.02 KB)
📄 sysc_readdir.stp(3.6 KB)
📄 sysc_readlink.stp(2.59 KB)
📄 sysc_readlinkat.stp(3.24 KB)
📄 sysc_readv.stp(3.07 KB)
📄 sysc_reboot.stp(2.77 KB)
📄 sysc_recv.stp(6.7 KB)
📄 sysc_recvfrom.stp(7.82 KB)
📄 sysc_recvmmsg.stp(5.84 KB)
📄 sysc_recvmsg.stp(10.35 KB)
📄 sysc_remap_file_pages.stp(3.37 KB)
📄 sysc_removexattr.stp(2.75 KB)
📄 sysc_rename.stp(2.48 KB)
📄 sysc_renameat.stp(3.3 KB)
📄 sysc_renameat2.stp(3.61 KB)
📄 sysc_request_key.stp(3.23 KB)
📄 sysc_restart_syscall.stp(2.5 KB)
📄 sysc_rmdir.stp(2.25 KB)
📄 sysc_rt_sigaction.stp(6.2 KB)
📄 sysc_rt_sigpending.stp(4.35 KB)
📄 sysc_rt_sigprocmask.stp(7.87 KB)
📄 sysc_rt_sigqueueinfo.stp(4.26 KB)
📄 sysc_rt_sigreturn.stp(1.6 KB)
📄 sysc_rt_sigsuspend.stp(3.45 KB)
📄 sysc_rt_sigtimedwait.stp(5.08 KB)
📄 sysc_rt_tgsigqueueinfo.stp(3.92 KB)
📄 sysc_sched_get_priority_max.stp(3.26 KB)
📄 sysc_sched_get_priority_min.stp(3.26 KB)
📄 sysc_sched_getaffinity.stp(3.62 KB)
📄 sysc_sched_getattr.stp(3.05 KB)
📄 sysc_sched_getparam.stp(2.84 KB)
📄 sysc_sched_getscheduler.stp(2.94 KB)
📄 sysc_sched_rr_get_interval.stp(4.41 KB)
📄 sysc_sched_setaffinity.stp(3.49 KB)
📄 sysc_sched_setattr.stp(2.98 KB)
📄 sysc_sched_setparam.stp(2.83 KB)
📄 sysc_sched_setscheduler.stp(3.2 KB)
📄 sysc_sched_yield.stp(2.26 KB)
📄 sysc_seccomp.stp(2.76 KB)
📄 sysc_select.stp(5.55 KB)
📄 sysc_semctl.stp(7.22 KB)
📄 sysc_semget.stp(3.79 KB)
📄 sysc_semop.stp(4.73 KB)
📄 sysc_semtimedop.stp(8.8 KB)
📄 sysc_send.stp(6.81 KB)
📄 sysc_sendfile.stp(4.38 KB)
📄 sysc_sendmmsg.stp(8.61 KB)
📄 sysc_sendmsg.stp(11.48 KB)
📄 sysc_sendto.stp(7.66 KB)
📄 sysc_set_mempolicy.stp(3.69 KB)
📄 sysc_set_robust_list.stp(3.92 KB)
📄 sysc_set_tid_address.stp(2.83 KB)
📄 sysc_setdomainname.stp(3.04 KB)
📄 sysc_setfsgid.stp(4.43 KB)
📄 sysc_setfsuid.stp(4.48 KB)
📄 sysc_setgid.stp(4.23 KB)
📄 sysc_setgroups.stp(4.1 KB)
📄 sysc_sethostname.stp(2.72 KB)
📄 sysc_setitimer.stp(5.61 KB)
📄 sysc_setns.stp(2.34 KB)
📄 sysc_setpgid.stp(2.41 KB)
📄 sysc_setpriority.stp(2.79 KB)
📄 sysc_setregid.stp(5.84 KB)
📄 sysc_setresgid.stp(6.12 KB)
📄 sysc_setresuid.stp(6.13 KB)
📄 sysc_setreuid.stp(5.84 KB)
📄 sysc_setrlimit.stp(3.61 KB)
📄 sysc_setsid.stp(2.05 KB)
📄 sysc_setsockopt.stp(7.77 KB)
📄 sysc_settimeofday.stp(6.01 KB)
📄 sysc_setuid.stp(4.23 KB)
📄 sysc_setxattr.stp(3.12 KB)
📄 sysc_sgetmask.stp(2.12 KB)
📄 sysc_shmat.stp(5.88 KB)
📄 sysc_shmctl.stp(7.23 KB)
📄 sysc_shmdt.stp(3.36 KB)
📄 sysc_shmget.stp(3.7 KB)
📄 sysc_shutdown.stp(6.46 KB)
📄 sysc_sigaction.stp(5.2 KB)
📄 sysc_sigaltstack.stp(3.83 KB)
📄 sysc_signal.stp(2.5 KB)
📄 sysc_signalfd.stp(11.53 KB)
📄 sysc_sigpending.stp(3.19 KB)
📄 sysc_sigprocmask.stp(3.69 KB)
📄 sysc_sigreturn.stp(1.43 KB)
📄 sysc_sigsuspend.stp(4.22 KB)
📄 sysc_socket.stp(6.92 KB)
📄 sysc_socketpair.stp(7.68 KB)
📄 sysc_splice.stp(2.78 KB)
📄 sysc_ssetmask.stp(2.49 KB)
📄 sysc_stat.stp(5.91 KB)
📄 sysc_statfs.stp(3.02 KB)
📄 sysc_statfs64.stp(2.93 KB)
📄 sysc_statx.stp(3.4 KB)
📄 sysc_stime.stp(2.76 KB)
📄 sysc_swapoff.stp(2.41 KB)
📄 sysc_swapon.stp(2.6 KB)
📄 sysc_symlink.stp(2.52 KB)
📄 sysc_symlinkat.stp(3.28 KB)
📄 sysc_sync.stp(1.88 KB)
📄 sysc_sync_file_range.stp(4.76 KB)
📄 sysc_syncfs.stp(2.27 KB)
📄 sysc_sysctl.stp(2.78 KB)
📄 sysc_sysfs.stp(3.22 KB)
📄 sysc_sysinfo.stp(2.95 KB)
📄 sysc_syslog.stp(2.41 KB)
📄 sysc_tee.stp(2.3 KB)
📄 sysc_tgkill.stp(2.48 KB)
📄 sysc_time.stp(3.18 KB)
📄 sysc_timer_create.stp(4.39 KB)
📄 sysc_timer_delete.stp(2.61 KB)
📄 sysc_timer_getoverrun.stp(2.86 KB)
📄 sysc_timer_gettime.stp(4.15 KB)
📄 sysc_timer_settime.stp(5.33 KB)
📄 sysc_timerfd.stp(1.79 KB)
📄 sysc_timerfd_create.stp(2.99 KB)
📄 sysc_timerfd_gettime.stp(3.79 KB)
📄 sysc_timerfd_settime.stp(4.71 KB)
📄 sysc_times.stp(2.84 KB)
📄 sysc_tkill.stp(2.35 KB)
📄 sysc_truncate.stp(5.25 KB)
📄 sysc_tux.stp(1.04 KB)
📄 sysc_umask.stp(2.22 KB)
📄 sysc_umount.stp(4.5 KB)
📄 sysc_uname.stp(4.77 KB)
📄 sysc_unlink.stp(2.38 KB)
📄 sysc_unlinkat.stp(2.79 KB)
📄 sysc_unshare.stp(2.48 KB)
📄 sysc_uselib.stp(2.39 KB)
📄 sysc_userfaultfd.stp(2.68 KB)
📄 sysc_ustat.stp(4.77 KB)
📄 sysc_utime.stp(5.37 KB)
📄 sysc_utimensat.stp(6.16 KB)
📄 sysc_utimes.stp(5.29 KB)
📄 sysc_vfork.stp(1.98 KB)
📄 sysc_vhangup.stp(2.08 KB)
📄 sysc_vmsplice.stp(5.56 KB)
📄 sysc_wait4.stp(4.55 KB)
📄 sysc_waitid.stp(3.68 KB)
📄 sysc_waitpid.stp(3.02 KB)
📄 sysc_write.stp(3.5 KB)
📄 sysc_writev.stp(3.22 KB)
📄 syscall_any.stp(1.52 KB)
📄 syscall_table.stp(1.44 KB)
📄 syscalls.stpm(13.78 KB)
📄 syscalls_cfg_trunc.stp(111 B)
📄 target_set.stp(1.73 KB)
📄 task.stp(22.21 KB)
📄 task.stpm(253 B)
📄 task_ancestry.stp(1.58 KB)
📄 task_time.stp(7.68 KB)
📄 tcp.stp(22.11 KB)
📄 tcpmib-filter-default.stp(885 B)
📄 tcpmib.stp(10.57 KB)
📄 timestamp.stp(1.72 KB)
📄 timestamp_gtod.stp(1.59 KB)
📄 timestamp_monotonic.stp(5.46 KB)
📄 tty.stp(7.18 KB)
📄 tzinfo.stp(803 B)
📄 ucontext-symbols.stp(8.63 KB)
📄 ucontext-unwind.stp(3.64 KB)
📄 ucontext.stp(2.18 KB)
📄 udp.stp(5.95 KB)
📄 utrace.stp(1.33 KB)
📄 vfs.stp(32.43 KB)
📁 x86_64

Editing: netfilter.stp

/* netfilter.stp - netfilter hook tapset
 *
 * Copyright (C) 2012, 2017-2018 Red Hat Inc.
 * <tapsetdescription>
 * This family of probe points provides a simple way to examine network traffic using the netfilter hooks mechanism.
 * </tapsetdescription>
 */

// See the BZ1546179 block comment in tapset/linux/networking.stp for
// an explanation of the try/catch statements around sk_buff structure
// accesses.

/* The below functionality is mostly inspired by tcp.stp and networking.stp. */

%{
#include <linux/in.h>
#include <linux/skbuff.h>
#include <linux/netfilter_arp.h>
#include <linux/if_arp.h>
#include <net/ipv6.h>
#include <net/llc_pdu.h>
#include <linux/llc.h>
%}

# XXX: IPPROTO_* and NF_* constants should be secure globals -- needs PR10607
  # ... currently we use a hideous copypasta hack which defines them as
  # locals in each probe alias. Blegh

@__private30 function __mac_addr_to_string:string(addr:long) {
         return sprintf("%02x:%02x:%02x:%02x:%02x:%02x",
                        kernel_char(addr)&255, kernel_char(addr+1)&255,
                        kernel_char(addr+2)&255, kernel_char(addr+3)&255,
                        kernel_char(addr+4)&255, kernel_char(addr+5)&255)
}

@__private30 function __get_mac_addr:string(addr:long) {
         return __mac_addr_to_string(@cast(addr, "struct net_device", "kernel<linux/netdevice.h>")->dev_addr)
}

@__private30 function __get_skb_arphdr:long(addr:long)
{
        // The method is exactly the same as for an IP header:
        return __get_skb_iphdr(addr)
}

/* returns the bridge header for kernel >= 2.6.21 */
@__private30 function __get_skb_brhdr_new:long(skb:long)
%{ /* pure */
    struct sk_buff *skb;
    skb = (struct sk_buff *)(uintptr_t)STAP_ARG_skb;
    /* as done by skb_network_header() */
    #ifdef NET_SKBUFF_DATA_USES_OFFSET
        STAP_RETVALUE = (long)(kread(&(skb->head)) + kread(&(skb->network_header)) + sizeof(struct llc_pdu_un));
    #else
        STAP_RETVALUE = (long)(kread(&(skb->network_header)) + sizeof(struct llc_pdu_un));
    #endif
    CATCH_DEREF_FAULT();
%}

/* returns the bridge header for a given sk_buff structure */
@__private30 function __get_skb_brhdr:long(skb:long)
{
%( kernel_v < "2.6.21" %?
	brhdr = @cast(skb, "sk_buff")->mac->raw + %{ /* pure */ sizeof(struct llc_pdu_un) %}
	return brhdr
%:
	return __get_skb_brhdr_new(skb)
%)
}

/* returns llc_pdu_un for a given sk_buff structure */
@__private30 function __get_skb_llc:long(skb:long)
%{ /* pure */
    struct sk_buff *skb;
    skb = (struct sk_buff *)(uintptr_t)STAP_ARG_skb;
    /* as done by skb_network_header() */
    #ifdef NET_SKBUFF_DATA_USES_OFFSET
        STAP_RETVALUE = (long)(kread(&(skb->head)) + kread(&(skb->network_header)));
    #else
        STAP_RETVALUE = (long)kread(&(skb->network_header));
    #endif
    CATCH_DEREF_FAULT();
%}

@__private30 function __ip6_skb_proto:long(addr:long)
%{ /* pure */
   struct sk_buff *skb = (struct sk_buff *)(uintptr_t)STAP_ARG_addr;
   struct ipv6hdr *hdr;
   u8 nexthdr;

/* We call deref() here to ensure the memory at the skb location
    * is valid to read, to avoid potential kernel panic calling ipv6_hdr(). */
   (void)kderef_buffer(NULL, skb, sizeof(struct sk_buff));
   hdr = ipv6_hdr(skb);
   nexthdr = kread(&(hdr->nexthdr));

if (ipv6_ext_hdr(nexthdr)) {
#if LINUX_VERSION_CODE < KERNEL_VERSION(3,3,0)
     long result = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr);     
#else
     __be16 frag_offp;
     int extoff = (u8 *)(hdr + 1) - kread(&(skb->data));
     long result = ipv6_skip_exthdr(skb, extoff, &nexthdr, &frag_offp);
#endif
     STAP_RETVALUE = result < 0 ? 0 : result;
   } else {
     STAP_RETVALUE = 0;
   }
   CATCH_DEREF_FAULT();
%}

private function __skb_nonlinear:long(addr:long)
%{ /* pure */
  struct sk_buff *skb = (struct sk_buff *)(uintptr_t)STAP_ARG_addr;
  STAP_RETVALUE = skb_is_nonlinear(skb);
%}

private function __skb_shinfo:long(addr:long)
%{ /* pure */
  struct sk_buff *skb = (struct sk_buff *)(uintptr_t)STAP_ARG_addr;
  STAP_RETVALUE = (uintptr_t)skb_end_pointer(skb);
%}

private function __skb_frag_size:long(addr:long, frag:long)
%{ /* pure */
  struct skb_shared_info *skb_shr = (struct skb_shared_info *)(uintptr_t)STAP_ARG_addr;
  skb_frag_t skb_frag = skb_shr->frags[STAP_ARG_frag];
  STAP_RETVALUE = skb_frag.size;
%}

private function __skb_frag_data_addr:long(addr:long, frag:long)
%{ /* pure */
  struct skb_shared_info *skb_shr = (struct skb_shared_info *)(uintptr_t)STAP_ARG_addr;
  const skb_frag_t *skb_frag = &skb_shr->frags[STAP_ARG_frag];
  STAP_RETVALUE = (uintptr_t)skb_frag_address_safe(skb_frag);
%}

private function __buffer_data:string(skb:long, str:long)
{
  length = @cast(skb, "struct sk_buff", "kernel<linux/skbuff.h>")->len
  data_length = @cast(skb, "struct sk_buff", "kernel<linux/skbuff.h>")->data_len
  skb_data = @cast(skb, "struct sk_buff", "kernel<linux/skbuff.h>")->data
  headlen = length - data_length /* skb_headlen() */
  data = ""
  if (str) {
    data = kernel_buffer_quoted(skb_data, headlen)
  } else {
    data = sprintf("%.*M", headlen, skb_data)
  }

if (__skb_nonlinear(skb)) {
    shinfo = __skb_shinfo(skb)
    nr_frags = @cast(shinfo, "struct skb_shared_info",
                     "kernel<linux/skbuff.h>")->nr_frags
    for (i = 0; i < nr_frags; i++) {
      frag_size = __skb_frag_size(shinfo, i)
      frag_data_addr = __skb_frag_data_addr(shinfo, i)
      if (str) {
        data .= kernel_buffer_quoted(frag_data_addr, frag_size)
      } else {
        data .= sprintf("%.*M", frag_size, frag_data_addr)
      }
    }
  }
  return data
}

@define netfilter_common_setup(pf_name) %(
        pf = @pf_name

/* XXX not relevant for netfilter.arp & netfilter.bridge probes */
        ipproto_tcp = @const("IPPROTO_TCP")
        ipproto_udp = @const("IPPROTO_UDP")

/* from include/linux/netfilter.h: */
        nf_drop = 0
        nf_accept = 1
        nf_stolen = 2
        nf_queue = 3
        nf_repeat = 4
        nf_stop = 5

indev = & @cast($in, "struct net_device", "kernel<linux/netdevice.h>")
        outdev = & @cast($out, "struct net_device", "kernel<linux/netdevice.h>")
        indev_name = kernel_string(indev->name, "")
        outdev_name = kernel_string(outdev->name, "")

if (indev) {
           indev_mac_len = indev->addr_len
           in_mac = __get_mac_addr(indev)
        }
        if (outdev) {
           outdev_mac_len = outdev->addr_len
           out_mac = __get_mac_addr(outdev)
        }

try {
	   length = @cast($skb, "struct sk_buff", "kernel<linux/skbuff.h>")->len
	} catch { }
	try { data_hex = __buffer_data($skb, 0) } catch { }
	try { data_str = __buffer_data($skb, 1) } catch { }
%)

@define netfilter_ip4_setup %(
        family = @const("AF_INET")
	try {
           iphdr = __get_skb_iphdr($skb)
           saddr = format_ipaddr(__ip_skb_saddr(iphdr), @const("AF_INET"))
           daddr = format_ipaddr(__ip_skb_daddr(iphdr), @const("AF_INET"))
           protocol = __ip_skb_proto(iphdr)
	} catch { }

/* udphdr is in the same place where tcphdr would have been */
           udphdr = & @cast(tcphdr, "udphdr", "kernel<linux/udp.h>")
           if (protocol == ipproto_udp) {
              dport = ntohs(udphdr->dest)
              sport = ntohs(udphdr->source)
           }
	} catch { }
%)

@define netfilter_ip6_setup %(
        family = @const("AF_INET6")
	try {
           iphdr = &@cast(__get_skb_iphdr($skb), "ipv6hdr", "kernel<linux/ipv6.h>")
           saddr = format_ipaddr(&iphdr->saddr, @const("AF_INET6"))
           daddr = format_ipaddr(&iphdr->daddr, @const("AF_INET6"))
           protocol = __ip6_skb_proto($skb)
	} catch { }

try {
           tcphdr = __get_skb_tcphdr($skb)
           if (protocol == ipproto_tcp) {
              dport = __tcp_skb_dport(tcphdr)
              sport = __tcp_skb_sport(tcphdr)
              urg = __tcp_skb_urg(tcphdr)
              ack = __tcp_skb_ack(tcphdr)
              psh = __tcp_skb_psh(tcphdr)
              rst = __tcp_skb_rst(tcphdr)
              syn = __tcp_skb_syn(tcphdr)
              fin = __tcp_skb_fin(tcphdr)
           }
   
           /* udphdr is in the same place where tcphdr would have been */
           udphdr = & @cast(tcphdr, "udphdr", "kernel<linux/udp.h>")
           if (protocol == ipproto_udp) {
              dport = ntohs(udphdr->dest)
              sport = ntohs(udphdr->source)
           }        
	} catch { }
%)

/**
 * probe netfilter.ip.pre_routing - Called before an IP packet is routed
 * @pf: Protocol family - either 'ipv4' or 'ipv6'
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.pre_routing = netfilter.ipv4.pre_routing,
        netfilter.ipv6.pre_routing
{
}

probe netfilter.ipv4.pre_routing
        = netfilter.hook("NF_INET_PRE_ROUTING").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.pre_routing
        = netfilter.hook("NF_IP6_PRE_ROUTING").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.local_in - Called on an incoming IP packet addressed to the local computer
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.local_in = netfilter.ipv4.local_in,
        netfilter.ipv6.local_in
{
}

probe netfilter.ipv4.local_in
        = netfilter.hook("NF_INET_LOCAL_IN").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.local_in
        = netfilter.hook("NF_IP6_LOCAL_IN").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.forward - Called on an incoming IP packet addressed to some other computer
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.forward = netfilter.ipv4.forward,
        netfilter.ipv6.forward
{
}

probe netfilter.ipv4.forward
        = netfilter.hook("NF_INET_FORWARD").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.forward
        = netfilter.hook("NF_IP6_FORWARD").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.local_out - Called on an outgoing IP packet
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.local_out = netfilter.ipv4.local_out,
        netfilter.ipv6.local_out
{
}

probe netfilter.ipv4.local_out
        = netfilter.hook("NF_INET_LOCAL_OUT").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.local_out
        = netfilter.hook("NF_IP6_LOCAL_OUT").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

/**
 * probe netfilter.ip.post_routing - Called immediately before an outgoing IP packet leaves the computer
 * @pf: Protocol family -- either "ipv4" or "ipv6"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @iphdr: Address of IP header
 * @protocol: Packet protocol from driver (ipv4 only)
 * @ipproto_tcp: Constant used to signify that the packet protocol is TCP
 * @ipproto_udp: Constant used to signify that the packet protocol is UDP
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 * @family: IP address family
 * @saddr: A string representing the source IP address
 * @daddr: A string representing the destination IP address
 * @sport: TCP or UDP source port (ipv4 only)
 * @dport: TCP or UDP destination port (ipv4 only)
 * @urg: TCP URG flag (if protocol is TCP; ipv4 only)
 * @ack: TCP ACK flag (if protocol is TCP; ipv4 only)
 * @psh: TCP PSH flag (if protocol is TCP; ipv4 only)
 * @rst: TCP RST flag (if protocol is TCP; ipv4 only)
 * @syn: TCP SYN flag (if protocol is TCP; ipv4 only)
 * @fin: TCP FIN flag (if protocol is TCP; ipv4 only)
 */
probe netfilter.ip.post_routing = netfilter.ipv4.post_routing,
        netfilter.ipv6.local_out
{
}

probe netfilter.ipv4.post_routing
        = netfilter.hook("NF_INET_POST_ROUTING").pf("NFPROTO_IPV4")
{
        @netfilter_common_setup("ipv4")
        @netfilter_ip4_setup
}

probe netfilter.ipv6.post_routing
        = netfilter.hook("NF_IP6_POST_ROUTING").pf("NFPROTO_IPV6")
{
        @netfilter_common_setup("ipv6")
        @netfilter_ip6_setup
}

@define netfilter_arp_setup %(
# XXX: include functionality to parse ARP packet contents
	try {
           arphdr = & @cast(__get_skb_arphdr($skb), "struct arphdr", "kernel<linux/if_arp.h>")
           family = @const("NF_ARP") // from linux/netfilter_arp.h
           ar_hrd = ntohs(arphdr->ar_hrd)
           ar_pro = ntohs(arphdr->ar_pro)
           ar_hln = arphdr->ar_hln
           ar_pln = arphdr->ar_pln
           ar_op = ntohs(arphdr->ar_op)
	} catch { }

ar_data = arphdr + 8
        if (ar_hrd == 0x001 && ar_pro == 0x800) {
           /* additional info available for most common (Ethernet+IP) case: */
           ar_sha = __mac_addr_to_string(ar_data)
           ar_sip = format_ipaddr(kernel_int(ar_data + 6), @const("AF_INET"))
           ar_tha = __mac_addr_to_string(ar_data + 10)
           ar_tip =  format_ipaddr(kernel_int(ar_data + 16), @const("AF_INET"))
        }
        /* XXX support for additional cases? */
%)

/**
 * probe netfilter.arp.in -- Called for each incoming ARP packet
 * @pf: Protocol family -- always "arp"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @arphdr: Address of ARP header
 * @ar_hrd: Format of hardware address
 * @ar_pro: Format of protocol address
 * @ar_hln: Length of hardware address
 * @ar_pln: Length of protocol address
 * @ar_op: ARP opcode (command)
 * @ar_data: Address of ARP packet data region (after the header)
 * @ar_sha: Ethernet+IP only (ar_pro==0x800): source hardware (MAC) address 
 * @ar_sip: Ethernet+IP only (ar_pro==0x800): source IP address
 * @ar_tha: Ethernet+IP only (ar_pro==0x800): target hardware (MAC) address
 * @ar_tip: Ethernet+IP only (ar_pro==0x800): target IP address
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.arp.in = netfilter.hook("NF_ARP_IN").pf("NFPROTO_ARP")
{
        @netfilter_common_setup("arp")
        @netfilter_arp_setup
}

/**
 * probe netfilter.arp.out -- Called for each outgoing ARP packet
 * @pf: Protocol family -- always "arp"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @arphdr: Address of ARP header
 * @ar_hrd: Format of hardware address
 * @ar_pro: Format of protocol address
 * @ar_hln: Length of hardware address
 * @ar_pln: Length of protocol address
 * @ar_op: ARP opcode (command)
 * @ar_data: Address of ARP packet data region (after the header)
 * @ar_sha: Ethernet+IP only (ar_pro==0x800): source hardware (MAC) address 
 * @ar_sip: Ethernet+IP only (ar_pro==0x800): source IP address
 * @ar_tha: Ethernet+IP only (ar_pro==0x800): target hardware (MAC) address
 * @ar_tip: Ethernet+IP only (ar_pro==0x800): target IP address
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.arp.out = netfilter.hook("NF_ARP_OUT").pf("NFPROTO_ARP")
{
        @netfilter_common_setup("arp")
        @netfilter_arp_setup
}

/**
 * probe netfilter.arp.forward -- Called for each ARP packet to be forwarded
 * @pf: Protocol family -- always "arp"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @arphdr: Address of ARP header
 * @ar_hrd: Format of hardware address
 * @ar_pro: Format of protocol address
 * @ar_hln: Length of hardware address
 * @ar_pln: Length of protocol address
 * @ar_op: ARP opcode (command)
 * @ar_data: Address of ARP packet data region (after the header)
 * @ar_sha: Ethernet+IP only (ar_pro==0x800): source hardware (MAC) address 
 * @ar_sip: Ethernet+IP only (ar_pro==0x800): source IP address
 * @ar_tha: Ethernet+IP only (ar_pro==0x800): target hardware (MAC) address
 * @ar_tip: Ethernet+IP only (ar_pro==0x800): target IP address
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.arp.forward = netfilter.hook("NF_ARP_FORWARD").pf("NFPROTO_ARP")
{
        @netfilter_common_setup("arp")
        @netfilter_arp_setup
}

@define netfilter_bridge_setup %(
	try {
           llcpdu = &@cast(__get_skb_llc($skb), "struct llc_pdu_un",
			   "kernel<net/llc_pdu.h>")
           brhdr = __get_skb_brhdr($skb)
	} catch { }
        llcproto_stp = @const("LLC_SAP_BSPAN") // from linux/llc.h

if (llcpdu->dsap == llcproto_stp && llcpdu->ssap == llcproto_stp) {
            protocol = llcproto_stp
            br_prid = ntohs(kernel_short(brhdr))
            br_vid = kernel_char(brhdr + 2)
            br_type = kernel_char(brhdr + 3)
            br_flags = kernel_char(brhdr + 4)
            br_rid = kernel_long(brhdr + 5)
            br_rmac = __mac_addr_to_string(brhdr + 7)
            br_cost = ntohl(kernel_int(brhdr + 13))
            br_bid = kernel_long(brhdr + 17)
            br_mac = __mac_addr_to_string(brhdr + 19)
            br_poid = ntohs(kernel_short(brhdr + 25))
            br_msg = ntohs(kernel_short(brhdr + 27))
            br_max = ntohs(kernel_short(brhdr + 29))
            br_htime = ntohs(kernel_short(brhdr + 31))
            br_fd = ntohs(kernel_short(brhdr + 33))
        }
%)

/**
 * probe netfilter.bridge.pre_routing -- Called before a bridging packet is routed
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.pre_routing
        = netfilter.hook("NF_BR_PRE_ROUTING").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.local_in - Called on a bridging packet destined for the local computer
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.local_in
        = netfilter.hook("NF_BR_LOCAL_IN").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.forward - Called on an incoming bridging packet destined for some other computer
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.forward
        = netfilter.hook("NF_BR_FORWARD").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.local_out - Called on a bridging packet coming from a local process
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.local_out
        = netfilter.hook("NF_BR_LOCAL_OUT").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

/**
 * probe netfilter.bridge.post_routing -- Called before a bridging packet hits the wire
 * @pf: Protocol family -- always "bridge"
 * @indev: Address of net_device representing input device, 0 if unknown
 * @outdev: Address of net_device representing output device, 0 if unknown
 * @indev_name: Name of network device packet was received on (if known)
 * @outdev_name: Name of network device packet will be routed to (if known)
 * @llcpdu: Address of LLC Protocol Data Unit
 * @brhdr: Address of bridge header
 * @llcproto_stp: Constant used to signify Bridge Spanning Tree Protocol packet
 * @protocol: Packet protocol
 * @br_prid: Protocol identifier
 * @br_vid: Protocol version identifier
 * @br_type: BPDU type
 * @br_flags: BPDU flags
 * @br_rid: Identity of root bridge
 * @br_rmac: Root bridge MAC address
 * @br_cost: Total cost from transmitting bridge to root
 * @br_bid: Identity of bridge
 * @br_mac: Bridge MAC address
 * @br_poid: Port identifier
 * @br_msg: Message age in 1/256 secs
 * @br_max: Max age in 1/256 secs
 * @br_htime: Hello time in 1/256 secs
 * @br_fd: Forward delay in 1/256 secs
 * @length: The length of the packet buffer contents, in bytes
 * @data_str: A string representing the packet buffer contents
 * @data_hex: A hexadecimal string representing the packet buffer contents
 * @nf_drop: Constant used to signify a 'drop' verdict
 * @nf_accept: Constant used to signify an 'accept' verdict
 * @nf_stolen: Constant used to signify a 'stolen' verdict
 * @nf_queue: Constant used to signify a 'queue' verdict
 * @nf_repeat: Constant used to signify a 'repeat' verdict
 * @nf_stop: Constant used to signify a 'stop' verdict
 */
probe netfilter.bridge.post_routing
        = netfilter.hook("NF_BR_POST_ROUTING").pf("NFPROTO_BRIDGE")
{
        @netfilter_common_setup("bridge")
        @netfilter_bridge_setup
}

X7ROOT File Manager

Editing: netfilter.stp

Upload File

Create Folder