TWI425795B - Method for tracing processing procedure of network packet - Google Patents

Description

Method of tracking the processing of network packets

The present invention is a method for tracking a processing procedure of a network packet, and more particularly to a method for tracking a network packet of a network communication device and a cloud computing device.

For network communication devices, it is necessary to define the cause of network behavior anomalies (such as transmission delay, response time, and packet omissions), which is very important for the development of increasingly popular networked devices. Usually the network packet is processed by the system core. The system kernel analysis tool (Linux Kernel Profiler) is used to help developers analyze the internal behavior of the system core. The existing tools can be roughly divided into three categories: the original tool class ( Source Instrumentation), Binary Instrumentation, Statistical Sampling, and the analysis tools associated with each category are shown in Table 1.

Source Instrumentation mainly modifies the system source code (Source Code) and inserts instructions that can record the internal information of the system to analyze the internal behavior of the system core. For example, Linux Trace Toolkit Next Generation (LTTng), Kernel Tuning and Analysis Utilities (KTAU), Linux Kernel State Tracer (LKST), etc., modified Important core functions in the system. These three technologies insert code into important core functions in the core system, record the trigger time of core events, and analyze the operation behavior of the core system. This record usually contains context switching (context). Switch), timer expired (timer expired) and system call (system call) and so on.

However, it is still impossible to track in detail the processing of network packets in the core system, and it is not possible to automatically find and embed tracking instructions in the core function sequence, that is, these records cannot help developers track network packets in the core network. The processing of the communication protocol. Kernel Function Trace (KFT), FTrace and Kernprof, etc., further modify all system core functions, record the core function execution order and execution time, etc. These three technologies are all cores in the core system. The function is inserted into the code, and the operation process of the core system is completely obtained. The result is as shown in the first figure.

Where: index refers to the number of the primary function, %time refers to the usage time ratio of the primary function, self refers to the running time of the primary function, children refers to the running time of the primary function call child, and the called refers to the called The total number of times, name refers to the name of the primary function. The number of the main function in the real line is [20] and [21], and there are both the parent and the child in the upper and lower sides of the main function (such as the arrow with the dotted line). However, developers still can't use this information to correctly track the order of execution of the core system's processing of packets; that is, users still cannot efficiently and correctly track the core of packet-oriented by analyzing the results. The sequence of functions.

Binary Instrumentation is mainly a function that directly modifies the system object code (Object Code) and temporarily introduces the execution process to the internal information of the recording system to achieve dynamic analysis of the internal behavior of the system. Taking Kprobe as an example, the developer needs to obtain the entry and exit address of the target core function in advance by the help of a compiler or a disassembler, and then assist with such tools. Modify the system machine code to get the required information.

Kprobe, KernInst, D tracking (DTrace) These three technologies are mainly to modify the core code of the core system (Object Code) to achieve dynamic analysis of the internal behavior of the system, the user with the help of Compiler or Disassembler to modify the machine code, However, the user needs to have the knowledge of the core system to process the network packet, otherwise the packet-oriented core function sequence cannot be correctly tracked, so it is still impossible to automatically find and embed the tracking instruction in the core function sequence. Lack of operation on specific devices and core versions. As for the system trace analysis program (Systemtap) of the binary tool class, this technology mainly provides an interface to the user, so that the user can simplify the difficulty of using Kprobe by using the interface, and the user only needs to provide the name of the target core function. Systemtap is responsible for finding the entry point address of the target core function and completing the setting of Kprobe, but the user still needs to have the knowledge of the core system to process the network packet, otherwise the packet-oriented core function sequence cannot be correctly tracked, so it is still Unable to automatically find and embed tracking instructions in the core function sequence.

Other tools, such as the Kernel Level Aspect-oriented System (KLASY), also provide an interface to the user, allowing the user to simplify the use of KernInst through this interface, through the modified Compiler (gcc) first processes the core program, and then the developer tracks and records some functions. The user can provide the name of the target data structure. KLASY is responsible for finding the address of the target data structure to be processed. KernInst is set up, but the analysis data generated by this technology is too large, users can not track the packet-oriented core function sequence efficiently, and this technology requires specific compiler assistance, which is quite inconvenient for developers of embedded devices.

That is to say, the developer must have the knowledge of the core system to process the network packet, and then the packet processing program can be tracked by manual inspection. However, the manual inspection method is not only time-consuming, but also easy to miss or mis-examine, and it is difficult to correctly and effectively track the packet in the core. The order of execution of the system's functions, and the way Binary Instrumentation is applied is poor. As for the Statis-tical Sampling, it mainly periodically checks the instruction (Instruction) being executed in the CPU, and presents the recorded result to the user in a statistical manner. As far as the O analysis tool (Oprofile) is concerned, this technology mainly analyzes the behavior of the core system in a statistical manner, periodically checks the instructions and presents the recorded results to the user in a statistical manner, so it cannot be completely and correctly. Track the packet-oriented core function sequence.

These records are not recorded for functions that process network packets, so they are not suitable for tracking the order in which functions are processed. Therefore, there is currently no set of tools that can correctly and effectively analyze and track the execution order of the functions of the system processing packets of the network communication device, and assist the developer in debugging and defining the causes of transmission delays, reaction times, and packet omissions. The shortcomings of this system kernel analysis tool (Linux Kernel Profiler) applied to track the execution order of the functions of the network communication device processing packets are as follows:

1. The tracking record of the packet-oriented function sequence cannot be provided, which is quite inconvenient for the user who wants to analyze the execution order of the function of processing the packet;

2. Must operate on a particular device or system version, which is quite inconvenient for the development of embedded devices;

3. The user must first have the knowledge of packet processing and system implementation, and implant the tracking instructions according to the manual review method, which is cumbersome and error-prone.

Therefore, how to improve the function sequence can not provide packet-oriented tracking records, must operate in a specific device and must first have the manual processing method of packet processing and system implementation knowledge, and the inventors conduct experiments, tests and After the research, I finally got a way to track the processing procedures of the network packet. In addition to effectively solving the shortcomings of not being able to provide tracking records, operating on specific devices and having practical knowledge, it can also accelerate the development of network communication software. And the efficacy of performance. That is, the problem to be solved by the present invention is how to overcome the problem that the function of accessing the network packet is not easy to find, so that the processing program of the system core can be tracked, and how to overcome the specific data only by using sk_buff. The original type name is used as the reference point of the search, and how to overcome the problem of trying to record the execution function and the contents of the package in the function.

The present invention is a method for tracking a network packet processing program, wherein the network packet is stored in a data structure, and the network packet accepts the processing program in a system core. The method includes the following steps: calling a function to pass the data structure and tracking the processing program accordingly.

Preferably, the system of the method is a Linux, and the data structure is a sk_buff, the method uses the core of the system to access the network packet, and the method further comprises using a specific function to access the network packet. And the handler is an execution order of one of the data structures.

According to a main technical point of view, the present invention can be directed to a method for tracking a processing procedure of a network packet, wherein the network packet accepts the processing program in a system core, the method comprising the following steps, A function is provided to process the network packet, wherein the function has a parameter, defines a data type name of the parameter, and tracks the processing program by searching for the data type name.

Preferably, the data type name of the method is a search reference point, and the data type is a sk_buff original type name or a deformed type name.

Certainly, the deformed state name of the method may be an alias, a customized data type name or a nested data structure, and the deformed type name is associated with a data type of the network packet. .

Of course, the method may further include: searching for a function of accessing the network packet from a source code of the system core, wherein the function of accessing the network packet is directly accessing the network packet. A function or a function that indirectly accesses the network packet.

Preferably, the direct access network packet function of the method utilizes a declared variable (Global Variable), a parameter type name, a backhaul type name or a region definition to directly access the network. Road packet.

Preferably, the method for accessing the network packet between the methods utilizes an Indirect Caller or an Indirect Callee that is accessed by the network packet, and An indicator pointing to the network packet is indirectly obtained by a addressing method to access the network packet.

If, from another feasible point of view, the present invention is a method for tracking a processing procedure of a network packet, wherein the network packet accepts the processing program in a system core, the method comprising the following steps: Accessing a function of the network packet, embedding a tracking instruction in the function, starting to execute the function, and then triggering the tracking instruction, and recording one of the identifiers of the function, and then tracking the processing program .

Of course, the tracking instruction of the method may be an Instrument Source Code, and the identifier is a name or a code.

Through the above description, the present invention can be seen that the method of tracking the processing procedure of the network packet can be used, and the call function can be used to transmit the data structure, and the processing program is tracked and has the parameter defined. The data type name is then searched for the data type name to track the characteristics of the processing program. The invention will be more apparent from the following detailed description and drawings.

The invention proposes a new mechanism for tracking a network packet processing program in a network communication device, which can track the processing procedure of the network packet in the core system by the order of the core function access network packet data. . The invention is applied in a network communication device, and can utilize a data structure of a network packet and a function analysis method to automatically find a function for accessing a network packet data in the program, and embed the instruction in the function. By the order in which the program itself executes the functions, the embedded instructions are sequentially triggered to record information about the name or code of the executed function and the contents of the package. The invention can utilize the data structure (sk_buff) for managing and storing network packets inside the Linux core system, and track the behavior and time point of processing the network packet inside the core system.

Using these records, it is easy for network communication software developers to analyze the system behavior of network communication within the system, clarify and improve network communication (network applications and core protocols or individual software functions), and accelerate network communication. Software development time and execution performance. That is, the present invention can track the execution order of the function of accessing the network packet, track the behavior and time point of processing the network packet inside the system, and do not limit any device and system version. The industries that may be applied in this case include the information industry, the network communication industry, and cloud computing. The products that may be applied are wireless network devices, notebook computers (Note-books), PDAs, mobile phones (Handsets), and network access gates. Channels, network appliances and any networking devices.

Here we will take the Linux core system as an example, for the process of processing the network packet inside the Linux kernel system, recording the measurement information, such as the content change of each function or the statring time of each function. A preferred example of the mechanism for tracking a network packet processing procedure proposed by the present invention is of great value in developing a network device. However, the application of the present invention is not limited to this environment. As long as the network packet data type name is known, the present invention can be applied to track the system to process the network packet. The invention is applied to a Linux core system, and utilizes the data structure of the network packet inside the Linux core system to track the behavior and time point of processing the network packet inside the Linux core system, and assists the developer in analyzing the network behavior inside the Linux core system.

The embodiment of the invention in the Linux core system mainly adds two parts, A. tracking the function execution order of the core system internal access network packet, and B. embedded instruction. And in the case of A., please refer to the second figure, which can be seen as a data structure sk_buff of a network packet, which includes a management data (Management Data) and a packet data storage (Packet data storage), and the present invention utilizes Linux. The data structure used to manage and store network packets within the core system, as a reference point for finding, to find the function to access the network packet, and the data structure for managing and storing the network packet inside the Linux core system is For Sk_buff. Referring to the third figure, a method for tracking a processing procedure of a network packet is shown, wherein the network packet is stored in the data structure, and the network packet accepts the processing program in a system core. The method includes the steps of calling a function to pass the data structure and tracking the processing accordingly. Moreover, the function of accessing the network packet uses the function call to pass sk_buff (as shown in the dashed line in the third figure), so that the remaining functions can access the network packet, so the invention can be easily implemented. In the Linux kernel system.

The operating system of the method is a Linux, and the data structure is a sk_buff, the method uses the system core to access the network packet, and the method further comprises: using a specific function to access the network packet, and the method The handler executes the order of one of the data structures.

According to a main technical point of view, referring to the fourth figure, the present invention may include a method for tracking a processing procedure of a network packet, wherein the network packet accepts the processing program in a system core, the method The method includes the following steps: providing a function to process the network packet, wherein the function has a parameter, defines a data type name of the parameter, and tracks the processing program by searching for the data type name. Of course, the data type name of the method at this time can be used as a reference point for searching, and the present invention uses the method of the function analysis to include a method for finding the type name of a specific data, and the type name of the specific data includes The original type and various deformed type names.

That is, from the source code of the Linux core system, when searching for a function for accessing the network packet, not only the original type name of the data type named sk_buff but also the original type name may be used. Deformed state name. Please refer to the fourth picture A. Because the C language has aliases (Alias), customized data types (Customized data types), nested data structures (Nested Structures) and other rules, the deformed state name of the method can be one. The alias 41, a customized data type name 42 or a nested data structure 43, and the deformed state name 43 is associated with a data type of the network packet.

Since the C language function can access specific data in a variety of ways, the method of function analysis of the present invention includes a method for finding a function for accessing a network packet, the method comprising one source code from the core of the system. Looking for a function to access the network packet, wherein the function for accessing the network packet includes a function for directly accessing the network packet or a function for indirectly accessing the network packet. Referring to FIG. 4B, the function of the direct access network packet utilizes the following four methods: a global variable (also referred to as ''declared variable', Global Variable) 44, a parameter type of a function A Parameter Type 45, a Return Type 46, or a Local Definition 47 allows direct access to the network packet.

On the other hand, the function of indirectly accessing specific data does not utilize the above four methods. Referring to FIG. 5, the function of the indirect access network packet utilizes a call access network packet function ( Indirect Caller), for example, the function F of the direct access network packet of the function E calls, and E obtains an index pointing to the network packet indirectly from F by means of a call by reference method. Make it accessible to the network packet. Or, as shown in Figure 6, the Indirect Callee is accessed by the network packet, and the H is referred to as a function G call that directly accesses the network packet, and H is called by reference. The metric that points to the network packet is obtained indirectly from G, thereby enabling access to the network packet.

For the part B, please refer to the seventh picture (the original function is in the third picture). If it is from another feasible point of view, the present invention can use the above function analysis method to find out that there is a program. Accessing a network packet function and embedding instructions in the functions, that is, the present invention is a method for tracking a network packet processing program, wherein the network packet accepts the processing program in a system core, The method includes the following steps: providing a function for accessing the network packet, embedding a tracking instruction (for example, the one in the large dotted frame in the seventh figure is an Instrument Source Code 70, An instruction to insert a tracking technique, in the function, begins executing the function, and in turn triggers the tracking instruction, and records one of the identifiers of the function, so that the processing program can be tracked.

Of course, the tracking instruction of the method at this time may be a tool source code, and the functions of the instruction codes may record the execution order of the function and the internal data or resources of the system concerned, and provide developer tracking and analysis. The operational status of the system, and the identifier is a name or a code or other various symbols. The invention can be applied to the development of network devices. At present, the network has been widely built, and the networked devices are becoming more and more popular. In the future, coupled with the development of the cloud computing industry, the device networking will be more common, and the present invention can improve network communication. The software development efficiency and communication efficiency of the device have great industrial value.

The keywords for searching in this case are: packet processing sequence, packet processing procedure, packet trace, packet flow, packet data type, and kernel function. When the searched database is the United States Patent and Trademark Office Patent Database Search System (http://www.uspto.gov/), the results are as follows:

1. "packet processing sequence" AND "packet data type": 0

2. "packet processing sequence" AND "kernel function": 0

3. "packet processing procedure" AND "packet data type": 0

4. "packet processing procedure" AND "kernel function": 0

5. "packet flow" AND "packet data type": 9

6. "packet flow" AND "kernel function": 7

7. "packet trace" AND "packet data type": 0

8. "packet trace" AND "kernel function": 0

The 5th and 6th patent documents retrieved are listed below:

1 US 7,453,801

Admission control and resource allocation in a communication system supporting application flows having quality of service requirements

2 US 7,305,511

Providing both wireline and wireless connections to a wireline interface

3 US 7,164,657

Intelligent collaboration across network systems

4 US 7,136,904

Wireless cable replacement for computer peripherals using a master adapter

5 US 7,127,541

Automatically establishing a wireless connection between adapters

6 US 6,963,955

Scattering and gathering data for faster processing

7 US 6,950,859

Wireless cable replacement for computer peripherals

8 US 6,894,972

Intelligent collaboration across network system

9 US 6,665,495

Non-blocking,scalable optical router architecture and method for routing optical traffic

10 US 7,685,254

Runtime adaptable search processor

11 US 7,631,107

Runtime adaptable protocol processor

12 US 7,627,693

IP storage processor and engine using RDMA

13 US 7,536,462

Memory system for a high performance IP processor

14 US 7,487,264

High performance IP processor

15 US 7,415,723

Distributed network security system and a hardware processor

16 US 7,376,755

TCP/IP processor and engine using RDMA

When the database retrieved is the European Patent Office Patent Database Search System (http://ep.espacenet.com/), the results are as follows:

1. "packet processing sequence" AND "packet data type": 0

2. "packet processing sequence" AND "kernel function": 0

3. "packet processing procedure" AND "packet data type": 0

4. "packet processing procedure" AND "kernel function": 0

5. "packet flow" AND "packet data type": 0

6. "packet flow" AND "kernel function": 0

7. "packet trace" AND "packet data type": 0

8. "packet trace" AND "kernel function": 0

The results of comparing the technical contents of the above search with the present case show that the patents are not related to or different from the present invention, and there is no patent similar to the present invention.

In summary, the present invention can be used in a new design, by using a call function to transfer the data structure, and thereby tracking the processing procedure, and defining the data type name of the parameter can be substantially borrowed The data type name is searched to track the efficacy of the process. Therefore, anyone who is familiar with this skill can be modified by all kinds of ideas, but they are not protected by the scope of the patent application.

41. . . Alias

42. . . Customized data type name

43. . . Nested data structure

44. . . Global variable

45. . . Parameter type name

46. . . Return type name

47. . . Regional definition

70. . . Tool source code

The first picture: is the tracking picture of the Kernprof core function of the original primitive tool class;

The second figure is a structural diagram of a data structure used by the method for tracking a network packet processing procedure of the present invention;

Third: is a programming diagram of a preferred embodiment of the present invention using a functional call to communicate a data structure;

FIG. 4A is a programming diagram of a preferred embodiment of the present invention using rules of the C language alias, customized data type, and nested data structure;

The fourth picture B is a program diagram of the global variable of the function of directly accessing the network packet, the parameter type name of the function, the return type name and the area definition;

Figure 5: is a programming diagram of a function that uses a call to access a network packet;

Figure 6: is a programming diagram of a function call using the accessed network packet;

Figure 7 is a block diagram of a preferred embodiment of the embedded instruction result of the third figure.

70. . . Tool source code

Claims (8)

A method of tracking a network packet processing program, wherein the network packet is stored in a data structure, and the network packet is accepted by a processing system in a system core (Kernel) The method includes the steps of: providing a function for accessing the network packet to process the network packet, wherein the function has a parameter; defining a data type name of the parameter; Data type name, and record one of the identifiers of the function; embed a tracking instruction in the function; and call the function to pass the data structure, and start executing the function, thereby triggering the tracking instruction, The identifier is used to track the handler. The method of claim 1, wherein the system is a Linux, and the data structure is a sk_buff, the method uses the system core to access the network packet, and the method further comprises utilizing a specific function. To access the network packet, and the handler executes the order for one of the data structures. The method of claim 1, wherein the data type name is a search reference point, and the data type is a sk_buff original type name or a deformed type name. The method of claim 3, wherein the modified type is an alias, a customized data type name, or a nested data structure, and the modified type name is related to the network. One of the data types of the packet is related. The method of claim 1, further comprising searching for a function for accessing the network packet from a source code of the core of the system, wherein the function of accessing the network packet is a direct A function that accesses the network packet or a function that indirectly accesses the network packet. The method of claim 5, wherein the function of directly accessing the network packet utilizes a declared variable (Global Variable), a parameter type name, a backhaul type name, or an area. Defined to directly access the network packet. The method of claim 5, wherein the function of the indirect access network packet utilizes a function of a call access network packet (Indirect Caller) or an accessed network packet. Indirect Callee, and indirectly obtains an indicator pointing to the network packet by means of a location to access the network packet. The method of claim 1, wherein the tracking instruction is an Instrument Source Code, and the identifier is a name or a code.