2011-08-25 00:40:26 UTC
Solaris/Linux/other) kernel internals.
I recently had to help look into an issue where an application
apparently sent a UDP packet, but it did not appear on the wire, nor
did snoop(1)ing the interface show it, so the assumption is that it
was lost (or misdirected) somewhere in the IP stack.
We did use Dtrace with syscall::sendto:entry/exit to prove that the
application did send the packet, but so far we have no clue how to
determine what happens to the packet afterwards.
Is there a Dtrace script that follows a packet queued bia send(2) or
sendto(2) through the kernel/stack and can indicate
whether some low-level function returns a failure, or
possibly hands it to a different interface (we snooped all except the
unsnoopable lo though w/o luck)..
I looked at the Dtrace Networking Guide but without more knowledge
of internals it was no help.
PS: The Solaris-10 machine I work on is old, so it has no
ip nor udp provider, but if it takes that I'd also like to know.
any hints on where to start would be welcome.