Better tracing of network calls [was Re: GSOC candidature draft for urgent feedback]

Philippe Ombredanne pombredanne at
Thu Mar 6 14:38:27 UTC 2014

On Mon, Mar 3, 2014 at 10:15 PM, enh <enh at> wrote:
> On Sun, Mar 2, 2014 at 3:39 AM, Philippe Ombredanne
> <pombredanne at> wrote:
>> On Tue, Feb 25, 2014 at 8:49 PM, enh <enh at> wrote:
>> On the pipes side, I am a bit more puzzled as what more could be done....
>> pipe(2) has nothing we could decode afaik?
>> Are you talking about decoding more of dup(2) dup2/3 and fcntl(2) with
>> F_DUPFD  when there is a pipe involved?
>> I think that for pipes the only thing that can be done on a per
>> syscall is to have a the pipe fd... and that tracing what went into
>> the pipe is only something that can be done by reasoning not on a
>> single syscall but across multiple calls and eventually multiple
>> processes, in effect parsing a whole strace output, or is there
>> something you think could be done at the syscall level?
> what i've done in the past is match the ids across processes to see
> what process is on the other end. i don't know of any better way to do
> this that go through all of /proc. i suppose strace could model fd
> inheritance, but it all sounds hard and not worth the trouble. (i've
> had to do this probably twice in the last decade!) i was just throwing
> it out there.

Makes sense. I actually wrote a rather ugly piece of code to
post-process a -tttff strace output and track files, pipes and sockets
IOs across calls and processes.
IMHO the best would be to wait a bit when we have a structure output
and have a few example scripts that can do such whole trace analysis,
the most interesting areas to me being files/descriptors, pipes and
sockets operations.

Philippe Ombredanne

More information about the Strace-devel mailing list