socket (buffer) overflow detection tool – sodt

Name: sodt (套接字缓存溢出探测器)

Language: KSH

Destination: Detect socket buffer overflow for certain process real-timely

Orignal Intention: Confirm messages lost caused by socket buffer overflow

Version: 0.1

Supported Protocol: UDP/TCP/SCTP

Supported OS: Linux/FreeBSD

Note: ‘root’ permission is preferred to avoid OS kernel error

Example: ./sodt -p udp -n H248: detect socket overflow for H248 with sampling rate 1 second

Phase II (if time is ok……): TBD

Src:

#
# Socket (buffer) Overflow Detection Tool – sodt
# Version 0.1
# Aug 9, 2010
#
Dave.Tian@alcatel-lucent.com
#
# Changes:
# Version 0.1 –
#       SCTP support on Linux
# Version 0.0 – Aug 4, 2010
#       TCP/UDP support on Linux/FreeBSD
#

# func:
show_usage() {
        echo “Usage: sodt [-h] [-p <protocol>] [-n <name>] [-s <sampling>]”
        echo ”  -h print this help message”
        echo ”  -p protocol of the socket: udp/tcp”
        echo ”  -n name of process using socket”
        echo ”  -s sampling rate for sodt, default time is 1 second”
        echo “For detailed information about this tool, please refer to:”
        echo “
http://ihgpweb.ih.lucent.com/~daveti/OS/sodt.htm
        echo “Any feedback or suggestion please mail to:”
        echo “
Dave.Tian@alcatel-lucent.com
}

# Check the OS on which sodt is running
# Only Linux/FreeBSD is supported, as Solaris does not have ‘sysctl’

OSNAME=`uname`
if [ “$OSNAME” != “Linux” ] && [ “$OSNAME” != “FreeBSD” ]
then
        echo “Error: only Linux/FreeBSD is supported by ‘sodt'”
        exit 1
fi

# Parameters’ processing for ‘sodt’

typeset -i VAR_H
typeset -i VAR_N
typeset -i VAR_P
typeset -i VAR_S
VAR_H=0
VAR_N=0
VAR_P=0
VAR_S=0
export PROTOCOL=””
export PRONAME=””
export SLEEPTIME=””

if [ “$#” != 0 ]
then
        while getopts hp:n:s: VAR
        do
                case $VAR in
                        h|H)
                                ((VAR_H+=1))
                                ;;
                        n|N)
                                ((VAR_N+=1))
                                PRONAME=${OPTARG}
                                ;;
                        p|P)
                                ((VAR_P+=1))
                                PROTOCOL=${OPTARG}
                                ;;
                        s|S)
                                ((VAR_S+=1))
                                SLEEPTIME=${OPTARG}
                                ;;
                        ?)
                                show_usage
                                exit 1
                                ;;
                esac
        done

        shift $(($OPTIND – 1))
        VAR_R_ARG=”$*”

        if [ -n “$VAR_R_ARG” ] || [ “$VAR_N” = 0 ] || [ “$VAR_P” = 0 ] || [ “$VAR_H” = 1 ]
        then
                show_usage
                exit 1
        else
                if [ “$PROTOCOL” != “udp” ] && [ “$PROTOCOL” != “tcp” ] && [ “$PROTOCOL” != “sctp” ]
                then
                        echo “Error: unsupported protocol. Only UDP/TCP/SCTP is supported by ‘sodt'”
                        exit 1
                fi

                if [ “$VAR_S” = 0 ]
                then
                        echo “sodt: Take default sampling interval 1 second”
                        SLEEPTIME=”1″
                fi
        fi
else
        show_usage
        exit 1
fi

# Check if this machine is Linux, if kernel supports SCTP, if SCTP module is loaded, if SCTP is enabled
# and if ‘netstat’ supports SCTP parameter, when ‘sctp’ is chosen
# Use ‘checksctp’ in ‘lksctp-tool’ to cover all testings above.

if [ “$PROTOCOL” = “sctp” ] && [ `checksctp` != “SCTP supported” ]
then
        echo “Error: SCTP is NOT supported on this machine”
        exit 1
fi

# Check for ‘root’ permission
# ‘sysctl’ and ‘netstat’ needs ‘root’ permission to display more info

echo “Warning: ‘sodt’ needs ‘root’ permission to run smoothly”
# Get the system socket buffer data

sysctl -a | grep net.core > sodt.tmp 2>/dev/null
export DEFAULT_RECV_BUFFER=`cat sodt.tmp | grep net.core.rmem_default | cut -d”=” -f2 | tr -d ” “`
export DEFAULT_SEND_BUFFER=`cat sodt.tmp | grep net.core.wmem_default | cut -d”=” -f2 | tr -d ” “`
export MAX_RECV_BUFFER=`cat sodt.tmp | grep net.core.rmem_max | cut -d”=” -f2 | tr -d ” “`
export MAX_SEND_BUFFER=`cat sodt.tmp | grep net.core.wmem_max | cut -d”=” -f2 | tr -d ” “`
echo “sodt: OS default Socket recv buffer: $DEFAULT_RECV_BUFFER”
echo “sodt: OS default Socket send buffer: $DEFAULT_SEND_BUFFER”
echo “sodt: OS max Socket recv buffer: $MAX_RECV_BUFFER”
echo “sodt: OS max Socet send buffer: $MAX_SEND_BUFFER”

# While loop for real-time detection

echo “sodt: Detection starts”
while true
do
        netstat –$PROTOCOL -p | grep “$PRONAME” > sodt.tmp
        while read line
        do
                RECV_Q=`echo $line | cut -d” ” -f2 | tr -d ” “`
                SEND_Q=`echo $line | cut -d” ” -f3 | tr -d ” “`
                if [ “$RECV_Q” -ge “$MAX_RECV_BUFFER” ] || [ “$SEND_Q” -ge “$MAX_SEND_BUFFER” ]
                then
                        echo “`date`: $line”
                fi
        done < sodt.tmp
        sleep $SLEEPTIME
done

About daveti

Interested in kernel hacking, compilers, machine learning and guitars.
This entry was posted in Dave's Tools and tagged , , . Bookmark the permalink.

123 Responses to socket (buffer) overflow detection tool – sodt

  1. I discovered your blog site on google and check a few of your early posts. Continue to keep up the very good operate. I just additional up your RSS feed to my MSN News Reader. Seeking forward to reading more from you later on!?

  2. There’s clearly a great deal to know about this. I think you made some excellent factors in Attributes also.
    Keep working , terrific work!

  3. Needless to say, what a terrific internet site and informative posts, I’ll add backlink – bookmark this web site? Regards,
    Reader.

  4. pc games says:

    that is As well nice, when it comes in india hope it may make a Rocking location for youngster.. hope that
    come true.

  5. webdesigner says:

    Hello, this is really a seriously fascinating Internet blog and ive loved reading numerous in the articles or blog posts and posts contained upon the site, sustain the terrific do the job and hope to study a lot a lot more thrilling posts inside the time to come.

  6. a pretty picture to say something shocking if it is.

  7. pikavippi says:

    Sorry for the huge review, but I’m really loving the new Zune, and hope this, as well as the excellent reviews some other people have written, will help you decide if it’s the right choice for you.

  8. vippi says:

    ha, I will proof my consideration, your list inform take in me some all right ideas, it’s non-standard real extraordinary, thanks.

  9. santa pola says:

    Thanksimpressive blog something like that. been my salvation for my page

  10. Una web imprescindible le agradezco por el contenido seguire de cerca a los ultimos post

  11. Lyda Draudt says:

    that is Also great, when it comes in india hope it may make a Rocking place for youngster.. hope that
    come true.

  12. viagra says:

    Super-Duper site! I am loving it!! Will arrive back once more – taking you feeds also, Thanks.
    Hello. Fantastic position. I didn’t expect this on a Wednesday. This is really a terrific story. Thanks!

  13. my God, i believed you were heading to chip in with some decisive insght at the finish there, not leave it
    with ‘we leave it to you to decide’.

  14. Site visitors Mayhem Review- the posts on this post is seriously a single of probably the most effective substance that i?ve actually are obtainable throughout. I really like your article, I’ll are out there again to verify for new posts.

  15. Lynna Sudo says:

    Hello. Great job. I did not expect this on a Wednesday. This is a great story. Thanks!

  16. You made some good points there. I did a search on the topic and found most people will agree with
    your blog.

  17. viagra says:

    Hello there, I discovered your blog by way of Google although looking for 1st aid to get a heart attack and your post
    looks pretty interesting for me.

  18. Traffic Mayhem Review- the posts on this article is seriously a single of the most effective substance that i?ve truly are out there throughout. I really like your write-up, I will are available again to verify for new posts.

  19. Thanksa fantastic blog something like that. my guide for my web Posicionamiento Web

  20. viagra says:

    Thank you for another wonderful post. Exactly where else could anyone get that type of details in these a perfect way of writing? I’ve a presentation next week, and I’m on the look for like info.

  21. viagra says:

    Every time I see blogs as good as this because I need to stop bludging and commence working on mine.Thanks

  22. webdesigner says:

    Hey really nice weblog!! Guy .. Beautiful .. Incredible .. I will bookmark your blog and get the feeds
    also…

  23. webdesigner says:

    Wow! Thank you! I always desired to write in my website something like that. Can i get part of your
    post to my weblog?

  24. lida kaufen says:

    Super-Duper site! I’m loving it!! Will arrive back again again – taking you feeds also, Thanks.

  25. lida kaufen says:

    I do not commonly reply to posts but I will in this situation.
    my God, i believed you were heading to chip in with some decisive insght on the end there, not depart it
    with ‘we leave it to you to decide’.

  26. Needless to say, what a terrific internet site and informative posts, I’ll add backlink – bookmark this site? Regards,
    Reader.

  27. viagra says:

    Wow! Thank you! I always wanted to write in my web site some thing like that. Can i get component of your
    post to my weblog?

  28. buy roids says:

    Very interesting info, i’m waiting for more !!! Keep updating your website and you will have a lot o readers

  29. Hi, i just thought i’d post and allow you to know your blogs layout is actually messed up on the K-Melonbrowser. Anyhow keep up the beneficial operate.

  30. Nice post. All very good points. There are a few sites that I’ve registered at in order to comment, but they are few and far between.

  31. Buy Propecia says:

    There are some attention-grabbing points in time on this article however I don’t know if I see all of them center to heart. There is some validity but I’ll take hold opinion until I look into it further. Good article , thanks and we want more! Added to FeedBurner as properly

  32. valium says:

    I used to be more than happy to search out this net-site.I needed to thanks on your time for this wonderful learn!! I definitely enjoying every little little bit of it and I’ve you bookmarked to check out new stuff you blog post.

  33. What a great publish. I really like reading these varieties or articles or blog posts. I can?t wait to determine what other people have to say.

  34. Rubin Eld says:

    As a Newbie, I’m always looking on line for content articles that will help me. Thank you

  35. sleep aid says:

    It’s hard to search out educated individuals on this matter, however you sound like you understand what you’re speaking about! Thanks

  36. An impressive share, I just given this onto a co-worker who was doing a little analysis on this. And he in fact bought me breakfast because I found it for him. smile. So let me reword that: Thank you for the treat! But yeah Thanks for spending the time to discuss this, I feel strongly about it and enjoy learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more info? It is extremely helpful for me. Two thumb up for this post!

    • daveti says:

      Again, thank you for your so nice word. Frankly, I’ve never thought this post would be so that popular:) And yes, ‘socket’ is always a mystery topic for network programming and debugging. Will back to that topic again once there is sth interesting i find. Thank you again, my friend, letting me know i could do sth helping others:)

  37. You’ve made some excellent points there. I did military services has started within the subject and barely found any specific info other websites, even so great that need be here, seriously, thanks. vimax penis enlargement pills SB2011LAIN_AING

  38. Conrad Samad says:

    A beautiful web page , it has long sought a paper com this

  39. Thanks alot for the info, helpful indeed. If I may, would I be able to use a quote or two on my website? vimax penis enlargement pills SB2011LAIN_AING

  40. hechizos says:

    Hechizos para enamorar simplemente un hombre con un simple pendrive, y bajando un par de archivos, todo sin soltar un euro y con unos faciles pasos.

  41. How can I uncover out much more data on this matter?

  42. I dont really have much interest inside your blog but I seen it at one more blog sharing fantastic word press themes and they employed yours as a good example of this and it really is very nice, excellent job!

    • daveti says:

      for UDP, my experience is socket overflow may be related with CPU overflow – say msgs could not be extracted from socket timely. And yes, there should sth deeper than this – aint got time to make it though:(

    • daveti says:

      Wow….that’s nice…may i know the link? that’s really incredible as I just put all the things there, on my blog…..anyway, thanks, man!

  43. As a whole, it took me roughly Fifty moments to locate this particular excellent post. Thanks a lot.

  44. bodybyvi says:

    I believe that a simple and unassuming manner of life is best for everyone, best both for the body and the mind.

  45. miami ink says:

    Simply a smiling visitor here to share the love (:, btw outstanding layout.

  46. Spot on because of this write-up, I really assume neutral needs much even more consideration. Iâ??ll most likely be again to enjoy a book rather more, thanks for that info.

  47. Rattling nice design and style and great content material, practically nothing else we want :D.

  48. Will not worry? This can be like what my brother-in-law in some cases expresses, Don’t let the bed bugs bite.

  49. Unbelievably maintained and respected trap directory. Sprung coming and moderation. Go on raise your relation so you inclination caress the power of our directory. setakowa.

  50. doorgift says:

    I like this web site because so much utile stuff on here :D.

  51. posicionalia says:

    Hello, i believe that i saw you visited my web site so i came to ā€œreturn the desireā€¯.I’m trying to in finding issues to enhance my web site!I guess its adequate to make use of some of your concepts!!

  52. This is certainly this kind of a exceptional reference you are presenting and also you give it away for fully zero cost.

  53. excellent, a web site arrangement is normally delightful, I’m hunting for a fresh web theme regarding a doudoune moncler have site, I love your own, today I’ll choose get the same type!…

  54. I assumed it absolutely was going to be some unexciting old post, but it certainly compensated for my time. I’ll post a link to this page on my website. I am absolutely certain my website visitors will discover that very advantageous

  55. Hey. Mainly want to give a quick remark and ask exactly where you bought your particular web template I am putting up own wordpress blog and absolutely really like your particular model.

    • daveti says:

      I am using the most default and old the theme called “Twenty Ten” by the WordPress team – then with my owner banner pic and some layout on widgets. Glad you like it:)

  56. Grant Peppin says:

    Sup there administrator, I just wished to give a brief observation to firmly admit that I admired your particular post. Thanks!

  57. You have observed very interesting points ! ps nice internet site .

  58. I’m sure ample individuals have had various things to say about this publish, and some seem to be creating a fantastic level, but I do enjoy how you watch it. Very good sharing.

  59. Just want to say your article is as amazing. The clarity in your post is simply nice and i could assume you’re an expert on this subject. Fine with your permission let me to grab your RSS feed to keep up to date with forthcoming post. Thanks a million and please carry on the rewarding work.

  60. There is clearly a bunch to know about this. I consider you made various good points in features also.

  61. Rob Meisch says:

    This is really interesting, You’re a very skilled blogger. I have joined your feed and look forward to seeking more of your great post. Also, I have shared your site in my social networks!

  62. Hello.This post was really motivating, especially since I was searching for thoughts on this subject last Sunday.

  63. I am continuously browsing online for posts that can aid me. Thank you!

  64. I wish to express my affection for your kindness in support of folks that should have assistance with in this issue. Your special dedication to passing the solution up and down turned out to be certainly insightful and have permitted workers much like me to get to their objectives. Your entire informative guideline entails a whole lot a person like me and substantially more to my peers. Many thanks; from all of us.

  65. hello there and thank you for your info – I’ve definitely picked up anything new from right here. I did however expertise some technical issues using this site, as I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your hosting is OK? Not that I am complaining, but sluggish loading instances times will very frequently affect your placement in google and can damage your quality score if ads and marketing with Adwords. Anyway I am adding this RSS to my email and could look out for much more of your respective fascinating content. Ensure that you update this again soon..

  66. My brother suggested I might like this blog. He was totally right. This post actually made my day. You can not imagine just how much time I had spent for this info! Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s