Networking Blackbox

Download Documentation Links

The networking blackbox provides a mechanism for the kernel to record socket buffers at various locations in the network stack, and to dump them later to user space.
Socket buffers are stored with all meta-information (i.e. the content of struct sk_buff) and the actual data. They are recorded in a ring buffer of configurable size.
Dumps are either initiated from the kernel (e.g. when detecting an abnormal condition, or from user space. After a dump has been triggered, the data stored in the ring buffer can be read from a device file.
Networking blackbox also includes a tool that pretty-prints the contents of the various structures included in a dump.

The networking blackbox is being developed as part of the FAST project at Caltech.

The current version is netbb-14 (28 kB), released 10-MAY-2003.

Changes since the previous version:

  • updated dbb/tcpump.dbb and uml/rle/dbb to work with newline changes in umlsim version 32 and above
  • updated dbb/tcpdump.dbb and uml/rle.dbb to use "read()" instead of "read"

Older versions can be found here.

Usage information:
Full documentation is included in the netbb package. The kernel part is described in the file netbb/README. The pretty-printer and its script language are described in the file netbb/dumpbb/README.

Under construction :-)

Last update: 10-MAY-2003   Werner Almesberger