Monitoring CORBA traffic in GNOME desktop

From: jim cromie <jcromie divsol com>
To: gnome-devtools gnome org
Subject: Monitoring CORBA traffic in GNOME desktop
Date: Thu, 28 Feb 2002 13:52:41 -0700

Hi All,

I recently had the hair-brained idea of using Ethereal to take a peek at
Corba traffic moving between desktop apps.

Ethereal has powerful filtering capabilities, and also has (duh)
the ability to dissect IIOP, etc.  While the questions that follow
perhaps belong on another list/newsgroup, the motivation probably
fits here best.  Any/all feedback is welcome - even equally hair-brained.

Ethereal can only look at packets on an interface, ex eth0, lo, etc,
but ORBit et-al uses UNIX sockets to communicate.


[jimc harpo jimc]$ netstat -x |grep /tmp |head -10
unix  4      [ ]         STREAM     CONNECTED     328759 /tmp/.X11-unix/X0

unix 3 [ ] STREAM CONNECTED 67979/tmp/orbit-jimc/orb-17983271581232384203

unix  3      [ ]         STREAM     CONNECTED     67923  /tmp/.ICE-unix/1495
unix  3      [ ]         STREAM     CONNECTED     67888  /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     38768  /tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     2515   /tmp/.X11-unix/X0

unix 3 [ ] STREAM CONNECTED 2410/tmp/orbit-jimc/orb-8441915452129898297unix 3 [ ] STREAM CONNECTED 2393/tmp/orbit-jimc/orb-15374197131777632826unix 3 [ ] STREAM CONNECTED 2386/tmp/orbit-jimc/orb-920869672471504580unix 3 [ ] STREAM CONNECTED 2382/tmp/orbit-jimc/orb-920869672471504580



so I hacked up this attempt to open connections to these sockets
and MSG_PEEK at the traffic, and forward that traffic to via UDP
to lo:20000.

Ive had about 5% success, ie opened about 20/278 sockets, and received 1message.The forward fails - apparently linux knows that nobody is listening. Ithought

that UDP was unreliable - why would it complain ?

[jimc harpo jimc]$ perl bin/socketpeek.pl
opened /dev/log
opened /tmp/.font-unix/fs7100
opened /tmp/.sawfish-jimc/harpo.jimc.earth:0.0
opened /tmp/.X11-unix/X0
opened /tmp/.ICE-unix/1495
opened /tmp/orbit-jimc/orb-11001222241065368978
opened /tmp/orbit-jimc/orb-1426542588626177101
opened /tmp/orbit-jimc/orb-1462392974814819601
opened /tmp/orbit-jimc/orb-15374197131777632826
opened /tmp/orbit-jimc/orb-16653922512062021720
opened /tmp/orbit-jimc/orb-17983271581232384203
opened /tmp/orbit-jimc/orb-18368928641421593279
opened /tmp/orbit-jimc/orb-2084332680344587843
opened /tmp/orbit-jimc/orb-21208794131086708996
opened /tmp/orbit-jimc/orb-270938641843392183
opened /tmp/orbit-jimc/orb-541427573832098612
opened /tmp/orbit-jimc/orb-5830192321124075318
opened /tmp/orbit-jimc/orb-8441915452129898297
opened /tmp/orbit-jimc/orb-874096626792655543
opened /tmp/orbit-jimc/orb-920869672471504580
found 278 sockets and 0 fifos
process 2268 opened 20 sockets
got 1 ready
/tmp/.ICE-unix/1495 got <@> len 8 val 010640000

(then waits)

2nd try similar, but adds UDP error:

found 278 sockets and 0 fifos
process 2272 opened 20 sockets
UDP socket failed: Address already in use

[jimc harpo jimc]$ netstat -u
Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign AddressStateudp 0 0 localhost.localdo:20001 localhost.localdo:20000ESTABLISHED


and this is after killing both invocations..




I think I have a clue ( ie one ) but I need many more.

Is it even possible to 'tap' a UNIX socket and monitor traffic
across it this way ?  Do I need to look at netlink or relatives ?
How do I find both sockets in a socketpair such that I can see
the whole conversation ?

I had to not use MSG_PEEK, lest my select loop fire infinitely
on the same packet.  This implies that I got my own point-to-point
connection to the process that opened the socket, and am not really
observing another connection.

OK,

after a long quiet period (while writing this post) from my tool (seepartial log above),

I get an infinite loop - receiving this:

/tmp/.font-unix/fs7100 got <> len 0 val
77141002449663143430010149162111014916211101491621140960got 1 ready
/tmp/.font-unix/fs7100 got <> len 0 val
77141002449663143430010149162111014916211101491621140960got 1 ready
/tmp/.font-unix/fs7100 got <> len 0 val
77141002449663143430010149162111014916211101491621140960got 1 ready
/tmp/.font-unix/fs7100 got <> len 0 val
77141002449663143430010149162111014916211101491621140960g <snipped>


anyway, heres the code

[jimc harpo jimc]$ more bin/socketpeek.pl
#!/usr/bin/perl -w

use Getopt::Std;
use IO::Socket::UNIX;
use IO::Socket::INET;
use IO::Select;

sub find_endpts {
   foreach $fname (@endpoints) {
   if (-S $fname) {
       print "isa socket: $fname\n" if $opt_l;
       push @socknames, $fname;
   }
   if (-p $fname) {
       print "isa fifo: $fname\n" if $opt_l;
       push @fifonames, $fname;
   }
   }
}

sub connect_all {

   foreach my $sock (@socknames) {
   # print "opening $sock\n";
   $mon = IO::Socket::UNIX->new( Type => SOCK_STREAM,
                     #Local => $sock,
                     Peer => $sock,
                     );
   unless ($mon) {
       $mon = IO::Socket::UNIX->new( Type => SOCK_DGRAM,
                     #Local => $sock,
                     Peer => $sock,
                     );
   }
   if ($mon) {
       push @sockets, $mon;
       $sockname{$mon} = $sock;
       print "opened $sock\n";
   }
   elsif ($opt_f) {
       warn "bad socket open on $sock: $!\n" if $opt_f;
   }
   }
}

MAIN:
{
   getopts('fl') or die "bad options\n";

@endpoints = ("/dev/log", </tmp/*>, </tmp/.*/*>, </tmp/orbit-jimc/*>);

   find_endpts();
   connect_all();
   die "no sockets\n" unless @sockets;

print "found ", scalar @socknames,

   " sockets and ", scalar @fifonames, " fifos\n";

print "process $$ opened ", scalar @sockets, " sockets\n";

   my $listener = IO::Select->new();
   $listener->add(@sockets);

$out = IO::Socket::INET->new( Type => SOCK_DGRAM,

                 LocalHost => "127.0.0.1:20001",
                 PeerHost => "127.0.0.1:20000",
                 Proto => "udp",
                 )
   or warn "UDP socket failed: $!\n";

my $sr; # sockets ready

# ENTER service loop
   while (1) {
   my ($rd,$wr,$err) = IO::Select->select ($listener,undef,undef,undef);
   print "got ", scalar @$rd, " ready\n";

foreach my $r (@$rd) {

       $r->recv($buf, 10000, MSG_PEEK) or warn "recv: $!\n";
       $r->recv($buf, 10000) or warn "recv: $!\n";
       $out->send($buf);
       print("$sockname{$r} got <$buf> len ", length $buf,
         " val ", unpack("C*", $buf), "\n");

print stat($sockname{$r});

   }
   foreach my $r (@$wr) {
       print "$r ready to write\n";
   }
   foreach my $r (@$err) {
       print "$r has errs\n";
   }
   }
   print("server closing\n");
}




Also, Ive tried a few code examples found by googling 'linux corba'
but not had any joy.  Can someone point me at a compilable/working
'hello-world' GNOME/CORBA example ??

tia,
jimc

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]