Skip to main content

strace, the magical tool of linux

Today's topic is strace, one of the best debugging tools available on Linux. Let's talk briefly about how to use strace and how to utilize them. So, in fact, it can be used in a lot of areas, so what we're dealing with today is basically nothing. Based on this, I hope you will help sole various problems.

How to use strace

When you see a man page, you see it as shown below.

strace - trace system calls and signals

Yes. That's right.

strace is a debugging tool used to track the system calls and signals used by the application, and to determine if there is no degradation of the performance, and that there is no error in the error.

There are several options, but the options that must be used are as follows

-s strsize Specify the maximum string size to print (the default is 32)

When tracking via strace, set the maximum value for the string to distribute to the screen or file. If you use this value as a default, you will notice that you can not leave a large amount of space and lose it properly.

with out -s option. You can see that the end is cut off with dot.
-f Trace child processes

The -f option is required when you create and implement an application that uses multiple workflow or worker threads. Otherwise, only the master process that does not work can be tracked.

-t Prefix each line of the trace with the time of day.

Timestamp is required during tracking to measure time, e.g. system call duration.

-p pip Attach to the process with process ID pid

The -p option allows you to enter the trace of the process you want to trace before tracking the trace. You can track the processes that are already created by pid, or you can track them directly by placing them directly behind.

So, the finished command is shown below.

strace -s 65535 -f -t -o strace_dump -p <pid>


To track hostname command

Now that I've learned how to use it briefly, let's look at how we can actually use it. Let's take a quick look at the Linux commands called host.

Do you know the difference between the -f option and the -A option during the hostname command? Both of them show us the opposite, but why do they have two options? Let's take a look at this gap through strace.

strace -s 65535 -f -t -o strace_dump_1 hostname -f

Let's take a look at the generated file strace.

strace_dump_1 file
From the top of the list, you can see a new process generated via a system call called execve and that process run the hostname command. When you enter a command from shell, you can see that the new process is creating via a fork system call. And that process read the libraries that it needs via a open system call.

open /etc/resolv.conf file
Because the hostname command is the command to read the hostname of the server, it will read /etc/resolv.conf file. You can see these processes directly through strace.

The process of asking a domain server
This is the key part, and on the 107 line, you can see that it creates a socket to make a domain query. On the 108 line, it make a request of a connection between the domain server via the connect system call. And on the 110 line, you can see the domain query. If you take a closer look, it is asking if there is a host named server.example.com. example.com is the domain postfix within /etc/resolv.conf with search directive. In this way, it is asking a domain attach a domain postfix within /etc/resolv.conf search directives. So, hostname -f command has a logic that ask to a domain server attach a domain postfix within /etc/resolv.conf search directives.

 Next time, let's taks a look at the hostname -A command.

strace -s 65535 -f -t -o strace_dump_2 hostname -A
strace result for hostname -A
If you look at 116 in line, it opens a socket as -f option, too. Important differences can be found on line 119, it is asking reverse domain query unlike -f option. You can see a query is attached with .in-addr.arpa domain postfix. -f option, it is asking a domain query attach domain postfix within /etc/resolv.conf search directive, -A option, it is asking a reverse domain query.

This is a similar function, but if you check it through, you can see that it's a different kind of command.

Conclusion

In this article, we explored how to use strace.

Because the grammar is not complicated and the usage is not complicated, strace believes that the system engineer must be one of the essential tools to cook.

It also helps to understand the internal principles and structure of the application, as well as when debugging is performed. Of course, it can not be verified by internal principles, but it can be helpful to understand what options the application use to open a socket (setsockopt), how well is doing connect or disconnect (connect, close), how well is doing open a config file (access, read). 



Thank you for reading the long article. Happy hacking~!

Comments

Post a Comment

Popular posts from this blog

The difference with tcp_tw_recycle and tcp_tw_reuse

If you ask me the most troublesome kernel parameters are for the system engineers, there are probably tcp_tw_reuse and tcp_tw_recycle . These two kernel parameters are looks very similar and it's hard to know difference of two values exactly. So, in this article we will test about these parameters and find out the difference with tcp_tw_reuse and tcp_tw_recycle. Let's start. Materials First of all, prepare two servers. One is the role of client, and the other is the role of server. And in client we set a value of net.ipv4.ip_local_port_range kernel parameter to  32768 32768 . [root@server ~]# sysctl -w "net.ipv4.ip_local_port_range=32768 32768" net.ipv4.ip_local_port_range = 32768 32768 tcp_tw_reuse First, let's test about tcp_tw_reuse . In client, you enter curl command to server. And soon, you will see the port that used to open to server is changed TIME_WAIT state. If you enter curl command again, you will see below error message. tcp_tw_re...
1 comment
Read more

nginx, optimizing performance of upstream

When you use a variety of languages, such as Java, Ruby, etc., you usually use a framework. There are many different frameworks such as Play(Scala), RoR(Ruby), Spring(Java), etc. You can develop a service with these frameworks, and use a nginx as a reverse proxy. Today, we will see a nginx upstream indicator and about performance. What is nginx upstream? upstream is an indicator that the servers for which nginx receives the request via proxy_pass. The application servers that implement the business logic are in the back of the nginx, and the nginx deliver a user's request to the application servers. the service structure of nginx upstream You can think we can expect a performance degradation, because nginx has steal a user's request, but nginx has many powerful features so it's reasonable to experience a little performace degradation. For examples, to check user-agent for validation check of clients or check referer header values is very difficult to develop in t...
Post a Comment
Read more