QLOG is a new general purpose logging format for network protocols. It is an endpoint logging format. That is, it logs events from within implementations. Its main usages are:
- the visualization of network traces under different forms (See QVIS).
- the creation of debugging tools.
At this time, specific extensions exist for:
This project is aimed to propose the basis of such extension for the (MP)TCP protocols.
This page is a summary of the contributions. A detailed (technical) documentation is available in the project repository.
A prototype logger is implemented in Python.
It leverages eBPF
and kernel probes (kprobes) tracing in the MPTCPv1
Linux kernel implementation.
eBPF
programs are attached to kprobes (with BCC
) and are triggered upon the probed function execution.
They collect some data and send them back to the user-space through perf buffers.
The user-space utility then formats the events according to the proposed QLOG format and dumps them in files with the JSON format.
A custom testing environment is implemented to run the prototype.
It is composed of two Docker containers, each running an MPTCPv1
Linux kernel instance through the virtme
tool.
One of them acts as a server and the other one as a client.
Each VM has three tap-tun network interfaces bridged on the container interface, allowing multipath usage when MPTCP is enabled.
Here is a sample of the current client-side view of the 3-way handshakes form a 3-subflows MPTCP connection.
[13237874729, 'connectivity', 'connection_started', {'dst_ip': '172.17.0.10', 'dst_port': 8000, 'ip_version': '4', 'src_ip': '172.17.0.30', 'src_port': 50952, 'transport_protocol': 'TCP'}, '2ba0ebea0ce9f6b9f6d1a6098cbeaa9e']
[13237874729, 'transport', 'packet_sent', {'header': {'flags': ['SYN'], 'seq': 182139483, 'win': 0}}, '2ba0ebea0ce9f6b9f6d1a6098cbeaa9e']
[13238791973, 'transport', 'packet_received', {'header': {'flags': ['SYN', 'ACK'], 'seq': 2079434258, 'ack': 182139484, 'win': 65160}}, '2ba0ebea0ce9f6b9f6d1a6098cbeaa9e']
[13238839345, 'transport', 'packet_sent', {'header': {'flags': ['ACK'], 'ack': 1, 'win': 0}}, '2ba0ebea0ce9f6b9f6d1a6098cbeaa9e']
[...]
[13241118215, 'connectivity', 'subflow_connection_started', {'dst_ip': '172.17.0.10', 'dst_port': 8000, 'ip_version': '4', 'src_ip': '172.17.1.31', 'src_port': 48615, 'transport_protocol': 'TCP'}, 'cdbdf00b802e84969f4dfcce3c43f37e', '2ba0ebea0ce9f6b9f6d1a6098cbeaa9e']
[13241118215, 'transport', 'packet_sent', {'header': {'flags': ['SYN'], 'seq': 1873275315, 'win': 0}}, 'cdbdf00b802e84969f4dfcce3c43f37e']
[13243053215, 'transport', 'packet_received', {'header': {'flags': ['SYN', 'ACK'], 'seq': 852837744, 'ack': 1873275316, 'win': 65160}}, 'cdbdf00b802e84969f4dfcce3c43f37e']
[13243088040, 'transport', 'packet_sent', {'header': {'flags': ['ACK'], 'ack': 1, 'win': 0}}, 'cdbdf00b802e84969f4dfcce3c43f37e']
[...]
[13243425262, 'connectivity', 'subflow_connection_started', {'dst_ip': '172.17.0.10', 'dst_port': 8000, 'ip_version': '4', 'src_ip': '172.17.2.32', 'src_port': 55137, 'transport_protocol': 'TCP'}, 'a90078718fcc22e98d79a3c56cb69d65', '2ba0ebea0ce9f6b9f6d1a6098cbeaa9e']
[13243425262, 'transport', 'packet_sent', {'header': {'flags': ['SYN'], 'seq': 863497603, 'win': 0}}, 'a90078718fcc22e98d79a3c56cb69d65']
[13244046390, 'transport', 'packet_received', {'header': {'flags': ['SYN', 'ACK'], 'seq': 1201300528, 'ack': 863497604, 'win': 65160}}, 'a90078718fcc22e98d79a3c56cb69d65']
[13244075302, 'transport', 'packet_sent', {'header': {'flags': ['ACK'], 'ack': 1, 'win': 0}}, 'a90078718fcc22e98d79a3c56cb69d65']
Here is the list of all the (open-source) tools used in this project:
MPTCPv1
Linux kernel implementation- BCC: Python library which allows attaching
eBPF
programs to various hooks. - virtme: Simple tool to run virtualized Linux kernels.
- mptcp-tools: Simple utility forcing applications to use MPTCP rather than TCP.
- docker: Container runtime.