1235368Sgnn#!/usr/bin/ksh
2235368Sgnn#
3235368Sgnn# connections - print inbound TCP connections by process.
4235368Sgnn#               Written in DTrace (Solaris 10 3/05).
5235368Sgnn#
6235368Sgnn# This displays the PID and command name of the processes accepting 
7235368Sgnn# connections, along with the source IP address and destination port number.
8235368Sgnn#
9235368Sgnn# $Id: connections 3 2007-08-01 10:50:08Z brendan $
10235368Sgnn#
11235368Sgnn# USAGE:	connections [-htvZ]
12235368Sgnn#
13235368Sgnn#		-t		# print timestamps, us
14235368Sgnn#		-v		# print timestamps, string
15235368Sgnn#		-Z		# print zonename
16235368Sgnn#	eg,
17235368Sgnn#		connections -v	# snoop connections with times
18235368Sgnn#
19235368Sgnn# FIELDS:
20235368Sgnn#		UID		user ID of the server
21235368Sgnn#		PID		process ID for the server
22235368Sgnn#		CMD		server command name
23235368Sgnn#		TIME		timestamp, us
24235368Sgnn#		TIMESTR		timestamp, string
25235368Sgnn#		PORT		server port
26235368Sgnn#		IP_SOURCE	source IP of the client, written in IPv4 style
27235368Sgnn#		ZONE		zonename
28235368Sgnn#
29235368Sgnn# SEE ALSO:	snoop 'tcp[13:1] = 0x02'	# snoop new connections
30235368Sgnn#
31235368Sgnn# COPYRIGHT: Copyright (c) 2005 Brendan Gregg.
32235368Sgnn#
33235368Sgnn# CDDL HEADER START
34235368Sgnn#
35235368Sgnn#  The contents of this file are subject to the terms of the
36235368Sgnn#  Common Development and Distribution License, Version 1.0 only
37235368Sgnn#  (the "License").  You may not use this file except in compliance
38235368Sgnn#  with the License.
39235368Sgnn#
40235368Sgnn#  You can obtain a copy of the license at Docs/cddl1.txt
41235368Sgnn#  or http://www.opensolaris.org/os/licensing.
42235368Sgnn#  See the License for the specific language governing permissions
43235368Sgnn#  and limitations under the License.
44235368Sgnn#
45235368Sgnn# CDDL HEADER END
46235368Sgnn#
47235368Sgnn# TODO: IPv6
48235368Sgnn#
49235368Sgnn# 10-Apr-2004	Brendan Gregg	Created this.
50235368Sgnn# 23-May-2004	   "      "  	Fixed issues on SPARC.
51235368Sgnn# 08-May-2005	   "      "  	Updated for newer Solaris 10.
52235368Sgnn# 17-Jun-2005	   "      "	Rewrote, changed probes, wrapped in sh.
53235368Sgnn# 04-Dec-2005	   "	  "	Changed tcp_accept_finish -> sotpi_accept
54235368Sgnn# 20-Apr-2006	   "	  "	Fixed SS_TCP_FAST_ACCEPT bug in build 31+.
55235368Sgnn# 20-Apr-2006	   "	  "	Last update.
56235368Sgnn#
57235368Sgnn
58235368Sgnn
59235368Sgnn##############################
60235368Sgnn# --- Process Arguments ---
61235368Sgnn#
62235368Sgnn
63235368Sgnn### Default variables
64235368Sgnnopt_time=0; opt_timestr=0; opt_zone=0
65235368Sgnn
66235368Sgnn### Process options
67235368Sgnnwhile getopts htvZ name
68235368Sgnndo
69235368Sgnn	case $name in
70235368Sgnn	t)      opt_time=1 ;;
71235368Sgnn	v)      opt_timestr=1 ;;
72235368Sgnn	Z)      opt_zone=1 ;;
73235368Sgnn	h|?)    cat <<-END >&2
74235368Sgnn		USAGE: connections [-htvZ]
75235368Sgnn			   -t              # print timestamps, us
76235368Sgnn			   -v              # print timestamps, string
77235368Sgnn			   -Z              # print zonename
78235368Sgnn		  eg,
79235368Sgnn		       connections -v      # snoop connections with times
80235368Sgnn		END
81235368Sgnn		exit 1
82235368Sgnn	esac
83235368Sgnndone
84235368Sgnn
85235368Sgnn
86235368Sgnn#################################
87235368Sgnn# --- Main Program, DTrace ---
88235368Sgnn#
89235368Sgnn/usr/sbin/dtrace -C -s <( print -r '
90235368Sgnn#include <sys/file.h>
91235368Sgnn#include <sys/types.h>
92235368Sgnn#include <sys/byteorder.h>
93235368Sgnn#include <sys/socket.h>
94235368Sgnn#include <sys/socketvar.h>
95235368Sgnn
96235368Sgnn #pragma D option quiet
97235368Sgnn #pragma D option switchrate=10hz
98235368Sgnn
99235368Sgnn inline int OPT_time    = '$opt_time';
100235368Sgnn inline int OPT_timestr = '$opt_timestr';
101235368Sgnn inline int OPT_zone    = '$opt_zone';
102235368Sgnn
103235368Sgnn /*
104235368Sgnn  * Print header
105235368Sgnn  */
106235368Sgnn dtrace:::BEGIN 
107235368Sgnn {
108235368Sgnn        /* print optional headers */
109235368Sgnn        OPT_time    ? printf("%-14s ", "TIME") : 1;
110235368Sgnn        OPT_timestr ? printf("%-20s ", "TIMESTR") : 1;
111235368Sgnn	OPT_zone    ? printf("%-10s ", "ZONE") : 1;
112235368Sgnn
113235368Sgnn	/* print header */
114235368Sgnn	printf("%5s %5s %-12s %4s %5s %s\n",
115235368Sgnn	    "UID", "PID", "CMD", "TYPE", "PORT", "IP_SOURCE");
116235368Sgnn }
117235368Sgnn
118235368Sgnn /*
119235368Sgnn  * TCP Process inbound connections
120235368Sgnn  *
121235368Sgnn  * 0x00200000 has been hardcoded. It was SS_TCP_FAST_ACCEPT, but was
122235368Sgnn  * renamed to SS_DIRECT around build 31.
123235368Sgnn  */
124235368Sgnn fbt:sockfs:sotpi_accept:entry
125235368Sgnn /(arg1 & FREAD) && (arg1 & FWRITE) && (args[0]->so_state & 0x00200000)/
126235368Sgnn {
127235368Sgnn	self->sop = args[0];
128235368Sgnn }
129235368Sgnn
130235368Sgnn fbt:sockfs:sotpi_create:return
131235368Sgnn /self->sop/
132235368Sgnn {
133235368Sgnn	self->nsop = (struct sonode *)arg1;
134235368Sgnn }
135235368Sgnn
136235368Sgnn
137235368Sgnn /*
138235368Sgnn  * Probe TCP connections
139235368Sgnn  */
140235368Sgnn fbt:sockfs:sotpi_accept:return
141235368Sgnn /self->nsop/
142235368Sgnn {
143235368Sgnn	/* fetch connection details */
144235368Sgnn	this->tcpp = (tcp_t *)self->nsop->so_priv;
145235368Sgnn	this->connp = (conn_t *)this->tcpp->tcp_connp;
146235368Sgnn
147235368Sgnn#if defined(_BIG_ENDIAN)
148235368Sgnn	this->port0 = this->connp->u_port.tcpu_ports.tcpu_lport;
149235368Sgnn#else
150235368Sgnn	this->port0 = BSWAP_16(this->connp->u_port.tcpu_ports.tcpu_lport);
151235368Sgnn#endif
152235368Sgnn	this->rem12 = 
153235368Sgnn	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12];
154235368Sgnn	this->rem13 =
155235368Sgnn	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13];
156235368Sgnn	this->rem14 =
157235368Sgnn	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14];
158235368Sgnn	this->rem15 =
159235368Sgnn	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15];
160235368Sgnn
161235368Sgnn        /* print optional fields */
162235368Sgnn        OPT_time    ? printf("%-14d ", timestamp/1000) : 1;
163235368Sgnn        OPT_timestr ? printf("%-20Y ", walltimestamp) : 1;
164235368Sgnn	OPT_zone    ? printf("%-10s ", zonename) : 1;
165235368Sgnn
166235368Sgnn	/* print output line */
167235368Sgnn	printf("%5d %5d %-12s %4s %5d %d.%d.%d.%d\n",
168235368Sgnn	    uid, pid, execname, "tcp", this->port0, 
169235368Sgnn	    this->rem12, this->rem13, this->rem14, this->rem15);
170235368Sgnn }
171235368Sgnn
172235368Sgnn fbt:sockfs:sotpi_accept:return
173235368Sgnn {
174235368Sgnn	self->nsop = 0;
175235368Sgnn	self->sop = 0;
176235368Sgnn }
177235368Sgnn')
178235368Sgnn
179