1235368Sgnn#!/usr/bin/ksh 2235368Sgnn# 3235368Sgnn# connections - print inbound TCP connections by process. 4235368Sgnn# Written in DTrace (Solaris 10 3/05). 5235368Sgnn# 6235368Sgnn# This displays the PID and command name of the processes accepting 7235368Sgnn# connections, along with the source IP address and destination port number. 8235368Sgnn# 9235368Sgnn# $Id: connections 3 2007-08-01 10:50:08Z brendan $ 10235368Sgnn# 11235368Sgnn# USAGE: connections [-htvZ] 12235368Sgnn# 13235368Sgnn# -t # print timestamps, us 14235368Sgnn# -v # print timestamps, string 15235368Sgnn# -Z # print zonename 16235368Sgnn# eg, 17235368Sgnn# connections -v # snoop connections with times 18235368Sgnn# 19235368Sgnn# FIELDS: 20235368Sgnn# UID user ID of the server 21235368Sgnn# PID process ID for the server 22235368Sgnn# CMD server command name 23235368Sgnn# TIME timestamp, us 24235368Sgnn# TIMESTR timestamp, string 25235368Sgnn# PORT server port 26235368Sgnn# IP_SOURCE source IP of the client, written in IPv4 style 27235368Sgnn# ZONE zonename 28235368Sgnn# 29235368Sgnn# SEE ALSO: snoop 'tcp[13:1] = 0x02' # snoop new connections 30235368Sgnn# 31235368Sgnn# COPYRIGHT: Copyright (c) 2005 Brendan Gregg. 32235368Sgnn# 33235368Sgnn# CDDL HEADER START 34235368Sgnn# 35235368Sgnn# The contents of this file are subject to the terms of the 36235368Sgnn# Common Development and Distribution License, Version 1.0 only 37235368Sgnn# (the "License"). You may not use this file except in compliance 38235368Sgnn# with the License. 39235368Sgnn# 40235368Sgnn# You can obtain a copy of the license at Docs/cddl1.txt 41235368Sgnn# or http://www.opensolaris.org/os/licensing. 42235368Sgnn# See the License for the specific language governing permissions 43235368Sgnn# and limitations under the License. 44235368Sgnn# 45235368Sgnn# CDDL HEADER END 46235368Sgnn# 47235368Sgnn# TODO: IPv6 48235368Sgnn# 49235368Sgnn# 10-Apr-2004 Brendan Gregg Created this. 50235368Sgnn# 23-May-2004 " " Fixed issues on SPARC. 51235368Sgnn# 08-May-2005 " " Updated for newer Solaris 10. 52235368Sgnn# 17-Jun-2005 " " Rewrote, changed probes, wrapped in sh. 53235368Sgnn# 04-Dec-2005 " " Changed tcp_accept_finish -> sotpi_accept 54235368Sgnn# 20-Apr-2006 " " Fixed SS_TCP_FAST_ACCEPT bug in build 31+. 55235368Sgnn# 20-Apr-2006 " " Last update. 56235368Sgnn# 57235368Sgnn 58235368Sgnn 59235368Sgnn############################## 60235368Sgnn# --- Process Arguments --- 61235368Sgnn# 62235368Sgnn 63235368Sgnn### Default variables 64235368Sgnnopt_time=0; opt_timestr=0; opt_zone=0 65235368Sgnn 66235368Sgnn### Process options 67235368Sgnnwhile getopts htvZ name 68235368Sgnndo 69235368Sgnn case $name in 70235368Sgnn t) opt_time=1 ;; 71235368Sgnn v) opt_timestr=1 ;; 72235368Sgnn Z) opt_zone=1 ;; 73235368Sgnn h|?) cat <<-END >&2 74235368Sgnn USAGE: connections [-htvZ] 75235368Sgnn -t # print timestamps, us 76235368Sgnn -v # print timestamps, string 77235368Sgnn -Z # print zonename 78235368Sgnn eg, 79235368Sgnn connections -v # snoop connections with times 80235368Sgnn END 81235368Sgnn exit 1 82235368Sgnn esac 83235368Sgnndone 84235368Sgnn 85235368Sgnn 86235368Sgnn################################# 87235368Sgnn# --- Main Program, DTrace --- 88235368Sgnn# 89235368Sgnn/usr/sbin/dtrace -C -s <( print -r ' 90235368Sgnn#include <sys/file.h> 91235368Sgnn#include <sys/types.h> 92235368Sgnn#include <sys/byteorder.h> 93235368Sgnn#include <sys/socket.h> 94235368Sgnn#include <sys/socketvar.h> 95235368Sgnn 96235368Sgnn #pragma D option quiet 97235368Sgnn #pragma D option switchrate=10hz 98235368Sgnn 99235368Sgnn inline int OPT_time = '$opt_time'; 100235368Sgnn inline int OPT_timestr = '$opt_timestr'; 101235368Sgnn inline int OPT_zone = '$opt_zone'; 102235368Sgnn 103235368Sgnn /* 104235368Sgnn * Print header 105235368Sgnn */ 106235368Sgnn dtrace:::BEGIN 107235368Sgnn { 108235368Sgnn /* print optional headers */ 109235368Sgnn OPT_time ? printf("%-14s ", "TIME") : 1; 110235368Sgnn OPT_timestr ? printf("%-20s ", "TIMESTR") : 1; 111235368Sgnn OPT_zone ? printf("%-10s ", "ZONE") : 1; 112235368Sgnn 113235368Sgnn /* print header */ 114235368Sgnn printf("%5s %5s %-12s %4s %5s %s\n", 115235368Sgnn "UID", "PID", "CMD", "TYPE", "PORT", "IP_SOURCE"); 116235368Sgnn } 117235368Sgnn 118235368Sgnn /* 119235368Sgnn * TCP Process inbound connections 120235368Sgnn * 121235368Sgnn * 0x00200000 has been hardcoded. It was SS_TCP_FAST_ACCEPT, but was 122235368Sgnn * renamed to SS_DIRECT around build 31. 123235368Sgnn */ 124235368Sgnn fbt:sockfs:sotpi_accept:entry 125235368Sgnn /(arg1 & FREAD) && (arg1 & FWRITE) && (args[0]->so_state & 0x00200000)/ 126235368Sgnn { 127235368Sgnn self->sop = args[0]; 128235368Sgnn } 129235368Sgnn 130235368Sgnn fbt:sockfs:sotpi_create:return 131235368Sgnn /self->sop/ 132235368Sgnn { 133235368Sgnn self->nsop = (struct sonode *)arg1; 134235368Sgnn } 135235368Sgnn 136235368Sgnn 137235368Sgnn /* 138235368Sgnn * Probe TCP connections 139235368Sgnn */ 140235368Sgnn fbt:sockfs:sotpi_accept:return 141235368Sgnn /self->nsop/ 142235368Sgnn { 143235368Sgnn /* fetch connection details */ 144235368Sgnn this->tcpp = (tcp_t *)self->nsop->so_priv; 145235368Sgnn this->connp = (conn_t *)this->tcpp->tcp_connp; 146235368Sgnn 147235368Sgnn#if defined(_BIG_ENDIAN) 148235368Sgnn this->port0 = this->connp->u_port.tcpu_ports.tcpu_lport; 149235368Sgnn#else 150235368Sgnn this->port0 = BSWAP_16(this->connp->u_port.tcpu_ports.tcpu_lport); 151235368Sgnn#endif 152235368Sgnn this->rem12 = 153235368Sgnn (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12]; 154235368Sgnn this->rem13 = 155235368Sgnn (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13]; 156235368Sgnn this->rem14 = 157235368Sgnn (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14]; 158235368Sgnn this->rem15 = 159235368Sgnn (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15]; 160235368Sgnn 161235368Sgnn /* print optional fields */ 162235368Sgnn OPT_time ? printf("%-14d ", timestamp/1000) : 1; 163235368Sgnn OPT_timestr ? printf("%-20Y ", walltimestamp) : 1; 164235368Sgnn OPT_zone ? printf("%-10s ", zonename) : 1; 165235368Sgnn 166235368Sgnn /* print output line */ 167235368Sgnn printf("%5d %5d %-12s %4s %5d %d.%d.%d.%d\n", 168235368Sgnn uid, pid, execname, "tcp", this->port0, 169235368Sgnn this->rem12, this->rem13, this->rem14, this->rem15); 170235368Sgnn } 171235368Sgnn 172235368Sgnn fbt:sockfs:sotpi_accept:return 173235368Sgnn { 174235368Sgnn self->nsop = 0; 175235368Sgnn self->sop = 0; 176235368Sgnn } 177235368Sgnn') 178235368Sgnn 179