connections revision 272461
1#!/usr/bin/ksh 2# 3# connections - print inbound TCP connections by process. 4# Written in DTrace (Solaris 10 3/05). 5# 6# This displays the PID and command name of the processes accepting 7# connections, along with the source IP address and destination port number. 8# 9# $Id: connections 3 2007-08-01 10:50:08Z brendan $ 10# 11# USAGE: connections [-htvZ] 12# 13# -t # print timestamps, us 14# -v # print timestamps, string 15# -Z # print zonename 16# eg, 17# connections -v # snoop connections with times 18# 19# FIELDS: 20# UID user ID of the server 21# PID process ID for the server 22# CMD server command name 23# TIME timestamp, us 24# TIMESTR timestamp, string 25# PORT server port 26# IP_SOURCE source IP of the client, written in IPv4 style 27# ZONE zonename 28# 29# SEE ALSO: snoop 'tcp[13:1] = 0x02' # snoop new connections 30# 31# COPYRIGHT: Copyright (c) 2005 Brendan Gregg. 32# 33# CDDL HEADER START 34# 35# The contents of this file are subject to the terms of the 36# Common Development and Distribution License, Version 1.0 only 37# (the "License"). You may not use this file except in compliance 38# with the License. 39# 40# You can obtain a copy of the license at Docs/cddl1.txt 41# or http://www.opensolaris.org/os/licensing. 42# See the License for the specific language governing permissions 43# and limitations under the License. 44# 45# CDDL HEADER END 46# 47# TODO: IPv6 48# 49# 10-Apr-2004 Brendan Gregg Created this. 50# 23-May-2004 " " Fixed issues on SPARC. 51# 08-May-2005 " " Updated for newer Solaris 10. 52# 17-Jun-2005 " " Rewrote, changed probes, wrapped in sh. 53# 04-Dec-2005 " " Changed tcp_accept_finish -> sotpi_accept 54# 20-Apr-2006 " " Fixed SS_TCP_FAST_ACCEPT bug in build 31+. 55# 20-Apr-2006 " " Last update. 56# 57 58 59############################## 60# --- Process Arguments --- 61# 62 63### Default variables 64opt_time=0; opt_timestr=0; opt_zone=0 65 66### Process options 67while getopts htvZ name 68do 69 case $name in 70 t) opt_time=1 ;; 71 v) opt_timestr=1 ;; 72 Z) opt_zone=1 ;; 73 h|?) cat <<-END >&2 74 USAGE: connections [-htvZ] 75 -t # print timestamps, us 76 -v # print timestamps, string 77 -Z # print zonename 78 eg, 79 connections -v # snoop connections with times 80 END 81 exit 1 82 esac 83done 84 85 86################################# 87# --- Main Program, DTrace --- 88# 89/usr/sbin/dtrace -C -s <( print -r ' 90#include <sys/file.h> 91#include <sys/types.h> 92#include <sys/byteorder.h> 93#include <sys/socket.h> 94#include <sys/socketvar.h> 95 96 #pragma D option quiet 97 #pragma D option switchrate=10hz 98 99 inline int OPT_time = '$opt_time'; 100 inline int OPT_timestr = '$opt_timestr'; 101 inline int OPT_zone = '$opt_zone'; 102 103 /* 104 * Print header 105 */ 106 dtrace:::BEGIN 107 { 108 /* print optional headers */ 109 OPT_time ? printf("%-14s ", "TIME") : 1; 110 OPT_timestr ? printf("%-20s ", "TIMESTR") : 1; 111 OPT_zone ? printf("%-10s ", "ZONE") : 1; 112 113 /* print header */ 114 printf("%5s %5s %-12s %4s %5s %s\n", 115 "UID", "PID", "CMD", "TYPE", "PORT", "IP_SOURCE"); 116 } 117 118 /* 119 * TCP Process inbound connections 120 * 121 * 0x00200000 has been hardcoded. It was SS_TCP_FAST_ACCEPT, but was 122 * renamed to SS_DIRECT around build 31. 123 */ 124 fbt:sockfs:sotpi_accept:entry 125 /(arg1 & FREAD) && (arg1 & FWRITE) && (args[0]->so_state & 0x00200000)/ 126 { 127 self->sop = args[0]; 128 } 129 130 fbt:sockfs:sotpi_create:return 131 /self->sop/ 132 { 133 self->nsop = (struct sonode *)arg1; 134 } 135 136 137 /* 138 * Probe TCP connections 139 */ 140 fbt:sockfs:sotpi_accept:return 141 /self->nsop/ 142 { 143 /* fetch connection details */ 144 this->tcpp = (tcp_t *)self->nsop->so_priv; 145 this->connp = (conn_t *)this->tcpp->tcp_connp; 146 147#if defined(_BIG_ENDIAN) 148 this->port0 = this->connp->u_port.tcpu_ports.tcpu_lport; 149#else 150 this->port0 = BSWAP_16(this->connp->u_port.tcpu_ports.tcpu_lport); 151#endif 152 this->rem12 = 153 (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12]; 154 this->rem13 = 155 (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13]; 156 this->rem14 = 157 (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14]; 158 this->rem15 = 159 (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15]; 160 161 /* print optional fields */ 162 OPT_time ? printf("%-14d ", timestamp/1000) : 1; 163 OPT_timestr ? printf("%-20Y ", walltimestamp) : 1; 164 OPT_zone ? printf("%-10s ", zonename) : 1; 165 166 /* print output line */ 167 printf("%5d %5d %-12s %4s %5d %d.%d.%d.%d\n", 168 uid, pid, execname, "tcp", this->port0, 169 this->rem12, this->rem13, this->rem14, this->rem15); 170 } 171 172 fbt:sockfs:sotpi_accept:return 173 { 174 self->nsop = 0; 175 self->sop = 0; 176 } 177') 178 179