1#!/usr/bin/ksh
2#
3# connections - print inbound TCP connections by process.
4#               Written in DTrace (Solaris 10 3/05).
5#
6# This displays the PID and command name of the processes accepting 
7# connections, along with the source IP address and destination port number.
8#
9# $Id: connections 3 2007-08-01 10:50:08Z brendan $
10#
11# USAGE:	connections [-htvZ]
12#
13#		-t		# print timestamps, us
14#		-v		# print timestamps, string
15#		-Z		# print zonename
16#	eg,
17#		connections -v	# snoop connections with times
18#
19# FIELDS:
20#		UID		user ID of the server
21#		PID		process ID for the server
22#		CMD		server command name
23#		TIME		timestamp, us
24#		TIMESTR		timestamp, string
25#		PORT		server port
26#		IP_SOURCE	source IP of the client, written in IPv4 style
27#		ZONE		zonename
28#
29# SEE ALSO:	snoop 'tcp[13:1] = 0x02'	# snoop new connections
30#
31# COPYRIGHT: Copyright (c) 2005 Brendan Gregg.
32#
33# CDDL HEADER START
34#
35#  The contents of this file are subject to the terms of the
36#  Common Development and Distribution License, Version 1.0 only
37#  (the "License").  You may not use this file except in compliance
38#  with the License.
39#
40#  You can obtain a copy of the license at Docs/cddl1.txt
41#  or http://www.opensolaris.org/os/licensing.
42#  See the License for the specific language governing permissions
43#  and limitations under the License.
44#
45# CDDL HEADER END
46#
47# TODO: IPv6
48#
49# 10-Apr-2004	Brendan Gregg	Created this.
50# 23-May-2004	   "      "  	Fixed issues on SPARC.
51# 08-May-2005	   "      "  	Updated for newer Solaris 10.
52# 17-Jun-2005	   "      "	Rewrote, changed probes, wrapped in sh.
53# 04-Dec-2005	   "	  "	Changed tcp_accept_finish -> sotpi_accept
54# 20-Apr-2006	   "	  "	Fixed SS_TCP_FAST_ACCEPT bug in build 31+.
55# 20-Apr-2006	   "	  "	Last update.
56#
57
58
59##############################
60# --- Process Arguments ---
61#
62
63### Default variables
64opt_time=0; opt_timestr=0; opt_zone=0
65
66### Process options
67while getopts htvZ name
68do
69	case $name in
70	t)      opt_time=1 ;;
71	v)      opt_timestr=1 ;;
72	Z)      opt_zone=1 ;;
73	h|?)    cat <<-END >&2
74		USAGE: connections [-htvZ]
75			   -t              # print timestamps, us
76			   -v              # print timestamps, string
77			   -Z              # print zonename
78		  eg,
79		       connections -v      # snoop connections with times
80		END
81		exit 1
82	esac
83done
84
85
86#################################
87# --- Main Program, DTrace ---
88#
89/usr/sbin/dtrace -C -s <( print -r '
90#include <sys/file.h>
91#include <sys/types.h>
92#include <sys/byteorder.h>
93#include <sys/socket.h>
94#include <sys/socketvar.h>
95
96 #pragma D option quiet
97 #pragma D option switchrate=10hz
98
99 inline int OPT_time    = '$opt_time';
100 inline int OPT_timestr = '$opt_timestr';
101 inline int OPT_zone    = '$opt_zone';
102
103 /*
104  * Print header
105  */
106 dtrace:::BEGIN 
107 {
108        /* print optional headers */
109        OPT_time    ? printf("%-14s ", "TIME") : 1;
110        OPT_timestr ? printf("%-20s ", "TIMESTR") : 1;
111	OPT_zone    ? printf("%-10s ", "ZONE") : 1;
112
113	/* print header */
114	printf("%5s %5s %-12s %4s %5s %s\n",
115	    "UID", "PID", "CMD", "TYPE", "PORT", "IP_SOURCE");
116 }
117
118 /*
119  * TCP Process inbound connections
120  *
121  * 0x00200000 has been hardcoded. It was SS_TCP_FAST_ACCEPT, but was
122  * renamed to SS_DIRECT around build 31.
123  */
124 fbt:sockfs:sotpi_accept:entry
125 /(arg1 & FREAD) && (arg1 & FWRITE) && (args[0]->so_state & 0x00200000)/
126 {
127	self->sop = args[0];
128 }
129
130 fbt:sockfs:sotpi_create:return
131 /self->sop/
132 {
133	self->nsop = (struct sonode *)arg1;
134 }
135
136
137 /*
138  * Probe TCP connections
139  */
140 fbt:sockfs:sotpi_accept:return
141 /self->nsop/
142 {
143	/* fetch connection details */
144	this->tcpp = (tcp_t *)self->nsop->so_priv;
145	this->connp = (conn_t *)this->tcpp->tcp_connp;
146
147#if defined(_BIG_ENDIAN)
148	this->port0 = this->connp->u_port.tcpu_ports.tcpu_lport;
149#else
150	this->port0 = BSWAP_16(this->connp->u_port.tcpu_ports.tcpu_lport);
151#endif
152	this->rem12 = 
153	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12];
154	this->rem13 =
155	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13];
156	this->rem14 =
157	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14];
158	this->rem15 =
159	    (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15];
160
161        /* print optional fields */
162        OPT_time    ? printf("%-14d ", timestamp/1000) : 1;
163        OPT_timestr ? printf("%-20Y ", walltimestamp) : 1;
164	OPT_zone    ? printf("%-10s ", zonename) : 1;
165
166	/* print output line */
167	printf("%5d %5d %-12s %4s %5d %d.%d.%d.%d\n",
168	    uid, pid, execname, "tcp", this->port0, 
169	    this->rem12, this->rem13, this->rem14, this->rem15);
170 }
171
172 fbt:sockfs:sotpi_accept:return
173 {
174	self->nsop = 0;
175	self->sop = 0;
176 }
177')
178
179