1N/A# connections - print inbound TCP connections by process. 1N/A# Written in DTrace (Solaris 10 3/05). 1N/A# This displays the PID and command name of the processes accepting 1N/A# connections, along with the source IP address and destination port number. 1N/A# $Id: connections 3 2007-08-01 10:50:08Z brendan $ 1N/A# USAGE: connections [-htvZ] 1N/A# -t # print timestamps, us 1N/A# -v # print timestamps, string 1N/A# -Z # print zonename 1N/A# connections -v # snoop connections with times 1N/A# UID user ID of the server 1N/A# PID process ID for the server 1N/A# CMD server command name 1N/A# TIMESTR timestamp, string 1N/A# IP_SOURCE source IP of the client, written in IPv4 style 1N/A# SEE ALSO: snoop 'tcp[13:1] = 0x02' # snoop new connections 1N/A# COPYRIGHT: Copyright (c) 2005 Brendan Gregg. 1N/A# The contents of this file are subject to the terms of the 1N/A# Common Development and Distribution License, Version 1.0 only 1N/A# (the "License"). You may not use this file except in compliance 1N/A# See the License for the specific language governing permissions 1N/A# and limitations under the License. 1N/A# 10-Apr-2004 Brendan Gregg Created this. 1N/A# 23-May-2004 " " Fixed issues on SPARC. 1N/A# 08-May-2005 " " Updated for newer Solaris 10. 1N/A# 17-Jun-2005 " " Rewrote, changed probes, wrapped in sh. 1N/A# 04-Dec-2005 " " Changed tcp_accept_finish -> sotpi_accept 1N/A# 20-Apr-2006 " " Fixed SS_TCP_FAST_ACCEPT bug in build 31+. 1N/A# 20-Apr-2006 " " Last update. 1N/A############################## 1N/A# --- Process Arguments --- 1N/A### Default variables 1N/A USAGE: connections [-htvZ] 1N/A -t # print timestamps, us 1N/A -v # print timestamps, string 1N/A connections -v # snoop connections with times 1N/A################################# 1N/A# --- Main Program, DTrace --- 1N/A/usr/sbin/dtrace -C -s <( print -r ' 1N/A#include <sys/file.h> 1N/A#include <sys/types.h> 1N/A#include <sys/byteorder.h> 1N/A#include <sys/socket.h> 1N/A#include <sys/socketvar.h> 1N/A #pragma D option quiet 1N/A #pragma D option switchrate=10hz 1N/A inline int OPT_time = '$opt_time'; 1N/A inline int OPT_timestr = '$opt_timestr'; 1N/A inline int OPT_zone = '$opt_zone'; 1N/A /* print optional headers */ 1N/A OPT_time ? printf("%-14s ", "TIME") : 1; 1N/A OPT_timestr ? printf("%-20s ", "TIMESTR") : 1; 1N/A OPT_zone ? printf("%-10s ", "ZONE") : 1; 1N/A printf("%5s %5s %-12s %4s %5s %s\n", 1N/A "UID", "PID", "CMD", "TYPE", "PORT", "IP_SOURCE"); 1N/A * TCP Process inbound connections 1N/A * 0x00200000 has been hardcoded. It was SS_TCP_FAST_ACCEPT, but was 1N/A * renamed to SS_DIRECT around build 31. 1N/A fbt:sockfs:sotpi_accept:entry 1N/A /(arg1 & FREAD) && (arg1 & FWRITE) && (args[0]->so_state & 0x00200000)/ 1N/A self->sop = args[0]; 1N/A fbt:sockfs:sotpi_create:return 1N/A self->nsop = (struct sonode *)arg1; 1N/A * Probe TCP connections 1N/A fbt:sockfs:sotpi_accept:return 1N/A /* fetch connection details */ 1N/A this->tcpp = (tcp_t *)self->nsop->so_priv; 1N/A this->connp = (conn_t *)this->tcpp->tcp_connp; 1N/A#if defined(_BIG_ENDIAN) 1N/A this->port0 = this->connp->u_port.tcpu_ports.tcpu_lport; 1N/A this->port0 = BSWAP_16(this->connp->u_port.tcpu_ports.tcpu_lport); 1N/A (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12]; 1N/A (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13]; 1N/A (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14]; 1N/A (uint8_t)this->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15]; 1N/A /* print optional fields */ 1N/A OPT_time ? printf("%-14d ", timestamp/1000) : 1; 1N/A OPT_timestr ? printf("%-20Y ", walltimestamp) : 1; 1N/A OPT_zone ? printf("%-10s ", zonename) : 1; 1N/A /* print output line */ 1N/A printf("%5d %5d %-12s %4s %5d %d.%d.%d.%d\n", 1N/A uid, pid, execname, "tcp", this->port0, 1N/A this->rem12, this->rem13, this->rem14, this->rem15); 1N/A fbt:sockfs:sotpi_accept:return