1 # -*- tab-width: 4 -*- ;; Emacs
2 # vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM
3 ############################################################ IDENT(1)
5 # $Title: dwatch(8) module for dtrace_tcp(4) connections $
6 # $Copyright: 2014-2018 Devin Teske. All rights reserved. $
9 ############################################################ DESCRIPTION
11 # Display local/remote TCP addresses/ports and bytes sent/received for TCP I/O
13 ############################################################ PROBE
18 tcp:::accept-established, \
19 tcp:::accept-refused, \
20 tcp:::connect-established, \
21 tcp:::connect-refused, \
22 tcp:::connect-request, \
25 tcp:::state-change )} ;;
27 : ${PROBE:=tcp:::accept-established, tcp:::accept-refused} ;;
30 tcp:::connect-established, \
31 tcp:::connect-refused, \
32 tcp:::connect-request )} ;;
34 : ${PROBE:=tcp:::accept-established, tcp:::connect-established} ;;
37 tcp:::accept-established, \
38 tcp:::accept-refused, \
39 tcp:::connect-established, \
40 tcp:::connect-refused, \
41 tcp:::connect-request )} ;;
43 : ${PROBE:=tcp:::send, tcp:::receive} ;;
45 : ${PROBE:=tcp:::accept-refused, tcp:::connect-refused} ;;
48 tcp:::accept-established, \
49 tcp:::accept-refused, \
50 tcp:::connect-established, \
51 tcp:::connect-refused, \
52 tcp:::connect-request, \
53 tcp:::state-change )} ;;
55 : ${PROBE:=tcp:::${PROFILE#tcp-}}
58 ############################################################ ACTIONS
61 this int32_t from_state;
62 this int32_t to_state;
74 inline string probeflow[string name] =
75 name == "accept-established" ? "<-" :
76 name == "accept-refused" ? "X-" :
77 name == "connect-refused" ? "-X" :
78 name == "connect-request" ? "-?" :
79 name == "receive" ? "<-" :
82 inline u_char srclocal[string name] =
83 name == "accept-refused" ? 1 :
84 name == "connect-request" ? 1 :
89 * TCPSTATES from <sys/netinet/tcp_fsm.h> used by netstat(1)
91 inline string tcpstate[int32_t state] =
92 state == TCPS_CLOSED ? "CLOSED" :
93 state == TCPS_LISTEN ? "LISTEN" :
94 state == TCPS_SYN_SENT ? "SYN_SENT" :
95 state == TCPS_SYN_RECEIVED ? "SYN_RCVD" :
96 state == TCPS_ESTABLISHED ? "ESTABLISHED" :
97 state == TCPS_CLOSE_WAIT ? "CLOSE_WAIT" :
98 state == TCPS_FIN_WAIT_1 ? "FIN_WAIT_1" :
99 state == TCPS_CLOSING ? "CLOSING" :
100 state == TCPS_LAST_ACK ? "LAST_ACK" :
101 state == TCPS_FIN_WAIT_2 ? "FIN_WAIT_2" :
102 state == TCPS_TIME_WAIT ? "TIME_WAIT" :
103 strjoin("UNKNOWN(", strjoin(lltostr(state), ")"));
105 $PROBE /* probe ID $ID */
113 this->flow = probeflow[probename];
116 tcp:::accept-established,
117 tcp:::accept-refused,
118 tcp:::connect-established,
119 tcp:::connect-refused,
120 tcp:::connect-request,
122 tcp:::send /* probe ID $(( $ID + 1 )) */
124 printf("<$(( $ID + 1 ))>");
129 this->slocal = srclocal[probename];
134 this->local = this->slocal ? args[2]->ip_saddr : args[2]->ip_daddr;
135 this->remote = this->slocal ? args[2]->ip_daddr : args[2]->ip_saddr;
140 this->lport = this->slocal ? args[4]->tcp_sport : args[4]->tcp_dport;
141 this->rport = this->slocal ? args[4]->tcp_dport : args[4]->tcp_sport;
146 this->local6 = strstr(this->local, ":") != NULL ? 1 : 0;
147 this->remote6 = strstr(this->remote, ":") != NULL ? 1 : 0;
148 this->local = strjoin(strjoin(this->local6 ? "[" : "",
149 this->local), this->local6 ? "]" : "");
150 this->remote = strjoin(strjoin(this->remote6 ? "[" : "",
151 this->remote), this->remote6 ? "]" : "");
154 tcp:::state-change /* probe ID $(( $ID + 2 )) */
156 printf("<$(( $ID + 2 ))>");
161 this->local = args[3]->tcps_laddr;
162 this->lport = (uint16_t)args[3]->tcps_lport;
163 this->remote = args[3]->tcps_raddr;
164 this->rport = (uint16_t)args[3]->tcps_rport;
165 this->to_state = (int32_t)args[3]->tcps_state;
170 this->from_state = (int32_t)args[5]->tcps_state;
172 /* flow = "[from state]->[to state]" */
173 this->flow = strjoin(tcpstate[this->from_state],
174 strjoin("->", tcpstate[this->to_state]));
177 tcp:::send, tcp:::receive /* pribe ID $(( $ID + 3 )) */
179 printf("<$(( $ID + 3 ))>");}
180 this->length = (uint32_t)args[2]->ip_plength -
181 (uint8_t)args[4]->tcp_offset;
183 /* details = " <length> byte<s>" */
184 this->details = strjoin(
185 strjoin(" ", lltostr(this->length)),
186 strjoin(" byte", this->length == 1 ? "" : "s"));
192 ############################################################ EVENT DETAILS
194 if [ ! "$CUSTOM_DETAILS" ]; then
199 printf("%s:%u %s %s:%u%s",
200 this->local, this->lport,
202 this->remote, this->rport,
205 EVENT_DETAILS=$( cat <&9 )
208 ################################################################################
210 ################################################################################