Joachim Worringen
2009-Mar-26 14:48 UTC
[dtrace-discuss] all variants of tcpsnoop fails on snv107
Greetings, I''m using DTT 0.99 on a snv_107 box, and tcpsnoop fails in all variants (tcptop in the same way). Couldn''t find related postings - is this a new problem? thanks, Joachim root at sunf-7:/opt/DTT/Net# uname -a SunOS sunf-7 5.11 snv107 i86pc i386 i86pc root at sunf-7:/opt/DTT/Net# ./tcpsnoop "/usr/include/sys/modctl.h", line 317: major: argument mismatch dtrace: failed to compile script /dev/fd/11: "/usr/include/sys/modctl.h", line 317: syntax error near "1" root at sunf-7:/opt/DTT/Net# ./tcpsnoop_snv "/usr/include/sys/modctl.h", line 317: major: argument mismatch dtrace: failed to compile script /dev/fd/11: "/usr/include/sys/modctl.h", line 317: syntax error near "1" root at sunf-7:/opt/DTT/Net# ./tcpsnoop.d dtrace: failed to compile script ./tcpsnoop.d: line 210: failed to resolve `tcp_g_q: Unknown symbol name root at sunf-7:/opt/DTT/Net# ./tcpsnoop_snv.d dtrace: failed to compile script ./tcpsnoop_snv.d: line 214: conn_tcp is not a member of struct conn_s -- Joachim Worringen, Software Architect, Dolphin Interconnect Solutions phone ++49/(0)228/324 08 17 - http://www.dolphinics.com
rickey c weisner
2009-Mar-29 14:37 UTC
[dtrace-discuss] all variants of tcpsnoop fails on snv107
Re-sending. Joachim, I do not have a solution to your tcpsnoop issues. Basically when Solaris changes the way the tcp stack works in the kernel, tcpsnoop gets broken. But If ipqos, IP Quality of Service, is activated with the attached ipqosinit.conf, then you can use the attached flow.d to monitor per connection traffic. Right now it is setup for Little Endian ipv4 traffic. ipv6 will have to wait for another version. rick -- Rickey C. Weisner Software Development and Performance Specialist Principal Field Technologist Systems Quality Office cell phone: 615-308-1147 email: rick.weisner at sun.com -------------- next part -------------- #!/usr/sbin/dtrace -Cs /* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [2009] [Sun Microsystems] * * CDDL HEADER END */ #pragma D option bufsize=512K #pragma D option aggsize=512K #include <sys/exacct_impl.h> /* ipv4 */ fbt:flowacct:flowacct_update_flows_tbl:entry / args[0]->isv4 == 1 / { /* ************************************************** Argument Types args[0]: header_t * args[1]: flowacct_data_t * *************************************************** */ header_ptr=args[0]; flowacct_data_ptr=args[1]; /* Big Endian this->sbyte3 = (header_ptr->saddr._S6_un._S6_u32[3] & 0xff000000) >> 24; this->sbyte2 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x00ff0000) >> 16; this->sbyte1 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x0000ff00) >> 8; this->sbyte0 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x000000ff); this->dbyte3 = (header_ptr->daddr._S6_un._S6_u32[3] & 0xff000000) >> 24; this->dbyte2 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x00ff0000) >> 16; this->dbyte1 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x0000ff00) >> 8; this->dbyte0 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x000000ff); */ /* Little Endian */ this->sbyte0 = (header_ptr->saddr._S6_un._S6_u32[3] & 0xff000000) >> 24; this->sbyte1 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x00ff0000) >> 16; this->sbyte2 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x0000ff00) >> 8; this->sbyte3 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x000000ff); this->dbyte0 = (header_ptr->daddr._S6_un._S6_u32[3] & 0xff000000) >> 24; this->dbyte1 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x00ff0000) >> 16; this->dbyte2 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x0000ff00) >> 8; this->dbyte3 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x000000ff); /* end endian */ @bytes[this->sbyte3, this->sbyte2, this->sbyte1, this->sbyte0 ,header_ptr->sport,this->dbyte3, this->dbyte2, this->dbyte1, this->dbyte0,header_ptr->dport, header_ptr->proto] = sum(header_ptr->pktlen); @pkts[this->sbyte3, this->sbyte2, this->sbyte1, this->sbyte0 ,header_ptr->sport,this->dbyte3, this->dbyte2, this->dbyte1, this->dbyte0,header_ptr->dport, header_ptr->proto] = count(); } tick-1sec { normalize(@bytes,1024); printf("\n Date: %Y \n", walltimestamp); printf("host \t \t \t port \t remote \t \t port \t \t \t protocol \n"); printa("%03d.%03d.%03d.%03d \t %d \t %03d.%03d.%03d.%03d \t %d \t \t %d \t KBbytes= %@d \n", @bytes); printa("%03d.%03d.%03d.%03d \t %d \t %03d.%03d.%03d.%03d \t %d \t \t %d \t pkts= %@d \n", @pkts); clear(@bytes); clear(@pkts); trunc(@bytes,0); trunc(@pkts,0); } -------------- next part -------------- # Mandatory file format version identifier. fmt_version 1.0 # Meter traffic from application (identified by source port myport) to # somehost.somedomain, where somehost.somedomain is a valid hostname/IP address. # Mark a packet with AF11 if it does not exceed the committed burst, AF12 if it # exceeds committed burst, but not excess burst and AF13 if it exceeds the # excess burst. action { module ipgpc # Name must be ipgpc.classify for ipgpc action. name ipgpc.classify params { global_stats true } filter { name tcpfilter protocol tcp class allclass } filter { name udpfilter protocol udp class allclass } class { name allclass next_action acct enable_stats true } } # Account packets action { module flowacct name acct params { global_stats true next_action continue # Timeout flows if packets not seen for at least 10 secs. timeout 1000 # Scan the flow table every 10 secs for removing timed out flows. timer 5000 # Limit number of flow records in the table to . max_limit 2048 } }
Joachim Worringen
2009-Mar-30 06:43 UTC
[dtrace-discuss] all variants of tcpsnoop fails on snv107
rickey c weisner wrote:> Joachim, > I do not have a solution to your tcpsnoop issues. Basically when Solaris > changes the way the tcp stack works in the kernel, tcpsnoop gets broken.O.k., I''ll have a second look, maybe I can get it to work without too much hassle. Just wanted to check before.> But > If ipqos, IP Quality of Service, is activated with the attached ipqosinit.conf, > then you can use the attached flow.d to monitor per connection traffic. > Right it not it is setup for Little Endian ipv4 traffic. ipv6 will have > to wait for another version.Thanks! Joachim -- Joachim Worringen, Software Architect, Dolphin Interconnect Solutions phone ++49/(0)228/324 08 17 - http://www.dolphinics.com