thr3ads.net - dtrace discuss - [dtrace-discuss] all variants of tcpsnoop fails on snv107 [Mar 2009]

If this information is useful, please help other people find it:
Share via:

Joachim Worringen

2009-Mar-26 14:48 UTC

[dtrace-discuss] all variants of tcpsnoop fails on snv107

Greetings,

I''m using DTT 0.99 on a snv_107 box, and tcpsnoop fails in all variants
(tcptop in the same way). Couldn''t find related postings - is this a
new
problem?

  thanks, Joachim

root at sunf-7:/opt/DTT/Net# uname -a
SunOS sunf-7 5.11 snv107 i86pc i386 i86pc

root at sunf-7:/opt/DTT/Net# ./tcpsnoop
"/usr/include/sys/modctl.h", line 317: major: argument mismatch
dtrace: failed to compile script /dev/fd/11: 
"/usr/include/sys/modctl.h", line 317: syntax error near "1"
root at sunf-7:/opt/DTT/Net# ./tcpsnoop_snv
"/usr/include/sys/modctl.h", line 317: major: argument mismatch
dtrace: failed to compile script /dev/fd/11: 
"/usr/include/sys/modctl.h", line 317: syntax error near "1"
root at sunf-7:/opt/DTT/Net# ./tcpsnoop.d
dtrace: failed to compile script ./tcpsnoop.d: line 210: failed to 
resolve `tcp_g_q: Unknown symbol name
root at sunf-7:/opt/DTT/Net# ./tcpsnoop_snv.d
dtrace: failed to compile script ./tcpsnoop_snv.d: line 214: conn_tcp is 
not a member of struct conn_s

-- 
Joachim Worringen, Software Architect, Dolphin Interconnect Solutions
phone ++49/(0)228/324 08 17 - http://www.dolphinics.com

rickey c weisner

2009-Mar-29 14:37 UTC

head link

[dtrace-discuss] all variants of tcpsnoop fails on snv107

Re-sending.

Joachim,
I do not have a solution to your tcpsnoop issues. Basically when Solaris
changes the way the tcp stack works in the kernel, tcpsnoop gets broken.

But
If ipqos, IP Quality of Service, is activated with the attached ipqosinit.conf, 
then you can use the attached flow.d to monitor per connection traffic.
Right now it is setup for Little Endian ipv4 traffic. ipv6 will have
to wait for another version.

rick


-- 

Rickey C. Weisner 
Software Development and Performance Specialist 
Principal Field Technologist
Systems Quality Office
cell phone: 615-308-1147
email: rick.weisner at sun.com
-------------- next part --------------
#!/usr/sbin/dtrace -Cs 
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [2009] [Sun Microsystems]
 *
 * CDDL HEADER END
 */

#pragma D option bufsize=512K
#pragma D option aggsize=512K


#include <sys/exacct_impl.h>

/* ipv4 */
fbt:flowacct:flowacct_update_flows_tbl:entry
/ args[0]->isv4 == 1 /
{
/*  **************************************************
        Argument Types
                args[0]: header_t *
                args[1]: flowacct_data_t *
*************************************************** */
header_ptr=args[0];
flowacct_data_ptr=args[1];
/* Big Endian 
this->sbyte3 = (header_ptr->saddr._S6_un._S6_u32[3] & 0xff000000)
>> 24;
this->sbyte2 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x00ff0000)
>> 16;
this->sbyte1 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x0000ff00)
>> 8;
this->sbyte0 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x000000ff);
this->dbyte3 = (header_ptr->daddr._S6_un._S6_u32[3] & 0xff000000)
>> 24;
this->dbyte2 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x00ff0000)
>> 16;
this->dbyte1 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x0000ff00)
>> 8;
this->dbyte0 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x000000ff);
*/
/* Little Endian */
this->sbyte0 = (header_ptr->saddr._S6_un._S6_u32[3] & 0xff000000)
>> 24;
this->sbyte1 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x00ff0000)
>> 16;
this->sbyte2 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x0000ff00)
>> 8;
this->sbyte3 = (header_ptr->saddr._S6_un._S6_u32[3] & 0x000000ff);
this->dbyte0 = (header_ptr->daddr._S6_un._S6_u32[3] & 0xff000000)
>> 24;
this->dbyte1 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x00ff0000)
>> 16;
this->dbyte2 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x0000ff00)
>> 8;
this->dbyte3 = (header_ptr->daddr._S6_un._S6_u32[3] & 0x000000ff);
 /* end endian */

@bytes[this->sbyte3, this->sbyte2, this->sbyte1, this->sbyte0
,header_ptr->sport,this->dbyte3, this->dbyte2, this->dbyte1,
this->dbyte0,header_ptr->dport, header_ptr->proto] =
sum(header_ptr->pktlen);
@pkts[this->sbyte3, this->sbyte2, this->sbyte1, this->sbyte0
,header_ptr->sport,this->dbyte3, this->dbyte2, this->dbyte1,
this->dbyte0,header_ptr->dport, header_ptr->proto] = count();
}

tick-1sec
        {
	        normalize(@bytes,1024);
                printf("\n Date: %Y \n", walltimestamp);
                printf("host \t \t \t port \t remote \t \t port  \t \t \t
protocol \n");
                printa("%03d.%03d.%03d.%03d  \t %d \t %03d.%03d.%03d.%03d
\t %d   \t \t %d \t KBbytes= %@d \n", @bytes);
                printa("%03d.%03d.%03d.%03d  \t %d \t %03d.%03d.%03d.%03d
\t %d   \t \t %d \t pkts= %@d \n", @pkts);
                clear(@bytes);
                clear(@pkts);
                trunc(@bytes,0);
                trunc(@pkts,0);
        }
-------------- next part --------------
# Mandatory file format version identifier.
fmt_version 1.0

# Meter traffic from application (identified by source port myport) to
# somehost.somedomain, where somehost.somedomain is a valid hostname/IP address.
# Mark a packet with AF11 if it does not exceed the committed burst, AF12 if it
# exceeds committed burst, but not excess burst and AF13 if it exceeds the
# excess burst.
action {
        module ipgpc
	# Name must be ipgpc.classify for ipgpc action.
	name ipgpc.classify
        params {
                global_stats true
        }
        filter {
               name tcpfilter
               protocol tcp
               class allclass
        }
        filter {
               name udpfilter
               protocol udp
               class allclass
        }
        class {
                name allclass
                next_action acct
                enable_stats true
        }
}

# Account packets 
action {
   module flowacct
   name acct
   params {
      global_stats true
      next_action continue
      # Timeout flows if packets not seen for at least 10 secs.
      timeout 1000
      # Scan the flow table every 10 secs for removing timed out flows.
      timer   5000
      # Limit number of flow records in the table to .
      max_limit 2048
   }
}

Joachim Worringen

2009-Mar-30 06:43 UTC

head link

[dtrace-discuss] all variants of tcpsnoop fails on snv107

rickey c weisner wrote:> Joachim,
> I do not have a solution to your tcpsnoop issues. Basically when Solaris
> changes the way the tcp stack works in the kernel, tcpsnoop gets broken.
O.k., I''ll have a second look, maybe I can get it to work without too 
much hassle. Just wanted to check before.
> But
> If ipqos, IP Quality of Service, is activated with the attached
ipqosinit.conf,
> then you can use the attached flow.d to monitor per connection traffic.
> Right it not it is setup for Little Endian ipv4 traffic. ipv6 will have
> to wait for another version.
Thanks!

  Joachim

-- 
Joachim Worringen, Software Architect, Dolphin Interconnect Solutions
phone ++49/(0)228/324 08 17 - http://www.dolphinics.com

dtrace discuss - Mar 2009 - all variants of tcpsnoop fails on snv107

[dtrace-discuss] all variants of tcpsnoop fails on snv107

[dtrace-discuss] all variants of tcpsnoop fails on snv107

[dtrace-discuss] all variants of tcpsnoop fails on snv107