Dan,
I was helping a student write this simple Dscript to track traffic
between zones on a single host.
It should work in your case as well I guess. You may need to tweak it a bit.
Regards,
Sanjeev.
Rajagopal Kunhappan wrote:
A quick check on google reveals a loopback dtrace script. Check and see
if it still works.
http://forum.java.sun.com/thread.jspa?threadID=5075493&messageID=9366651
Otherwise use the Clearview bits if it is possible.
-krgopi
Dan McDonald wrote:
On Thu, Aug 30, 2007 at 10:18:22AM -0700, Joseph Freemaker wrote:
Want to capture (for specific port #s) the loopback interface (lo0) tcp message
flow with the complete message body.
Is this possible with DTrace?
No.
Your best bet in this regard is Project Clearview, which will, among many
other things, allow the snooping of loopback. Check out their page here:
http://www.opensolaris.org/os/project/clearview/
Dan
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
--
Solaris Revenue Products Engineering,
India Engineering Center,
Sun Microsystems India Pvt Ltd.
Tel: x27521 +91 80 669 27521
#!/usr/sbin/dtrace -Cs
#include <netinet/in.h>
#pragma D option quiet
#define IPH_HDR_LENGTH(ipha) \
((int)(((ipha_t *)ipha)->ipha_version_and_hdr_length & 0xF) << 2)
#define PORT(port) \
((((ulong_t)port[0]) << 8) + port[1])
#define SEQ(seq) \
(ulong_t)(((ulong_t) seq[0]) << 24 | \
((ulong_t) seq[1]) << 16 | \
((ulong_t) seq[2]) << 8 | \
((ulong_t) seq[3]))
fbt:ip:ip_wput_local:entry
{
self->ipha = (ipha_t *) arg2;
printf("SRC 0x%x DST 0x%x PROT 0x%x ",
self->ipha->ipha_src, self->ipha->ipha_dst,
self->ipha->ipha_protocol);
self->ipha_protocol = self->ipha->ipha_protocol;
self->local = 1;
}
fbt:ip:ip_wput_local:return
/self->local == 1/
{
self->local = 0;
}
fbt:ip:ip_wput_local:entry
/self->local == 1 && self->ipha_protocol == IPPROTO_TCP/
{
mp = (mblk_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len];
lport = PORT(tcph->th_lport);
fport = PORT(tcph->th_fport);
printf("TCP lport 0x%x fport 0x%x Seq 0x%lx Ack 0x%lx Flags 0x%x\n",
lport, fport,
SEQ(tcph->th_seq),
SEQ(tcph->th_ack),
tcph->th_flags[0]);
}
fbt:ip:ip_wput_local:entry
/self->local == 1 && self->ipha_protocol == IPPROTO_UDP/
{
mp = (mblk_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
udph = (struct udphdr *)&mp->b_rptr[ip_hdr_len];
printf("UDP sport 0x%x dport 0x%x len 0x%x\n",
ntohs(udph->uh_sport), ntohs(udph->uh_dport),
ntohs(udph->uh_ulen));
}
/*
fbt:ip:ip_fanout_udp:entry
/self->local && self->ipha_protocol == IPPROTO_UDP/
{
mp = (mblk_t *) arg1;
ipha = (ipha_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
ports = (uint32_t) arg4;
dstport = htons(ntohl(ports) & 0xFFFF);
srcport = htons(ntohl(ports) >> 16);
printf("UDP SRC 0x%x port=0x%x DST 0x%x port=0x%x \n",
ipha->ipha_src, srcport, ipha->ipha_dst, dstport);
}
*/
fbt:ip:ip_wput_local:entry
/self->local == 1 && self->ipha_protocol == IPPROTO_ICMP/
{
mp = (mblk_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
this->ipha = (ipha_t *) arg2;
icmph = (icmph_t *)&mp->b_rptr[ip_hdr_len];
printf("ICMP SRC 0x%x DST 0x%x Type : 0x%x\n",
this->ipha->ipha_src, this->ipha->ipha_dst,
icmph->icmph_type);
}
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
