Re: [dtrace-discuss] Capture of loopback interface messages
On Thu, Aug 30, 2007 at 01:29:40PM -0400, Dan McDonald wrote: > On Thu, Aug 30, 2007 at 10:18:22AM -0700, Joseph Freemaker wrote: > > Want to capture (for specific port #s) the loopback interface (lo0) tcp > > message flow with the complete message body. > > > > Is this possible with DTrace? > > No. This is possible with DTrace - it is just hard to do (which I'm sure Dan knows). The DTrace Network provider project will make it much easier (once it is integrated), the prototype of which was tracing loopback traffic almost a year ago. > Your best bet in this regard is Project Clearview, which will, among many > other things, allow the snooping of loopback. Check out their page here: > > http://www.opensolaris.org/os/project/clearview/ Yes, this probably is your best bet if you want to type, snoop -o out port # and then process the file afterwards (which is handy to do). Brendan -- Brendan [CA, USA] ___ dtrace-discuss mailing list dtrace-discuss@opensolaris.org
Re: [dtrace-discuss] Capture of loopback interface messages
Dan,
I was helping a student write this simple Dscript to track traffic
between zones on a single host.
It should work in your case as well I guess. You may need to tweak it a bit.
Regards,
Sanjeev.
Rajagopal Kunhappan wrote:
A quick check on google reveals a loopback dtrace script. Check and see
if it still works.
http://forum.java.sun.com/thread.jspa?threadID=5075493&messageID=9366651
Otherwise use the Clearview bits if it is possible.
-krgopi
Dan McDonald wrote:
On Thu, Aug 30, 2007 at 10:18:22AM -0700, Joseph Freemaker wrote:
Want to capture (for specific port #s) the loopback interface (lo0) tcp message
flow with the complete message body.
Is this possible with DTrace?
No.
Your best bet in this regard is Project Clearview, which will, among many
other things, allow the snooping of loopback. Check out their page here:
http://www.opensolaris.org/os/project/clearview/
Dan
___
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
___
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
--
Solaris Revenue Products Engineering,
India Engineering Center,
Sun Microsystems India Pvt Ltd.
Tel:x27521 +91 80 669 27521
#!/usr/sbin/dtrace -Cs
#include
#pragma D option quiet
#define IPH_HDR_LENGTH(ipha)\
((int)(((ipha_t *)ipha)->ipha_version_and_hdr_length & 0xF) << 2)
#define PORT(port) \
ulong_t)port[0]) << 8) + port[1])
#define SEQ(seq) \
(ulong_t)(((ulong_t) seq[0]) << 24 | \
((ulong_t) seq[1]) << 16 | \
((ulong_t) seq[2]) << 8 | \
((ulong_t) seq[3]))
fbt:ip:ip_wput_local:entry
{
self->ipha = (ipha_t *) arg2;
printf("SRC 0x%x DST 0x%x PROT 0x%x ",
self->ipha->ipha_src, self->ipha->ipha_dst,
self->ipha->ipha_protocol);
self->ipha_protocol = self->ipha->ipha_protocol;
self->local = 1;
}
fbt:ip:ip_wput_local:return
/self->local == 1/
{
self->local = 0;
}
fbt:ip:ip_wput_local:entry
/self->local == 1 && self->ipha_protocol == IPPROTO_TCP/
{
mp = (mblk_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
tcph = (tcph_t *)&mp->b_rptr[ip_hdr_len];
lport = PORT(tcph->th_lport);
fport = PORT(tcph->th_fport);
printf("TCP lport 0x%x fport 0x%x Seq 0x%lx Ack 0x%lx Flags 0x%x\n",
lport, fport,
SEQ(tcph->th_seq),
SEQ(tcph->th_ack),
tcph->th_flags[0]);
}
fbt:ip:ip_wput_local:entry
/self->local == 1 && self->ipha_protocol == IPPROTO_UDP/
{
mp = (mblk_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
udph = (struct udphdr *)&mp->b_rptr[ip_hdr_len];
printf("UDP sport 0x%x dport 0x%x len 0x%x\n",
ntohs(udph->uh_sport), ntohs(udph->uh_dport),
ntohs(udph->uh_ulen));
}
/*
fbt:ip:ip_fanout_udp:entry
/self->local && self->ipha_protocol == IPPROTO_UDP/
{
mp = (mblk_t *) arg1;
ipha = (ipha_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
ports = (uint32_t) arg4;
dstport = htons(ntohl(ports) & 0x);
srcport = htons(ntohl(ports) >> 16);
printf("UDP SRC 0x%x port=0x%x DST 0x%x port=0x%x \n",
ipha->ipha_src, srcport, ipha->ipha_dst, dstport);
}
*/
fbt:ip:ip_wput_local:entry
/self->local == 1 && self->ipha_protocol == IPPROTO_ICMP/
{
mp = (mblk_t *) arg3;
ip_hdr_len = IPH_HDR_LENGTH(mp->b_rptr);
this->ipha = (ipha_t *) arg2;
icmph = (icmph_t *)&mp->b_rptr[ip_hdr_len];
printf("ICMP SRC 0x%x DST 0x%x Type : 0x%x\n",
this->ipha->ipha_src, this->ipha->ipha_dst,
icmph->icmph_type);
}
___
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
Re: [dtrace-discuss] Capture of loopback interface messages
Pierre-Olivier Gaillard writes: > That's a coincidence. This morning I tried to do "snoop -d lo0" and it > wouldn't work. > > Is it really impossible to just snoop on loopback as you would on Linux with > wireshark or tcpdump ? Yes. That's why this feature is being added by the Clearview project. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ dtrace-discuss mailing list dtrace-discuss@opensolaris.org
Re: [dtrace-discuss] Capture of loopback interface messages
That's a coincidence. This morning I tried to do "snoop -d lo0" and it wouldn't work. Is it really impossible to just snoop on loopback as you would on Linux with wireshark or tcpdump ? Anyway, thanks for the dtrace pointer. On 8/30/07, Rajagopal Kunhappan <[EMAIL PROTECTED]> wrote: > > A quick check on google reveals a loopback dtrace script. Check and see > if it still works. > http://forum.java.sun.com/thread.jspa?threadID=5075493&messageID=9366651 > > Otherwise use the Clearview bits if it is possible. > > -krgopi > > Dan McDonald wrote: > > On Thu, Aug 30, 2007 at 10:18:22AM -0700, Joseph Freemaker wrote: > > > >> Want to capture (for specific port #s) the loopback interface (lo0) tcp > message flow with the complete message body. > >> > >> Is this possible with DTrace? > >> > > > > No. > > > > Your best bet in this regard is Project Clearview, which will, among > many > > other things, allow the snooping of loopback. Check out their page > here: > > > > http://www.opensolaris.org/os/project/clearview/ > > > > Dan > > > > ___ > > dtrace-discuss mailing list > > dtrace-discuss@opensolaris.org > > > ___ > dtrace-discuss mailing list > dtrace-discuss@opensolaris.org > ___ dtrace-discuss mailing list dtrace-discuss@opensolaris.org
Re: [dtrace-discuss] Capture of loopback interface messages
A quick check on google reveals a loopback dtrace script. Check and see if it still works. http://forum.java.sun.com/thread.jspa?threadID=5075493&messageID=9366651 Otherwise use the Clearview bits if it is possible. -krgopi Dan McDonald wrote: > On Thu, Aug 30, 2007 at 10:18:22AM -0700, Joseph Freemaker wrote: > >> Want to capture (for specific port #s) the loopback interface (lo0) tcp >> message flow with the complete message body. >> >> Is this possible with DTrace? >> > > No. > > Your best bet in this regard is Project Clearview, which will, among many > other things, allow the snooping of loopback. Check out their page here: > > http://www.opensolaris.org/os/project/clearview/ > > Dan > > ___ > dtrace-discuss mailing list > dtrace-discuss@opensolaris.org > ___ dtrace-discuss mailing list dtrace-discuss@opensolaris.org
Re: [dtrace-discuss] Capture of loopback interface messages
On Thu, Aug 30, 2007 at 10:18:22AM -0700, Joseph Freemaker wrote: > Want to capture (for specific port #s) the loopback interface (lo0) tcp > message flow with the complete message body. > > Is this possible with DTrace? No. Your best bet in this regard is Project Clearview, which will, among many other things, allow the snooping of loopback. Check out their page here: http://www.opensolaris.org/os/project/clearview/ Dan ___ dtrace-discuss mailing list dtrace-discuss@opensolaris.org
