1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
|
<table class="head">
<tr>
<td class="head-ltitle">DTRACE_TCP(4)</td>
<td class="head-vol">Device Drivers Manual</td>
<td class="head-rtitle">DTRACE_TCP(4)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">dtrace_tcp</code> — <span class="Nd">a
DTrace provider for tracing events related to the <a class="Xr">tcp(4)</a>
protocol</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<p class="Pp"><code class="Fn">tcp:::accept-established</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::accept-refused</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::connect-established</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::connect-refused</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::connect-request</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::receive</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::send</code>(<var class="Fa" style="white-space: nowrap;">pktinfo_t
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">ipinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">tcpinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::state-change</code>(<var class="Fa" style="white-space: nowrap;">void
*</var>, <var class="Fa" style="white-space: nowrap;">csinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">void *</var>,
<var class="Fa" style="white-space: nowrap;">tcpsinfo_t *</var>,
<var class="Fa" style="white-space: nowrap;">void *</var>,
<var class="Fa" style="white-space: nowrap;">tcplsinfo_t *</var>);</p>
<p class="Pp"><code class="Fn">tcp:::siftr</code>(<var class="Fa" style="white-space: nowrap;">siftrinfo_t
*</var>);</p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">The DTrace <code class="Nm">tcp</code> provider allows users to
trace events in the <a class="Xr">tcp(4)</a> protocol implementation. This
provider is similar to the <a class="Xr">dtrace_ip(4)</a> and
<a class="Xr">dtrace_udp(4)</a> providers, but additionally contains probes
corresponding to protocol events at a level higher than packet reception and
transmission. All <code class="Nm">tcp</code> probes except for
<a class="permalink" href="#tcp:::state-change"><code class="Fn" id="tcp:::state-change">tcp:::state-change</code></a>()
and <code class="Fn">tcp:::siftr</code>() have the same number and type of
arguments. The last three arguments are used to describe a TCP segment: the
<var class="Vt">ipinfo_t</var> argument exposes the version-agnostic fields
of the IP header, while the <var class="Vt">tcpinfo_t</var> argument exposes
the TCP header, and the <var class="Vt">tcpsinfo_t</var> argument describes
details of the corresponding TCP connection state, if any. Their fields are
described in the ARGUMENTS section.</p>
<p class="Pp" id="tcp:::accept-established">The
<a class="permalink" href="#tcp:::accept-established"><code class="Fn">tcp:::accept-established</code></a>()
probe fires when a remotely-initiated active TCP open succeeds. At this
point the new connection is in the ESTABLISHED state, and the probe
arguments expose the headers associated with the final ACK of the three-way
handshake. The <code class="Fn">tcp:::accept-refused</code>() probe fires
when a SYN arrives on a port without a listening socket. The probe arguments
expose the headers associated with the RST to be transmitted to the remote
host in response to the SYN segment.</p>
<p class="Pp" id="tcp:::connect-established">The
<a class="permalink" href="#tcp:::connect-established"><code class="Fn">tcp:::connect-established</code></a>(),
<a class="permalink" href="#tcp:::connect-refused"><code class="Fn" id="tcp:::connect-refused">tcp:::connect-refused</code></a>(),
and
<a class="permalink" href="#tcp:::connect-request"><code class="Fn" id="tcp:::connect-request">tcp:::connect-request</code></a>()
probes are similar to the ‘<code class="Li">accept</code>’
probes, except that they correspond to locally-initiated TCP connections.
The <code class="Fn">tcp:::connect-established</code>() probe fires when the
SYN-ACK segment of a three-way handshake is received from the remote host
and a final ACK is prepared for transmission. This occurs immediately after
the local connection state transitions from SYN-SENT to ESTABLISHED. The
probe arguments describe the headers associated with the received SYN-ACK
segment. The <code class="Fn">tcp:::connect-refused</code>() probe fires
when the local host receives a RST segment in response to a SYN segment,
indicating that the remote host refused to open a connection. The probe
arguments describe the IP and TCP headers associated with the received RST
segment. The <code class="Fn">tcp:::connect-request</code>() probe fires as
the kernel prepares to transmit the initial SYN segment of a three-way
handshake.</p>
<p class="Pp" id="tcp:::send">The
<a class="permalink" href="#tcp:::send"><code class="Fn">tcp:::send</code></a>()
and
<a class="permalink" href="#tcp:::receive"><code class="Fn" id="tcp:::receive">tcp:::receive</code></a>()
probes fire when the host sends or receives a TCP packet, respectively. As
with the <a class="Xr">dtrace_udp(4)</a> provider,
<code class="Nm">tcp</code> probes fire only for packets sent by or to the
local host; forwarded packets are handled in the IP layer and are only
visible to the <a class="Xr">dtrace_ip(4)</a> provider.</p>
<p class="Pp" id="tcp:::state-change~2">The
<a class="permalink" href="#tcp:::state-change~2"><code class="Fn">tcp:::state-change</code></a>()
probe fires upon local TCP connection state transitions. Its first, third
and fifth arguments are currently always <code class="Dv">NULL</code>. Its
last argument describes the from-state in the transition, and the to-state
can be obtained from <code class="Dv">args[3]->tcps_state</code>.</p>
<p class="Pp" id="tcp:::siftr">The
<a class="permalink" href="#tcp:::siftr"><code class="Fn">tcp:::siftr</code></a>()
probe fires when a TCP segment is sent or received by the host. For a
detailed description see <a class="Xr">siftr(4)</a>. The
<var class="Vt">siftrinfo_t</var> argument provides the information about
the TCP connection.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="ARGUMENTS"><a class="permalink" href="#ARGUMENTS">ARGUMENTS</a></h1>
<p class="Pp">The <var class="Vt">pktinfo_t</var> argument is currently
unimplemented and is included for compatibility with other implementations
of this provider. Its fields are:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt><var class="Vt">uinptr_t pkt_addr</var></dt>
<dd>Always set to 0.</dd>
</dl>
</div>
<p class="Pp">The <var class="Vt">csinfo_t</var> argument is currently
unimplemented and is included for compatibility with other implementations
of this provider. Its fields are:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt><var class="Vt">uintptr_t cs_addr</var></dt>
<dd>Always set to 0.</dd>
<dt><var class="Vt">uint64_t cs_cid</var></dt>
<dd>A pointer to the <var class="Vt">struct inpcb</var> for this packet, or
<code class="Dv">NULL</code>.</dd>
<dt><var class="Vt">pid_t cs_pid</var></dt>
<dd>Always set to 0.</dd>
</dl>
</div>
<p class="Pp">The <var class="Vt">ipinfo_t</var> type is a version-agnostic
representation of fields from an IP header. Its fields are described in the
<a class="Xr">dtrace_ip(4)</a> manual page.</p>
<p class="Pp" id="tcp:::accept-refused">The <var class="Vt">tcpsinfo_t</var>
type is used to provide a stable representation of TCP connection state.
Some <code class="Nm">tcp</code> probes, such as
<a class="permalink" href="#tcp:::accept-refused"><code class="Fn">tcp:::accept-refused</code></a>(),
fire in a context where there is no TCP connection; this argument is
<code class="Dv">NULL</code> in that case. Its fields are:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt><var class="Vt">uintptr_t tcps_addr</var></dt>
<dd>The address of the corresponding TCP control block. This is currently a
pointer to a <var class="Vt">struct tcpcb</var>.</dd>
<dt><var class="Vt">int tcps_local</var></dt>
<dd>A boolean indicating whether the connection is local to the host.
Currently unimplemented and always set to -1.</dd>
<dt><var class="Vt">int tcps_active</var></dt>
<dd>A boolean indicating whether the connection was initiated by the local
host. Currently unimplemented and always set to -1.</dd>
<dt><var class="Vt">uint16_t tcps_lport</var></dt>
<dd>Local TCP port.</dd>
<dt><var class="Vt">uint16_t tcps_rport</var></dt>
<dd>Remote TCP port.</dd>
<dt><var class="Vt">string tcps_laddr</var></dt>
<dd>Local address.</dd>
<dt><var class="Vt">string tcps_raddr</var></dt>
<dd>Remote address.</dd>
<dt><var class="Vt">int32_t tcps_state</var></dt>
<dd>Current TCP state. The valid TCP state values are given by the constants
prefixed with ‘<code class="Li">TCPS_</code>’ in
<span class="Pa">/usr/lib/dtrace/tcp.d</span>.</dd>
<dt><var class="Vt">uint32_t tcps_iss</var></dt>
<dd>Initial send sequence number.</dd>
<dt><var class="Vt">uint32_t tcps_suna</var></dt>
<dd>Initial sequence number of sent but unacknowledged data.</dd>
<dt><var class="Vt">uint32_t tcps_snxt</var></dt>
<dd>Next sequence number for send.</dd>
<dt><var class="Vt">uint32_t tcps_rack</var></dt>
<dd>Sequence number of received and acknowledged data.</dd>
<dt><var class="Vt">uint32_t tcps_rnxt</var></dt>
<dd>Next expected sequence number for receive.</dd>
<dt><var class="Vt">u_long tcps_swnd</var></dt>
<dd>TCP send window size.</dd>
<dt><var class="Vt">int32_t tcps_snd_ws</var></dt>
<dd>Window scaling factor for the TCP send window.</dd>
<dt><var class="Vt">u_long tcps_rwnd</var></dt>
<dd>TCP receive window size.</dd>
<dt><var class="Vt">int32_t tcps_rcv_ws</var></dt>
<dd>Window scaling factor for the TCP receive window.</dd>
<dt><var class="Vt">u_long tcps_cwnd</var></dt>
<dd>TCP congestion window size.</dd>
<dt><var class="Vt">u_long tcps_cwnd_ssthresh</var></dt>
<dd>Congestion window threshold at which slow start ends and congestion
avoidance begins.</dd>
<dt><var class="Vt">uint32_t tcps_sack_fack</var></dt>
<dd>Last sequence number selectively acknowledged by the receiver.</dd>
<dt><var class="Vt">uint32_t tcps_sack_snxt</var></dt>
<dd>Next selectively acknowledge sequence number at which to begin
retransmitting.</dd>
<dt><var class="Vt">uint32_t tcps_rto</var></dt>
<dd>Round-trip timeout, in milliseconds.</dd>
<dt><var class="Vt">uint32_t tcps_mss</var></dt>
<dd>Maximum segment size.</dd>
<dt><var class="Vt">int tcps_retransmit</var></dt>
<dd>A boolean indicating that the local sender is retransmitting data.</dd>
<dt><var class="Vt">int tcps_srtt</var></dt>
<dd>Smoothed round-trip time.</dd>
</dl>
</div>
<p class="Pp">The <var class="Vt">tcpinfo_t</var> type exposes the fields in a
TCP segment header in host order. Its fields are:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt><var class="Vt">uint16_t tcp_sport</var></dt>
<dd>Source TCP port.</dd>
<dt><var class="Vt">uint16_t tcp_dport</var></dt>
<dd>Destination TCP port.</dd>
<dt><var class="Vt">uint32_t tcp_seq</var></dt>
<dd>Sequence number.</dd>
<dt><var class="Vt">uint32_t tcp_ack</var></dt>
<dd>Acknowledgement number.</dd>
<dt><var class="Vt">uint8_t tcp_offset</var></dt>
<dd>Data offset, in bytes.</dd>
<dt><var class="Vt">uint8_t tcp_flags</var></dt>
<dd>TCP flags.</dd>
<dt><var class="Vt">uint16_t tcp_window</var></dt>
<dd>TCP window size.</dd>
<dt><var class="Vt">uint16_t tcp_checksum</var></dt>
<dd>Checksum.</dd>
<dt><var class="Vt">uint16_t tcp_urgent</var></dt>
<dd>Urgent data pointer.</dd>
<dt><var class="Vt">struct tcphdr *tcp_hdr</var></dt>
<dd>A pointer to the raw TCP header.</dd>
</dl>
</div>
<p class="Pp" id="tcp:::state-change~3">The <var class="Vt">tcplsinfo_t</var>
type is used by the
<a class="permalink" href="#tcp:::state-change~3"><code class="Fn">tcp:::state-change</code></a>()
probe to provide the from-state of a transition. Its fields are:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt><var class="Vt">int32_t tcps_state</var></dt>
<dd>A TCP state. The valid TCP state values are given by the constants
prefixed with ‘<code class="Li">TCPS_</code>’ in
<span class="Pa">/usr/lib/dtrace/tcp.d</span>.</dd>
</dl>
</div>
<p class="Pp" id="tcp:::siftr~2">The <var class="Vt">siftrinfo_t</var> type is
used by the
<a class="permalink" href="#tcp:::siftr~2"><code class="Fn">tcp:::siftr</code></a>()
probe to provide the state of the TCP connection. Its fields are:</p>
<div class="Bd-indent">
<dl class="Bl-tag">
<dt><var class="Vt">uint8_t direction</var></dt>
<dd>Direction of packet that triggered the log message. Either "0"
for in, or "1" for out.</dd>
<dt><var class="Vt">uint8_t ipver</var></dt>
<dd>The version of the IP protocol being used. Either "1" for IPv4,
or "2" for IPv6.</dd>
<dt><var class="Vt">uint16_t lport</var></dt>
<dd>The TCP port that the local host is communicating via.</dd>
<dt><var class="Vt">uint16_t rport</var></dt>
<dd>The TCP port that the remote host is communicating via.</dd>
<dt><var class="Vt">string laddr</var></dt>
<dd>The IPv4 or IPv6 address of the local host.</dd>
<dt><var class="Vt">string raddr</var></dt>
<dd>The IPv4 or IPv6 address of the remote host.</dd>
<dt><var class="Vt">uint32_t snd_cwnd</var></dt>
<dd>The current congestion window (CWND) for the flow, in bytes.</dd>
<dt><var class="Vt">uint32_t snd_wnd</var></dt>
<dd>The current sending window for the flow, in bytes. The post scaled value
is reported, except during the initial handshake (first few packets),
during which time the unscaled value is reported.</dd>
<dt><var class="Vt">uint32_t rcv_wnd</var></dt>
<dd>The current receive window for the flow, in bytes. The post scaled value
is always reported.</dd>
<dt><var class="Vt">uint32_t t_flags2</var></dt>
<dd>The current value of the t_flags2 for the flow.</dd>
<dt><var class="Vt">uint32_t snd_ssthresh</var></dt>
<dd>The slow start threshold (SSTHRESH) for the flow, in bytes.</dd>
<dt><var class="Vt">int conn_state</var></dt>
<dd>A TCP state. The valid TCP state values are given by the constants
prefixed with ‘<code class="Li">TCPS_</code>’ in
<span class="Pa">/usr/lib/dtrace/tcp.d</span>.</dd>
<dt><var class="Vt">uint32_t mss</var></dt>
<dd>The maximum segment size (MSS) for the flow, in bytes.</dd>
<dt><var class="Vt">uint32_t srtt</var></dt>
<dd>The current smoothed RTT (SRTT) for the flow in microseconds.</dd>
<dt><var class="Vt">u_char sack_enabled</var></dt>
<dd>SACK enabled indicator. 1 if SACK enabled, 0 otherwise.</dd>
<dt><var class="Vt">u_char snd_scale</var></dt>
<dd>The current window scaling factor for the sending window.</dd>
<dt><var class="Vt">u_char rcv_scale</var></dt>
<dd>The current window scaling factor for the receiving window.</dd>
<dt><var class="Vt">u_int t_flags</var></dt>
<dd>The current value of the t_flags for the flow.</dd>
<dt><var class="Vt">uint32_t rto</var></dt>
<dd>The current retransmission timeout (RTO) for the flow in microseconds.
Divide by HZ to get the timeout length in seconds.</dd>
<dt><var class="Vt">u_int snd_buf_hiwater</var></dt>
<dd>The current size of the socket send buffer in bytes.</dd>
<dt><var class="Vt">u_int snd_buf_cc</var></dt>
<dd>The current number of bytes in the socket send buffer.</dd>
<dt><var class="Vt">u_int rcv_buf_hiwater</var></dt>
<dd>The current size of the socket receive buffer in bytes.</dd>
<dt><var class="Vt">u_int rcv_buf_cc</var></dt>
<dd>The current number of bytes in the socket receive buffer.</dd>
<dt><var class="Vt">u_int sent_inflight_bytes</var></dt>
<dd>The current number of unacknowledged bytes in-flight. Bytes acknowledged
via SACK are not excluded from this count.</dd>
<dt><var class="Vt">int t_segqlen</var></dt>
<dd>The current number of segments in the reassembly queue.</dd>
<dt><var class="Vt">u_int flowid</var></dt>
<dd>Flowid for the connection. A caveat: Zero '0' either represents a valid
flowid or a default value when the flowid is not being set.</dd>
<dt><var class="Vt">u_int flowtype</var></dt>
<dd>Flow type for the connection. Flowtype defines which protocol fields are
hashed to produce the flowid. A complete listing is available in
<span class="Pa">/usr/include/sys/mbuf.h</span> under
<code class="Dv">M_HASHTYPE_*</code>.</dd>
</dl>
</div>
</section>
<section class="Sh">
<h1 class="Sh" id="FILES"><a class="permalink" href="#FILES">FILES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt><span class="Pa">/usr/lib/dtrace/tcp.d</span></dt>
<dd>DTrace type and translator definitions for all the probes of the
<code class="Nm">tcp</code> provider except the
<code class="Nm">siftr</code> probe.</dd>
<dt><span class="Pa">/usr/lib/dtrace/siftr.d</span></dt>
<dd>DTrace type and translator definitions for the
<code class="Nm">siftr</code> probe of the <code class="Nm">tcp</code>
provider.</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h1>
<p class="Pp">The following script logs TCP segments in real time:</p>
<div class="Bd Pp Bd-indent Li">
<pre>#pragma D option quiet
#pragma D option switchrate=10hz
dtrace:::BEGIN
{
printf(" %3s %15s:%-5s %15s:%-5s %6s %s\n", "CPU",
"LADDR", "LPORT", "RADDR", "RPORT", "BYTES", "FLAGS");
}
tcp:::send
{
this->length = args[2]->ip_plength - args[4]->tcp_offset;
printf(" %3d %16s:%-5d -> %16s:%-5d %6d (", cpu, args[2]->ip_saddr,
args[4]->tcp_sport, args[2]->ip_daddr, args[4]->tcp_dport,
this->length);
printf("%s", args[4]->tcp_flags & TH_FIN ? "FIN|" : "");
printf("%s", args[4]->tcp_flags & TH_SYN ? "SYN|" : "");
printf("%s", args[4]->tcp_flags & TH_RST ? "RST|" : "");
printf("%s", args[4]->tcp_flags & TH_PUSH ? "PUSH|" : "");
printf("%s", args[4]->tcp_flags & TH_ACK ? "ACK|" : "");
printf("%s", args[4]->tcp_flags & TH_URG ? "URG|" : "");
printf("%s", args[4]->tcp_flags == 0 ? "null " : "");
printf("\b)\n");
}
tcp:::receive
{
this->length = args[2]->ip_plength - args[4]->tcp_offset;
printf(" %3d %16s:%-5d <- %16s:%-5d %6d (", cpu,
args[2]->ip_daddr, args[4]->tcp_dport, args[2]->ip_saddr,
args[4]->tcp_sport, this->length);
printf("%s", args[4]->tcp_flags & TH_FIN ? "FIN|" : "");
printf("%s", args[4]->tcp_flags & TH_SYN ? "SYN|" : "");
printf("%s", args[4]->tcp_flags & TH_RST ? "RST|" : "");
printf("%s", args[4]->tcp_flags & TH_PUSH ? "PUSH|" : "");
printf("%s", args[4]->tcp_flags & TH_ACK ? "ACK|" : "");
printf("%s", args[4]->tcp_flags & TH_URG ? "URG|" : "");
printf("%s", args[4]->tcp_flags == 0 ? "null " : "");
printf("\b)\n");
}</pre>
</div>
The following script logs TCP connection state changes as they occur:
<div class="Bd Pp Bd-indent Li">
<pre>#pragma D option quiet
#pragma D option switchrate=25hz
int last[int];
dtrace:::BEGIN
{
printf(" %12s %-20s %-20s %s\n",
"DELTA(us)", "OLD", "NEW", "TIMESTAMP");
}
tcp:::state-change
{
this->elapsed = (timestamp - last[args[1]->cs_cid]) / 1000;
printf(" %12d %-20s -> %-20s %d\n", this->elapsed,
tcp_state_string[args[5]->tcps_state],
tcp_state_string[args[3]->tcps_state], timestamp);
last[args[1]->cs_cid] = timestamp;
}
tcp:::state-change
/last[args[1]->cs_cid] == 0/
{
printf(" %12s %-20s -> %-20s %d\n", "-",
tcp_state_string[args[5]->tcps_state],
tcp_state_string[args[3]->tcps_state], timestamp);
last[args[1]->cs_cid] = timestamp;
}</pre>
</div>
The following script uses the siftr probe to show the current value of CWND and
SSTHRESH when a packet is sent or received:
<div class="Bd Pp Bd-indent Li">
<pre>#pragma D option quiet
#pragma D option switchrate=10hz
dtrace:::BEGIN
{
printf(" %3s %16s:%-5s %16s:%-5s %10s %10s\n",
"DIR", "LADDR", "LPORT", "RADDR", "RPORT", "CWND", "SSTHRESH");
}
tcp:::siftr
{
printf(" %3s %16s:%-5d %16s:%-5d %10u %10u\n",
siftr_dir_string[args[0]->direction],
args[0]->laddr, args[0]->lport, args[0]->raddr, args[0]->rport,
args[0]->snd_cwnd, args[0]->snd_ssthresh);
}</pre>
</div>
</section>
<section class="Sh">
<h1 class="Sh" id="COMPATIBILITY"><a class="permalink" href="#COMPATIBILITY">COMPATIBILITY</a></h1>
<p class="Pp">This provider is compatible with the <code class="Nm">tcp</code>
provider in Solaris.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Xr">dtrace(1)</a>, <a class="Xr">dtrace_ip(4)</a>,
<a class="Xr">dtrace_sctp(4)</a>, <a class="Xr">dtrace_udp(4)</a>,
<a class="Xr">dtrace_udplite(4)</a>, <a class="Xr">siftr(4)</a>,
<a class="Xr">tcp(4)</a>, <a class="Xr">SDT(9)</a></p>
</section>
<section class="Sh">
<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1>
<p class="Pp">The <code class="Nm">tcp</code> provider first appeared in
<span class="Ux">FreeBSD</span> 10.0.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1>
<p class="Pp">This manual page was written by <span class="An">Mark
Johnston</span>
<<a class="Mt" href="mailto:markj@FreeBSD.org">markj@FreeBSD.org</a>>.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1>
<p class="Pp">The <var class="Vt">tcps_local</var> and
<var class="Vt">tcps_active</var> fields of <var class="Vt">tcpsinfo_t</var>
are not filled in by the translator.</p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">July 2, 2023</td>
<td class="foot-os">FreeBSD 15.0</td>
</tr>
</table>
|
