Index: head/cddl/usr.sbin/dwatch/libexec/ip =================================================================== --- head/cddl/usr.sbin/dwatch/libexec/ip (revision 333517) +++ head/cddl/usr.sbin/dwatch/libexec/ip (revision 333518) @@ -1,97 +1,76 @@ # -*- tab-width: 4 -*- ;; Emacs # vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM ############################################################ IDENT(1) # # $Title: dwatch(8) module for dtrace_ip(4) $ # $Copyright: 2014-2018 Devin Teske. All rights reserved. $ # $FreeBSD$ # ############################################################ DESCRIPTION # # Display interface name and bytes sent/received when IP I/O occurs # ############################################################ PROBE case "$PROFILE" in ip) : ${PROBE:=ip:::send, ip:::receive} ;; *) : ${PROBE:=ip:::${PROFILE#ip-}} esac -############################################################ GLOBALS - -# -# This profile does not support these dwatch features -# NB: They are disabled here so they have no effect when profile is loaded -# -unset EXECNAME # -k name -unset EXECREGEX # -z regex -unset GROUP # -g group -unset PID # -p pid -unset PSARGS # affects -d -unset PSTREE # -R -unset USER # -u user - ############################################################ ACTIONS exec 9<"); } /* * dtrace_ip(4) */ this->recv = probename == "receive" ? 1 : 0; this->flow = this->recv ? "<-" : "->"; /* * ipinfo_t * */ this->length = (uint32_t)args[2]->ip_plength; this->local = this->recv ? args[2]->ip_daddr : args[2]->ip_saddr; this->remote = this->recv ? args[2]->ip_saddr : args[2]->ip_daddr; /* * ifinfo_t * */ this->if_name = args[3]->if_name; } EOF ACTIONS=$( cat <&9 ) ID=$(( $ID + 1 )) - -############################################################ EVENT TAG - -exec 9<if_name, this->local, this->flow, this->remote, this->length, this->length == 1 ? "" : "s"); EOF EVENT_DETAILS=$( cat <&9 ) fi ################################################################################ # END ################################################################################ Index: head/cddl/usr.sbin/dwatch/libexec/tcp =================================================================== --- head/cddl/usr.sbin/dwatch/libexec/tcp (revision 333517) +++ head/cddl/usr.sbin/dwatch/libexec/tcp (revision 333518) @@ -1,231 +1,210 @@ # -*- tab-width: 4 -*- ;; Emacs # vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM ############################################################ IDENT(1) # # $Title: dwatch(8) module for dtrace_tcp(4) connections $ # $Copyright: 2014-2018 Devin Teske. All rights reserved. $ # $FreeBSD$ # ############################################################ DESCRIPTION # # Display local/remote TCP addresses/ports and bytes sent/received for TCP I/O # ############################################################ PROBE case "$PROFILE" in tcp) : ${PROBE:=$( echo \ tcp:::accept-established, \ tcp:::accept-refused, \ tcp:::connect-established, \ tcp:::connect-refused, \ tcp:::connect-request, \ tcp:::receive, \ tcp:::send, \ tcp:::state-change )} ;; tcp-accept) : ${PROBE:=tcp:::accept-established, tcp:::accept-refused} ;; tcp-connect) : ${PROBE:=$( echo \ tcp:::connect-established, \ tcp:::connect-refused, \ tcp:::connect-request )} ;; tcp-established) : ${PROBE:=tcp:::accept-established, tcp:::connect-established} ;; tcp-init) : ${PROBE:=$( echo \ tcp:::accept-established, \ tcp:::accept-refused, \ tcp:::connect-established, \ tcp:::connect-refused, \ tcp:::connect-request )} ;; tcp-io) : ${PROBE:=tcp:::send, tcp:::receive} ;; tcp-refused) : ${PROBE:=tcp:::accept-refused, tcp:::connect-refused} ;; tcp-status) : ${PROBE:=$( echo \ tcp:::accept-established, \ tcp:::accept-refused, \ tcp:::connect-established, \ tcp:::connect-refused, \ tcp:::connect-request, \ tcp:::state-change )} ;; *) : ${PROBE:=tcp:::${PROFILE#tcp-}} esac -############################################################ GLOBALS - -# -# This profile does not support these dwatch features -# NB: They are disabled here so they have no effect when profile is loaded -# -unset EXECNAME # -k name -unset EXECREGEX # -z regex -unset GROUP # -g group -unset PID # -p pid -unset PSARGS # affects -d -unset PSTREE # -R -unset USER # -u user - ############################################################ ACTIONS exec 9<"; inline u_char srclocal[string name] = name == "accept-refused" ? 1 : name == "connect-request" ? 1 : name == "send" ? 1 : 0; /* * TCPSTATES from used by netstat(1) */ inline string tcpstate[int32_t state] = state == TCPS_CLOSED ? "CLOSED" : state == TCPS_LISTEN ? "LISTEN" : state == TCPS_SYN_SENT ? "SYN_SENT" : state == TCPS_SYN_RECEIVED ? "SYN_RCVD" : state == TCPS_ESTABLISHED ? "ESTABLISHED" : state == TCPS_CLOSE_WAIT ? "CLOSE_WAIT" : state == TCPS_FIN_WAIT_1 ? "FIN_WAIT_1" : state == TCPS_CLOSING ? "CLOSING" : state == TCPS_LAST_ACK ? "LAST_ACK" : state == TCPS_FIN_WAIT_2 ? "FIN_WAIT_2" : state == TCPS_TIME_WAIT ? "TIME_WAIT" : strjoin("UNKNOWN(", strjoin(lltostr(state), ")")); $PROBE /* probe ID $ID */ {${TRACE:+ printf("<$ID>");} this->details = ""; /* * dtrace_tcp(4) */ this->flow = probeflow[probename]; } tcp:::accept-established, tcp:::accept-refused, tcp:::connect-established, tcp:::connect-refused, tcp:::connect-request, tcp:::receive, tcp:::send /* probe ID $(( $ID + 1 )) */ {${TRACE:+ printf("<$(( $ID + 1 ))>"); } /* * dtrace_tcp(4) */ this->slocal = srclocal[probename]; /* * ipinfo_t * */ this->local = this->slocal ? args[2]->ip_saddr : args[2]->ip_daddr; this->remote = this->slocal ? args[2]->ip_daddr : args[2]->ip_saddr; /* * tcpinfo_t * */ this->lport = this->slocal ? args[4]->tcp_sport : args[4]->tcp_dport; this->rport = this->slocal ? args[4]->tcp_dport : args[4]->tcp_sport; /* * IPv6 support */ this->local6 = strstr(this->local, ":") != NULL ? 1 : 0; this->remote6 = strstr(this->remote, ":") != NULL ? 1 : 0; this->local = strjoin(strjoin(this->local6 ? "[" : "", this->local), this->local6 ? "]" : ""); this->remote = strjoin(strjoin(this->remote6 ? "[" : "", this->remote), this->remote6 ? "]" : ""); } tcp:::state-change /* probe ID $(( $ID + 2 )) */ {${TRACE:+ printf("<$(( $ID + 2 ))>"); } /* * tcpsinfo_t * */ this->local = args[3]->tcps_laddr; this->lport = (uint16_t)args[3]->tcps_lport; this->remote = args[3]->tcps_raddr; this->rport = (uint16_t)args[3]->tcps_rport; this->to_state = (int32_t)args[3]->tcps_state; /* * tcplsinfo_t * */ this->from_state = (int32_t)args[5]->tcps_state; /* flow = "[from state]->[to state]" */ this->flow = strjoin(tcpstate[this->from_state], strjoin("->", tcpstate[this->to_state])); } tcp:::send, tcp:::receive /* pribe ID $(( $ID + 3 )) */ {${TRACE:+ printf("<$(( $ID + 3 ))>");} this->length = (uint32_t)args[2]->ip_plength - (uint8_t)args[4]->tcp_offset; /* details = " byte" */ this->details = strjoin( strjoin(" ", lltostr(this->length)), strjoin(" byte", this->length == 1 ? "" : "s")); } EOF ACTIONS=$( cat <&9 ) ID=$(( $ID + 4 )) - -############################################################ EVENT TAG - -exec 9<local, this->lport, this->flow, this->remote, this->rport, this->details); EOF EVENT_DETAILS=$( cat <&9 ) fi ################################################################################ # END ################################################################################ Index: head/cddl/usr.sbin/dwatch/libexec/udp =================================================================== --- head/cddl/usr.sbin/dwatch/libexec/udp (revision 333517) +++ head/cddl/usr.sbin/dwatch/libexec/udp (revision 333518) @@ -1,110 +1,89 @@ # -*- tab-width: 4 -*- ;; Emacs # vi: set filetype=sh tabstop=8 shiftwidth=8 noexpandtab :: Vi/ViM ############################################################ IDENT(1) # # $Title: dwatch(8) module for dtrace_udp(4) $ # $Copyright: 2014-2018 Devin Teske. All rights reserved. $ # $FreeBSD$ # ############################################################ DESCRIPTION # # Display local/remote UDP addresses/ports and bytes sent/received for UDP I/O # ############################################################ PROBE case "$PROFILE" in udp) : ${PROBE:=udp:::send, udp:::receive} ;; *) : ${PROBE:=udp:::${PROFILE#udp-}} esac -############################################################ GLOBALS - -# -# This profile does not support these dwatch features -# NB: They are disabled here so they have no effect when profile is loaded -# -unset EXECNAME # -k name -unset EXECREGEX # -z regex -unset GROUP # -g group -unset PID # -p pid -unset PSARGS # affects -d -unset PSTREE # -R -unset USER # -u user - ############################################################ ACTIONS exec 9<"); } /* * dtrace_udp(4) */ this->recv = probename == "receive" ? 1 : 0; this->flow = this->recv ? "<-" : "->"; /* * ipinfo_t * */ this->local = this->recv ? args[2]->ip_daddr : args[2]->ip_saddr; this->remote = this->recv ? args[2]->ip_saddr : args[2]->ip_daddr; /* * udpinfo_t * */ this->length = (uint16_t)args[4]->udp_length; this->lport = this->recv ? args[4]->udp_dport : args[4]->udp_sport; this->rport = this->recv ? args[4]->udp_sport : args[4]->udp_dport; /* * IPv6 support */ this->local6 = strstr(this->local, ":") != NULL ? 1 : 0; this->remote6 = strstr(this->remote, ":") != NULL ? 1 : 0; this->local = strjoin(strjoin(this->local6 ? "[" : "", this->local), this->local6 ? "]" : ""); this->remote = strjoin(strjoin(this->remote6 ? "[" : "", this->remote), this->remote6 ? "]" : ""); } EOF ACTIONS=$( cat <&9 ) ID=$(( $ID + 1 )) - -############################################################ EVENT TAG - -exec 9<local, this->lport, this->flow, this->remote, this->rport, this->length, this->length == 1 ? "" : "s"); EOF EVENT_DETAILS=$( cat <&9 ) fi ################################################################################ # END ################################################################################