On 23/06/2011 18:56, Vladimir Kotal wrote:
Hi all,
Does anyone have a dtrace script for observing connection/socket leaks
? I.e. when application does not do shutdown()/close() on a socket
which it previously accept()'ed ? Ideally with IP address/port pairs
printed in the output.
I've looked to do this kind of thing with dtrace in the past, and
concluded that it couldn't be done (which could well be incorrect!). The
problem with leaked stuff is that whilst capturing data, you can pair up
and eliminate the symmetric events, but the stuff you're interested in
is the bit left over.
It's fairly trivial to pair up the opens and closes, something like this
(pseudo-d-code):
transition-to-close-wait:entry
{
array[port] = 1;
}
delete-tcp-or-close-socket:entry
/array[port]/
{
array[port] = 0;
}
Thus at the end of the script, "array" will contain the list of keys
indicating which ports transitioned to CLOSE_WAIT, but not yet closed by
the app. However, I couldn't spot a way of extracting this (via the END
probe), so I abandoned the idea.
On the other hand, if you suspect a process of leaking sockets in this
state, they could show up in pfiles, but only if you know or suspect you
know the process(es) involved. You may be able to guess the process
based on the port number.
Just a few thoughts.
Regards,
Brian
--
Brian Ruthven
Solaris Network RPE (Sustaining)
Oracle UK
_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org