On 23/06/2011 18:56, Vladimir Kotal wrote:

Hi all,

Does anyone have a dtrace script for observing connection/socket leaks ? I.e. when application does not do shutdown()/close() on a socket which it previously accept()'ed ? Ideally with IP address/port pairs printed in the output.


I've looked to do this kind of thing with dtrace in the past, and concluded that it couldn't be done (which could well be incorrect!). The problem with leaked stuff is that whilst capturing data, you can pair up and eliminate the symmetric events, but the stuff you're interested in is the bit left over.

It's fairly trivial to pair up the opens and closes, something like this (pseudo-d-code):

transition-to-close-wait:entry
{
    array[port] = 1;
}

delete-tcp-or-close-socket:entry
/array[port]/
{
    array[port] = 0;
}


Thus at the end of the script, "array" will contain the list of keys indicating which ports transitioned to CLOSE_WAIT, but not yet closed by the app. However, I couldn't spot a way of extracting this (via the END probe), so I abandoned the idea.


On the other hand, if you suspect a process of leaking sockets in this state, they could show up in pfiles, but only if you know or suspect you know the process(es) involved. You may be able to guess the process based on the port number.

Just a few thoughts.

Regards,
Brian

--
Brian Ruthven
Solaris Network RPE (Sustaining)
Oracle UK

_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org

Reply via email to