Joining PIDs to in_pcb structs & TCP/IP sockets in kernel debug..

From: Franxosaurus Rex <franx_at_oas.telecom.com.au>
Date: Mon, 15 Jul 1996 17:55:12 +1000

Hi,

I have already posted this request on UNIX-WIZ_at_LISTSERV.NODAK.EDU;
Nathan.Bailey_at_cc.monash.edu.au suggested I try the query here, please
disregard if you have already read it...

I am currently migrating from DEC RISC ULTRIX to Alpha. One thing that
was useful (for killing runaway ORACLE RDBMS SQL queries using the IP
address of the PC that started the query, etc.) was to be able to find a
process ID for a given TCP/IP socket, ie.:

1. Do a "netstat -A" to bring up the "Active PCB" column.
2. In kernel debug, do a "inpcb -tcp", cut the socket and pcb columns.
3. Then from a set of PIDs, foreach PID dump the Process Control Block
struct slots using "pcb #${PID}".
4. Join the pcb address to the socket address, retaining IP info from
the netstat.
5. grep the Process Control Block struct slots for the process that has
the socket address in its File Descriptor Table.

This works under ULTRIX (ie. 4.3 BSD) using the "crash /dev/mem /vmunix"
system dump analyser command.

The problem is, when I tried replacing the command with "kdbx -k /vmunix
/dev/mem" for the Digital UNIX (ie. Carnegie-Mellon???) version in the
script I was porting, trying to get the I get something like the
following (where 1311 is the PID of a running process):

(kdbx) pcb #1311
Addr pcb ksp usp pc
ps
field .stack->pcb: Can't dereference a NULL pointer
(kdbx)

Can anybody point me back in the right direction, or has a more elegant
or efficient way of doing the same thing???

dan_at_siac.com wrote:

>Try using lsof, it can give info on open files and sockets.
>at coast.cs.purdue.edu:/pub/Purdue/lsof

Does anyone know how to access this via email, because the my work
environment has all these firewalls, etc. *yucko* :-/

TIA,

FRANK GALLACHER.

--Frank Gallacher,Systems Programmer,(aka. Franxosaurus Rex)
 Systems D&I, Operator Assisted Services, Telecom Australia (Telstra).
 8/360 Elizabeth Street, MELBOURNE VIC 3000 AUSTRALIA.
                                                                         
 phone: (03) 969 34034 Int.: +61 3 969 34034
 fax: (03) 969 34127 Int.: +61 3 969 34127
 snail: Locked Bag 5763, MELBOURNE VIC 8100 AUSTRALIA
 smtp: franx_at_oas.telecom.com.au FGallach_at_VENTNOAS.telecom.com.au
 X.400: (C:AU,A:TELEMEMO,P:telecom012,O:TELECOM,OU:VENTNOAS,SN:FGallach)
                                                                         
         It is a capital mistake to theorize before one has data.
                                                                         
                 (Sherlock Holmes, 'A Sign of Four', A. Conan-Doyle)
                                                                         
 <<<<<<<< MESSAGE ENDS >>>>>>>>
Received on Mon Jul 15 1996 - 11:37:03 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:46 NZDT