从这里可以看出,我们在发送时有 PID,但在接收时没有。如何将探测限制在特定进程拥有/发起的连接上?
sudo dtrace -n 'tcp:::receive, tcp:::send { printf("PID = %d, arg1 == %x", pid, arg1); }'
dtrace: description 'tcp:::receive, tcp:::send ' matched 2 probes
CPU ID FUNCTION:NAME
6 1571 tcp_output:send PID = 13507, arg1 == ffffff80664413c0
0 1574 tcp_input:receive PID = 0, arg1 == 0
0 1574 tcp_input:receive PID = 0, arg1 == 0
6 1571 tcp_output:send PID = 13507, arg1 == ffffff80664f6fd8
6 1574 tcp_input:receive PID = 0, arg1 == 0
6 1574 tcp_input:receive PID = 0, arg1 == 0
2 1571 tcp_output:send PID = 0, arg1 == ffffff80664f9678
4 1571 tcp_output:send PID = 13511, arg1 == ffffff80664413c0
6 1574 tcp_input:receive PID = 0, arg1 == 0
6 1574 tcp_input:receive PID = 0, arg1 == 0
6 1571 tcp_output:send PID = 13511, arg1 == ffffff8057ee7678
6 1574 tcp_input:receive PID = 0, arg1 == 0
6 1574 tcp_input:receive PID = 0, arg1 == 0
4 1574 tcp_input:receive PID = 0, arg1 == 0
4 1571 tcp_output:send PID = 0, arg1 == ffffff806c2b9d18
4 1574 tcp_input:receive PID = 0, arg1 == 0
4 1571 tcp_output:send PID = 0, arg1 == ffffff806c2b9d18
4 1574 tcp_input:receive PID = 0, arg1 == 0
4 1571 tcp_output:send PID = 0, arg1 == ffffff806c2b9d18
6 1571 tcp_output:send PID = 851, arg1 == ffffff806c2b9d18
6 1571 tcp_output:send PID = 851, arg1 == ffffff806c2b9d18
6 1571 tcp_output:send PID = 851, arg1 == ffffff806c2b9d18
0 1574 tcp_input:receive PID = 0, arg1 == 0
0 1574 tcp_input:receive PID = 0, arg1 == 0
在 Solaris 上,第二个参数args[1]是指向csinfo_t包含我需要的所有信息的指针,但在 Mac OS 上,它始终为空。Solaris 参数在以下链接中描述https://docs.oracle.com/cd/E36784_01/html/E36846/glhmv.html
我正在使用 macOS 10.13.6