The short answer is that the script that you've found exploits OS-specific knowledge of Solaris and is therefore irrelevant to OS X.
Looking at Solaris's documentation for the tcp provider shows that, for tcp:::send
, args[1]
is of type csinfo_t *
where
typedef struct csinfo {
uintptr_t cs_addr;
uint64_t cs_cid;
pid_t cs_pid;
zoneid_t cs_zoneid;
} csinfo_t;
This isn't a kernel data structure: it exists solely for the benefit of DTrace consumers and is populated dynamically by a translator. This allows the OS implementation to change without breaking scripts that have come to rely on the interface. On a Solaris system, you'd find the definition of csinfo_t
and its translator in /usr/lib/dtrace/ip.d
.
Different vendors are free to implement providers as they see fit. From what you've written, it seems that on OS X either tcp:::send
's args[1]
is not a csinfo_t *
or a csinfo_t
doesn't contain a cs_cid
. Without any evidence that the OS X tcp provider mirrors Solaris's then I'd say it's fruitless to pursue the use of your script.
Note that a provider needn't necessarily be for end users. If there's no public documentation for it then I'd have a look to see if there are any OS X utilities using it --- have a look for any files containing, e.g., the string "tcp:::
". Maybe there's already something there that does what you want.