Dtrace problems with cs_cid in tcp probe

Question

I'm trying to analyse the TCP sliding window using DTrace. I have found the following blog post (https://blogs.oracle.com/amaguire/entry/dtrace_tcp_provider_and_tcp) which includes a dtrace script. Unfortunately, I always get the error

line 4: translator does not define conversion for member: cs_cid

I also checked the documentation for the tcp probe (https://wikis.oracle.com/display/DTrace/tcp+Provider) and cs_cid seems to be defined.

I'm using Mac OS X 10.9.

I'm not sure what I'm doing wrong so any advise would be greatly appreciated...

Answer 1

The short answer is that the script that you've found exploits OS-specific knowledge of Solaris and is therefore irrelevant to OS X.

Looking at Solaris's documentation for the tcp provider shows that, for tcp:::send, args[1] is of type csinfo_t * where

typedef struct csinfo {
    uintptr_t cs_addr;
    uint64_t cs_cid;
    pid_t cs_pid;
    zoneid_t cs_zoneid;
} csinfo_t;

This isn't a kernel data structure: it exists solely for the benefit of DTrace consumers and is populated dynamically by a translator. This allows the OS implementation to change without breaking scripts that have come to rely on the interface. On a Solaris system, you'd find the definition of csinfo_t and its translator in /usr/lib/dtrace/ip.d.

Different vendors are free to implement providers as they see fit. From what you've written, it seems that on OS X either tcp:::send's args[1] is not a csinfo_t * or a csinfo_t doesn't contain a cs_cid. Without any evidence that the OS X tcp provider mirrors Solaris's then I'd say it's fruitless to pursue the use of your script.

Note that a provider needn't necessarily be for end users. If there's no public documentation for it then I'd have a look to see if there are any OS X utilities using it --- have a look for any files containing, e.g., the string "tcp:::". Maybe there's already something there that does what you want.