I want to provide a user space function that obtains TCP connection stats by implementing a kernel extension. From examining the TCP source, I see the tcpcp struct holds such stats. How can I, given a socket handle from user space, obtain the associated tcpcb struct via a kernel extension and return the stats to user space?
Asked
Active
Viewed 647 times
1
-
Two questions: 1-What specific statistics would you like to obtain? 2-Are you ready to touch the kernel or what kind of extension do you mean? – rodolk Jul 07 '15 at 13:27
-
I'm specifically interested in round trip time (RTT) and/or smoothed round trip time (SRTT). I am not interested in sniffer options such as Wireshark. Ideally, I'd just like to make a system call from user space (getsockopt with TCP_INFO provides this information on Linux). However, that functionality is not implemented on Mac. – Coder Jul 07 '15 at 20:16
-
Related question: [On Linux/Mac/Windows, is it possible to access the TCP timestamp and/or RTT in user space of a connected TCP socket?](http://stackoverflow.com/questions/31263289/on-linux-mac-windows-is-it-possible-to-access-the-tcp-timestamp-and-or-rtt-in-u/31265066#31265066) – Coder Jul 09 '15 at 07:08
1 Answers
1
Direct answer to the question: I believe you can't get at this information from a kext without using some private headers to get the memory layout of the structs involved. This will break if/when Apple changes the layout of those structs.
However, it looks like you don't really care about the kext aspect and are happy to get the information from userspace, so have you investigated the TCPCTL_PCBLIST sysctl? This gives you the CBs for the TCP connections in the system, and the xtcpcb64 struct does contain the fields you're after. This mechanism might not be granular enough for your purposes though.
pmdj
- 22,018
- 3
- 52
- 103