This software is provided "as is". use it at your own risk!
--------------------------------------------------------------------------------
System requirements
MPE/iX 5.0 version requires NS/ARPA transport patch NSTED19 or later.
MPE/iX 5.5 needs nothing extra.
--------------------------------------------------------------------------------
Usage - syntax
Showing connections
To find out about all possible options for the command, have a look into the command file (SHOWCONN) itself. The syntax for the command is about the following:
SHOWCONN [ [JOB=] {jobspec }]
{jobspec [,jobspec ]...}
[ [;SYSTEM= [ON|OFF]] ]
[ [;NAME= [ON|OFF]] ]
[ [;PIN=]{pinspec}]
[ [;HELP= [ON|OFF]] ]
[ [;SUMMARY= [ON|OFF]] ]
[ [;VERSION= [ON|OFF]] ]
...
SHOWCONN command displays processes that have network sockets and the properties of those sockets. If the socket is bound to a connection oriented protocol (TCP), and has an open connection, SHOWCONN will display the remote machine's IP-address, nodename, TCP-port in use and so on. In any case, whether the socket was bound to connection-oriented or connectionless protocol, you'll always get information about the local system and the process using the socket.
Note that since the syntax is pretty much dictated by the command file contents, you can modify the syntax and defaults to better fit your needs.
Aborting/killing connections
Another feature of the same utility can be invoked through a use of a newer version of the program and a new command file called "abortcon":
ABORTCON [ [PIN=]{pinspec} [VERSION= [ON|OFF]] ]
ABORTCON command takes a pin number, checks that the user has enough capabilities (any of SM, PM, NA, NM or OP) and if so, requests the transport to break all the TCP connections the process has. Note that there may be sockets that do not have a connection associated with them. Examples of such sockets are sockets bound to UDP and PXP, which are connectionless protocols (as opposed to TCP, which is a connection-oriented protocol). That is how ABORTCON works, and it is a whole lot different than ABORTJOB.
ABORTJOB will instruct the JSMAIN to terminate the session process family and that's all done via process management (kill_process).
ABORTCON forces a network connection to break, thus translating to a socket error reported from layers below the sockets application rather than a process kill from above.
If the application is not reading the socket, it will not get notified of the connection that broke. I.e., there may be cases where this may not seem to work, however, what it does in all cases is that it will break the connection, which sends an error to the socket. If the application does not read the socket, it will not be notified of an error and there's nothing we can do about it. All network applications should be prepared to handle any kind of socket error at any time.
Note also that the mechanism ABORTCON uses is the same tried mechanism that NSCONTROL KILLSESS has been using for years, i.e. it's a well tried interface, not anything new and fancy. As such, ABORTCON is also a superset of NSCONTROL KILSESS, since ABORTCON will work on *any* process that has a TCP connection, not just incoming VTSERVERs. This means *all* TCP users, i.e. all NS servers, FTP, host based telnet (not the DTC TAC/TEB one), all client-server applications running over TCP/IP, ODBC access servers, WWW clients and so on. Anything that uses TCP connections - doesn't matter whether the API in use is NetIPC or BSD.
--------------------------------------------------------------------------------
Usage - samples
Once installed in place, the utility is invoked by simply typing
:SHOWCONN
By default, all the sockets in the callers session process family are displayed:
:showconn
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM)
#S100 THU AUG 3 1995 21:44 31 MGR.TELESUP,PATCHXL
12.34.56.91 33335 vt utcind 113(VTSERVER.NET.SYS)
Total processes checked: 4
Processes with sockets : 1
Total sockets open : 1
--------------------------------------------------------------------------------
IP-addresses VS. node names
To translate IP-addresses to node names, make sure that the system has DNS resolver configured and that your nameserver is responding. Once it works, nodenames can be resolved by simply adding the keyword "name" as the third positional parameter - or using alternate syntax "name=on" - or by changing the default in SHOWCONN-script to be display nodenames.
:showconn;;name
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM) DNS-NODENAME
#S100 THU AUG 3 1995 21:44 31 MGR.TELESUP,PATCHXL
12.34.56.78 33335 vt utcind 113(VTSERVER.NET.SYS) sysname.cup.hp.com
Total processes checked: 4
Processes with sockets : 1
Total sockets open : 1
--------------------------------------------------------------------------------
Aborting a network connection
:showconn s46
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM)
#S46 THU MAR 21 1996 16:14 2 MANAGER.SYS,PUB
15.13.195.50 35568 vt utcind 44(VTSERVER.NET.SYS)
Total processes checked: 3
Processes with sockets : 1
Total sockets open : 1
:abortcon pin=44
16:14/#S46/64/LOGOFF ON LDEV #2.
** NS/3000 NetIPC ERROR IN VT; Job: #S46; PIN: 44; Info: 1
- Error: 39;
I.e., in most cases the connection aborts just fine and the session logs off. However, ocassionally you may also see the following behaviour:
:showconn
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM)
#S47 THU MAR 21 1996 16:19 2 MANAGER.SYS,PUB
15.13.195.50 35578 vt utcind 66(VTSERVER.NET.SYS)
15.28.88.182 vt 32773 utcond 57(VTSERVER.NET.SYS)
Total processes checked: 5
Processes with sockets : 2
Total sockets open : 2
:abortcon 57
:showconn
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM)
#S47 THU MAR 21 1996 16:19 2 MANAGER.SYS,PUB
15.13.195.50 35578 vt utcind 66(VTSERVER.NET.SYS)
15.28.88.182 vt 32773 utcona 57(VTSERVER.NET.SYS)
Total processes checked: 5
Processes with sockets : 2
Total sockets open : 2
I.e. it may seem that nothing happened. This is a case where the application (in this case VTSERVER) is not reading the network socket and thus did not get notified of an error (well, the message is there but he hasn't seen it yet). If you have a close look, you will notice that the socket FLAGS changed. At first execution of SHOWCONN, the flags were "utcond", i.e. user process, TCP connection socket, outgoing connection, netipc socket and in duplex open state.
After ABORTCON, the second SHOWCONN shows the same with the exception that the socket state has changed from "duplex open" to "connection aborted" state. As soon as the user does something that tries to use the the socket, the vtserver will see the error and terminate.
--------------------------------------------------------------------------------
Required MPE user capabilities
A user without special capabilities can see his/her session process family's sockets/connections only.
A user that has any of the following capabilities:
SM - System Manager
PM - Privileged Mode
OP - System Operator
NA - Network Administrator
NM - Node Manager
is allowed to display all sockets/connections on the system. This can be done by adding the second positional parameter "system" or alternatively "system=on" to the command:
:showconn;system
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM)
system process
sockrg spl-nu 57(SOCKREG.NET.SYS)
system process
vtr stl-nt 59(DSDAD.NET.SYS)
rpm stl-nt 59(DSDAD.NET.SYS)
vt stl-nt 59(DSDAD.NET.SYS)
ptop stl-nt 59(DSDAD.NET.SYS)
vta stl-nt 59(DSDAD.NET.SYS)
hpip stl-nt 59(DSDAD.NET.SYS)
rfa stl-nt 59(DSDAD.NET.SYS)
nsstat stl-nt 59(DSDAD.NET.SYS)
nft stl-nt 59(DSDAD.NET.SYS)
loopbk stl-nt 59(DSDAD.NET.SYS)
system process
127.0.0.1 32885 vt stcind 66(VTSERVER.NET.SYS)
system process
127.0.0.1 32886 vt stcind 92(VTSERVER.NET.SYS)
#S79 THU AUG 3 1995 11: 6 30 MANAGER.SYS,PUB
12.34.56.222 39846 vt utcind 45(VTSERVER.NET.SYS)
#S47 WED AUG 2 1995 20:29 32 MANAGER.SYS,PUB
12.13.111.22 1428 ftpcmd utcind 60(FTPSRVR.ARPA.SYS)
#S10 WED AUG 2 1995 16:23 34 EERO,MANAGER.SYS,PUB
12.13.111.44 1317 vta utcind 74(VTSERVER.NET.SYS)
12.111.22.33 vt 32867 utcond 77(VTSERVER.NET.SYS)
127.0.0.1 vt 32873 utcond 87(VTSERVER.NET.SYS)
12.43.123.23 vt 32875 utcond 85(VTSERVER.NET.SYS)
127.0.0.1 vt 32885 utcond 78(VTSERVER.NET.SYS)
127.0.0.1 vt 32886 utcond 82(VTSERVER.NET.SYS)
127.0.0.1 vt 32887 utcond 94(VTSERVER.NET.SYS)
12.34.56.78 vt 32900 utcond 118(VTSERVER.NET.SYS)
#S20 WED AUG 2 1995 18: 9 35 MANAGER.SYS,PUB
127.0.0.1 32873 vt utcind 86(VTSERVER.NET.SYS)
#S100 THU AUG 3 1995 21:44 31 MGR.TELESUP,PATCHXL
12.34.56.33 33335 vt utcind 113(VTSERVER.NET.SYS)
#J1 WED AUG 2 1995 16:57 10 FTPMON,FTP.SYS,ARPA
ftpcmd atl-nt 80(FTPMON.ARPA.SYS)
#J2 WED AUG 2 1995 17:38 10 HTTPD,MGR.WWW,PUB
80 atl-bt 79(HTTPDC.BIN.WWW)
detached process
snmp dud-nb 55(SNMP.NET.SYS)
snmptr dud-nb 55(SNMP.NET.SYS)
Total processes checked: 97
Processes with sockets : 19
Total sockets open : 29
--------------------------------------------------------------------------------
Flags-column
To decode all the flags in FLAGS-column, type:
:showconn help=on
FLAGS column usage:
Column 1 (process type):
a: Application (1st son of a CI)
u: User process (not the 1st son of a CI)
c: CI process
t: Task process
s: System process
d: Detached process
j: JSMAIN process
o: Other (unknown process type)
Column 2 (protocol):
t: TCP protocol
u: UDP protocol
p: PXP protocol
Column 3 (socket type):
l: Listening socket (call socket)
c: Connection socket
d: Datagram (UDP) socket
Column 4 (direction):
o: Outgoing connection (initiated by this process)
i: Incoming connection (received by this process)
-: No connection, listening socket
Column 5 (API in use):
n: NetIPC socket
b: BSD socket
Column 6 (socket state):
u: Undefined = undefined state
z: initialiZed = connection doesn't exist
c: Connecting = ipcconnect called, wait for ipcrecv
w: Wait_confirm = ipcrecvcn done, user must accept/reject
d: Duplex_open = connected, can send and recv data
i: simplex_In = graceful close, can only receive
o: simplex_Out = received graceful close, send only
l: cLosed = both parties closed, user must shut
a: conn_Aborted = connection aborted, user must shut
b: Bound = socket is bound to an address
t: lisTening = sk_listen has been called
s: Shut = sock shutdown or encountered an error
g: linGering = sock shutdown lingering pending
--------------------------------------------------------------------------------
Pin-parameter
Or, to zoom in a process and have as much info as this utility can give on a process, use the PIN-parameter:
:showconn pin=230
pin(program) : 230(VTSERVER.NET.SYS)
pin re-use count: 131
ldev/job/session: 74 #S2543 ,EERO.ARPAXL,LAURILA
scheduling info : CS priority 152
cpu time used : 29032 msec
process type : USR
start time : TUE OCT 24 1995 20:25:28.4
sockets in use : 1
============ SOCKET #1 ============
local
ip address : 12.34.56.78
node name : node1.cup.hp.com
socket address: vt (1537)
socket type : connection socket
socket protocl: TCP
socket state : Connected, can send and recv data
socket flags
select supported : FALSE
BSD socket : FALSE
catch all flag : FALSE
tcp msg mode : TRUE
connection initiator: FALSE
remote
ip address : 12.34.56.79
node name : node2.cup.hp.com
socket address: 1229
Total processes checked: 1
Processes with sockets : 1
Total sockets open : 1
--------------------------------------------------------------------------------
CI-variables
To make it easier to use this utility from a job, showconn will set a bunch of CI-variables to indicate the status of the last command execution. This way the user does not need to redirect command output into a file and then parse it's contents to figure out what happened. CI-variables set are:
Succesful command execution:
:showconn
JOBNUM INTRO DATE AND TIME LDEV USERNAME
REMOTE ADDRESS RPORT LPORT FLAGS PIN(PROGRAM)
#S2543 TUE OCT 24 1995 20:25 74 EERO.ARPAXL,LAURILA
12.34.123.45 1229 vt utcind 230(VTSERVER.NET.SYS)
Total processes checked: 9
Processes with sockets : 1
Total sockets open : 1
:showvar
HPSCSCRIPTVERSION = A.02.00.001
HPSCVERSION = A.01.00.000
HPSCERR = 0
HPSCERRTXT =
HPSCNUMPROCS = 9
HPSCNUMSOCKETS = 1
HPSCNUMSOCKOWNERS = 1
Failing command execution:
:showconn job=#j1
Job number #J1 does not exist. (SC ERROR 16)
:showvar
HPSCSCRIPTVERSION = A.02.00.001
HPSCVERSION = A.01.00.000
HPSCERR = 16
HPSCERRTXT = Job number #J1 does not exist. (SC ERROR 16)
HPSCNUMPROCS = 0
HPSCNUMSOCKETS = 0
HPSCNUMSOCKOWNERS = 0
--------------------------------------------------------------------------------
Components
There are two components to this utility. One is the command file SHOWCONN, which will take users command parameters and massage them into one string variable, info. The second component is a program file "SC", which gets invoked by the command file, which passes users parms in an info string to the program.
Note that there are two versions of the program and although externally they appear (almost) the same, the biggest internal difference is the fact that the 5.0 version of "SC"-program file calls some system internal routines directly since AIFPROCGET item 2149 does not exist on 5.0.
The 5.5 version works without making direct system calls as the AIFPROCGET item 2149 is there. By not calling internal system routines I can also provide the source for the 5.5 version. Feel free to improve the command - you've got the source!
Version numbers for SHOWCONN, ABORTCON scripts and the SC-program file:
A.01.00.001 - SC-program for MPE/iX 5.0 (older, first version on 5.0)
A.01.01.001 - SC-program for MPE/iX 5.0 (abortcon functionality added)
A.02.00.001 - SC-program for MPE/iX 5.5 (older, first version on 5.5)
A.02.01.001 - SC-program for MPE/iX 5.5 (abortcon functionality added)
A.02.00.001 - SHOWCONN CI-script for both MPE/iX 5.0 and 5.5
A.02.01.001 - ABORTCON CI-script for both MPE/iX 5.0 and 5.5
--------------------------------------------------------------------------------
Installation instructions
To install these utilities, copy the appropriate version to your machine and use mover to unpack the truck-file. For both 5.0 and 5.5 versions you'll receive the SHOWCONN and ABORTCON command files and the SC-program file (5.5 version has some additional stuff).
If you copy the command files (SHOWCONN and ABORTCON) and the SC-program file to some location that is on everyone's default command execution search path (see HPPATH variable) - and the program file is in location that everyone has execute access to, the commands will start working right away for all users. No re-boots, nothing. You may want to consider who'll you allow to use ABORTCON.
For example, all files could go in PUB.SYS on your machine. If the program file resides in some other group than what is in HPPATH, the command files needs to be edited to point to the program file.
Of course, in case of any of these filenames collides with an alredy existing program/command file/ UDC etc., appropriate renames and edits have to be done.
--------------------------------------------------------------------------------
To download the SHOWCONN/ABORTCON package for MPE/iX 5.0, click here for a tar archive (in 5.5 tar format), or here for a store-to-disk archive.
To download the SHOWCONN/ABORTCON package for MPE/iX 5.5, click here for a tar archive, or here for store-to-disk archive.
|
