tools/tcpconnect: add option -c to count connects

[boat0]

Add -c to count all active connections per dest ip/port so we can
easily spot the heavy outbound connection attempts.

# ./tcpconnect.py -c
Tracing connect ... Hit Ctrl-C to end
^C
LADDR                 RADDR:RPORT             CONNECTS
192.168.10.50    <-> 172.217.21.194:443         70
192.168.10.50    <-> 172.213.11.195:443         34
192.168.10.50    <-> 172.212.22.194:443         21
[...]

[yonghong-song]

[buildbot, test this please]

[yonghong-song]

[buildbot, ok to test]

[yonghong-song]

Could you use "connections" here, which is more common usage, instead of "connects"? Same for below several other cases.

[boat0]

"connects" may be more accurate than connections in this context? because we inspect the connect actions, not any already established connections.

[yonghong-song]

We could use "new connections" or "connects". I guess "connect" okay which is short and also captures the essence.

[yonghong-song]

It should be source ip + dest ip/port?

[boat0]

yes. will fix it

[yonghong-song]

The above to calculate ipv6 src/dest addresses are not correct. Do you have environment to test it?

[boat0]

copy and paste error. will fix it.

[yonghong-song]

Thanks for the fix. I have one more request for this.
On an ipv6 machine, I got:

-bash-4.4$ sudo ./tcpconnect.py -c
Tracing connect ... Hit Ctrl-C to end
^C
LADDR                     RADDR:RPORT               CONNECTS  
127.0.0.1            <-> 127.0.0.1:1456                5
127.0.0.1            <-> 127.0.0.1:2377                1
2401:db00:1120:405d:face:0:1d:0 <-> 2401:db00:1120:4190:face:0:3d:0:6969         22
2401:db00:1120:405d:face:0:1d:0 <-> 2401:db00:1120:6067:face:0:39:0:6969         18
2401:db00:1120:405d:face:0:1d:0 <-> 2401:db00:1120:405d:face:0:1d:0:4330          2
::1                  <-> ::1:16262                     2
...

You can see ipv4 and ipv6 addresses are printed differently.
ip4 address/port like 127.0.0.1:1456 looks okay with only one : as the separator.
ipv6 address/port separation is not really clear.
Could you print RADDR and RPORT separately just like plain tccconnect.py does?

[brendangregg]

FWIW, I would not want to see this behavior added to all the tools. That the tools are (or were) simple and have a single function is a benefit that aids learning, and makes them double as code examples. I'd add switches like this only when necessary.

[boat0]

FWIW, I would not want to see this behavior added to all the tools. That the tools are (or were) simple and have a single function is a benefit that aids learning, and makes them double as code examples. I'd add switches like this only when necessary.

Got your point. Plan is to integrate various BCC tools into production monitoring systems. So '-c' will make tcpconnect(maybe other tools as well) more efficient and more succinct. Personally I think this feature will be useful to others too.

[boat0]

You can see ipv4 and ipv6 addresses are printed differently.
ip4 address/port like 127.0.0.1:1456 looks okay with only one : as the separator.
ipv6 address/port separation is not really clear.
Could you print RADDR and RPORT separately just like plain tccconnect.py does?

OK. Resubmitted.

[yonghong-song]

Looks good. Thanks!