Git Product home page Git Product logo

skbtracer's Introduction

skbtracer

skbtracer 基于 ebpf 技术的 skb 网络包路径追踪利器, 实现代码基于 BCC (required Linux Kernel 4.15+)

使用样例

skbtracer.py                                      # trace all packets
skbtracer.py --proto=icmp -H 1.2.3.4 --icmpid 22  # trace icmp packet with addr=1.2.3.4 and icmpid=22
skbtracer.py --proto=tcp  -H 1.2.3.4 -P 22        # trace tcp  packet with addr=1.2.3.4:22
skbtracer.py --proto=udp  -H 1.2.3.4 -P 22        # trace udp  packet wich addr=1.2.3.4:22
skbtracer.py -t -T -p 1 --debug -P 80 -H 127.0.0.1 --proto=tcp --kernel-stack --icmpid=100 -N 10000

运行效果

$ sudo ./skbtracer.py -c 100
time       NETWORK_NS   CPU    INTERFACE          DEST_MAC     IP_LEN PKT_INFO                                 TRACE_INFO
[06:47:28 ][4026531992] 0      b'nil'             00042de08c77 196    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a594e0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            00042de08c77 196    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a594e0.0:b'ip_finish_output'
[06:47:28 ][4026531992] 0      b'eth0'            00042de08c77 196    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a594e0.0:b'__dev_queue_xmit'
[06:47:28 ][4026531992] 0      b'nil'             000439849c02 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ee0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            000439849c02 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ee0.0:b'ip_finish_output'
[06:47:28 ][4026531992] 0      b'eth0'            000439849c02 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ee0.0:b'__dev_queue_xmit'
[06:47:28 ][4026531992] 0      b'nil'             000429e08c77 228    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ae0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            000429e08c77 228    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ae0.0:b'ip_finish_output'
[06:47:28 ][4026531992] 0      b'eth0'            000429e08c77 228    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ae0.0:b'__dev_queue_xmit'
[06:47:28 ][4026531992] 0      b'nil'             000439e08c77 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ce0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            000439e08c77 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ce0.0:b'ip_finish_output'

功能增强

  1. 调整基于抓取数量的实现(更加精准,避免了部分环境下异常被忽略)
  2. 增加了 ip 长度的字段
  3. 增加了运行 cpu 的字段

本文代码来自于 gist

更通用的网络方案参见仓库 WeaveWorks tcptracer-bpf

相关文档

skbtracer's People

Contributors

davaddi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

asphaltt wanngsanchao gameking0124 wanggancheng mathematrix zhxqgithub syzh yang-qiang august90dd yongchuanzhou cumirror hhyasdf jasonjoo2010 pengtaohe nuffins lijin-cxb pp861

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.