Overview of BCC source code content (3)

Enterprise 2023-09-29 18:06:35 views: null

Continuing from the previous article: Overview of BCC source code content (2)

This article refers to the introduction in the Contents section of the official website.

The files in the BCC source code root directory, some of which are single files containing both C and Python, others are paired files of .c and .py, and some are directories.

Tracing

Files in the examples directory:

  • examples/tracing/task_switch.py

Count of task switches to and from PIDs.

  • examples/tracing/tcpv4connect.py

Track TCP IPv4 active connections.

The contents of the bcc/examples/tracing/tcpv4connect_example.txt file are as follows:

Demonstrations of tcpv4connect.py, the Linux eBPF/bcc version.


This example traces the kernel function performing active TCP IPv4 connections
(eg, via a connect() syscall; accept() are passive connections). Some example
output (IP addresses changed to protect the innocent):

# ./tcpv4connect.py
PID    COMM         SADDR            DADDR            DPORT
1479   telnet       127.0.0.1        127.0.0.1        23  
1469   curl         10.201.219.236   54.245.105.25    80  
1469   curl         10.201.219.236   54.67.101.145    80  

This output shows three connections, one from a "telnet" process and two from
"curl". The output details shows the source address, destination address,
and destination port. This traces attempted connections: these may have failed.

The overhead of this tool should be negligible, since it is only tracing the
kernel function performing a connect. It is not tracing every packet and then
filtering.

This is provided as a basic example of TCP tracing. See tools/tcpconnect for a
more featured version of this example (a tool).
  • examples/tracing/trace_fields.py

Simple example of printing fields from a tracking event.

  • examples/tracing/undump.py

Dump UNIX socket packages.

The contents of the bcc/examples/tracing/tundump_example.txt file are as follows:

Demonstrations of undump.py, the Linux eBPF/bcc version.

This example trace the kernel function performing receive AP_UNIX socket
packet. Some example output:

Terminal 1, UNIX Socket Server:

```
$ nc -lU /var/tmp/dsocket
# receive from Client
Hello, World
abcdefg
```

Terminal 2, UNIX socket Client:

```
$ nc -U /var/tmp/dsocket
# Input some lines
Hello, World
abcdefg
```

Terminal 3, receive tracing:

```
$ sudo python undump.py -p 49264
Tracing PID=49264 UNIX socket packets ... Hit Ctrl-C to end

# Here print bytes of receive
PID 49264 Recv 13 bytes
   48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 0a
PID 49264 Recv 8 bytes
   61 62 63 64 65 66 67 0a
```

This output shows two packet received by PID 49264(nc -lU /var/tmp/dsocket),
`Hello, World` will be parsed as `48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 0a`, the
`0a` is `Enter`. `abcdefg` will be parsed as `61 62 63 64 65 66 67 0a`.

Guess you like

Origin blog.csdn.net/phmatthaus/article/details/133158025
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com