• BCC源码内容概览(3)

    接前一篇文章:BCC源码内容概览(2)

    本文参考官网中的Contents部分的介绍。

    BCC源码根目录的文件,其中一些是同时包含C和Python的单个文件,另一些是.c和.py的成对文件,还有一些是目录。

    跟踪(Tracing)

    examples目录下的文件:

    • examples/tracing/task_switch.py

    从PIDs切换出和切换到的任务切换计数。

    • examples/tracing/tcpv4connect.py

    跟踪TCP IPv4活动连接。

    bcc/examples/tracing/tcpv4connect_example.txt文件内容如下:

    1. Demonstrations of tcpv4connect.py, the Linux eBPF/bcc version.
    2.  
    3.  
    4. This example traces the kernel function performing active TCP IPv4 connections
    5. (eg, via a connect() syscall; accept() are passive connections). Some example
    6. output (IP addresses changed to protect the innocent):
    7.  
    8. # ./tcpv4connect.py
    9. PID    COMM         SADDR            DADDR            DPORT
    10. 1479   telnet       127.0.0.1        127.0.0.1        23  
    11. 1469   curl         10.201.219.236   54.245.105.25    80  
    12. 1469   curl         10.201.219.236   54.67.101.145    80  
    13.  
    14. This output shows three connections, one from a "telnet" process and two from
    15. "curl". The output details shows the source address, destination address,
    16. and destination port. This traces attempted connections: these may have failed.
    17.  
    18. The overhead of this tool should be negligible, since it is only tracing the
    19. kernel function performing a connect. It is not tracing every packet and then
    20. filtering.
    21.  
    22. This is provided as a basic example of TCP tracing. See tools/tcpconnect for a
    23. more featured version of this example (a tool).
    • examples/tracing/trace_fields.py

    打印跟踪事件中的字段的简单示例。

    • examples/tracing/undump.py

    转储UNIX套接字包。

    bcc/examples/tracing/tundump_example.txt文件内容如下:

    1. Demonstrations of undump.py, the Linux eBPF/bcc version.
    2.  
    3. This example trace the kernel function performing receive AP_UNIX socket
    4. packet. Some example output:
    5.  
    6. Terminal 1, UNIX Socket Server:
    7.  
    8. ```
    9. $ nc -lU /var/tmp/dsocket
    10. # receive from Client
    11. Hello, World
    12. abcdefg
    13. ```
    14.  
    15. Terminal 2, UNIX socket Client:
    16.  
    17. ```
    18. $ nc -U /var/tmp/dsocket
    19. # Input some lines
    20. Hello, World
    21. abcdefg
    22. ```
    23.  
    24. Terminal 3, receive tracing:
    25.  
    26. ```
    27. $ sudo python undump.py -p 49264
    28. Tracing PID=49264 UNIX socket packets ... Hit Ctrl-C to end
    29.  
    30. # Here print bytes of receive
    31. PID 49264 Recv 13 bytes
    32.    48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 0a
    33. PID 49264 Recv 8 bytes
    34.    61 62 63 64 65 66 67 0a
    35. ```
    36.  
    37. This output shows two packet received by PID 49264(nc -lU /var/tmp/dsocket),
    38. `Hello, World` will be parsed as `48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 0a`, the
    39. `0a` is `Enter`. `abcdefg` will be parsed as `61 62 63 64 65 66 67 0a`.

  • 相关阅读:
    计算机二级Python题目13
    在中国,技术到底有多有用?
    英国 AI 安全峰会前瞻:为什么是现在,为什么在英国
    2023-11-rust-struct
    前后端跨域常用解决方案
    net-java-php-python-大学生互助旅游网站修改计算机毕业设计程序
    爱上算法,迷人的两度搜索,深度优先(DFS)和广度优先(BFS)
    文本标注工具doccano 中上传dataset无法成功
    80/10/10 饮食法:到底是健康饮食还是危险时尚?
    CMAK Kafka可视化管理工具
  • 原文地址:https://blog.csdn.net/phmatthaus/article/details/133158025