skbtracer

skbtracer 基于 ebpf 技术的 skb 网络包路径追踪利器，实现代码基于 BCC (required Linux Kernel 4.15+)

使用样例

skbtracer.py                                      # trace all packets
skbtracer.py --proto=icmp -H 1.2.3.4 --icmpid 22  # trace icmp packet with addr=1.2.3.4 and icmpid=22
skbtracer.py --proto=tcp  -H 1.2.3.4 -P 22        # trace tcp  packet with addr=1.2.3.4:22
skbtracer.py --proto=udp  -H 1.2.3.4 -P 22        # trace udp  packet wich addr=1.2.3.4:22
skbtracer.py -t -T -p 1 --debug -P 80 -H 127.0.0.1 --proto=tcp --kernel-stack --icmpid=100 -N 10000

运行效果

$ sudo ./skbtracer.py -c 100
time       NETWORK_NS   CPU    INTERFACE          DEST_MAC     IP_LEN PKT_INFO                                 TRACE_INFO
[06:47:28 ][4026531992] 0      b'nil'             00042de08c77 196    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a594e0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            00042de08c77 196    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a594e0.0:b'ip_finish_output'
[06:47:28 ][4026531992] 0      b'eth0'            00042de08c77 196    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a594e0.0:b'__dev_queue_xmit'
[06:47:28 ][4026531992] 0      b'nil'             000439849c02 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ee0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            000439849c02 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ee0.0:b'ip_finish_output'
[06:47:28 ][4026531992] 0      b'eth0'            000439849c02 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ee0.0:b'__dev_queue_xmit'
[06:47:28 ][4026531992] 0      b'nil'             000429e08c77 228    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ae0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            000429e08c77 228    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ae0.0:b'ip_finish_output'
[06:47:28 ][4026531992] 0      b'eth0'            000429e08c77 228    T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ae0.0:b'__dev_queue_xmit'
[06:47:28 ][4026531992] 0      b'nil'             000439e08c77 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ce0.0:b'ip_output'
[06:47:28 ][4026531992] 0      b'eth0'            000439e08c77 76     T_ACK,PSH:172.17.0.14:22->101.87.140.43:18359 ffff8a7572a59ce0.0:b'ip_finish_output'

功能增强

调整基于抓取数量的实现（更加精准，避免了部分环境下异常被忽略）
增加了 ip 长度的字段
增加了运行 cpu 的字段

本文代码来自于 gist

更通用的网络方案参见仓库 WeaveWorks tcptracer-bpf

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
LICENSE		LICENSE
README.md		README.md
iptables_trace_ex.py		iptables_trace_ex.py
skbtracer.c		skbtracer.c
skbtracer.py		skbtracer.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

skbtracer

使用样例

功能增强

相关文档

About

Releases

Packages

Languages

License

DavadDi/skbtracer

Folders and files

Latest commit

History

Repository files navigation

skbtracer

使用样例

功能增强

相关文档

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages