37 lines
789 B
Plaintext
Executable File
37 lines
789 B
Plaintext
Executable File
#!/usr/bin/env bpftrace
|
|
/*
|
|
* undump Trace unix domain socket package receive.
|
|
* For Linux, uses bpftrace and eBPF.
|
|
*
|
|
* Also a basic example of bpftrace.
|
|
*
|
|
* This is a bpftrace version of the bcc examples/tracing of the same name.
|
|
*
|
|
* USAGE: undump.bt
|
|
*
|
|
* Copyright 2022 CESTC, Inc.
|
|
* Licensed under the Apache License, Version 2.0 (the "License")
|
|
*
|
|
* 22-May-2022 Rong Tao Created this.
|
|
*/
|
|
#ifndef BPFTRACE_HAVE_BTF
|
|
#include <linux/skbuff.h>
|
|
#endif
|
|
|
|
BEGIN
|
|
{
|
|
printf("Dump UNIX socket packages RX. Ctrl-C to end\n");
|
|
printf("%-8s %-16s %-8s %-8s %-s\n", "TIME", "COMM", "PID", "SIZE", "DATA");
|
|
}
|
|
|
|
kprobe:unix_stream_read_actor
|
|
{
|
|
$skb = (struct sk_buff *)arg0;
|
|
time("%H:%M:%S ");
|
|
printf("%-16s %-8d %-8d %r\n", comm, pid, $skb->len, buf($skb->data, $skb->len));
|
|
}
|
|
|
|
END
|
|
{
|
|
}
|