{"id":15056993,"url":"https://github.com/asphaltt/socketrace","last_synced_at":"2025-04-10T05:07:30.204Z","repository":{"id":219593218,"uuid":"749423011","full_name":"Asphaltt/socketrace","owner":"Asphaltt","description":"socketrace is an eBPF-based tool to trace kernel socket events. License Apache 2.0 and GPL-2.0","archived":false,"fork":false,"pushed_at":"2024-11-07T14:17:57.000Z","size":778,"stargazers_count":36,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-10T05:07:23.348Z","etag":null,"topics":["ebpf","socket","socket-tracer","socketrace"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Asphaltt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-28T14:46:47.000Z","updated_at":"2025-04-07T14:40:03.000Z","dependencies_parsed_at":"2025-02-16T14:38:22.046Z","dependency_job_id":"39f0cd35-c4c5-45ea-9fc4-61216632d7e1","html_url":"https://github.com/Asphaltt/socketrace","commit_stats":null,"previous_names":["asphaltt/socketrace"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Fsocketrace","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Fsocketrace/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Fsocketrace/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Asphaltt%2Fsocketrace/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Asphaltt","download_url":"https://codeload.github.com/Asphaltt/socketrace/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248161273,"owners_count":21057555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","socket","socket-tracer","socketrace"],"created_at":"2024-09-24T21:59:50.215Z","updated_at":"2025-04-10T05:07:30.164Z","avatar_url":"https://github.com/Asphaltt.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n Copyright 2024 Leon Hwang.\n SPDX-License-Identifier: Apache-2.0\n--\u003e\n\n# socketrace: a generic socket tracer\n\n`socketrace` is an eBPF-based tool for tracing socket events in Linux kernel\nwith advanced filtering and aggregation capabilities. It allows you to\nintrospect of socket events in the kernel, no matter tcp/udp/unix domain/netlink\nsockets.\n\n## Running\n\n`socketrace` requires \u003e= 5.3 kernel to run. `--kprobe-way kprobe-multi` requires\n5.18 kernel.\n\n`debugfs` has to be mounted at `/sys/kernel/debug`. In case the directory is\nempty, it can be mounted with `mount -t debugfs none /sys/kernel/debug`.\n\nThe following kernel configs are required:\n\n| Option | kprobe-way | Note |\n| ------------------------ | ------------ | ---------------------------------------------------- |\n|CONFIG_DEBUG_INFO_BTF=y | both | available \u003e= 5.3 |\n|CONFIG_BPF=y | both | |\n|CONFIG_BPF_SYSCALL=y | both | |\n|CONFIG_KPROBES=y | both | |\n|CONFIG_FUNCTION_TRACER=y | kprobe-multi | /sys/kernel/debug/tracing/available_filter_functions |\n|CONFIG_FPROBE=y | kprobe-multi | available \u003e= 5.18 |\n\nYou can use `zgrep $OPTION /proc/config.gz` to check if the option is enabled.\n\n### Usage\n\n```bash\n$ ./socketrace -h\nUsage of ./socketrace:\n --filter-addr string filter IPv4 address\n --filter-funcs string filter functions with Go regexp, empty means all\n --filter-mark uint filter sock mark\n --filter-netns string filter network namespace\n --filter-pid uint filter process id\n --filter-port uint16 filter TCP/UDP port\n --filter-protocol string filter protocol, tcp, udp, icmp, empty means all\n --kprobe-way string specify kprobe way, kprobe or kprobe-multi, empty means auto detect\n --output-file string output file, empty means stdout\n --output-limit-lines uint limit output lines, 0 means no limit\n --output-sock-common output common socket information\n --output-sock-info output sock information\n --output-socket-info output socket information\n --output-stack output stack information\n```\n\n### Example\n\n```bash\n$ ./socketrace --output-limit-lines 10\n2024/01/28 14:30:11 Attaching kprobes (via kprobe-multi) to 1090 functions\n1090 / 1090 [----------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s\n2024/01/28 14:30:11 Attached kprobes (via kprobe-multi) to 1090 functions\n2024/01/28 14:30:11 Press Ctrl+C to stop\nCPU PROCESS FUNC\n5 926(sshd) aa_sk_perm 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) inet_send_prepare 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_sendmsg 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) lock_sock_nested 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_sendmsg_locked 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_rate_check_app_limited 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_send_mss 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_current_mss 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_established_options 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n5 926(sshd) tcp_stream_alloc_skb 192.168.64.2:22 -\u003e 192.168.64.1:55856 netns=4026531840 family=AF_INET6 protocol=IPPROTO_TCP\n2024/01/28 14:30:11 Detaching kprobes (via kprobe-multi) from 5 bpf links\n5 / 5 [---------------------------------------------------------------------------------------------------------------------------------------] 100.00% 13 p/s\n```\n\n## Developing\n\n### Dependencies\n\n- Go \u003e= 1.21.5\n- LLVM/clang \u003e= 12\n\n### Build\n\n```bash\nmake\n```\n\n## Acknowledgements\n\nThanks to [pwru](github.com/cilium/pwru). `socketrace` is inspired by `pwru`.\nAnd some of its source code is borrowed from `pwru`.\n\n## Licenses\n\n`socketrace` is licensed under the Apache 2.0 license. And its bpf code is licensed\nunder the GPL 2.0 license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasphaltt%2Fsocketrace","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasphaltt%2Fsocketrace","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasphaltt%2Fsocketrace/lists"}