{"id":19176070,"url":"https://github.com/davaddi/skbtracer","last_synced_at":"2025-05-07T19:11:32.683Z","repository":{"id":46831711,"uuid":"393522296","full_name":"DavadDi/skbtracer","owner":"DavadDi","description":"skbtracer on ebpf","archived":false,"fork":false,"pushed_at":"2021-09-23T03:07:55.000Z","size":18,"stargazers_count":82,"open_issues_count":1,"forks_count":29,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-20T01:33:07.620Z","etag":null,"topics":["bcc","bpf","ebpf","network"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DavadDi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-06T22:51:47.000Z","updated_at":"2024-12-03T03:49:36.000Z","dependencies_parsed_at":"2022-08-21T03:10:41.399Z","dependency_job_id":null,"html_url":"https://github.com/DavadDi/skbtracer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavadDi%2Fskbtracer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavadDi%2Fskbtracer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavadDi%2Fskbtracer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DavadDi%2Fskbtracer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DavadDi","download_url":"https://codeload.github.com/DavadDi/skbtracer/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252940934,"owners_count":21828769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bcc","bpf","ebpf","network"],"created_at":"2024-11-09T10:27:06.187Z","updated_at":"2025-05-07T19:11:32.655Z","avatar_url":"https://github.com/DavadDi.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# skbtracer\n\nskbtracer 基于 ebpf 技术的 skb 网络包路径追踪利器, 实现代码基于 [BCC](https://github.com/iovisor/bcc) (required Linux Kernel 4.15+)\n\n## 使用样例\n\n```\nskbtracer.py # trace all packets\nskbtracer.py --proto=icmp -H 1.2.3.4 --icmpid 22 # trace icmp packet with addr=1.2.3.4 and icmpid=22\nskbtracer.py --proto=tcp -H 1.2.3.4 -P 22 # trace tcp packet with addr=1.2.3.4:22\nskbtracer.py --proto=udp -H 1.2.3.4 -P 22 # trace udp packet wich addr=1.2.3.4:22\nskbtracer.py -t -T -p 1 --debug -P 80 -H 127.0.0.1 --proto=tcp --kernel-stack --icmpid=100 -N 10000\n```\n\n运行效果\n\n```bash\n$ sudo ./skbtracer.py -c 100\ntime NETWORK_NS CPU INTERFACE DEST_MAC IP_LEN PKT_INFO TRACE_INFO\n[06:47:28 ][4026531992] 0 b'nil' 00042de08c77 196 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a594e0.0:b'ip_output'\n[06:47:28 ][4026531992] 0 b'eth0' 00042de08c77 196 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a594e0.0:b'ip_finish_output'\n[06:47:28 ][4026531992] 0 b'eth0' 00042de08c77 196 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a594e0.0:b'__dev_queue_xmit'\n[06:47:28 ][4026531992] 0 b'nil' 000439849c02 76 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ee0.0:b'ip_output'\n[06:47:28 ][4026531992] 0 b'eth0' 000439849c02 76 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ee0.0:b'ip_finish_output'\n[06:47:28 ][4026531992] 0 b'eth0' 000439849c02 76 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ee0.0:b'__dev_queue_xmit'\n[06:47:28 ][4026531992] 0 b'nil' 000429e08c77 228 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ae0.0:b'ip_output'\n[06:47:28 ][4026531992] 0 b'eth0' 000429e08c77 228 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ae0.0:b'ip_finish_output'\n[06:47:28 ][4026531992] 0 b'eth0' 000429e08c77 228 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ae0.0:b'__dev_queue_xmit'\n[06:47:28 ][4026531992] 0 b'nil' 000439e08c77 76 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ce0.0:b'ip_output'\n[06:47:28 ][4026531992] 0 b'eth0' 000439e08c77 76 T_ACK,PSH:172.17.0.14:22-\u003e101.87.140.43:18359 ffff8a7572a59ce0.0:b'ip_finish_output'\n```\n\n## 功能增强\n\n1. 调整基于抓取数量的实现(更加精准,避免了部分环境下异常被忽略)\n2. 增加了 ip 长度的字段\n3. 增加了运行 cpu 的字段\n\n本文代码来自于 [gist](https://gist.github.com/chendotjs/194768c411f15ecfec11e7235c435fa0\n)\n\n更通用的网络方案参见仓库 [WeaveWorks tcptracer-bpf](https://github.com/weaveworks/tcptracer-bpf)\n\n## 相关文档\n\n* [使用 ebpf 深入分析容器网络 dup 包问题](https://blog.csdn.net/alex_yangchuansheng/article/details/104058072)\n* [使用 Linux tracepoint、perf 和 eBPF 跟踪数据包 (2017)](https://github.com/DavadDi/bpf_study/blob/master/trace-packet-with-tracepoint-perf-ebpf/index_zh.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavaddi%2Fskbtracer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavaddi%2Fskbtracer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavaddi%2Fskbtracer/lists"}