https://github.com/asphaltt/ethtoolsnoop

ethtoolsnoop is an ethtool tracing tool based on Go+eBPF. License Apache 2.0
https://github.com/asphaltt/ethtoolsnoop

ebpf ethtool ethtoolsnoop

Last synced: 3 months ago
JSON representation

ethtoolsnoop is an ethtool tracing tool based on Go+eBPF. License Apache 2.0

• Host: GitHub
• URL: https://github.com/asphaltt/ethtoolsnoop
• Owner: Asphaltt
• License: apache-2.0
• Created: 2024-01-16T14:36:09.000Z (12 months ago)
• Default Branch: main
• Last Pushed: 2024-01-20T09:49:34.000Z (12 months ago)
• Last Synced: 2024-10-12T19:20:26.672Z (3 months ago)
• Topics: ebpf, ethtool, ethtoolsnoop
• Language: C
• Homepage:
• Size: 751 KB
• Stars: 6
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# ethtoolsnoop

`ethtoolsnoop` is a tool for tracing the execution of `ethtool`.

## Use example

```bash

# echo Execute `ethtool -i enp0s1; ethtool -l enp0s1; ethtool -g enp0s1` in another terminal.

# ./ethtoolsnoop

Interface             PID:Process                          IOCTL_CMD/GENL_CMD             ethtool args

enp0s1              11198:ethtool(parent 6373:zsh)         ETHTOOL_GDRVINFO               -d|--register-dump(Do a register dump), -e|--eeprom-dump(Do a EEPROM dump), -i|--driver(Show driver information)

enp0s1              11199:ethtool(parent 6373:zsh)         ETHTOOL_MSG_CHANNELS_GET       -l|--show-channels(Query Channels)

enp0s1              11200:ethtool(parent 6373:zsh)         ETHTOOL_MSG_RINGS_GET          -g|--show-ring(Query RX/TX ring parameters)

```

In the output:

- First column is the interface name.

- Second column is the PID and process name of the process that called

  `ethtool`'s `ioctl()` syscall or sent `ethtool`'s genetlink message, and the

  PID and process name of the parent process if the tracee process is `ethtool`.

- Third column is the underneath command for kernel to execute, including ways

  of `ioctl()` syscall and genetlink message.

- Fourth column is the arguments of `ethtool` command, which may be

  corresponding to the third column. *But this column maybe incomplete.*

## Download

Please download the latest release from this repo's release page.

`ethtoolsnoop` is expected to run on Linux kernel 5.2 and later with BTF support.

## Intenals

`ethtoolsnoop` uses `kprobe` on `dev_ethtool()` to trace the execution of

`ethtool`'s `ioctl()` syscall.

And it uses `kprobe` on `ethnl_default_doit()`, `ethnl_parse_header_dev_get()`

and `kretprobe` on `ethnl_parse_header_dev_get()` to trace the execution of

`ethtool`'s genetlink message.

## License

`ethtoolsnoop` is licensed under the Apache 2.0 license, and its bpf code is

licensed under the GPL 2.0 license.