-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write readme and refactor some code #493
Merged
Merged
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
4ae4995
Refactor connection building code:
Cheny-chui 3087673
Refactor watch extra info code:
Cheny-chui 58c1952
add -a flag and print packets info to file
Cheny-chui f41863e
Merge branch 'develop' of https://github.com/Cheny-chui/lmp into develop
Cheny-chui 9dbda9f
add readme info
Cheny-chui 5dd3b8a
Merge branch 'linuxkerneltravel:develop' into develop
Cheny-chui 110f9f1
Update README.md
Cheny-chui File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,44 @@ | ||
| # eBPF-TCP-Watch | ||
| ## 介绍 | ||
| 基于目前已有eBPF小工具,以及linux网络协议栈相关探测点,该项目在主机空间实现以下功能: | ||
| ### 已完成 | ||
| - 搭建基础开发框架和自动编译管道。 | ||
| - 设计并实现TCP连接信息的记录 | ||
| - 设计并实现各个TCP连接发送与接收包信息的记录 | ||
| - 设计并实现TCP错误包信息的记录 | ||
| - 实现从TCP包中抽取HTTP信息并记录 | ||
| ### TODO | ||
| - 增加运行时参数以提升可用性 | ||
| ## 组织结构 | ||
| - tcpwatch.bpf.c:在各个内核探针点对TCP包信息、TCP连接信息以及各个包的HTTP1/1.1信息进行记录 | ||
| - tcpwatch.c: 对bpf.c文件中记录的信息进行输出 | ||
| - tcpwatch.h: 定义内核态与用户态程序共用的结构体 | ||
| - data/: | ||
| - connects.log:符合Prometheus格式的连接信息 | ||
| - err.log:符合Prometheus格式的错误包信息 | ||
| - packets.log:符合Prometheus格式的包信息 | ||
| - visual.py:暴露metrics接口给Prometheus,输出data文件夹下的所有信息 | ||
| ## 快速开始 | ||
| ### 安装依赖 | ||
| - OS: Ubuntu 22.04LTS | ||
| ```bash | ||
| sudo apt update | ||
| sudo apt install libbpf-dev clang llvm libelf-dev libpcap-dev gcc-multilib build-essential | ||
| git submodule update --init --recursive | ||
| ``` | ||
| ### 编译运行 | ||
| ```bash | ||
| make | ||
| sudo ./tcpwatch | ||
| ``` | ||
| ### 参数 | ||
| ```bash | ||
| Usage: tcpwatch [OPTION...] | ||
| Watch tcp/ip in network subsystem | ||
|
|
||
| - 记录TCP连接层面相关信息 | ||
| - 记录TCP包层面相关信息 | ||
| - 从TCP包中提取HTTP1/1.1相关信息 | ||
| - 暴露HTTP接口提供给Prometheus以进行可视化 | ||
|
|
||
| 项目开发规划: | ||
|
|
||
| - [x] 搭建基础开发框架和自动编译管道。 | ||
| - [x] 根据相关工具代码,设计并实现TCP连接信息的记录 | ||
| - [x] 根据相关工具代码,设计并实现各个TCP连接发送与接收包信息的记录 | ||
| - [ ] 更具相关工具代码,设计并实现TCP错误包信息的记录 | ||
| - [ ] 调查相关资料,实现从TCP包中抽取HTTP信息并记录 | ||
| - [ ] 讨论与Prometheus的连接方案并实现 | ||
| - [ ] 设计并添加工具的控制参数,提高工具的可用性 | ||
| - [ ] 编写相关文档 | ||
| -a, --all set to trace CLOSED connection | ||
| -d, --dport=DPORT trace this destination port only | ||
| -s, --sport=SPORT trace this source port only | ||
| -?, --help Give this help list | ||
| --usage Give a short usage message | ||
| ``` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| connection{sock="0xffff9ddca18cd780",src="10.0.2.15:56680",dst="220.181.38.149:80",backlog="0",maxbacklog="0",cwnd="10",ssthresh="2147483647",sndbuf="87040",wmem_queued="1280",rx="2.781K",tx="78",srtt="44112",duration="14882"} 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,3 @@ | ||
| packet{sock="",src="",dst="",ack="",seq="",mac_delay="",ip_delay="",tcp_delay=""} 0 | ||
| packet{sock="0xffff9ddca18cd780",comm="curl",seq="2779274508",ack="504640002",mac_time="1",ip_time="3",tcp_time="14",rx="0"} 0 | ||
| packet{sock="0xffff9ddca18cd780",comm="curl",seq="504640002",ack="2779274585",mac_time="45",ip_time="8",tcp_time="489",rx="1"} 0 | ||
| packet{sock="0xffff9ddca18cd780",comm="curl",seq="504642722",ack="2779274585",mac_time="37",ip_time="4",tcp_time="194",rx="1"} 0 |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个还是要保留呀,这个其实很重要
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
好的
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
可以分为: