要找个工具来调查下unix域套接字的发送和接受情况,比如说A程序是否送出,B程序是否接收到,他找了tcpdump ,wireshark什么的,貌似都不支持。
这时候还是伟大的systemtap来救助了。 因为所有的socket通讯都是通过socket接口来的,任何family的通讯包括unix域套接都要走的,所以只要截获了socket 读写的几个syscall 就搞定了.
systemtap发行版本提供了个工具socktop, 位于 /usr/share/doc/systemtap/examples/network/socktop, 是个非常方便的工具, 干这个事情最合适了。
socktop源码里面的版权和简单的功能介绍:# Socktop systemtap script
# Copyright (C) 2006 IBM Corp.
#
# This file is part of systemtap, and is free software. You can
# redistribute it and/or modify it under the terms of the GNU General
# Public License (GPL); either version 2, or (at your option) any
# later version.
###
### socktop – Combination shell/systemtap script to track reads and writes
### on sockets by process. Can be filtered by process IDs and
### names, protocols, protocol families, users and socket type.
###
$ uname -r
2.6.18-164.el5
$ rpm -i kernel-debuginfo-common-2.6.18-164.el5.x86_64.rpm
$ rpm -i kernel-debuginfo-2.6.18-164.el5.x86_64.rpm
#使用帮助
$ /usr/share/doc/systemtap/examples/network/socktop -h
USAGE: socktop [-d] [-i interval] [-N num] [-P protocol]... [-f family]...
[-t stype]... [-n pname]... [-p pid]... [-u username]... [-h]
-d # print network device traffic (default: off)
-i interval # interval in seconds between printing (default: 5)
-N num # number of top processes and devices to print (default: 10)
-f family # this protocol family only (default: all)
-P protocol # this protocol only (default: all)
-t stype # this socket type only (default: all)
-n pname # this process name only (default: all)
-p pid # this process ID only (default: all)
-u username # this user only (default: all)
-c count # number of iteration
-m mod_name # generate instrumentation (but do not run)
-h # print this help text
Protocol Families:
LOCAL, INET, INET6, IPX, NETLINK, X25, AX25, ATMPVC, APPLETALK, PACKET
Protocols:
TCP, UDP, SCTP, IP, FC, ... (see /etc/protocols for complete list)
Socket Types:
STREAM, DGRAM, RAW, RDM, SEQPACKET, DCCP, PACKET
上面的使用写的很明白了,我们要过滤的是unix套接字, 每5秒报告下情况, 还顺手把网络设备的流量打出来。
$sudo /usr/share/doc/systemtap/examples/network/socktop -f LOCAL -i 5 -d
======================= Thu Mar 31 21:23:03 2011 ========================
------------------------------- PROCESSES -------------------------------
PID UID #SEND #RECV SEND_KB RECV_KB PROT FAMILY COMMAND
24821 50453 1 0 0 0 IP LOCAL crond
3840 0 0 2 0 0 IP LOCAL syslog-ng
-------------------------------- DEVICES --------------------------------
DEV #XMIT #RECV XMIT_KB RECV_KB
eth0 457 250 102 38
bond0 457 0 102 0
lo 24 24 2 2
eth1 0 10 0 0
=========================================================================
我们很清楚的看到了,crond在发,syslog-ng在收。
如果你想知道报文的内容的话,可以改改脚本把报文也dump出来。
2840
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
