1*387f9dfdSAndroid Build Coastguard WorkerDemonstrations of sofdsnoop, the Linux eBPF/bcc version. 2*387f9dfdSAndroid Build Coastguard Worker 3*387f9dfdSAndroid Build Coastguard Workersofdsnoop traces FDs passed through unix sockets 4*387f9dfdSAndroid Build Coastguard Worker 5*387f9dfdSAndroid Build Coastguard Worker# ./sofdsnoop.py 6*387f9dfdSAndroid Build Coastguard WorkerACTION TID COMM SOCKET FD NAME 7*387f9dfdSAndroid Build Coastguard WorkerSEND 2576 Web Content 24:socket:[39763] 51 /dev/shm/org.mozilla.ipc.2576.23874 8*387f9dfdSAndroid Build Coastguard WorkerRECV 2576 Web Content 49:socket:[809997] 51 9*387f9dfdSAndroid Build Coastguard WorkerSEND 2576 Web Content 24:socket:[39763] 58 N/A 10*387f9dfdSAndroid Build Coastguard WorkerRECV 2464 Gecko_IOThread 75:socket:[39753] 55 11*387f9dfdSAndroid Build Coastguard Worker 12*387f9dfdSAndroid Build Coastguard WorkerEvery file descriptor that is passed via unix sockets os displayed 13*387f9dfdSAndroid Build Coastguard Workeron separate line together with process info (TID/COMM columns), 14*387f9dfdSAndroid Build Coastguard WorkerACTION details (SEND/RECV), file descriptor number (FD) and its 15*387f9dfdSAndroid Build Coastguard Workertranslation to file if available (NAME). 16*387f9dfdSAndroid Build Coastguard Worker 17*387f9dfdSAndroid Build Coastguard WorkerThe file descriptor (fd) value is bound to a process. The SEND 18*387f9dfdSAndroid Build Coastguard Workerlines display the fd value within the sending process. The RECV 19*387f9dfdSAndroid Build Coastguard Workerlines display the fd value of the sending process. That's why 20*387f9dfdSAndroid Build Coastguard Workerthere's translation to name only on SEND lines, where we are 21*387f9dfdSAndroid Build Coastguard Workerable to find it in task proc records. 22*387f9dfdSAndroid Build Coastguard Worker 23*387f9dfdSAndroid Build Coastguard WorkerThis works by tracing sendmsg/recvmsg system calls to provide 24*387f9dfdSAndroid Build Coastguard Workerthe socket fds, and scm_send_entry/scm_detach_fds to provide 25*387f9dfdSAndroid Build Coastguard Workerthe file descriptor details. 26*387f9dfdSAndroid Build Coastguard Worker 27*387f9dfdSAndroid Build Coastguard WorkerA -T option can be used to include a timestamp column, 28*387f9dfdSAndroid Build Coastguard Workerand a -n option to match on a command name. Regular 29*387f9dfdSAndroid Build Coastguard Workerexpressions are allowed. For example, matching commands 30*387f9dfdSAndroid Build Coastguard Workercontaining "server" with timestamps: 31*387f9dfdSAndroid Build Coastguard Worker 32*387f9dfdSAndroid Build Coastguard Worker# ./sofdsnoop.py -T -n Web 33*387f9dfdSAndroid Build Coastguard WorkerTIME(s) ACTION TID COMM SOCKET FD NAME 34*387f9dfdSAndroid Build Coastguard Worker0.000000000 SEND 2576 Web Content 24:socket:[39763] 51 /dev/shm/org.mozilla.ipc.2576.25404 (deleted) 35*387f9dfdSAndroid Build Coastguard Worker0.000413000 RECV 2576 Web Content 49:/dev/shm/org.mozilla.ipc.2576.25404 (deleted) 51 36*387f9dfdSAndroid Build Coastguard Worker0.000558000 SEND 2576 Web Content 24:socket:[39763] 58 N/A 37*387f9dfdSAndroid Build Coastguard Worker0.000952000 SEND 2576 Web Content 24:socket:[39763] 58 socket:[817962] 38*387f9dfdSAndroid Build Coastguard Worker 39*387f9dfdSAndroid Build Coastguard Worker 40*387f9dfdSAndroid Build Coastguard WorkerA -p option can be used to trace only selected process: 41*387f9dfdSAndroid Build Coastguard Worker 42*387f9dfdSAndroid Build Coastguard Worker# ./sofdsnoop.py -p 2576 -T 43*387f9dfdSAndroid Build Coastguard WorkerTIME(s) ACTION TID COMM SOCKET FD NAME 44*387f9dfdSAndroid Build Coastguard Worker0.000000000 SEND 2576 Web Content 24:socket:[39763] 51 N/A 45*387f9dfdSAndroid Build Coastguard Worker0.000138000 RECV 2576 Web Content 49:N/A 5 46*387f9dfdSAndroid Build Coastguard Worker0.000191000 SEND 2576 Web Content 24:socket:[39763] 58 N/A 47*387f9dfdSAndroid Build Coastguard Worker0.000424000 RECV 2576 Web Content 51:/dev/shm/org.mozilla.ipc.2576.25319 (deleted) 49 48*387f9dfdSAndroid Build Coastguard Worker 49*387f9dfdSAndroid Build Coastguard WorkerUSAGE message: 50*387f9dfdSAndroid Build Coastguard Workerusage: sofdsnoop.py [-h] [-T] [-p PID] [-t TID] [-n NAME] [-d DURATION] 51*387f9dfdSAndroid Build Coastguard Worker 52*387f9dfdSAndroid Build Coastguard WorkerTrace file descriptors passed via socket 53*387f9dfdSAndroid Build Coastguard Worker 54*387f9dfdSAndroid Build Coastguard Workeroptional arguments: 55*387f9dfdSAndroid Build Coastguard Worker -h, --help show this help message and exit 56*387f9dfdSAndroid Build Coastguard Worker -T, --timestamp include timestamp on output 57*387f9dfdSAndroid Build Coastguard Worker -p PID, --pid PID trace this PID only 58*387f9dfdSAndroid Build Coastguard Worker -t TID, --tid TID trace this TID only 59*387f9dfdSAndroid Build Coastguard Worker -n NAME, --name NAME only print process names containing this name 60*387f9dfdSAndroid Build Coastguard Worker -d DURATION, --duration DURATION 61*387f9dfdSAndroid Build Coastguard Worker total duration of trace in seconds 62*387f9dfdSAndroid Build Coastguard Worker 63*387f9dfdSAndroid Build Coastguard Workerexamples: 64*387f9dfdSAndroid Build Coastguard Worker ./sofdsnoop # trace passed file descriptors 65*387f9dfdSAndroid Build Coastguard Worker ./sofdsnoop -T # include timestamps 66*387f9dfdSAndroid Build Coastguard Worker ./sofdsnoop -p 181 # only trace PID 181 67*387f9dfdSAndroid Build Coastguard Worker ./sofdsnoop -t 123 # only trace TID 123 68*387f9dfdSAndroid Build Coastguard Worker ./sofdsnoop -d 10 # trace for 10 seconds only 69*387f9dfdSAndroid Build Coastguard Worker ./sofdsnoop -n main # only print process names containing "main" 70