1Demonstrations of undump.py, the Linux eBPF/bcc version. 2 3This example trace the kernel function performing receive AP_UNIX socket 4packet. Some example output: 5 6Terminal 1, UNIX Socket Server: 7 8``` 9$ nc -lU /var/tmp/dsocket 10# receive from Client 11Hello, World 12abcdefg 13``` 14 15Terminal 2, UNIX socket Client: 16 17``` 18$ nc -U /var/tmp/dsocket 19# Input some lines 20Hello, World 21abcdefg 22``` 23 24Terminal 3, receive tracing: 25 26``` 27$ sudo python undump.py -p 49264 28Tracing PID=49264 UNIX socket packets ... Hit Ctrl-C to end 29 30# Here print bytes of receive 31PID 49264 Recv 13 bytes 32 48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 0a 33PID 49264 Recv 8 bytes 34 61 62 63 64 65 66 67 0a 35``` 36 37This output shows two packet received by PID 49264(nc -lU /var/tmp/dsocket), 38`Hello, World` will be parsed as `48 65 6c 6c 6f 2c 20 57 6f 72 6c 64 0a`, the 39`0a` is `Enter`. `abcdefg` will be parsed as `61 62 63 64 65 66 67 0a`. 40