I-Yandex ishicilele ikhodi yomthombo yensiza ye-skbtrace, ehlinzeka ngamathuluzi okuqapha isitaki senethiwekhi nokulandelela ukusebenza kwenethiwekhi ku-Linux. Insiza isetshenziswa njengesengezo sohlelo lokususa iphutha oluguqukayo lwe-BPFtrace. Ikhodi ibhalwe ku-Go futhi isatshalaliswa ngaphansi kwelayisensi ye-MIT. Isekela i-Linux 4.14+ kernels kanye ne-BPFTrace 0.9.2+ toolkit.
Ngesikhathi sokusebenza, insiza ye-skbtrace ikhiqiza imibhalo ngolimi lwezinga eliphezulu lwe-BPFtrace eyenza ukulandelela okuguquguqukayo nokuhlaziya isikhathi sokwenziwa kwemisebenzi ehlobene nesitaki senethiwekhi ye-Linux namasokhethi enethiwekhi. Izikripthi zibe sezihunyushelwa kuzinhlelo zokusebenza ze-eBPF futhi zenziwa ezingeni le-kernel.
Ezicini ezithile ze-skbtrace, kunesilinganiso sesikhathi sokudlulisa iphakethe phakathi kwesixhumi esibonakalayo senethiwekhi engenayo nephumayo, isikhathi sokuphila soxhumano lwe-TCP kusukela ekutholeni i-SYN kuya ekufikeni kwe-FIN / RST, ukubambezeleka phakathi kwemicimbi ehlukene yokucubungula iphakethe, nesikhathi. ukuxoxisana noxhumano lwe-TCP. I-Skbtrace ingase futhi isetshenziselwe ukuthola ukudluliswa kabusha kwamaphakethe e-TCP, ngisho noma ehlanganiswe kwamanye amaphakethe, futhi enze njenge-analogue elula yensiza ye-tcpdump engahlaziya ukukhishwa kwezinqubo ezithile ze-kernel, njengokubiza i-kfree_skb ukuze ikhulule inkumbulo lapho amaphakethe ziyalahlwa.
Source: opennet.ru