因为它通过内核（Linux）的跟踪数据包 [英] Track a packet as it goes through the kernel (linux)

问题描述

我有被设置为使用IP的安全和机器的双机（让我们称之为A和B）已经被绑定到特定UDP端口本地计算机上的插座和轮询它常常看是否任何接收就可以了。

I have two machines which are set up to use Ip-Security and machine A (lets call them A and B) has a socket which is bound to a particular UDP port on the local machine and it polls it frequently to see if anything is received on it.

当我禁用IP安全，两台机器之间的数据经过很好，我发送和接收数据包的罚款。但基于IP的安全性时，该数据包不得到机器A套接字由计算机B发送的。

When I disable Ip-security, the data between the two machines goes through fine and I send and receive the packets fine. But when Ip-Security is enabled, the packet doesn't get to that socket on machine A sent by machine B.

我做了的tcpdump 双方的机器，我可以看到的（加密）数据包从主机B发送出去，并在机器A.但在那之后被接收，该分组进入内核和某处或者在分组的解密，或在某些其他阶段，该分组被丢弃。

I do a tcpdump on both the machines and I can see the (encrypted) packet being sent out from machine B and being received on machine A. But after that, the packet goes to the kernel and somewhere either in the decryption of the packet or at some other phase, the packet is dropped.

我希望能够跟踪分组作为它通过内核和，看看它被丢弃。有一些的/ proc ，我可以用这个目的是什么？我能想到的另一种方法是插入调试语句遍布内核，并重新编译它，然后再次尝试发送数据包并通过调试准备。

I want to be able to trace the packet as it goes through the kernel and to see where it is dropped. Is there some /proc that I can use for this purpose? The other method I can think of is to insert debug statements all over the kernel and recompile it and then try sending the packet again and going through the debug.

感谢，并为长消息抱歉，但它是必要的。

Thanks and sorry for the long message but it was necessary.

推荐答案

请参阅项目名为 SystemTap的。它允许你插入用户友好的脚本挂接到任何内核code，而不需要重新编译内核。例如：

Please refer to the project named SystemTap. It allows you to insert user-friendly scripts hooking into any kernel code, without recompiling the kernel. For example:

probe function("ip_rcv").call {
    printf("%d:   ->ip_rcv()\n", gettimeofday_ms()) 
}

这将发出一个内核打印在网络层的每一个接收到的数据包。当然，你需要阅读源从那里深入到网络堆栈跟踪。

It will emit a kernel print for every received packet in the network layer. Of course, you would need to read the sources to follow from there deeper into the network stack.

SystemTap中是很能干，相当记载有关可插入不同的挂钩。

SystemTap is very capable and quite documented about the various hooks that can be inserted.

这篇关于因为它通过内核（Linux）的跟踪数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！