如何尾标一个远程二进制文件? [英] How can I tail a remote binary file?

问题描述

我正在寻找一种方法来将Kubernetes pod上的二进制文件流式传输(尾巴")到本地计算机.

I'm looking for a way to stream ("tail") a binary file on a Kubernetes pod to my local machine.

我已经尝试过了:

kubectl exec -it app-service-58697cf7c9-nnzgh -c tcpdumper -- tail -f -c +0 /output.pcap

(tcpdumper只是围绕tcpdump的薄包装，在容器中作为辅助容器运行).

(tcpdumper is just a thin wrapper around tcpdump which runs as a helper container in the pod).

该几乎有效.运行此命令时，我可以在本地计算机上查看二进制数据流.

This almost works. I'm able to view a stream of binary data on my local machine when I run this command.

我在这里想要做的最终目标是，我想获取此pcap数据的二进制流并将其通过管道传输到在我的计算机上运行的Wireshark.那是行不通的，这是因为数据与Pod上写的数据不完全相同.

The end goal of what I'm trying to do here is that I'd like to take this binary stream of pcap data and pipe it to Wireshark running on my machine. That's what doesn't work, and it's because the data isn't exactly what's being written on the pod.

重要的不是这是Kubernetes，还是数据包捕获.问题似乎出在我如何使用tail流式传输这些数据.当我以这种方式执行此操作时，tail似乎会添加换行符.我认为这是因为tail并非旨在处理二进制数据.

What's relevant though isn't that this is Kubernetes, or that it's packet capture. The issue appears to be with how I'm streaming this data using tail; when I do this in this fashion, tail appears to add newline characters. I presume this is because tail is not intended to handle binary data.

如果直接在Pod上运行tcpdump，将其写入那里的.pcap文件，然后使用kubectl cp传输该文件，然后将该文件加载到Wireshark中，则它可以正常工作，并且我可以查看网络流量.我可以看到使用十六进制编辑器时，此方法与上面的tail方法之间的区别在于，经常会出现无关的字符("0xD"，这是换行符).

If I run tcpdump directly on the pod, write it to a .pcap file there, and then transfer that file using kubectl cp, and then load that file into Wireshark, it works and I can view the network traffic. I can see using a hex editor that the difference between this method and the tail method above is that there are extraneous characters ("0xD", which is the newline character) every so often.

有什么想法吗?

推荐答案

我不确定是什么原因导致tail随机插入换行符，并且我无法重现您的问题，但是我确实有几个想法:

I'm not sure what's causing tail to randomly insert newline chars, and I'm not in a position to reproduce your issue but I do have a couple of ideas:

1:在服务器上写入文件时，base64对文件进行编码，而在本地计算机上读取文件时，base64对文件进行解码.

1: base64 encode the file on the server as it's being written to, and base64 decode it as you read it on your local machine.

2:尝试写入fifo(mkfifo)，而不是写入文件，而不是拖尾.而不是写入文件.

2: Instead of writing to a file, try writing to a fifo (mkfifo), which you can simply cat, rather than tailing.

在不更好地了解您的情况的情况下，我无法真正聪明地谈论这些条件是否适用于您的情况，但认为它们值得一提.

Without knowing your situation better I can't really talk intelligently on whether or not these are applicable to your situation or not, but thought they'd be worth mentioning.

这篇关于如何尾标一个远程二进制文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！