13

Open source Linux debugging tool focuses on IPC

 4 years ago
source link: http://linuxgizmos.com/open-source-debugging-tool-focuses-on-ipc/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Open source Linux debugging tool focuses on IPC

Feb 10, 2021 — by Eric Brown

— 962 views

guardicore_ipcdump_screen-thm.jpgGuardicore has released an open source debugging tool called “IPCDump” for tracing and visualizing interprocess communication on Linux. Features include tracing IPC between short-lived processes.

Guardicore, which defines itself as the “the segmentation company disrupting the legacy firewall market,” announced the availability of IPCDump, an open source debugging tool for Linux interprocess communication (IPC). The Alpha-stage. GitHub-hosted software has been tested with Ubuntu 18.04 LTS and 20.04 LTS.

IPCDump covers IPC mechanisms such as pipes, fifos, signals, Unix sockets, loopback-based networking, and pseudoterminals. It can also be used for debugging multi-process applications “and gaining transparency into how they communicate with one another in their IT environment,” says Guardicore. The tool is said to achieve this goal by “tracing both the metadata and contents of apps’ communication.”

IPCDump screenshot showing filtering by events reaching systemd-resolve
(click image to enlarge)

IPCDump can also be used to explore how business apps communicate with internal and external systems. The tool helps developers avoid the tedious task of checking port numbers against netstat manually when tracking the creation and destruction of short-lived processes, says the company. This sort of process tracking is said to be difficult using traditional debugging tools like strace or gdb.

Key features of IPCDump include:

  • Support for pipes and FIFOs
  • Loopback IPC
  • Signals (regular and real-time)
  • Unix streams and datagrams
  • Pseudoterminal-based IPC
  • Event filtering based on process PID or name
  • Human-friendly or JSON-formatted output

IPCDump is based on BPF. The tool collects data primarily from using BPF hooks placed on kprobes and tracepoints.

Guardicore created IPCDump in-house in the development of its cross-platform, enterprise focused Guardicore Centra Security Platform. “IPCDump is the natural byproduct of our talented R&D team’s efforts to push the technical boundaries of our segmentation platform,” stated Guardicore VP of Research Ofri Ziv. “Rather than let it go to waste, our team wanted to show our commitment to the development and security communities by sharing a useful open source debugging tool.”

Further information

Guardicore’s IPCDump is available for free download in Alpha stage on this GitHub page. More information may be found in Guardicore’s blog announcement.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK