bindsnoop BCC tool (#2749)

bindsnoop BCC utility

bindsnoop tool traces the kernel function performing socket binding and
print socket options set before the system call invocation that might
impact bind behavior and bound interface

README.md

@@ -85,6 +85,7 @@ pair of .c and .py files, and some are directories of files.
 
 - tools/[argdist](tools/argdist.py): Display function parameter values as a histogram or frequency count. [Examples](tools/argdist_example.txt).
 - tools/[bashreadline](tools/bashreadline.py): Print entered bash commands system wide. [Examples](tools/bashreadline_example.txt).
+- tools/[bindsnoop](tools/bindsnoop.py): Trace IPv4 and IPv6 bind() system calls (bind()). [Examples](tools/bindsnoop_example.txt).
 - tools/[biolatency](tools/biolatency.py): Summarize block device I/O latency as a histogram. [Examples](tools/biolatency_example.txt).
 - tools/[biotop](tools/biotop.py): Top for disks: Summarize block device I/O by process. [Examples](tools/biotop_example.txt).
 - tools/[biosnoop](tools/biosnoop.py): Trace block device I/O with PID and latency. [Examples](tools/biosnoop_example.txt).

man/man8/bindsnoop.8

@@ -0,0 +1,144 @@
+.TH bindsnoop 8  "12 February 2020" "" ""
+.SH NAME
+bindsnoop \- Trace bind() system calls.
+.SH SYNOPSIS
+.B bindsnoop.py [\fB-h\fP] [\fB-w\fP] [\fB-t\fP] [\fB-p\fP PID] [\fB-P\fP PORT] [\fB-E\fP] [\fB-U\fP] [\fB-u\fP UID] [\fB--count\fP] [\fB--cgroupmap MAP\fP]
+.SH DESCRIPTION
+bindsnoop reports socket options set before the bind call that would impact this system call behavior.
+.PP
+.SH REQUIREMENTS
+CONFIG_BPF and bcc.
+.SH
+OPTIONS:
+.RS
+.TP
+Show help message and exit:
+.TP
+.B
+\fB-h\fP, \fB--help\fP
+.TP
+Include timestamp on output:
+.TP
+.B
+\fB-t\fP, \fB--timestamp\fP
+.TP
+Wider columns (fit IPv6):
+.TP
+.B
+\fB-w\fP, \fB--wide\fP
+.TP
+Trace this PID only:
+.TP
+.B
+\fB-p\fP PID, \fB--pid\fP PID
+.TP
+Comma-separated list of ports to trace:
+.TP
+.B
+\fB-P\fP PORT, \fB--port\fP PORT
+.TP
+Trace cgroups in this BPF map:
+.TP
+.B
+\fB--cgroupmap\fP MAP
+.TP
+Include errors in the output:
+.TP
+.B
+\fB-E\fP, \fB--errors\fP
+.TP
+Include UID on output:
+.TP
+.B
+\fB-U\fP, \fB--print-uid\fP
+.TP
+Trace this UID only:
+.TP
+.B
+\fB-u\fP UID, \fB--uid\fP UID
+.TP
+Count binds per src ip and port:
+.TP
+.B
+\fB--count\fP
+.RE
+.PP
+.SH
+EXAMPLES:
+.RS
+.TP
+Trace all IPv4 and IPv6 \fBbind\fP()s
+.TP
+.B
+bindsnoop
+.TP
+Include timestamps
+.TP
+.B
+bindsnoop \fB-t\fP
+.TP
+Trace PID 181
+.TP
+.B
+bindsnoop \fB-p\fP 181
+.TP
+Trace port 80
+.TP
+.B
+bindsnoop \fB-P\fP 80
+.TP
+Trace port 80 and 81
+.TP
+.B
+bindsnoop \fB-P\fP 80,81
+.TP
+Include UID
+.TP
+.B
+bindsnoop \fB-U\fP
+.TP
+Trace UID 1000
+.TP
+.B
+bindsnoop \fB-u\fP 1000
+.TP
+Report bind errors
+.TP
+.B
+bindsnoop \fB-E\fP
+.TP
+Count bind per src ip
+.TP
+.B
+bindsnoop \fB--count\fP
+.RE
+.PP
+Trace IPv4 and IPv6 bind system calls and report socket options that would impact bind call behavior:
+.RS
+.TP
+SOL_IP IP_FREEBIND              F\.\.\.\.
+.TP
+SOL_IP IP_TRANSPARENT           \.T\.\.\.
+.TP
+SOL_IP IP_BIND_ADDRESS_NO_PORT  \.\.N\.\.
+.TP
+SOL_SOCKET SO_REUSEADDR         \.\.\.R.
+.TP
+SOL_SOCKET SO_REUSEPORT         \.\.\.\.r
+.PP
+SO_BINDTODEVICE interface is reported as "IF" index
+.SH SOURCE
+This is from bcc.
+.IP
+https://github.com/iovisor/bcc
+.PP
+Also look in the bcc distribution for a companion _examples.txt file containing
+example usage, output, and commentary for this tool.
+.SH OS
+Linux
+.SH STABILITY
+Unstable - in development.
+.SH AUTHOR
+Pavel Dubovitsky
+.SH SEE ALSO
+tcpaccept(8)

tests/python/test_tools_smoke.py

@@ -74,6 +74,10 @@ def test_argdist(self):
     def test_bashreadline(self):
         self.run_with_int("bashreadline.py")
 
+    @skipUnless(kernel_version_ge(4,4), "requires kernel >= 4.4")
+    def test_bindsnoop(self):
+        self.run_with_int("bindsnoop.py")
+
     def test_biolatency(self):
         self.run_with_duration("biolatency.py 1 1")