一，工具简介

undump工具用于ump UNIX 套接字数据包。这需要对内核函数进行动态跟踪，并且需要更新以匹配内核的改动。

二，代码示例

#!/usr/bin/python
# @lint-avoid-python-3-compatibility-imports
#from __future__ import print_function
from bcc import BPF
from bcc.containers import filter_by_containers
from bcc.utils import printb
import argparse
from socket import inet_ntop, ntohs, AF_INET, AF_INET6
from struct import pack
from time import sleep
from datetime import datetime
import sys# 参数
examples = """examples:./undump           # trace/dump all UNIX packets./undump -p 181    # only trace/dump PID 181
"""
parser = argparse.ArgumentParser(description="Dump UNIX socket packets",formatter_class=argparse.RawDescriptionHelpFormatter,epilog=examples)parser.add_argument("-p", "--pid",help="trace this PID only")
args = parser.parse_args()# 定义BPF程序
bpf_text =