13
2
I have two Linux processes communicating via a nameless pipe. How can monitor the traffic in the pipe? How can I inject data into the pipe? I have root access and know the pipe inode.
jackhab
Posted 2010-12-14T15:10:17.023
Reputation: 2 176
monitor interprocess pipe traffic
Answers
7
A nameless pipe is by nature private to the applications that have the file descriptor. There's no principled way to observe or modify the traffic on the pipe. I don't think there's a way to look at the pipe directly on Linux, either.
There is an unprincipled way of more or less doing what you're after, though: through the ptrace system call. You wouldn't be tacking onto the pipe per se, but onto one of the processes. For observation, use strace, e.g.
strace -p1234 -s99999 -e write
where 1234 is the process ID of a process that writes on the pipe. Modifying the data is harder, but can be done. I think the easiest way would be to first set up an intermediate process that copies its standard input to its standard output, plus the data you want to inject (and minus any data you want to suppress). Create two named pipes and start that intermediate process with stdin on one pipe and stdout on the other. Then use a debugger (e.g. GDB) to make both target processes execute open on the appropriate named pipe, then dup to place the pipe on the appropriate file descriptor. Note that there's a chance you'll crash one of the processes in the process.
(If you don't understand the last paragraph, I'm sorry, but it does require a certain level of technicity. I don't think there is an easier way.)
Gilles 'SO- stop being evil'
Posted 2010-12-14T15:10:17.023
Reputation: 58 319
2
Some tools useful for monitoring a pipe :
For an already-running program where one doesn't control the piping, see the gdb method:
Redirecting Output from a Running Process.
Or one can use strace :
strace -ewrite -p $PID 2>&1 | grep "write(1"
shows only descriptor 1 calls. "2>&1" is to redirect stderr to stdout, as strace writes to stderr by default.
harrymc
Posted 2010-12-14T15:10:17.023
Reputation: 306 093
1What I meant is wiretapping to the pipe of already running process. Process A launches process B and talks with it via a pipe so I have no way to use proxy utilities like tee or pv. – jackhab – 2010-12-16T07:21:07.733
Added some more methods. – harrymc – 2010-12-16T09:03:41.953
Rather than using grep, you can specify "-e write=1" to limit the output to data written to fd 1. – William Pursell – 2011-07-19T14:12:03.493
Thanks, I understand. What I actually tried is going to /proc/$PID/fd, where I found the file entries for the unnamed pipes of one of the processes and I managed to read and data using simple cat and echo in the shell, but the behavior somewhat inconsistent. I need to investigate further. – jackhab – 2010-12-16T07:18:07.127
1@jackhab: Oh, I thought it didn't work for pipes. But as you found out it won't help you that much for monitoring traffic, because each byte from the producer will go to exactly one consumer and you can't control whether your monitor or the actual consumer will get it. You should be able to inject data that way then. – Gilles 'SO- stop being evil' – 2010-12-16T08:09:46.150