当我在strace
(dig
)上运行strace dig google.com
时,没有正如您对DNS查询所期望的sendto
或recvfrom
系统调用。 dig
肯定在执行网络请求:我可以在Wireshark中看到查询。 strace
正在捕获socket
和close
系统调用。完整跟踪可在https://pastebin.com/aU816wLq获得,但我粘贴了以下相关部分:
futex(0x7f3e959bbe34, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f3e959bbf80, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f3e963f9290, FUTEX_WAKE_PRIVATE, 2147483647) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
close(3) = 0
socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 3
getsockname(3, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
close(3) = 0
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
close(3) = 0
futex(0x7f3e959bc3ac, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f3e959bbf08, FUTEX_WAKE_PRIVATE, 2147483647) = 0
mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e965c8000
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e9028f000
mprotect(0x7f3e9028f000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f3e90a8efb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3e90a8f9d0, tls=0x7f3e90a8f700, child_tidptr=0x7f3e90a8f9d0) = 3083
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e8fa8e000
mprotect(0x7f3e8fa8e000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f3e9028dfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3e9028e9d0, tls=0x7f3e9028e700, child_tidptr=0x7f3e9028e9d0) = 3084
brk(0x55fd6e9cd000) = 0x55fd6e9cd000
pipe([3, 4]) = 0
fcntl(3, F_GETFL) = 0 (flags O_RDONLY)
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
epoll_create(64) = 5
epoll_ctl(5, EPOLL_CTL_ADD, 3, {EPOLLIN, {u32=3, u64=3}}) = 0
mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e8f28d000
mprotect(0x7f3e8f28d000, 4096, PROT_NONE) = 0
clone(child_stack=0x7f3e8fa8cfb0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x7f3e8fa8d9d0, tls=0x7f3e8fa8d700, child_tidptr=0x7f3e8fa8d9d0) = 3085
open("/usr/share/locale/en_US.UTF-8/libdst.cat", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libdst.cat", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/libdst.cat", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libdst.cat", O_RDONLY) = -1 ENOENT (No such file or directory)
futex(0x7f3e963f9b20, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f3e963f9b24, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0x55fd6e9ee000) = 0x55fd6e9ee000
open("/usr/lib/ssl/openssl.cnf", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=10835, ...}) = 0
read(6, "#\n# OpenSSL example configuratio"..., 4096) = 4096
read(6, "Netscape crash on BMPStrings or "..., 4096) = 4096
read(6, " this to avoid interpreting an e"..., 4096) = 2643
read(6, "", 4096) = 0
close(6) = 0
futex(0x7f3e94c480a8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so", O_RDONLY|O_CLOEXEC) = 6
read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220T\0\0\0\0\0\0"..., 832) = 832
fstat(6, {st_mode=S_IFREG|0644, st_size=93280, ...}) = 0
mmap(NULL, 2188320, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f3e8f076000
mprotect(0x7f3e8f08b000, 2093056, PROT_NONE) = 0
mmap(0x7f3e8f28a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0x14000) = 0x7f3e8f28a000
close(6) = 0
mprotect(0x7f3e8f28a000, 4096, PROT_READ) = 0
open("/home/ubuntu-user/.digrc", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/resolv.conf", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=208, ...}) = 0
read(6, "# Dynamic resolv.conf(5) file fo"..., 4096) = 208
read(6, "", 4096) = 0
close(6) = 0
getppid() = 3080
rt_sigaction(SIGHUP, {0x7f3e957899e0, ~[RTMIN RT_1], SA_RESTORER, 0x7f3e9553f390}, NULL, 8) = 0
rt_sigsuspend([], 8) = ? ERESTARTNOHAND (To be restarted if no handler)
--- SIGTERM {si_signo=SIGTERM, si_code=SI_TKILL, si_pid=3082, si_uid=1000} ---
rt_sigreturn({mask=[HUP INT TERM]}) = -1 EINTR (Interrupted system call)
futex(0x55fd6df085a0, FUTEX_WAIT_PRIVATE, 2, NULL) = 0
futex(0x55fd6df085a0, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7f3e90a8f9d0, FUTEX_WAIT, 3083, NULL) = 0
write(4, "\0\0\0\0\377\377\377\377", 8) = 8
epoll_ctl(5, EPOLL_CTL_DEL, 3, 0x7fff8ed49d10) = 0
close(5) = 0
close(3) = 0
close(4) = 0
futex(0x7f3e965cf07c, FUTEX_WAKE_OP_PRIVATE, 1, 1, 0x7f3e965cf078, {FUTEX_OP_SET, 0, FUTEX_OP_CMP_GT, 1}) = 1
futex(0x7f3e965cf028, FUTEX_WAKE_PRIVATE, 1) = 1
munmap(0x7f3e8f076000, 2188320) = 0
munmap(0x7f3e965c8000, 266240) = 0
write(1, "\n; <<>> DiG 9.10.3-P4-Ubuntu <<>"..., 484) = 484
exit_group(0) = ?
+++ exited with 0 +++
我在那里看到clone
系统调用。 dig
是否在另一个进程中分叉和处理DNS查询?
版本:
strace -- version 4.11
DiG 9.10.3-P4-Ubuntu
Linux ubuntu 4.4.0-71-generic #92-Ubuntu SMP Fri Mar 24 12:59:01 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
答案 0 :(得分:2)
dig
进程正在创建线程。使用strace -f
关注它们。