Closed alongir closed 5 months ago
https://github.com/kubeshark/tracer/pull/24 can help for better debugging this issue.
Idea is to have circullar buffer tls_last.pcap
pipe alongside with existing tls.pcap
with different behaviour:
once reading of this new pipe is requested, for example:
find /var/lib/kubelet/pods/ -iname "tls_last.pcap" -exec cat {} > /home/docker/tls_last.pcap \;
tracer dumps all packets from the circular buffer and closes the pipe.
Current existing issues in tracer related to tls.pcap
:
broken pipe
error and doesn't reopens the pipe. So, if consumer reopens pipe - new packets can not be received till tracer restartI would propose some new packet interface between tracer and consumer, which can resolve above issues:
This can be, for example, unix socket with some simple protocol
https://github.com/kubeshark/tracer/pull/24 shows there's no issue with the tracer. It also provides confident int he tracer
implementation. Hopefully https://github.com/kubeshark/tracer/pull/25 will fix this one as well.
After running many tests, I come to the following conclusions:
pcap.tls
after a very long time.You can use this command for testing:
Hint: you can check the containers logs, to see the TLS payloads: