1sslsnoop.bt(8) System Manager's Manual sslsnoop.bt(8)
2
3
4
6 sslsnoop.bt - Show SSL/TLS handshake events. Uses bpftrace/eBPF.
7
9 sslsnoop.bt
10
12 sslsnoop traces OpenSSL handshake functions, and shows latency and re‐
13 turn value. This can be used to analyze SSL/TLS performance.
14
15 This tool works by dynamic tracing the uprobes in OpenSSL and related
16 crypto libs, and may need updating to match future changes to these
17 functions.
18
19 Since this uses BPF, only the root user can use this tool.
20
22 CONFIG_BPF and bpftrace.
23
25 Trace SSL/TLS handshake events, printing per-line summaries:
26 # sslsnoop.bt
27
29 TIME(us)
30 Time of the call completion, in microseconds since program
31 start.
32
33 TID Thread ID.
34
35 COMM Process name.
36
37 LAT(us)
38 Latency of the call, in microseconds.
39
40 RET Return value of the call.
41
42 FUNC Function name.
43
45 SSL/TLS handshake usually contains network latency and the traced
46 crypto functions are CPU intensive tasks, so call frequency should be
47 low and the overhead of this tool is expected to be negligible.
48
50 This is from bpftrace.
51
52 https://github.com/iovisor/bpftrace
53
54 Also look in the bpftrace distribution for a companion _examples.txt
55 file containing example usage, output, and commentary for this tool.
56
57 There is a bcc tool sslsniff that can show SSL/TLS handshake event la‐
58 tency before sniffing the plaintext in SSL_read/write. This tool pro‐
59 vides more detailed crypto latency distribution during the handshake
60 event.
61
62 https://github.com/iovisor/bcc
63
65 Linux
66
68 Unstable - in development.
69
71 Tao Xu
72
74 biosnoop.bt(8)
75
76
77
78USER COMMANDS 2021-12-28 sslsnoop.bt(8)