1tcpdrop(8)                  System Manager's Manual                 tcpdrop(8)
2
3
4

NAME

6       tcpdrop.bt  -  Trace  kernel-based  TCP packet drops with details. Uses
7       Linux bpftrace/eBPF
8

SYNOPSIS

10       tcpdrop.bt
11

DESCRIPTION

13       This tool traces TCP packets or segments that were dropped by the  ker‐
14       nel,  and  shows details from the IP and TCP headers, the socket state,
15       and the kernel stack trace. This is useful for debugging cases of  high
16       kernel  drops,  which can cause timer-based retransmits and performance
17       issues.
18
19       This tool works using dynamic tracing of the  tcp_drop()  kernel  func‐
20       tion, which requires a recent kernel version.
21
22       This  tool  is  limited  to ipv4, and cannot parse tcpflags as bpftrace
23       currently cannot parse socket buffers in the way that bcc can.
24
25       Since this uses BPF, only the root user can use this tool.
26

REQUIREMENTS

28       CONFIG_BPF and bpftrace.
29

EXAMPLES

31       Trace all tcp drops:
32              # tcpdrop.bt
33
34
35       FIELDS
36
37       TIME   Time of the call, in HH:MM:SS format.
38
39       PID    Process ID that was on-CPU during the drop. This  may  be  unre‐
40              lated,  as drops can occur on the receive interrupt and be unre‐
41              lated to the PID that was interrupted.
42
43       COMM   Process name
44
45       SADDR  Source IP address.
46
47       SPORT  Source TCP port.
48
49       DADDR  Destination IP address.
50
51       DPORT  Destionation TCP port.
52
53       STATE  TCP session state ("ESTABLISHED", etc).
54

OVERHEAD

56       This traces the kernel tcp_drop() function, which should  be  low  fre‐
57       quency, and therefore the overhead of this tool should be negligible.
58
59       As  always,  test  and understand this tools overhead for your types of
60       workloads before production use.
61

SOURCE

63       This is from bpftrace
64
65              https://github.com/iovisor/bpftrace
66
67       Also look in the bpftrace distribution for  a  companion  _examples.txt
68       file containing example usage, output, and commentary for this tool.
69
70       This  is  a  bpftrace version of the bcc tool of the same name. The bcc
71       tool may provide more options and customizations.
72
73              https://github.com/iovisor/bcc
74

OS

76       Linux
77

STABILITY

79       Unstable - in development.
80

AUTHOR

82       Brendan Gregg, adapted for bpftrace by Dale Hamel
83

SEE ALSO

85       tcplife(8), tcpaccept(8), tcpconnect(8), tcptop(8)
86
87
88
89USER COMMANDS                     2018-11-24                        tcpdrop(8)
Impressum