1tcpaccept(8)                System Manager's Manual               tcpaccept(8)
2
3
4

NAME

6       tcpaccept.bt  -  Trace  TCP  passive  connections (accept()). Uses bpf‐
7       trace/eBPF
8

SYNOPSIS

10       tcpaccept.bt
11

DESCRIPTION

13       This tool traces passive TCP connections (eg, via an accept()  syscall;
14       connect() are active connections). This can be useful for general trou‐
15       bleshooting to see what new connections the local server is accepting.
16
17       This uses dynamic tracing of the kernel inet_csk_accept() socket  func‐
18       tion (from tcp_prot.accept), and will need to be modified to match ker‐
19       nel changes.
20
21       This tool only traces successful TCP accept()s. Connection attempts  to
22       closed  ports  will  not  be shown (those can be traced via other func‐
23       tions).
24
25       Since this uses BPF, only the root user can use this tool.
26

REQUIREMENTS

28       CONFIG_BPF and bpftrace.
29

EXAMPLES

31       Trace all passive TCP connections (accept()s):
32              # tcpaccept.bt
33
34
35       FIELDS
36
37       TIME(s)
38              Time of the call, in HH:MM:SS format.
39
40       PID    Process ID
41
42       COMM   Process name
43
44       RADDR  Remote IP address.
45
46       RPORT  Remote port.
47
48       LADDR  Local IP address.
49
50       LPORT  Local port
51
52       BL     Current accept backlog vs maximum backlog
53

OVERHEAD

55       This traces the kernel inet_csk_accept function and prints  output  for
56       each event.  The rate of this depends on your server application. If it
57       is a web or proxy server accepting many tens of  thousands  of  connec‐
58       tions per second, then the overhead of this tool may be measurable (al‐
59       though, still a lot better than tracing every packet). If  it  is  less
60       than  a thousand a second, then the overhead is expected to be negligi‐
61       ble. Test and understand this overhead before use.
62

SOURCE

64       This is from bpftrace
65
66              https://github.com/iovisor/bpftrace
67
68       Also look in the bpftrace distribution for  a  companion  _examples.txt
69       file containing example usage, output, and commentary for this tool.
70
71       This  is  a  bpftrace version of the bcc tool of the same name. The bcc
72       tool may provide more options and customizations.
73
74              https://github.com/iovisor/bcc
75

OS

77       Linux
78

STABILITY

80       Unstable - in development.
81

AUTHOR

83       Brendan Gregg, adapted for bpftrace by Dale Hamel
84

SEE ALSO

86       tcpconnect(8), funccount(8), tcpdump(8)
87
88
89
90USER COMMANDS                     2018-10-24                      tcpaccept(8)
Impressum