tcpaccept - Trace TCP retransmits and TLPs. Uses Linux eBPF/bcc.
tcpaccept [-h] [-l]
This traces TCP retransmits, showing address, port, and TCP state information,
and sometimes the PID (although usually not, since retransmits are usually
sent by the kernel on timeouts). To keep overhead very low, only the TCP
retransmit functions are traced. This does not trace every packet (like
tcpdump(8) or a packet sniffer).
This uses dynamic tracing of the kernel tcp_retransmit_skb() and
tcp_send_loss_probe() functions, and will need to be updated to match kernel
changes to these functions.
Since this uses BPF, only the root user can use this tool.
CONFIG_BPF and bcc.
- Print usage message.
- Include tail loss probe attempts (in some cases the kernel
may not complete the TLP send).
- Trace TCP retransmits:
- # tcpretrans
- Trace TCP retransmits and TLP attempts:
- # tcpconnect -l
- Time of the retransmit.
- Process ID that was on-CPU. This is less useful than it
might sound, as it may usually be 0, for the kernel, for timer-based
- IP address family (4 or 6).
- Local IP address.
- Local port.
- Type of event: R> == retransmit, L> == tail loss
- Remote IP address.
- Remote port.
- TCP session state.
Should be negligible: TCP retransmit events should be low (<1000/s), and the
low overhead this tool adds to each event should make the cost negligible.
This is from bcc.
Also look in the bcc distribution for a companion _examples.txt file containing
example usage, output, and commentary for this tool.
Unstable - in development.