Linux bcc/eBPF tcpdrop
Brendan Gregg
MAY 31, 2018
While debugging a production issue of kernel-based TCP packet drops, I remembered seeing a new function added in Linux 4.7 by Eric Dumazet (Google) called tcp_drop(), which I can trace using kprobes and bcc/eBPF. This lets me fetch extra context to explain why these drops are happening. Eg: # tcpdrop. TIME PID IP SADDR:SPORT > DADDR:DPORT STATE (FLAGS) 05:46:07 82093 4 10.74.40.245:50010 > 10.74.40.245:58484 ESTABLISHED (ACK) tcp_drop+0x1 tcp_rcv_established+0x1d5 tcp_v4_do_rcv+0x141 tcp_v4_rcv+
Let's personalize your content