| Demonstrations of tcpconnlat, the Linux eBPF/bcc version. |
| |
| |
| This tool traces the kernel function performing active TCP connections |
| (eg, via a connect() syscall), and shows the latency (time) for the connection |
| as measured locally: the time from SYN sent to the response packet. |
| For example: |
| |
| # ./tcpconnlat |
| PID COMM IP SADDR DADDR DPORT LAT(ms) |
| 1201 wget 4 10.153.223.157 23.23.100.231 80 1.65 |
| 1201 wget 4 10.153.223.157 23.23.100.231 443 1.60 |
| 1433 curl 4 10.153.223.157 104.20.25.153 80 0.75 |
| 1690 wget 4 10.153.223.157 66.220.156.68 80 1.10 |
| 1690 wget 4 10.153.223.157 66.220.156.68 443 0.95 |
| 1690 wget 4 10.153.223.157 66.220.156.68 443 0.99 |
| 2852 curl 4 10.153.223.157 23.101.17.61 80 250.86 |
| 20337 python2.7 6 1234:ab12:2040:5020:2299:0:5:0 1234:ab12:20:9f1d:2299:dde9:0:f5 7001 62.20 |
| 21588 nc 6 ::1 ::1 80 0.05 |
| [...] |
| |
| The first line shows a connection from the "wget" process to the IPv4 |
| destination address 23.23.100.231, port 80. This took 1.65 milliseconds: the |
| time from the SYN to the response. |
| |
| TCP connection latency is a useful performance measure showing the time taken |
| to establish a connection. This typically involves kernel TCP/IP processing |
| and the network round trip time, and not application runtime. |
| |
| tcpconnlat measures the time from any connection to the response packet, even |
| if the response is a RST (port closed). |
| |
| |
| USAGE message: |
| |
| # ./tcpconnlat -h |
| usage: tcpconnlat [-h] [-t] [-p PID] [min_ms] |
| |
| Trace TCP connects and show connection latency |
| |
| positional arguments: |
| min_ms minimum duration to trace, in ms (default 0) |
| |
| optional arguments: |
| -h, --help show this help message and exit |
| -t, --timestamp include timestamp on output |
| -p PID, --pid PID trace this PID only |
| |
| examples: |
| ./tcpconnlat # trace all TCP connect()s |
| ./tcpconnlat -t # include timestamps |
| ./tcpconnlat -p 181 # only trace PID 181 |
| ./tcpconnlat 1 # only show connects longer than 1 ms |
| ./tcpconnlat 0.1 # only show connects longer than 100 us |
| ./tcpconnlat -v # Show the BPF program |