1Demonstrations of tcpconnlat, the Linux eBPF/bcc version. 2 3 4This tool traces the kernel function performing active TCP connections 5(eg, via a connect() syscall), and shows the latency (time) for the connection 6as measured locally: the time from SYN sent to the response packet. 7For example: 8 9# ./tcpconnlat 10PID COMM IP SADDR DADDR DPORT LAT(ms) 111201 wget 4 10.153.223.157 23.23.100.231 80 1.65 121201 wget 4 10.153.223.157 23.23.100.231 443 1.60 131433 curl 4 10.153.223.157 104.20.25.153 80 0.75 141690 wget 4 10.153.223.157 66.220.156.68 80 1.10 151690 wget 4 10.153.223.157 66.220.156.68 443 0.95 161690 wget 4 10.153.223.157 66.220.156.68 443 0.99 172852 curl 4 10.153.223.157 23.101.17.61 80 250.86 1820337 python2.7 6 1234:ab12:2040:5020:2299:0:5:0 1234:ab12:20:9f1d:2299:dde9:0:f5 7001 62.20 1921588 nc 6 ::1 ::1 80 0.05 20[...] 21 22The first line shows a connection from the "wget" process to the IPv4 23destination address 23.23.100.231, port 80. This took 1.65 milliseconds: the 24time from the SYN to the response. 25 26TCP connection latency is a useful performance measure showing the time taken 27to establish a connection. This typically involves kernel TCP/IP processing 28and the network round trip time, and not application runtime. 29 30tcpconnlat measures the time from any connection to the response packet, even 31if the response is a RST (port closed). 32 33 34USAGE message: 35 36# ./tcpconnlat -h 37usage: tcpconnlat [-h] [-t] [-p PID] [-L] [-4 | -6] [-v] [duration_ms] 38 39Trace TCP connects and show connection latency 40 41positional arguments: 42 duration_ms minimum duration to trace (ms) 43 44optional arguments: 45 -h, --help show this help message and exit 46 -t, --timestamp include timestamp on output 47 -p PID, --pid PID trace this PID only 48 -L, --lport include LPORT on output 49 -4, --ipv4 trace IPv4 family only 50 -6 --ipv6 trace IPv6 family only 51 -v, --verbose print the BPF program for debugging purposes 52 53examples: 54 ./tcpconnlat # trace all TCP connect()s 55 ./tcpconnlat 1 # trace connection latency slower than 1 ms 56 ./tcpconnlat 0.1 # trace connection latency slower than 100 us 57 ./tcpconnlat -t # include timestamps 58 ./tcpconnlat -p 181 # only trace PID 181 59 ./tcpconnlat -L # include LPORT while printing outputs 60 ./tcpconnlat -4 # trace IPv4 family only 61 ./tcpconnlat -6 # trace IPv6 family only 62