android13/external/bcc/tools/tcpconnlat_example.txt

Demonstrations of tcpconnlat, the Linux eBPF/bcc version.


This tool traces the kernel function performing active TCP connections
(eg, via a connect() syscall), and shows the latency (time) for the connection
as measured locally: the time from SYN sent to the response packet.
For example:

# ./tcpconnlat
PID    COMM         IP SADDR            DADDR            DPORT LAT(ms)
1201   wget         4  10.153.223.157   23.23.100.231    80    1.65
1201   wget         4  10.153.223.157   23.23.100.231    443   1.60
1433   curl         4  10.153.223.157   104.20.25.153    80    0.75
1690   wget         4  10.153.223.157   66.220.156.68    80    1.10
1690   wget         4  10.153.223.157   66.220.156.68    443   0.95
1690   wget         4  10.153.223.157   66.220.156.68    443   0.99
2852   curl         4  10.153.223.157   23.101.17.61     80    250.86
20337  python2.7    6  1234:ab12:2040:5020:2299:0:5:0 1234:ab12:20:9f1d:2299:dde9:0:f5 7001  62.20
21588  nc           6  ::1              ::1              80    0.05
[...]

The first line shows a connection from the "wget" process to the IPv4
destination address 23.23.100.231, port 80. This took 1.65 milliseconds: the
time from the SYN to the response.

TCP connection latency is a useful performance measure showing the time taken
to establish a connection. This typically involves kernel TCP/IP processing
and the network round trip time, and not application runtime.

tcpconnlat measures the time from any connection to the response packet, even
if the response is a RST (port closed).


USAGE message:

# ./tcpconnlat -h
usage: tcpconnlat [-h] [-t] [-p PID] [-L] [-4 | -6] [-v] [duration_ms]

Trace TCP connects and show connection latency

positional arguments:
  duration_ms        minimum duration to trace (ms)

optional arguments:
  -h, --help         show this help message and exit
  -t, --timestamp    include timestamp on output
  -p PID, --pid PID  trace this PID only
  -L, --lport        include LPORT on output
  -4, --ipv4         trace IPv4 family only
  -6  --ipv6         trace IPv6 family only
  -v, --verbose      print the BPF program for debugging purposes

examples:
    ./tcpconnlat           # trace all TCP connect()s
    ./tcpconnlat 1         # trace connection latency slower than 1 ms
    ./tcpconnlat 0.1       # trace connection latency slower than 100 us
    ./tcpconnlat -t        # include timestamps
    ./tcpconnlat -p 181    # only trace PID 181
    ./tcpconnlat -L        # include LPORT while printing outputs
    ./tcpconnlat -4        # trace IPv4 family only
    ./tcpconnlat -6        # trace IPv6 family only