pwru

Requirements

pwru requires >= 5.3 kernel to run.
For --output-skb >= 5.9 kernel is required.
(Will auto-detect) For --backend=kprobe-multi >= 5.18 kernel is required.

Commands

Basic command that writes traces with tuple and skb information to a file:

pwru --output-tuple --output-skb --output-file packet.trace-1.txt 'tcp port 8080'

tcp port 8080 (TCP packets with source or destination port set to 8080) can be replaced with any pcap-filter. For example, src host 1.1.1.1 and tcp src port 443 can be used to trace packets received from 1.1.1.1:443 to diagnose RX path issues. However unlikely to happen, the src port 443 part of the expression excludes packets from 1.1.1.1 but sent to port 443.

Add --filter-func kfree_skb_reason --output-caller to find the function that called kfree_skb_reason(). If it does not provide sufficient information, try --output-stack instead of --output-caller.

Run with Docker

You can also run it in Docker with:

docker run --privileged --rm -t --pid=host -v /sys/kernel/debug/:/sys/kernel/debug/ cilium/pwru pwru --output-tuple 'tcp port 8080'

🪴 Zero's Garden

Explorer

pwru

Requirements

Commands

Run with Docker

Graph View

Table of Contents