Yandex Company has published the source texts of the SKBTrace providing tools to track the operation of the network stack and tracing the execution of network operations in Linux. The utility is implemented in the form of a superstructure over the BPFTRACE dynamic debug system. The code is written in GO and extends under the MIT license. Supported work with Linux 4.14+ kernels and with BPFTRACE 0.9.2+ .
During the operation, the SkBTrace utility generates scripts on the high-level BPFTRACE language, carrying out dynamic tracing and analysis of the execution time of operations associated with the Linux network stack and network sockets. Scripts are then broadcast in the form of EBPF applications and are performed at the kernel level.
SkbTrace’s specific features noted Measurement of packet transfer time between the incoming and outgoing network interface, the TCP connection time from receiving SYN before the FIN / RST arrival, delays between different package processing events, time to match the TCP connection. SkbTrace can also Applies Detection of TCP packet re-transmission, even if they are encapsulated in Other packages, and as a simple analogue of the TCPDUMP utility capable of analyzing the execution of some kernel procedures, such as KFREE_SKB call to free up memory when packets are discarded.