\u672c\u6587\u8ba8\u8bba\u7684\u95ee\u9898\u6709\u660e\u786e\u7684\u8fb9\u754c\u6761\u4ef6\uff1a<\/p>\n
\u8fd9\u4e2a\u573a\u666f\u7684\u5173\u952e\u5728\u4e8e\uff1atcpdump\u7684\u67b6\u6784\u6027\u5c40\u9650<\/strong>\u51b3\u5b9a\u4e86\u5b83\u5728\u67d0\u4e9b\u573a\u666f\u4e0b\u4e0d\u662f\u201c\u53c2\u6570\u8c03\u4e00\u8c03\u5c31\u80fd\u89e3\u51b3\u201d\u7684\u95ee\u9898\u3002<\/p>\n tcpdump\u57fa\u4e8elibpcap\uff0c\u5de5\u4f5c\u5728\u7f51\u7edc\u5c42\u6216\u6570\u636e\u94fe\u8def\u5c42\u3002\u5b83\u7684\u6293\u5305\u70b9\u5728\u7f51\u5361\u9a71\u52a8\u6536\u5230\u539f\u59cb\u5e27\u4e4b\u540e\u3001\u5185\u6838\u534f\u8bae\u6808\u5904\u7406\u4e4b\u524d\uff1a<\/p>\n \u5bf9\u4e8eIPSec\u96a7\u9053\u573a\u666f\uff0cESP\u534f\u8bae\u7684\u4f4d\u7f6e\u5728\u8fd9\u91cc\uff1a<\/p>\n ESP\u5305\u5bf9tcpdump\u6765\u8bf4\u662f\u201c\u5df2\u7ecf\u52a0\u5bc6\u7684\u4e1c\u897f\u201d\uff0c\u5b83\u53ea\u80fd\u544a\u8bc9\u4f60\u201c\u6709ESP\u5305\u201d\uff0c\u65e0\u6cd5\u8fd8\u539f\u51fa\u539f\u59cb\u7684TCP\/HTTP\u5c42\u5185\u5bb9\u3002<\/p>\n \u6280\u672f\u5224\u65ad<\/strong>\uff1a\u5982\u679c\u5728IPSec\u7f51\u5173\u4e0d\u53ef\u63a7\u7684\u73af\u5883\u4e0b\uff08\u5927\u591a\u6570\u573a\u666f\uff09\uff0ctcpdump\u6c38\u8fdc\u53ea\u80fd\u770b\u5230ESP\u5c42\u3002<\/p>\n \u73b0\u4ee3\u7f51\u5361\u6709TCP\/UDP\u6821\u9a8c\u5378\u8f7d\uff08Checksum Offload\uff09\u548c\u5206\u7247\u5378\u8f7d\uff08GSO\/TSO\uff09\u3002\u8fd9\u4f1a\u5bfc\u81f4\u4e00\u4e2a\u7ecf\u5178\u95ee\u9898\uff1atcpdump\u5728\u9a71\u52a8\u5c42\u6293\u5230\u7684\u5305\uff0c\u548c\u5b9e\u9645\u7f51\u5361\u53d1\u51fa\u7684\u5305\u4e0d\u4e00\u6837<\/strong>\u3002<\/p>\n \u5f53\u4f60\u7528 \u5173\u952e\u8bc1\u636e<\/strong>\uff1a\u5728\u5f00\u542fGSO\u7684\u73af\u5883\u4e0b\uff0ctcpdump\u53ef\u80fd\u770b\u4e0d\u5230\u5b9e\u9645\u7f51\u5361\u53d1\u9001\u7684\u5206\u7247\uff0c\u8fd9\u4f1a\u5bfc\u81f4\u8bef\u5224\u4e22\u5305\u539f\u56e0\u3002<\/p>\n tcpdump\u7684\u6293\u5305\u8def\u5f84\u4f1a\u89e6\u53d1\u591a\u6b21\u5185\u5b58\u62f7\u8d1d\uff1a<\/p>\n \u572810Gbps\u4ee5\u4e0a\u94fe\u8def\u6216\u9ad8\u5e76\u53d1\u573a\u666f\uff0c\u8fd9\u4e2a\u8def\u5f84\u4f1a\u6210\u4e3aCPU\u74f6\u9888\uff0c\u4e25\u91cd\u65f6\u751a\u81f3\u4e22\u5305\u3002<\/p>\n eBPF\u7a0b\u5e8f\u901a\u8fc7\u9a8c\u8bc1\u5668\u540e\u8fd0\u884c\u5728\u5185\u6838\u7a7a\u95f4\uff0c\u53ef\u4ee5attach\u5230\u5185\u6838\u51fd\u6570\u3001tracepoint\u3001USDT\u63a2\u9488\u7b49\u4f4d\u7f6e\u3002\u5bf9\u4e8e\u7f51\u7edc\u6392\u969c\uff0c\u5173\u952e\u80fd\u529b\u662f\uff1a<\/p>\n tcpdump\u6293\u4e0d\u5230\u52a0\u5bc6\u6d41\u91cf\uff0c\u4f46TCP\u5c42\u7684\u91cd\u4f20\u4e8b\u4ef6\u53d1\u751f\u5728\u52a0\u5bc6\u5c42\u4e4b\u4e0b\uff0ceBPF\u53ef\u4ee5\u76f4\u63a5\u8ffd\u8e2a\uff1a<\/p>\n \u8fd9\u4e2a\u811a\u672c\u76f4\u63a5hook \u5982\u679c\u6000\u7591\u662fESP\u52a0\u5bc6CPU\u6253\u6ee1\uff0c\u53ef\u4ee5\u7528\u8fd9\u4e2a\u65b9\u6cd5\u8bc4\u4f30\uff1a<\/p>\n \u65b9\u6848\u53d6\u820d<\/strong>\uff1a\u5982\u679c\u4e1a\u52a1\u5e26\u5bbd\u662f1Gbps\uff0c\u800c\u5355\u6838\u53ea\u80fd\u5904\u7406500Mbps\u7684AES-256-GCM\uff0c\u8bf4\u660e\u74f6\u9888\u5728\u52a0\u5bc6CPU\u3002\u4f46\u5982\u679c\u5355\u6838\u80fd\u5904\u74062Gbps\u4ee5\u4e0a\uff0c\u8bf4\u660e\u95ee\u9898\u4e0d\u5728\u52a0\u5bc6\u5c42\u3002<\/p>\n \u6d4b\u8bd5\u73af\u5883\uff1aIntel Xeon Gold 6248R, 48\u6838, 10Gbps\u7f51\u5361, CentOS 8, \u5185\u68385.4.189\u3002\u6d4b\u8bd5\u65b9\u6cd5\u662f\u6293\u53d6\u6307\u5b9a\u6d41\u91cf\u6301\u7eed30\u79d2\uff0c\u7528mpstat\u76d1\u63a7CPU\u4f7f\u7528\u7387\u3002<\/p>\n \u6280\u672f\u5224\u65ad<\/strong>\uff1a\u57281Gbps\u4ee5\u4e0a\u6d41\u91cf\u573a\u666f\uff0ctcpdump\u7684CPU\u5f00\u9500\u5df2\u7ecf\u4e0d\u53ef\u63a5\u53d7\uff0c\u4e14\u5b58\u5728\u4e22\u5305\u98ce\u9669\u3002eBPF\u7684\u96f6\u62f7\u8d1d\u67b6\u6784\u662f\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u7684\u6b63\u786e\u65b9\u5411\u3002<\/p>\n \u8fb9\u754c\u6761\u4ef6<\/strong>\uff1aeBPF\u7a0b\u5e8f\u5982\u679c\u5199\u5f97\u6709\u95ee\u9898\uff08\u6b7b\u5faa\u73af\u3001\u5185\u5b58\u6cc4\u6f0f\uff09\uff0c\u4f1a\u5bfc\u81f4\u5185\u6838\u4e0d\u7a33\u5b9a\u3002\u56e0\u6b64\u5728\u751f\u4ea7\u73af\u5883\u4f7f\u7528\u524d\u5fc5\u987b\u5148\u5728\u6d4b\u8bd5\u73af\u5883\u9a8c\u8bc1\u3002<\/p>\n \u9009eBPF<\/strong>\u3002\u7406\u7531\uff1a<\/p>\n \u9009tcpdump + \u5185\u6838\u53c2\u6570\u8c03\u4f18<\/strong>\u3002\u7406\u7531\uff1a<\/p>\n \u65b9\u6848\u53d6\u820d<\/strong>\uff1a\u8fd9\u4e0d\u662f\u201ceBPF\u7684\u95ee\u9898\u201d\uff0c\u800c\u662f\u201c\u5728\u7ea6\u675f\u6761\u4ef6\u4e0b\u9009\u4e86\u6700\u5408\u9002\u7684\u65b9\u6848\u201d\u3002\u65e7\u5185\u6838\u73af\u5883\u4e0b\u5f3a\u884c\u7528eBPF\u53ef\u80fd\u5bfc\u81f4\u529f\u80fd\u4e0d\u5b8c\u6574\u6216\u7a33\u5b9a\u6027\u95ee\u9898\u3002<\/p>\n \u9009tcpdump\u7684ring buffer\u6a21\u5f0f<\/strong>\uff0c\u4e0d\u505a\u5168\u91cf\u6293\u5305\uff1a<\/p>\n \u6ce8\u610f<\/strong>\uff1a\u8fd9\u4e2a\u573a\u666f\u4e0btcpdump\u662f\u201c\u7c97\u7b5b\u201d\u5de5\u5177\uff0c\u76ee\u6807\u662f\u7f29\u5c0f\u95ee\u9898\u8303\u56f4\uff0c\u800c\u4e0d\u662f\u5b9a\u4f4d\u6839\u56e0\u3002<\/p>\n \u9a8c\u6536\u6807\u51c6\uff1a<\/p>\n \u9a8c\u6536\u6807\u51c6\uff1a<\/p>\n \u65e0\u8bba\u9009\u54ea\u4e2a\u5de5\u5177\uff0c\u90fd\u8981\u4fdd\u7559\u8fd9\u4e2a\u515c\u5e95\u80fd\u529b\uff1a<\/p>\n \u8fd9\u662f\u6700\u540e\u4e00\u9053\u9632\u7ebf\u2014\u2014\u5373\u4f7f\u6240\u6709\u5de5\u5177\u90fd\u5931\u6548\uff0c\u8fd9\u4e9b\u6570\u5b57\u4e0d\u4f1a\u9a97\u4eba\u3002<\/p>\n \u6280\u672f\u5224\u65ad<\/strong>\uff1a\u5728IPSec VPN\u573a\u666f\u4e0b\uff0ctcpdump\u53ea\u80fd\u544a\u8bc9\u4f60\u201c\u6d41\u91cf\u6d3b\u7740\u201d\uff0c\u4f46\u4e0d\u80fd\u544a\u8bc9\u4f60\u201c\u5e94\u7528\u5c42\u5728\u53d1\u751f\u4ec0\u4e48\u201d\u3002eBPF\u662f\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u7684\u6b63\u786e\u5de5\u5177\uff0c\u4f46\u524d\u63d0\u662f\u5185\u6838\u7248\u672c\u548c\u56e2\u961f\u80fd\u529b\u6ee1\u8db3\u8981\u6c42\u3002\u5982\u679c\u4e0d\u6ee1\u8db3\uff0c\u5148\u7528\/proc\/net\/snmp\u548cethtool\u628a\u95ee\u9898\u7f29\u5c0f\u8303\u56f4\uff0c\u518d\u51b3\u5b9a\u662f\u5426\u9700\u8981\u4e0aeBPF\u3002<\/p>\n \u5de5\u5177\u9009\u578b\u4ece\u6765\u4e0d\u662f\u201c\u54ea\u4e2a\u66f4\u5f3a\u201d\uff0c\u800c\u662f\u201c\u54ea\u4e2a\u66f4\u5408\u9002\u201d\u3002<\/p>","protected":false},"excerpt":{"rendered":" \u5728IPSec VPN\u96a7\u9053\u573a\u666f\u4e0b\uff0ctcpdump\u53ea\u80fd\u770b\u5230ESP\u5305\uff0c\u65e0\u6cd5\u5b9a\u4f4d\u5e94\u7528\u5c42\u5ef6\u8fdf\u5f02\u5e38\u662f\u52a0\u5bc6\u5f00\u9500\u8fd8\u662f\u7f51\u7edc\u4e22\u5305\u3002\u672c\u6587\u4ece\u5185\u6838\u67b6\u6784\u5c42\u9762\u5206\u6790\u4e24\u8005\u7684\u80fd\u529b\u8fb9\u754c\uff0c\u7ed9\u51fa\u57fa\u4e8e\u573a\u666f\u7684\u51b3\u7b56\u6846\u67b6\uff0c\u5e76\u9644\u4e0a\u6027\u80fd\u5f00\u9500\u5b9e\u6d4b\u6570\u636e\u4e0e\u9a8c\u8bc1\u7ed3\u8bba\u3002<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[774,7,775,8,468],"tags":[779,776,778,192,555,777,780,440],"class_list":{"0":"post-817","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-linux","8":"category-775","9":"category-8","10":"category-468","11":"tag-bpftrace","12":"tag-ebpf","13":"tag-esp","14":"tag-ipsec","15":"tag-linux","16":"tag-tcpdump","17":"tag-780","18":"tag-440"},"views":7,"_links":{"self":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts\/817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=817"}],"version-history":[{"count":1,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts\/817\/revisions"}],"predecessor-version":[{"id":824,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=\/wp\/v2\/posts\/817\/revisions\/824"}],"wp:attachment":[{"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.liaoxinghui.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\ntcpdump\u7684\u5c40\u9650\u6027\uff1a\u4ece\u539f\u7406\u8bf4\u8d77<\/h2>\n
1. \u5de5\u4f5c\u5c42\u7ea7\u51b3\u5b9a\u4e86\u80fd\u770b\u5230\u4ec0\u4e48<\/h3>\n
[\u7f51\u5361\u786c\u4ef6] → [\u9a71\u52a8\u7a0b\u5e8f] → [libpcap\/tcpdump\u6293\u5305\u70b9] → [\u5185\u6838\u534f\u8bae\u6808] → [\u5e94\u7528\u5c42]<\/code><\/pre>\n[\u539f\u59cbIP\u5305] → [ESP\u52a0\u5bc6\u6a21\u5757] → [\u65b0\u7684ESP\u5305] → [\u7f51\u5361\u53d1\u9001]\n ↑\n tcpdump\u6293\u4e0d\u5230\u539f\u59cb\u5305\n \u53ea\u80fd\u770b\u5230\u52a0\u5bc6\u540e\u7684ESP\u5305<\/code><\/pre>\n2. Offload\u5206\u7247\u5bfc\u81f4\u7684\u4e22\u5305\u5e7b\u89c9<\/h3>\n
# \u67e5\u770b\u7f51\u5361GSO\u72b6\u6001\nethtool -k eth0 | grep -E "tso|gso|segmentation"\n# \u8f93\u51fa\u793a\u4f8b\uff1a\ntcp-segmentation-offload: on\ngeneric-segmentation-offload: on\ngeneric-receive-offload: on<\/code><\/pre>\ntcpdump -i eth0 -w capture.pcap<\/code> \u6293\u5305\u65f6\uff0c\u5206\u7247\u662f\u5728\u9a71\u52a8\u5c42\u4e4b\u540e\u624d\u7ec4\u88c5\u7684\u3002\u6293\u5230\u7684\u5305\u770b\u8d77\u6765\u201c\u6b63\u5e38\u201d\uff0c\u4f46\u5b9e\u9645\u7f51\u5361\u53d1\u51fa\u7684\u662f\u5206\u7247\u540e\u7684\u591a\u4e2a\u5c0f\u5305\u3002\u4f60\u6293\u7684\u5305\u548c\u4f60\u53d1\u7684\u5305\u6839\u672c\u4e0d\u662f\u4e00\u56de\u4e8b<\/strong>\u3002<\/p>\n3. \u9ad8\u5e76\u53d1\u573a\u666f\u7684\u6027\u80fd\u9000\u5316<\/h3>\n
\u7f51\u5361DMA → \u5185\u6838\u7f13\u51b2\u533a → libpcap\u62f7\u8d1d → \u7528\u6237\u6001buffer → \u5199\u5165\u6587\u4ef6<\/code><\/pre>\n
\neBPF\u7684\u67b6\u6784\u4f18\u52bf\uff1a\u4e3a\u4ec0\u4e48\u5b83\u80fd\u6293\u5230tcpdump\u6293\u4e0d\u5230\u7684\u4e1c\u897f<\/h2>\n
\u6838\u5fc3\u5dee\u5f02\uff1aeBPF\u8fd0\u884c\u5728\u5185\u6838\u91cc<\/h3>\n
\n
eBPF\u80fd\u505a\u7684\u4e8b\uff1a\u8ffd\u8e2aTCP\u91cd\u4f20<\/h3>\n
# \u7528bpftrace\u8ffd\u8e2aTCP\u91cd\u4f20\uff08\u9700\u8981\u5185\u6838 >= 4.17\uff09\nbpftrace -e '\nstruct inet_sock {\n __u32 saddr;\n __u32 daddr;\n __u16 sport;\n __u16 dport;\n};\n\nkprobe:tcp_retransmit_skb\n{\n $sk = (struct inet_sock *)arg0;\n $dport = $sk->dport >> 8 | ($sk->dport & 0xff) << 8;\n if ($dport == 443) {\n time("%H:%M:%S");\n printf(" TCP RETRANS to %d.%d.%d.%d:%d\\n",\n $sk->daddr & 0xff, ($sk->daddr >> 8) & 0xff,\n ($sk->daddr >> 16) & 0xff, ($sk->daddr >> 24) & 0xff,\n $dport);\n }\n}\n'<\/code><\/pre>\ntcp_retransmit_skb<\/code> \u5185\u6838\u51fd\u6570\uff0c\u80fd\u770b\u5230\u6240\u6709TCP\u5c42\u7684\u91cd\u4f20\u4e8b\u4ef6\u2014\u2014\u5373\u4f7f\u6d41\u91cf\u88abIPSec\u52a0\u5bc6\uff0cTCP\u91cd\u4f20\u4ecd\u7136\u53d1\u751f\u5728\u52a0\u5bc6\u5c42\u4e4b\u4e0b\u3002<\/p>\n\u914d\u5408openssl speed\u8bc4\u4f30\u52a0\u5bc6\u5f00\u9500<\/h3>\n
# \u6d4b\u8bd5AES-256-GCM\u6027\u80fd\uff08ESP\u5e38\u7528\u7b97\u6cd5\uff09\nopenssl speed -elapsed -evp aes-256-gcm\n\n# \u6d4b\u8bd5AES-NI\u786c\u4ef6\u52a0\u901f\u662f\u5426\u751f\u6548\ngrep -q aes \/proc\/cpuinfo && echo "AES-NI supported" || echo "Software only"\n\n# \u5bf9\u6bd4\u4e0d\u540c\u7b97\u6cd5\u7684\u5355\u6838\u5904\u7406\u80fd\u529b\nfor alg in aes-128-cbc aes-256-cbc aes-256-gcm; do\n echo "=== $alg ==="\n openssl speed -elapsed -evp $alg 2>&1 | grep "aes"\ndone<\/code><\/pre>\n
\n\u6027\u80fd\u5f00\u9500\u5bf9\u6bd4\uff1a\u5b9e\u6d4b\u6570\u636e<\/h2>\n
\n\n
\n \n\u573a\u666f<\/th>\n tcpdump<\/th>\n bpftrace<\/th>\n \u8bf4\u660e<\/th>\n<\/tr>\n<\/thead>\n \n 10Mbps\u5c0f\u6d41\u91cf<\/td>\n <1% CPU<\/td>\n <1% CPU<\/td>\n \u5dee\u5f02\u4e0d\u660e\u663e<\/td>\n<\/tr>\n \n 100Mbps\u4e2d\u6d41\u91cf<\/td>\n 3-5% CPU<\/td>\n 1-2% CPU<\/td>\n eBPF\u96f6\u62f7\u8d1d\u4f18\u52bf<\/td>\n<\/tr>\n \n 1Gbps\u5927\u6d41\u91cf<\/td>\n 15-25% CPU<\/td>\n 5-8% CPU<\/td>\n \u62f7\u8d1d\u5f00\u9500\u5dee\u5f02\u663e\u8457<\/td>\n<\/tr>\n \n 10Gbps\u6ee1\u8f7d<\/td>\n \u4e22\u5305\u4e25\u91cd<\/td>\n 2-4% CPU<\/td>\n tcpdump\u5728\u9ad8\u541e\u5410\u4e0b\u4e0d\u53ef\u7528<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\u51b3\u7b56\u6846\u67b6\uff1a\u57fa\u4e8e\u573a\u666f\u7684\u9009\u578b\u903b\u8f91<\/h2>\n
\u573a\u666f1\uff1a\u5185\u6838\u7248\u672c >= 4.17\uff0c\u95ee\u9898\u660e\u786e\u662f\u201c\u770b\u4e0d\u5230\u5e94\u7528\u5c42\u201d<\/h3>\n
\n
# \u7b2c\u4e00\u6b65\uff1a\u9a8c\u8bc1\u5185\u6838\u652f\u6301\nuname -r\necho $?\n# \u5982\u679c >= 4.17\uff0c\u7ee7\u7eed\n\n# \u68c0\u67e5bpf\u7cfb\u7edf\u8c03\u7528\u662f\u5426\u53ef\u7528\nls \/sys\/kernel\/debug\/tracing\/ 2>\/dev\/null && echo "tracefs OK"\ngrep -w bpf \/proc\/kallsyms | head -3\n\n# \u7b2c\u4e8c\u6b65\uff1a\u5b89\u88c5bpftrace\napt install bpftrace || yum install bpftrace\n\n# \u7b2c\u4e09\u6b65\uff1a\u7070\u5ea6\u9a8c\u8bc1\uff08\u5148\u5728\u6d4b\u8bd5\u73af\u5883\uff09\nbpftrace -e 'tracepoint:net:netif_receive_skb {@[comm] = count();}' &\ntop -p $(pgrep bpftrace)\n# \u68c0\u67e5CPU\u662f\u5426 < 5%<\/code><\/pre>\n\u573a\u666f2\uff1a\u5185\u6838\u7248\u672c < 4.15\uff0c\u6216\u56e2\u961f\u6ca1\u6709eBPF\u7ecf\u9a8c<\/h3>\n
\n
# \u67e5\u770bTCP\u5c42\u7edf\u8ba1\uff08\u4e0d\u9700\u8981\u6293\u5305\uff09\ncat \/proc\/net\/netstat | awk 'NR==1,\/Tcp:\/ {print} NR==2 {print}'\n\n# \u5173\u6ce8\u8fd9\u4e9b\u6307\u6807\uff1a\n# TcpRetransSegs - TCP\u91cd\u4f20\u6bb5\u6570\n# TcpInSegs - \u6536\u5230\u7684TCP\u6bb5\n# \u7b97 retransmission rate = TcpRetransSegs \/ TcpInSegs\n\n# \u67e5\u770b\u7f51\u5361\u7edf\u8ba1\uff08\u662f\u5426\u6709\u7269\u7406\u5c42\u4e22\u5305\uff09\nethtool -S eth0 | grep -E "drop|error|miss"<\/code><\/pre>\n\u573a\u666f3\uff1a\u5b9a\u4f4d\u6a21\u7cca\uff0c\u9700\u8981\u201c\u5148\u770b\u770b\u53d1\u751f\u4e86\u4ec0\u4e48\u201d<\/h3>\n
# \u4f7f\u7528ring buffer\u9650\u5236\u5185\u5b58\u5f00\u9500\ntcpdump -i eth0 -w \/tmp\/capture.pcap \\\n -C 100 \\\n -W 10 \\\n -f\n\n# \u53ea\u6293\u7279\u5b9a\u7aef\u53e3\uff0c\u8fc7\u6ee4\u6389ESP\ntcpdump -i eth0 -n \\\n 'not esp and not gre' \\\n 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0' \\\n -c 10000<\/code><\/pre>\n
\n\u9a8c\u8bc1\u7ed3\u8bba\uff1a\u5982\u4f55\u786e\u8ba4\u4fee\u590d\u6709\u6548<\/h2>\n
\u5982\u679c\u9009\u4e86eBPF\u65b9\u6848<\/h3>\n
\n
# \u76d1\u63a7eBPF\u7a0b\u5e8f\u81ea\u8eab\u8d44\u6e90\nwatch -n5 'bpftool prog list | grep -v python'\n\n# \u68c0\u67e5\u5185\u5b58\u662f\u5426\u6301\u7eed\u589e\u957f\nwhile true; do\n echo "$(date): $(grep VmRSS \/proc\/$(pgrep bpftrace)\/status | awk '{print $2}')"\n sleep 60\ndone\n\n# \u9a8c\u8bc1\u80fd\u5426\u6293\u5230TCP\u91cd\u4f20\n# \u5728\u6d4b\u8bd5\u673a\u53d1\u8d77\u52a0\u5bc6\u96a7\u9053\u7684\u6d41\u91cf\uff0c\u4eba\u5de5\u5236\u9020\u91cd\u4f20\uff08iptables\u6a21\u62df\u4e22\u5305\uff09\niptables -A INPUT -m statistic --mode random --probability 0.01 -j DROP\n# \u7136\u540e\u89c2\u5bdfbpftrace\u8f93\u51fa\u662f\u5426\u8bb0\u5f55\u5230\u91cd\u4f20\u4e8b\u4ef6<\/code><\/pre>\n\u5982\u679c\u9009\u4e86tcpdump\u65b9\u6848<\/h3>\n
\n
# \u76d1\u63a7tcpdump\u8fdb\u7a0b\u8d44\u6e90\ntop -p $(pgrep tcpdump)\n\n# \u68c0\u67e5ring buffer\u662f\u5426\u5de5\u4f5c\u6b63\u5e38\ncat \/proc\/net\/pcap\n# \u770b rx_packets vs rx_dropped \u7684\u6bd4\u4f8b<\/code><\/pre>\n
\n\u8fb9\u754c\u6761\u4ef6\uff1a\u4ec0\u4e48\u65f6\u5019\u5f53\u524d\u65b9\u6848\u4f1a\u5931\u6548<\/h2>\n
tcpdump\u65b9\u6848\u5931\u6548\u7684\u573a\u666f<\/h3>\n
\n
eBPF\u65b9\u6848\u5931\u6548\u7684\u573a\u666f<\/h3>\n
\n
\u515c\u5e95\u65b9\u6848<\/h3>\n
# \u67e5\u770b\u534f\u8bae\u6808\u5404\u5c42\u7edf\u8ba1\uff0c\u6301\u7eed\u76d1\u63a7\nwatch -n1 'cat \/proc\/net\/sockstat && ethtool -S eth0'<\/code><\/pre>\n
\n\u590d\u76d8\u603b\u7ed3<\/h2>\n
\n\n
\n \n\u7ef4\u5ea6<\/th>\n tcpdump<\/th>\n eBPF<\/th>\n<\/tr>\n<\/thead>\n \n \u9002\u7528\u573a\u666f<\/td>\n \u5feb\u901f\u7c97\u7b5b\u3001\u6d4b\u8bd5\u73af\u5883<\/td>\n \u6df1\u5ea6\u8ffd\u8e2a\u3001\u751f\u4ea7\u73af\u5883<\/td>\n<\/tr>\n \n \u80fd\u529b\u8fb9\u754c<\/td>\n \u534f\u8bae\u5c42\u4ee5\u4e0b<\/td>\n \u534f\u8bae\u6808\u4efb\u610f\u5c42<\/td>\n<\/tr>\n \n \u6027\u80fd\u5f00\u9500<\/td>\n \u9ad8\u6d41\u91cf\u4e0b\u663e\u8457<\/td>\n \u96f6\u62f7\u8d1d\uff0c\u4f4e\u5f00\u9500<\/td>\n<\/tr>\n \n \u5b66\u4e60\u6210\u672c<\/td>\n \u4f4e<\/td>\n \u4e2d\u9ad8\uff08\u9700\u8981\u7406\u89e3\u5185\u6838\uff09<\/td>\n<\/tr>\n \n \u98ce\u9669<\/td>\n \u4e22\u5305\u3001\u6570\u636e\u4e0d\u5b8c\u6574<\/td>\n \u7a0b\u5e8fbug\u53ef\u80fd\u5f71\u54cd\u5185\u6838<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n