dropwatch 定位系统内核丢包
运行 dropwatch -l kas,不加参数会显示函数地址,不方便观察
#dropwatch -l kas Initalizing kallsyms db dropwatch> start Enabling monitoring... Kernel monitoring activated. Issue Ctrl-C to stop monitoring 1 drops at icmp_rcv+126 (0xffffffff8e783846) 2 drops at unix_stream_connect+2d7 (0xffffffff8e7c3837) 1 drops at unix_release_sock+1b0 (0xffffffff8e7c2880) 46 drops at unix_dgram_sendmsg+4c9 (0xffffffff8e7c3e99) 2 drops at unix_stream_connect+2d7 (0xffffffff8e7c3837) 32956 drops at skb_release_data+a7 (0xffffffff8e6d1a87) 1 drops at tcp_v4_do_rcv+89 (0xffffffff8e76fb29) 1 drops at sk_stream_kill_queues+52 (0xffffffff8e6d81f2) 2 drops at sk_stream_kill_queues+52 (0xffffffff8e6d81f2)
从上面可以看出函数 skb_release_data 丢包比较大,偏移后的函数地址是 【0xffffffff8e6d1a87】
#grep -w -A 10 skb_release_data /proc/kallsyms ffffffff8e6d19e0 t skb_release_data ffffffff8e6d1b40 T skb_copy_ubufs ffffffff8e6d2140 t skb_zerocopy_clone ffffffff8e6d2240 T skb_split ffffffff8e6d2520 T skb_clone ffffffff8e6d25d0 T skb_clone_sk ffffffff8e6d2680 T __skb_tstamp_tx ffffffff8e6d2820 T skb_tstamp_tx ffffffff8e6d2830 t pskb_carve ffffffff8e6d2e00 T skb_zerocopy ffffffff8e6d31b0 T __pskb_copy_fclone
0xffffffff8e6d1a87 地址在 ffffffff8e6d1b40 和 ffffffff8e6d2140 中间,取上面的 skb_copy_ubufs 函数,然后在具体定位 skb_copy_ubufs 函数里面发生了啥,skb_copy_ubufs 该函数就是把数据包从用户空间拷贝到内核空间,然后发生丢包了
