Question 1

How to use pwru to find where packets are dropped in Linux?

Accepted Answer

Run pwru with filters like --filter-func to target specific kernel functions or --output-stack to see stack traces. For example, use 'pwru --output-tuple' to trace packet flows and identify drops, as shown in the demo GIF.

Question 2

pwru vs tcpdump for kernel debugging?

Accepted Answer

pwru is specialized for tracing packets within the kernel with fine-grained filtering and deep introspection, while tcpdump captures network traffic at higher layers. Use pwru for internal kernel state issues like drops or transformations.

Question 3

How to filter packets by network namespace with pwru?

Accepted Answer

Use the --filter-netns option followed by the netns identifier, such as "/proc//ns/net" or "inode:", to trace packets only within that namespace, as specified in the usage help.

Question 4

What kernel configs are needed to run pwru?

Accepted Answer

pwru requires CONFIG_DEBUG_INFO_BTF=y, CONFIG_KPROBES=y, CONFIG_PERF_EVENTS=y, CONFIG_BPF=y, and CONFIG_BPF_SYSCALL=y. For kprobe-multi backend, CONFIG_FUNCTION_TRACER=y and CONFIG_FPROBE=y are needed, as listed in the requirements table.

Question 5

Can pwru trace XDP or TC programs?

Accepted Answer

Yes, pwru supports tracing XDP and TC programs with the --filter-trace-xdp and --filter-trace-tc options, allowing you to see how packets interact with these eBPF programs for debugging purposes.

Question 6

How to output traces in JSON format with pwru?

Accepted Answer

Use the --output-json flag when running pwru to output traces in JSON format, which can be easily parsed by other tools for automated analysis or logging integration.

Question 7

Is it safe to run pwru in production?

Accepted Answer

While pwru is powerful for debugging, its use of kprobes can affect system performance and stability. It's best used for targeted troubleshooting in controlled environments, not for continuous production monitoring.

Packet, where are you?

What is Packet, where are you??

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions