Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Extract TCP round trip time (RTT) estimations on linux

I have apache server running on Ubuntu. Client connects and downloads an image. I need to extract RTT estimations for the underlying TCP connection. Is there a way to do this? Maybe something like running my tcp stack in debug mode to have it log this info somewhere?

Note that I don't want to run tcpdump and extract RTTs from the recorded trace! I need the TCP stack's RTT estimations (apparently this is part of the info you can get with TCP_INFO socket option). Basically need something like tcpprob (kprobe) to insert a hook and record the estimated RTT of the TCP connection on every incoming packet (or on every change).

UPDATE:

I found a solution. rtt, congestion window and more can be logged using tcpprobe. I posted an answer below.

like image 326
kakhkAtion Avatar asked Jan 20 '16 18:01

kakhkAtion


People also ask

How does TCP estimate RTT?

We have implemented the RTT estimation using TCP's periodic timer. Each time the periodic timer fires, it increments a counter for each connection that has unacknowledged data in the network. When an acknowledgment is received, the current value of the counter is used as a sample of the RTT.

Where is RTT in Linux?

The RTT between a network and server can be determined by using the ping command. In the above example, the average round trip time is shown on the final line as 26.8ms.

How does TCP estimate the round trip time between sender and receiver?

TCP uses feedback provided by its acknowledgment mechanism to measure round-trip times. Round-trip time measurements are taken once per window, since it is assumed that all segments in one window's flight should have approximately the same round-trip time.

What is RTT for TCP?

RTT, or Round-trip time, is the total time taken to send the first packet to the destination, plus the time taken to receive the response packet. This is calculated during the connection establishment phase (the 3-way handshake) of every TCP connection Sinefa monitors.


2 Answers

This can be done using tcpprobe, which is a module that inserts a hook into the tcp_recv processing path using kprobe records the state of a TCP connection in response to incoming packets.

Let's say you want to probe tcp connection on port 443, you need to do the following:

sudo modprobe tcp_probe port=443 full=1
sudo chmod 444 /proc/net/tcpprobe
cat /proc/net/tcpprobe > /tmp/output.out &
pid=$!

full=1: log on every ack packet received

full=0: log on only condo changes (if you use this your output might be empty)

Now pid is the process which is logging the probe. To stop, simply kill this process:

kill $pid

The format of output.out (according to the source at line 198):

[time][src][dst][length][snd_nxt][snd_una][snd_cwnd][ssthresh][snd_wnd][srtt][rcv_wnd]
like image 194
kakhkAtion Avatar answered Sep 29 '22 23:09

kakhkAtion


This can be done without the need for any additional kernel modules using the ss command (part of the iproute package), which can provide detailed info on open sockets. It won't show it for every packet but most of this info is calculated over a number of packets. E.g. To list the currently open TCP (t option) sockets and associated internal TCP info (i) information - including congestion control algorithm, rtt, cwnd etc:

ss -ti

Here's some example output:

State       Recv-Q Send-Q        Local Address:Port        Peer Address:Port
ESTAB       0      0             192.168.56.102:ssh        192.168.56.1:46327
  cubic wscale:6,7 rto:201 rtt:0.242/0.055 ato:40 mss:1448 rcvmss:1392
advmss:1448 cwnd:10 bytes_acked:33169 bytes_received:6069 segs_out:134
segs_in:214 send 478.7Mbps lastsnd:5 lastrcv:6 lastack:5 
pacing_rate 955.4Mbps rcv_rtt:3 rcv_space:28960
like image 37
Pierz Avatar answered Sep 29 '22 23:09

Pierz