Added IPv4/IPv6 filter support for tcp trace tools (iovisor#3565)

* Added IPv4/IPv6 filter support for tcp trace tools

* Fixed a typo

* Added usage for TCP syn backlog

* Fixed a typo

* Fixed a typo

* Added man support for IPv4/IPv6 family filters

man/man8/tcpaccept.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpaccept \- Trace TCP passive connections (accept()). Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpaccept [\-h] [\-T] [\-t] [\-p PID] [\-P PORTS] [\-\-cgroupmap MAPPATH] [\-\-mntnsmap MAPPATH]
+.B tcpaccept [\-h] [\-T] [\-t] [\-p PID] [\-P PORTS] [\-4 | \-6] [\-\-cgroupmap MAPPATH] [\-\-mntnsmap MAPPATH]
 .SH DESCRIPTION
 This tool traces passive TCP connections (eg, via an accept() syscall;
 connect() are active connections). This can be useful for general
@@ -34,6 +34,12 @@ Trace this process ID only (filtered in-kernel).
 \-P PORTS
 Comma-separated list of local ports to trace (filtered in-kernel).
 .TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
+.TP
 \-\-cgroupmap MAPPATH
 Trace cgroups in this BPF map only (filtered in-kernel).
 .TP
@@ -57,6 +63,14 @@ Trace PID 181 only:
 #
 .B tcpaccept \-p 181
 .TP
+Trace IPv4 family only:
+#
+.B tcpaccept \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcpaccept \-6
+.TP
 Trace a set of cgroups only (see special_filtering.md from bcc sources for more details):
 #
 .B tcpaccept \-\-cgroupmap /sys/fs/bpf/test01

man/man8/tcpconnect.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpconnect \- Trace TCP active connections (connect()). Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpconnect [\-h] [\-c] [\-t] [\-p PID] [-P PORT] [\-L] [-u UID] [-U] [\-\-cgroupmap MAPPATH] [\-\-mntnsmap MAPPATH] [\-d]
+.B tcpconnect [\-h] [\-c] [\-t] [\-p PID] [-P PORT] [\-4 | \-6] [\-L] [-u UID] [-U] [\-\-cgroupmap MAPPATH] [\-\-mntnsmap MAPPATH] [\-d]
 .SH DESCRIPTION
 This tool traces active TCP connections (eg, via a connect() syscall;
 accept() are passive connections). This can be useful for general
@@ -43,6 +43,12 @@ Trace this process ID only (filtered in-kernel).
 \-P PORT
 Comma-separated list of destination ports to trace (filtered in-kernel).
 .TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
+.TP
 \-L
 Include a LPORT column.
 .TP
@@ -99,6 +105,14 @@ Trace ports 80 and 81 only:
 #
 .B tcpconnect \-P 80,81
 .TP
+Trace IPv4 family only:
+#
+.B tcpconnect -4
+.TP
+Trace IPv6 family only:
+#
+.B tcpconnect -6
+.TP
 Trace all TCP connects, and include LPORT:
 #
 .B tcpconnect \-L

man/man8/tcpconnlat.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpconnlat \- Trace TCP active connection latency. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpconnlat [\-h] [\-t] [\-p PID] [\-L] [-v] [min_ms]
+.B tcpconnlat [\-h] [\-t] [\-p PID] [\-L] [\-4 | \-6] [-v] [min_ms]
 .SH DESCRIPTION
 This tool traces active TCP connections
 (eg, via a connect() syscall), and shows the latency (time) for the connection
@@ -34,6 +34,12 @@ Trace this process ID only (filtered in-kernel).
 \-L
 Include a LPORT column.
 .TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
+.TP
 \-v
 Print the resulting BPF program, for debugging purposes.
 .TP
@@ -57,6 +63,14 @@ Trace connects, and include LPORT:
 #
 .B tcpconnlat \-L
 .TP
+Trace IPv4 family only:
+#
+.B tcpconnlat \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcpconnlat \-6
+.TP
 Trace connects with latency longer than 10 ms:
 #
 .B tcpconnlat 10

man/man8/tcpdrop.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpdrop \- Trace kernel-based TCP packet drops with details. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpdrop [\-h]
+.B tcpdrop [\-4 | \-6] [\-h]
 .SH DESCRIPTION
 This tool traces TCP packets or segments that were dropped by the kernel, and
 shows details from the IP and TCP headers, the socket state, and the
@@ -17,9 +17,27 @@ Since this uses BPF, only the root user can use this tool.
 CONFIG_BPF and bcc.
 .SH OPTIONS
 .TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
+.TP
 \-h
 Print usage message.
+.SH EXAMPLES
+.TP
+Trace kernel-based TCP packet drops with details:
+#
 .B tcpdrop
+.TP
+Trace IPv4 family only:
+#
+.B tcpdrop \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcpdrop \-6
 .SH FIELDS
 .TP
 TIME

man/man8/tcplife.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcplife \- Trace TCP sessions and summarize lifespan. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcplife [\-h] [\-T] [\-t] [\-w] [\-s] [\-p PID] [\-D PORTS] [\-L PORTS]
+.B tcplife [\-h] [\-T] [\-t] [\-w] [\-s] [\-p PID] [\-D PORTS] [\-L PORTS] [\-4 | \-6]
 .SH DESCRIPTION
 This tool traces TCP sessions that open and close while tracing, and prints
 a line of output to summarize each one. This includes the IP addresses, ports,
@@ -43,6 +43,12 @@ Comma-separated list of local ports to trace (filtered in-kernel).
 .TP
 \-D PORTS
 Comma-separated list of destination ports to trace (filtered in-kernel).
+.TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
 .SH EXAMPLES
 .TP
 Trace all TCP sessions, and summarize lifespan and throughput:
@@ -64,6 +70,14 @@ Trace connections to local ports 80 and 81 only:
 Trace connections to remote port 80 only:
 #
 .B tcplife \-D 80
+.TP
+Trace IPv4 family only:
+#
+.B tcplife \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcplife \-6
 .SH FIELDS
 .TP
 TIME

man/man8/tcpretrans.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpretrans \- Trace or count TCP retransmits and TLPs. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpretrans [\-h] [\-l] [\-c]
+.B tcpretrans [\-h] [\-l] [\-c] [\-4 | \-6]
 .SH DESCRIPTION
 This traces TCP retransmits, showing address, port, and TCP state information,
 and sometimes the PID (although usually not, since retransmits are usually
@@ -29,7 +29,13 @@ Include tail loss probe attempts (in some cases the kernel may not
 complete the TLP send).
 .TP
 \-c
-Count occurring retransmits per flow. 
+Count occurring retransmits per flow.
+.TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
 .SH EXAMPLES
 .TP
 Trace TCP retransmits:
@@ -39,6 +45,14 @@ Trace TCP retransmits:
 Trace TCP retransmits and TLP attempts:
 #
 .B tcpretrans \-l
+.TP
+Trace IPv4 family only:
+#
+.B tcpretrans \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcpretrans \-6
 .SH FIELDS
 .TP
 TIME

man/man8/tcprtt.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcprtt \- Trace TCP RTT of established connections. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcprtt [\-h] [\-T] [\-D] [\-m] [\-i INTERVAL] [\-d DURATION] [\-b] [\-B] [\-e]
+.B tcprtt [\-h] [\-T] [\-D] [\-m] [\-i INTERVAL] [\-d DURATION] [\-b] [\-B] [\-e] [\-4 | \-6]
 .SH DESCRIPTION
 This tool traces established connections RTT(round-trip time) to analyze the
 quality of network. This can be useful for general troubleshooting to
@@ -51,6 +51,12 @@ Show sockets histogram by remote address.
 .TP
 \-e
 Show extension summary(average).
+.TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
 .SH EXAMPLES
 .TP
 Trace TCP RTT and print 1 second summaries, 10 times:
@@ -68,6 +74,14 @@ Only trace TCP RTT for remote address 192.168.1.100 and remote port 80:
 Trace local port and show a breakdown of remote hosts RTT:
 #
 .B tcprtt \-i 3 --lport 80 --byraddr
+.TP
+Trace IPv4 family only:
+#
+.B tcprtt \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcprtt \-6
 .SH OVERHEAD
 This traces the kernel tcp_rcv_established function and collects TCP RTT. The
 rate of this depends on your server application. If it is a web or proxy server

man/man8/tcpstates.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpstates \- Trace TCP session state changes with durations. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
-.B tcpstates [\-h] [\-T] [\-t] [\-w] [\-s] [\-D PORTS] [\-L PORTS] [\-Y]
+.B tcpstates [\-h] [\-T] [\-t] [\-w] [\-s] [\-D PORTS] [\-L PORTS] [\-Y] [\-4 | \-6]
 .SH DESCRIPTION
 This tool traces TCP session state changes while tracing, and prints details
 including the duration in each state. This can help explain the latency of
@@ -44,6 +44,12 @@ Comma-separated list of destination ports to trace (filtered in-kernel).
 .TP
 \-Y
 Log session state changes to the systemd journal.
+.TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
 .SH EXAMPLES
 .TP
 Trace all TCP sessions, and show all state changes:
@@ -61,6 +67,14 @@ Trace connections to local ports 80 and 81 only:
 Trace connections to remote port 80 only:
 #
 .B tcpstates \-D 80
+.TP
+Trace IPv4 family only:
+#
+.B tcpstates -4
+.TP
+Trace IPv6 family only:
+#
+.B tcpstates -6
 .SH FIELDS
 .TP
 TIME

man/man8/tcpsynbl.8

@@ -2,7 +2,7 @@
 .SH NAME
 tcpsynbl \- Show the TCP SYN backlog as a histogram. Uses BCC/eBPF.
 .SH SYNOPSIS
-.B tcpsynbl
+.B tcpsynbl [\-4 | \-6]
 .SH DESCRIPTION
 This tool shows the TCP SYN backlog size during SYN arrival as a histogram.
 This lets you see how close your applications are to hitting the backlog limit
@@ -17,11 +17,29 @@ change in future kernels, this tool may need maintenance to keep working.
 Since this uses BPF, only the root user can use this tool.
 .SH REQUIREMENTS
 CONFIG_BPF and BCC.
+.SH OPTIONS
+.TP
+\-h
+Print usage message.
+.TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
 .SH EXAMPLES
 .TP
 Show the TCP SYN backlog as a histogram.
 #
 .B tcpsynbl
+.TP
+Trace IPv4 family only:
+#
+.B tcpsynbl -4
+.TP
+Trace IPv6 family only:
+#
+.B tcpsynbl -6
 .SH FIELDS
 .TP
 backlog

man/man8/tcptop.8

@@ -3,7 +3,7 @@
 tcptop \- Summarize TCP send/recv throughput by host. Top for TCP.
 .SH SYNOPSIS
 .B tcptop [\-h] [\-C] [\-S] [\-p PID] [\-\-cgroupmap MAPPATH]
- [--mntnsmap MAPPATH] [interval] [count]
+ [--mntnsmap MAPPATH] [interval] [count] [\-4 | \-6]
 .SH DESCRIPTION
 This is top for TCP sessions.
 
@@ -47,6 +47,12 @@ Interval between updates, seconds (default 1).
 .TP
 count
 Number of interval summaries (default is many).
+.TP
+\-4
+Trace IPv4 family only.
+.TP
+\-6
+Trace IPv6 family only.
 .SH EXAMPLES
 .TP
 Summarize TCP throughput by active sessions, 1 second refresh:
@@ -64,6 +70,14 @@ Trace PID 181 only, and don't clear the screen:
 Trace a set of cgroups only (see special_filtering.md from bcc sources for more details):
 #
 .B tcptop \-\-cgroupmap /sys/fs/bpf/test01
+.TP
+Trace IPv4 family only:
+#
+.B tcptop \-4
+.TP
+Trace IPv6 family only:
+#
+.B tcptop \-6
 .SH FIELDS
 .TP
 loadavg: