Linux Kernel Meet

Trace kernel function calls triggered by tcpdump
$ trace-cmd record -p function_graph \ -l '__sys_connect' \ -l 'sys_connect' \ -l 'security_socket_connect' \ -l 'apparmor_socket_connect' \ -l 'aa_sk_perm' \ -- tcpdump -i lo

Convert the recorded trace data into a human-readable report
$ trace-cmd report > tcpdump.log
$ cat tcpdump.log
cpus=24
tcpdump-8782 [008] 3750.758827: funcgraph_entry: 1.753 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758831: funcgraph_entry: 0.409 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758835: funcgraph_entry: 0.305 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758839: funcgraph_entry: 0.302 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758846: funcgraph_entry: 0.306 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758860: funcgraph_entry: 0.310 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758963: funcgraph_entry: 0.424 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758964: funcgraph_entry: 0.299 us | aa_sk_perm();
tcpdump-8782 [008] 3750.758966: funcgraph_entry: 0.291 us | aa_sk_perm();
tcpdump-8782 [008] 3750.759002: funcgraph_entry: 0.304 us | aa_sk_perm();
tcpdump-8782 [008] 3750.759003: funcgraph_entry: 0.294 us | aa_sk_perm();
tcpdump-8782 [008] 3750.759012: funcgraph_entry: 0.305 us | aa_sk_perm();
tcpdump-8782 [008] 3750.759013: funcgraph_entry: | aa_sk_perm() {
Netlink Monitor-4112 [014] 3750.759013: funcgraph_entry: | aa_sk_perm() {
tcpdump-8782 [008] 3750.759013: funcgraph_exit: 0.390 us | }
tcpdump-8782 [008] 3750.759014: funcgraph_entry: 0.296 us | aa_sk_perm();
tcpdump-8782 [008] 3750.759015: funcgraph_entry: 0.283 us | aa_sk_perm();
Netlink Monitor-4112 [014] 3750.759016: funcgraph_exit: 3.802 us | }
avahi-daemon-1626 [010] 3750.759018: funcgraph_entry: 1.884 us | aa_sk_perm();
wpa_supplicant-1652 [002] 3750.759028: funcgraph_entry: 1.878 us | aa_sk_perm();
wpa_supplicant-1652 [002] 3750.759041: funcgraph_entry: 0.258 us | aa_sk_perm();
NetworkManager-1622 [004] 3750.759066: funcgraph_entry: 1.001 us | aa_sk_perm();
systemd-resolve-1362 [012] 3750.759112: funcgraph_entry: 1.523 us | aa_sk_perm();
systemd-resolve-1362 [012] 3750.759118: funcgraph_entry: 0.200 us | aa_sk_perm();
NetworkManager-1622 [004] 3750.759171: funcgraph_entry: 0.292 us | aa_sk_perm();
tcpdump-8782 [008] 3750.776187: funcgraph_entry: 1.290 us | aa_sk_perm();
tcpdump-8782 [008] 3750.776191: funcgraph_entry: 0.569 us | aa_sk_perm();
tcpdump-8782 [008] 3750.777373: funcgraph_entry: | __sys_connect() {
tcpdump-8782 [008] 3750.777374: funcgraph_entry: | security_socket_connect() {
tcpdump-8782 [008] 3750.777375: funcgraph_entry: 0.708 us | apparmor_socket_connect();
tcpdump-8782 [008] 3750.777376: funcgraph_exit: 2.402 us | }
tcpdump-8782 [008] 3750.777389: funcgraph_exit: + 15.839 us | }
.......