So you're trying to debug these packet drops in your network datapath. You ran tcpdump, but your packets do reach the interface and the command isn't helpful? You have a tracing tool, but you don't know where to look for in the Linux networking stack? You have a hunch where to look at, but can't filter efficiently to find your packet? Look no further, pwru is the tool that you need!

Relying on the BTF information for the kernel, pwru can attach eBPF probes to all functions in the networking stack that take a socket buffer (skb) in their arguments, and provides a quick view of the packet's trajectory. It supports pcap filters for filtering packets, and can display additional context information such as the call stack for the probed functions or a dump of the whole socket buffer.

This introduction to pwru covers the functioning of the tool, its basic usage, and highlights a couple of situations where Cilium developers have used pwru to quickly debug datapath issues.