前言¶ 我们常用的 tcpdump 抓包工具的一个核心能力是支持使用 pcap-filter 包过滤语法对流量进行过滤,只对符合条件的特定流量进行抓包。 当我们使用 eBPF 技术开发网络相关的工具的时候,如果也能支持 pcap-filter 包过滤语法的话, 想必会极大的提升用户体验。 因此,我开发的 ptcpdump 工具也内置了对 pcap-filter 包过滤语法的支持。 使用常规方法为 eBPF 程序增加 pcap-filter 支持...| mozillazg's Blog
Preface A core feature of the common tcpdump packet capture tool is its support for the pcap-filter syntax. This lets it filter traffic and capture only specific packets matching the filter. When developing network-related tools with eBPF, supporting the pcap-filter syntax would greatly improve user experience. That's why the ptcpdump tool I developed includes built-in support for the pcap-filter syntax. Adding pcap-filter support to eBPF programs the usual way involves complex logic. However...| mozillazg's Blog