Fun fact, tcpdump is one of the BPF killer apps.<p>eBPF extends the BPF with a more modern architecture (e.g. 64 bit support) and being generalized so that it can support things like more fine grained security control in seccomp which limit what commands a userspace app can call.<p>Xdpcap seems like a logical progression of this path.
The tailcall and preconfigured entry points for all possible results seems excessive.<p>I wonder if there could have been a cleaner way with an upstream patch instead.<p>Maybe if you could add xdp filter at a given priority to make sure it runs first ?
A little off topic: I love reading the cloud flare blog posts. They are always well written and super interesting. It looks like a very exciting place to work judging from what they get to work on.
this looks close to <a href="https://github.com/Netronome/bpf-samples/tree/master/xdpdump" rel="nofollow">https://github.com/Netronome/bpf-samples/tree/master/xdpdump</a> .
I'm a cloudflare user and i really like seeing this kind of things.
pcap files are all very well, but I want to run eBPF in the NIC and exfiltrate pcap to a user-space ring buffer. It doesn't seem like eBPF has access to the DMA bandwidth I think I need. Am I wrong?