On Thu, Oct 3, 2019 at 1:53 AM Jesper Dangaard Brouer <brouer@xxxxxxxxxx> wrote: >> The xdpcap use-case is to trap any XDP return action code (and tcpdump > via perf event ring_buffer). For system administrators the xdpcap > use-case is something we hear about all the time, so one of the missing > features for XDP. As Toke also wrote, we want to extend this to ALSO > be-able to see/dump the packet BEFORE a given XDP program. It sounds to me that 'xdpdump/xdpcap' (tcpdump equivalent) is the only use case both you and Toke are advocating for. I think such case we can do already without new kernel code: - retrieve prog_id of the program attached to given xdp ifindex - convert to fd - create prog_array of one element and store that prog_fd - create xdpump bpf prog that prints to ring buffer and tail_calls into that prog_array - replace xdp prog on that ifindex Now it see all the traffic first and existing xdp progs keep working. What am I missing?
