On 28/3/26 00:30, Takeru Hayasaka wrote: >> see how cilium did it. with pwru tool, etc. > > Thank you for the suggestion. > As for pwru, I had thought it was not able to capture packet data such as > pcap, > and understood it more as a tool to trace where a specific packet > enters the processing path and how it is handled. > > For example, in an environment where systems are already > interconnected and running, I sometimes want to capture the actual > packets being sent for real processing. > On the other hand, if the goal is simply to observe processing safely > in a development environment, I think tools such as ipftrace2 or pwru > can be very useful. >
Sounds like you are developing/maintaining an XDP project. If so, and the kernel carries the patches in https://lore.kernel.org/all/[email protected]/, recommend modifying the XDP project using dispatcher like libxdp [1]. Then, you are able to trace the subprogs which aim to run tail calls; meanwhile, you are able to filter packets using pcap-filter, and to output packets using bpf_xdp_output() helper. [1] https://github.com/xdp-project/xdp-tools/blob/main/lib/libxdp/xdp-dispatcher.c.in Thanks, Leon
