As the title says, is it possible to trace TCP packets, instead of TCP connections using bcc/ebpf? If so, how would i do it? I've checked all BCC tools, and if possible I'd like to stray from using XDP.
Asked
Active
Viewed 38 times
0
-
Why do you want to avoid XDP? Why do you want to trace packets instead of connections? Understanding the motives will help propose solutions. There are many different ways to do what you're asking. – pchaigno Jul 03 '23 at 18:23
-
@pchaigno I'd like to avoid XDP for now, since I'd like to create another version further down the line using XDP. As for tracing packets instead of connections, it's what it was requested of me. – Afonso Pinto Jul 03 '23 at 18:51
-
Did you check tc-bpf? – pchaigno Jul 04 '23 at 08:00
-
@pchaigno I've checked it due to your suggestion, and while i found the documentation limited, I've found this https://github.com/iovisor/bcc/blob/8422cd449ad2e60414a4508aa4a150a9db39c4a3/examples/networking/tcp_mon_block/src/tcp_mon_block.c#L95. If i understand correctly, the function handle_egress is what i want. Thanks for the help! – Afonso Pinto Jul 04 '23 at 09:38