On Thu, 2024-03-07 at 09:54 +0000, Anton Ivanov wrote: > > PCAP is not feasible to incorporate into the build system at present. > It has grown all kinds of warts over the years and brings a lot of > dependencies. > IMHO we should remove it from the tree. It has reached a point where it cannot > be built on a modern system.
I suppose it might be possible to call pcap-config? But agree that it doesn't seem really worth investing in. > The users who need the same functionality can produce a bpf filter using > tcpdump > and load it as "firmware" into the vector/raw driver. > > I am working on a pure python bpf compiler which takes the same syntax as > PCAP. > It is showing signs of life and it can do some of the simpler use cases. Once > that is ready, it should be possible to use that instead of pcap/tcpdump. How's that required to be formatted and loaded? tcpdump itself can also dump the filter in BPF format, with -d/-ddd (-dd is a C representation, so probably not useful). Perhaps we could even automatically call 'tcpdump' at runtime? johannes
