On Thu, 2024-03-07 at 10:27 +0000, Anton Ivanov wrote: > > > > How's that required to be formatted and loaded? tcpdump itself can also > > dump the filter in BPF format, with -d/-ddd (-dd is a C representation, > > so probably not useful). Perhaps we could even automatically call > > 'tcpdump' at runtime? > > That is one option. > > As far as common use cases are concerned, at present you can: > > tcpdump -ddd, convert it to raw binary (3 liner in a language of choice) and > pass that to vecX as a bpffile= > > It may be worth it to make vecX also take the -ddd format directly by adding > "format" options to bpffile. > > I'd rather do that instead of invoking tcpdump out of a device open. The -ddd > notation (+/- a comma here and there) is > standard - it is also used by iptables, etc. It can used by other code > generators as well.
Yeah, that makes sense, this is all kind of special configuration anyway, and given that it's been broken forever ... I actually doubt anyone would scream if we just removed it, so maybe just remove it and if they do scream, point to the above, including said 3-liner in the response? johannes
