filter2xdp will take a pcap/tcpdump filter
expression, compile it to
classical BPF (cBPF) using libpcap, convert it to extended BPF (eBPF) and load
it as an XDP BPF program. By default, the XDP program will only pass packets to
the Linux network stack which match the filter expression. If the XDP program
is loaded using the --invert
option, the filter is reversed and the program
will drop all packets matching the filter expression.
Note: This is work in progress and not working yet as intended (i.e. no valid XDP eBPF programs are generated). However, Feedback, suggestions and patches are already welcome!
Usage: filter2xdp [OPTIONS...] -i <dev> FILTER
Options:
-i/--interface <dev> Network device (required)
-n/--invert Invert filter, drop matching packets
-v/--verbose Verbose mode
-h/--help Show this help message
- Linux Kernel 4.8+
- libpcap (development library and headers)
filter2xdp is subject to the GPL, version 2.
Please see the COPYING file for the full license text.
- eBPF docs and XDP docs in the Linux Networking Subsystem documentation by Jesper Dangaard Brouer
- BPF and XDP Reference Guide from the Cilium developer's guide