Dave Taht <dave.taht@gmail.com> wrote:
    > Is it faster to execute 17 bpf vm instructions on (nearly) every
    > packet, or to use all that old stuff?

    > bpf example for the babel protocol:

I have no data for you.  Andrew McGregor might know more?
My understanding is that there is a JIT for ebpf.

    > B) Are there any means of easily abstracting deeper protocol processing
    > into a higher level grammar, better than tcpdump? I found one tool,
    > that I like conceptually - for deeply decoding a protocol -

tcpdump just exposes the libpcap compiler.  It has many annoying limitations.

    > I've googled, and thunk, and maybe I'm merely asking the wrong
    > questions, and "the packet analysis tool to end all tools" already
    > exists?

Yes, people have produced them, but they go nowhere because they are too
specialized, or too general.  The question is: are you trying to build a tcp
stack that punts packets at applications, or do "analysis" --- which I interpret
to mean to collect statistics.

    > C) Are vendors like mellonox or others doing network offloads parsing
    > bpf or ebpf directly yet?

I don't know.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [