From: Chema Gonzalez <redacted>
Date: Mon, 5 May 2014 11:42:00 -0700

On Fri, May 2, 2014 at 7:52 PM, David Miller [off-list ref] wrote:

quoted

We can probably add an extension to AF_PACKET which provides the flow
key at the end of the tpacket3_hdr if a certain socket option is set.

That would provide the transport header as well as a side effect, and
be much more powerful and efficient than this particular BPF
instruction.

I'm not sure whether I follow this. The goal is to be able to access
the inner-most headers inside BPF, not in userland by calling
getsockopt().

You're missing my entire point.

You can use AF_PACKET mmap() rings and in those ring entries all of the
flow dissection information can be put in the ring entry headers before
the packet contents.  Ports, header offsets, everything.