Question: Is this code base good for production usage?

[ghost]

Thanks for sharing this project with the community. As I see, this projects hasn't been updated over last 4 years or so but was being used in ExtraHop products. Is this project going to be updated with latest changes if any? Is this still being used in production at ExtraHop?

[daethnir]

Indeed, this is still used in production quite widely. We do have a number of improvements that we haven't pushed up here recently - I'll get that on the docket here in the next few weeks.

We'll happily accept suggestions/pull requests. What's your use case?

[ghost]

I am looking at grabbing packets and dumping them a time series db for offline analysis, an APM use case to figure out latency issues. From improvement point of view, the only feature I will probably add to rpcapd would be sampling at the source.

Would love to know what are the improvements done by your team, happy to help in dev/testing of any features if they are still in the works.

[ghost]

Any inputs on the queries above would help me a lot! Please suggest.

[ghost]

Hello again, any updates on features in pipeline to be released here? Thank you.

[ghost]

We added end to end encryption to rpcapd after resolving some initial issues. Would love to know if we are re-inventing the wheel and you have already implemented these bits in your version which is being pushed up here.

[daluu]

Unfortunate that we haven't heard a response from @daethnir or ExtraHop here.

And unfortunate the OP's account is deleted as well. I wanted to ask some follow up questions regarding "we added end to end encryption to rpcapd after resolving some initial issues". Because rpcapd is now part of libpcap, and they have added TLS/SSL encryption support for rpcap (both rpcapd and rpcap clients). It would have been nice to check if the mentioned changes are similar or different from libpcap's changes and whether further improvements could be merged in there if the changes were permitted to be shared as open source.

For this repo, I would say aside from active mode here, without encryption and security improvements, there will always be security concerns for running this on production.