david415
commented
9 years ago oh wow! apparently the syscal package exported functions i use to make this BPF sniffer have been frozen/deprecated... because in the new sys package they don't exist!
we have to make a choice:
- go on using deprecated/frozen syscall api and our own hand written BPF Header structs
- use the sys package to write a BPF sniffer API using the ioctl functionality...
- go on using deprecated/frozen syscall api AND also use the sys package's BPF Header structs
ouch... i do believe it is better to use the sys package rather than the syscall package... here we see the bpf header struct defined for OpenBSD on amd64:
https://github.com/golang/sys/blob/master/unix/ztypes_openbsd_amd64.go#L427
and another one for NetBSD: https://github.com/golang/sys/blob/master/unix/ztypes_netbsd_amd64.go#L369
these recent additions to sys look great... and we should use them. It seems to me that we can get rid of our own definition of BpfHdr and use the one in the syscall package... as long as the running system is a BSD.
the sys package is imported like this: import "golang.org/x/sys/unix"