dropwatch not working anymore with latest kernel 5.17.4

[platinum55]

Hello,

it seems the CONFIG_NET_DROP_MONITOR option was removed from the kernel config, thus dropwatch is not working anymore(Unable to find NET_DM family, dropwatch can't work). It looks like that they switched to devlink traps

Does dropwatch need a code update or am I doing something wrong?

[nhorman]

Thats....Not true. Looking at linus' sources, the config option is very clearly still there, as it should be: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/Kconfig#n345

The use of devlink traps is orthogonal to the build option you are referencing. devlink traps just provide another hook to the kernel code to capture packets at the device level in addition to the hooks in the network stack (which continue to use kprobes).

The error you are seeing is usually indicative of a change to the kernel config itself. I imagine that your kernel is either: 1) Built without CONFIG_NET_DROP_MONITOR set to y or m or 2) Your kernel is built with CONFIG_NET_DROP_MONITOR set to m and the drop monitor module isn't loaded

take a look at your kernel config (if your kernel is built with it you can find it in either /proc/config[.xz] or in /boot/config-. See what CONFIG_NET_DROP_MONITOR is set to, and that will guide you on how to fix it.

[platinum55]

Thanks alot for your quick reply! I had checked the .config file, but there was no CONFIG_NET_DROP_MONITOR inside. "Kernel Hacking -> Tracers" was missing and is required to enable CONFIG_NET_DROP_MONITOR, that was the reason. Thank you very much!