J-Gras
commented
5 years ago As far as I know PACKET_ZEROCOPY was discussed in context of AF_Packet V4, which has become AF_XDP (https://www.kernel.org/doc/html/v4.18/networking/af_xdp.html). AF_XDP is an interesting approach but seems quite complex. However, there is a Bro plugin available: https://github.com/irtimmer/bro-xdp_packet-plugin
A google search for PACKET_ZEROCOPY in conjunction with AF_PACKET describes a socket option that can be set to enable zero-copy (ZC) mode for AF_PACKET. Is that something bro-af_packet-plugin supports (or could support)?