xdpcap: XDP Packet Capture

The text discusses how a tool called xdpcap was developed as a replacement for tcpdump in the context of XDP (eXpress Data Path), a Linux kernel technology used for high-performance packet processing. Due to XDP's design, regular debugging tools like tcpdump are unable to see packets that have been redirected or dropped. To address this issue, xdpcap was created and open-sourced on GitHub. The tool uses a BPF (classic BPF) compiler called cbpfc, which is also open-source. Xdpcap reuses the same syntax as tcpdump and can write packets to a pcap file or decode them with tcpdump. The text goes into detail about how xdpcap was built, including its use of eBPF (extended BPF) and how it leverages features like tail-calls and perf_event_output to expose matching packets and the original action taken for them to userspace.