nfprobe
A netflow probe using bpf.
Features
- data enrichment
- output
TODO
kprobe/kretprobe can run on different processors, as a function could resume on a new processor.
Can a function resume on a new thread?
ktime does not count for hibernation.
A netflow probe using bpf.
kprobe/kretprobe can run on different processors, as a function could resume on a new processor.
Can a function resume on a new thread?
ktime does not count for hibernation.