Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
drop_mon (or whatever it's called) is one of the weirder things in the Linux kernel. It has only one implementation I've found, "dropwatch", which is, to put it gently, not a great example of a modern C CLI program --- for instance, the kernel subsystem gives you snapshots of packet contents themselves, and there is already a very flexible and easy-to-use library for filtering packets based on their contents with an enormous ecosystem, but all dropwatch will do is print dumps.
I threw together a half-assed POC alternative implementation in Go a couple months ago, using Matt Layher's fantastic netlink libraries:
https://github.com/superfly/dropspy
I recently came across another useful utility for debugging unexpected packet drops - PWRU[0] (Packet, Where Are You) by Cilium.
It uses eBPF to try to trace the path of the packet through the kernel. Haven't needed to use it yet, but it could have saved me a lot of trouble in the past.
[0]: https://github.com/cilium/pwru