tracee icon indicating copy to clipboard operation
tracee copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

[RFE] pcap capturing options

Open OriGlassman opened this issue 3 years ago • 1 comments

Prerequisites

  • [x] There isn't an issue describing the feature I need.
  • [ ] I don't think opening a discussion thread first is relevant.
  • [ ] I have a use case for the feature I would like to request.

Feature description

As of today tracee-ebpf has two pcap related arguments: '-c net= and -c pcap:<host|per-container>'. This puts the burden of capturing pcaps on the user to supply an interface.. I suggest to have a 'pcap:<host,containers,all>' (default all) option, and leave tracee to detect the relevant network interface.

OriGlassman avatar Aug 25 '22 15:08 OriGlassman

The -c net= will vanish as soon as we drop tc progs attached to interfaces (being currently worked on). I'm about to create all issues for the network improvements about to come. Will label this as "networking" (and all subsequent/related ones).

rafaeldtinoco avatar Aug 25 '22 16:08 rafaeldtinoco