Check out my first novel, midnight's simulacra!
DPDK
The Data Plane Development Kit, a Linux Foundation effort, makes robust userspace Linux networking more or less available to the common hax0r.
Pollmode driver
You'll need either a UIO or a VFIO module loaded. VFIO is preferable, as it can drive the IOMMU. This is the vfio-pci driver. If your system can't work with VFIO, the uio_pci_generic or igb_uio modules can be employed (the latter is, I believe, specifically for Intel Gigabit NICs). If VFIO is not used, the IOMMU must be disabled, or configured in passthrough mode.
To see physical devices and their bindings, run dpdk-devbind.py --status:
[schwarzgerat](0) $ dpdk-devbind.py --status Network devices using kernel driver =================================== 0000:43:00.0 'I211 Gigabit Network Connection 1539' if=igb drv=igb unused=vfio-pci *Active* 0000:44:00.0 'AQC111 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 11b1' if=aq5 drv=atlantic unused=vfio-pci *Active* 0000:45:00.0 'Wi-Fi 6 AX200 2723' if=ax200 drv=iwlwifi unused=vfio-pci *Active* Crypto devices using kernel driver ================================== 0000:23:00.1 'Starship/Matisse Cryptographic Coprocessor PSPCPP 1486' drv=ccp unused=vfio-pci [schwarzgerat](0) $
After eliminating any routes associated with a device, we can bind it to a DPDK PMD:
[schwarzgerat](0) $ sudo dpdk-devbind.py --bind=vfio-pci aq5 [schwarzgerat](0) $ dpdk-devbind.py --status Network devices using DPDK-compatible driver ============================================ 0000:44:00.0 'AQC111 NBase-T/IEEE 802.3bz Ethernet Controller [AQtion] 11b1' drv=vfio-pci unused=atlantic
This has unbound the device from the atlantic driver (which can now be unloaded, if we wish). There is no longer any `aq5` interface, but an nlmon has shown up.
Secondary processes
Tools like dpdk-pdump and dpdk-proc-info are secondary tools--they require a primary tool to be running, and to have already configured the packet capture framework.
