feat: support erspan3 in analyzer mode

agent/src/dispatcher/base_dispatcher.rs

@@ -709,6 +709,7 @@ impl BaseDispatcherListener {
             proxy_controller_port: self.proxy_controller_port,
             analyzer_source_ip: source_ip.unwrap(),
             analyzer_port: self.analyzer_port,
+            ignore_npb: options.tap_mode != TapMode::Analyzer,
         };
 
         let mut bpf_options = self.bpf_options.lock().unwrap();

agent/src/dispatcher/recv_engine/bpf.rs

@@ -39,6 +39,7 @@ type JumpModifier = fn(jumpIf: JumpIf, index: usize, total: usize) -> JumpIf;
 struct BpfBuilder {
     ins: Vec<BpfSyntax>,
     modifiers: Vec<Option<JumpModifier>>,
+    ignore_npb: bool,
 }
 
 #[cfg(any(target_os = "linux", target_os = "android"))]
@@ -88,6 +89,7 @@ pub(crate) struct Builder {
     pub proxy_controller_port: u16,
     pub controller_tls_port: u16,
     pub analyzer_source_ip: IpAddr,
+    pub ignore_npb: bool,
 }
 
 #[cfg(any(target_os = "linux", target_os = "android"))]
@@ -725,7 +727,9 @@ impl Builder {
         // 不采集和TSDB通信的流量
         bpf_builder.appends(&mut self.skip_ipv4_tsdb());
         // 不采集分发流量
-        bpf_builder.appends(&mut self.skip_ipv4_npb());
+        if self.ignore_npb {
+            bpf_builder.appends(&mut self.skip_ipv4_npb());
+        }
 
         return bpf_builder.build();
     }
@@ -736,7 +740,9 @@ impl Builder {
         // 不采集和TSDB通信的流量
         bpf_builder.appends(&mut self.skip_ipv6_tsdb());
         // 不采集分发流量
-        bpf_builder.appends(&mut self.skip_ipv6_npb());
+        if self.ignore_npb {
+            bpf_builder.appends(&mut self.skip_ipv6_npb());
+        }
 
         return bpf_builder.build();
     }
@@ -779,26 +785,28 @@ impl Builder {
             ip_version, self.analyzer_source_ip, self.analyzer_port
         ));
 
-        // 不采集分发的VXLAN流量
-        conditions.push(format!(
-            "not (udp and dst port {} and udp[8:1]={:#x})",
-            self.npb_port, self.vxlan_flags
-        ));
-
-        // 不采集分发的TCP流量
-        conditions.push(format!("not (tcp and port {})", self.npb_port,));
-
-        // 不采集分发的ERSPANIII
-        conditions.push(format!(
-            "not (ip[9:1]={:#x} and ip[22:2]={:#x})",
-            u8::from(IpProtocol::GRE),
-            GRE_PROTO_ERSPAN_III
-        ));
-        conditions.push(format!(
-            "not (ip6[6:1]={:#x} and ip6[42:2]={:#x})",
-            u8::from(IpProtocol::GRE),
-            GRE_PROTO_ERSPAN_III
-        ));
+        if self.ignore_npb {
+            // 不采集分发的VXLAN流量
+            conditions.push(format!(
+                "not (udp and dst port {} and udp[8:1]={:#x})",
+                self.npb_port, self.vxlan_flags
+            ));
+
+            // 不采集分发的TCP流量
+            conditions.push(format!("not (tcp and port {})", self.npb_port,));
+
+            // 不采集分发的ERSPANIII
+            conditions.push(format!(
+                "not (ip[9:1]={:#x} and ip[22:2]={:#x})",
+                u8::from(IpProtocol::GRE),
+                GRE_PROTO_ERSPAN_III
+            ));
+            conditions.push(format!(
+                "not (ip6[6:1]={:#x} and ip6[42:2]={:#x})",
+                u8::from(IpProtocol::GRE),
+                GRE_PROTO_ERSPAN_III
+            ));
+        }
 
         conditions.join(" and ")
     }

agent/src/trident.rs

@@ -2112,6 +2112,7 @@ impl AgentComponents {
             proxy_controller_port: candidate_config.dispatcher.proxy_controller_port,
             analyzer_source_ip: source_ip,
             analyzer_port: candidate_config.dispatcher.analyzer_port,
+            ignore_npb: candidate_config.tap_mode != TapMode::Analyzer,
         };
         let bpf_syntax_str = bpf_builder.build_pcap_syntax_to_str();
         #[cfg(any(target_os = "linux", target_os = "android"))]