I just pushed a library called BPF that converts binary pattern matching expressions into (classic) BPF (Berkeley Packet Filter) programs that you can use with SO_ATTACHFILTER or libpcap. There’s also an interpreter that allows you to test your programs against binaries.

BPF programs are essentially predicates on packets that run in the kernel and are usually used to filter traffic efficiently for programs like tcpdump etc, They are described using a Turing-incomplete instruction set.

I intend to add some integration tests using Tundra shortly.

Features

• Elixir syntax - Write filters using binary pattern matching and guards
• Multi-clause support - Multiple patterns with fallthrough semantics
• Guard expressions - Comparisons, logical operators, bitwise operations, arithmetic
• Packet length filtering - Use byte_size(packet) to filter by packet size
• SSA-based compiler - Optimized code generation with register allocation

Package
Docs