filter to match TCP only
diff --git a/tools/tcpaccept b/tools/tcpaccept
index 0e91063..7e58bb5 100755
--- a/tools/tcpaccept
+++ b/tools/tcpaccept
@@ -7,8 +7,6 @@
#
# This uses dynamic tracing of the kernel inet_csk_accept() socket function
# (from tcp_prot.accept), and will need to be modified to match kernel changes.
-# This also traces DCCP traffic; check for future versions where this should
-# be filtered (should be done via "sk_protocol != IPPROTO_TCP").
#
# IPv4 addresses are printed as dotted quads. For IPv6 addresses, the last four
# bytes are printed after "..."; check for future versions with better IPv6
@@ -54,6 +52,13 @@
if (newsk == NULL)
return 0;
+ // check this is TCP
+ u8 protocol = 0;
+ // workaround for reading the sk_protocol bitfield:
+ bpf_probe_read(&protocol, 1, (void *)((long)&newsk->sk_wmem_queued) - 3);
+ if (protocol != IPPROTO_TCP)
+ return 0;
+
// pull in details
u16 family = 0, lport = 0;
u32 saddr = 0, daddr = 0;