Linux: network: tcpdump: packets dropped by kernel

最近遇到一个问题

tcpdump命令显示有dropped的包，而且是被内核drop的。
[root@-one-01 ~]# tcpdump -i any udp and port 8080 -v -w /root/udp.pcap
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
^C180461 packets captured
366320 packets received by filter
5331 packets dropped by kernel

tcpdump -i lo udp and port 8080 -v --buffer-size=409600 -v -s0 -w /root/udp.pcap
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
^C182283 packets captured
364566 packets received by filter
0 packets dropped by kernel

原因

需要根据tcpdump/libpcap/linux内核的代码，一路查下来，看看这个drop是怎么产生的。