Add wireshark dissector to extras

See extras/wireshark/readme.md for a quick writeup. Change-Id: Id48d198aa2f1d643d0587947fe9c3fd62b613a9f Signed-off-by: Dave Barach <dbarach@cisco.com>
2018-11-20 20:15:37 -05:00
parent 1201a805db
commit 1dda386e67
3 changed files with 1079 additions and 0 deletions
--- a/extras/wireshark/diffs.txt
+++ b/extras/wireshark/diffs.txt
@ -0,0 +1,12 @@
+diff --git a/epan/dissectors/CMakeLists.txt b/epan/dissectors/CMakeLists.txt
+index 6fe8356f4e..6294ab5504 100644
+--- a/epan/dissectors/CMakeLists.txt
+++ b/epan/dissectors/CMakeLists.txt
+@@ -1812,6 +1812,7 @@ set(DISSECTOR_SRC
+ 	${CMAKE_CURRENT_SOURCE_DIR}/packet-vnc.c
+ 	${CMAKE_CURRENT_SOURCE_DIR}/packet-vntag.c
+ 	${CMAKE_CURRENT_SOURCE_DIR}/packet-vp8.c
+	${CMAKE_CURRENT_SOURCE_DIR}/packet-vpp.c
+ 	${CMAKE_CURRENT_SOURCE_DIR}/packet-vrrp.c
+ 	${CMAKE_CURRENT_SOURCE_DIR}/packet-vrt.c
+ 	${CMAKE_CURRENT_SOURCE_DIR}/packet-vsip.c
--- a/extras/wireshark/packet-vpp.c
+++ b/extras/wireshark/packet-vpp.c
--- a/extras/wireshark/readme.md
+++ b/extras/wireshark/readme.md
@ -0,0 +1,81 @@
+How to build a vpp dispatch trace aware Wireshark
+=================================================
+
+At some point, we will upstream our vpp pcap dispatch trace dissector.
+It's not finished - contributions welcome - and we have to work through
+whatever issues will be discovered during the upstreaming process.
+
+On the other hand, it's ready for some tire-kicking. Here's how to build
+wireshark
+
+Download and patch wireshark source code
+-----------------------------------------
+
+The wireshark git repo is large, so it takes a while to clone. 
+
+```
+     git clone https://code.wireshark.org/review/wireshark
+     cp .../extras/wireshark/packet-vpp.c wireshark/epan/dissectors
+     patch -p1 < .../extras/wireshark/diffs.txt
+```
+
+The small patch adds packet-vpp.c to the dissector list.
+
+Install prerequisite Debian packages
+------------------------------------
+
+Here is a list of prerequisite packages which must be present in order
+to compile wireshark, beyond what's typically installed on an Ubuntu
+18.04 system:
+
+```
+        libgcrypt11-dev flex bison qtbase5-dev qttools5-dev-tools qttools5-dev
+        qtmultimedia5-dev libqt5svg5-dev libpcap-dev qt5-default
+```
+
+Compile Wireshark
+-----------------
+
+Mercifully, Wireshark uses cmake, so it's relatively easy to build, at
+least on Ubuntu 18.04. 
+
+
+```
+     $ cd wireshark
+     $ cmake -G Ninja
+     $ ninja -j 8
+     $ sudo ninja install
+```
+
+Make a pcap dispatch trace
+--------------------------
+
+Configure vpp to pass traffic in some fashion or other, and then:
+
+```
+    vpp# pcap dispatch trace on max 10000 file vppcapture buffer-trace dpdk-input 1000
+
+```
+
+or similar. Run traffic for long enough to capture some data. Save the
+dispatch trace capture like so:
+
+```
+    vpp# pcap dispatch trace off
+```
+
+Display in Wireshark
+--------------------
+
+Display /tmp/vppcapture in the vpp-enabled version of wireshark. With
+any luck, normal version of wireshark will refuse to process vpp
+dispatch trace pcap files because they won't understand the encap type.
+
+Set wireshark to filter on vpp.bufferindex to watch a single packet
+traverse the forwarding graph. Otherwise, you'll see a vector of packets
+in e.g. ip4-lookup, then a vector of packets in ip4-rewrite, etc. 
+
+
+
+
+