ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add wireshark dissector to extras

Browse Source 
See extras/wireshark/readme.md for a quick writeup.

Change-Id: Id48d198aa2f1d643d0587947fe9c3fd62b613a9f
Signed-off-by: Dave Barach <dbarach@cisco.com>
This commit is contained in:
Dave Barach
2018-11-20 20:15:37 -05:00
parent 1201a805db
commit 1dda386e67
3 changed files with 1079 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
extras/wireshark/diffs.txt Normal file
View File

@ -0,0 +1,12 @@
diff --git a/epan/dissectors/CMakeLists.txt b/epan/dissectors/CMakeLists.txt
index 6fe8356f4e..6294ab5504 100644
--- a/epan/dissectors/CMakeLists.txt
+++ b/epan/dissectors/CMakeLists.txt
@@ -1812,6 +1812,7 @@ set(DISSECTOR_SRC
${CMAKE_CURRENT_SOURCE_DIR}/packet-vnc.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-vntag.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-vp8.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/packet-vpp.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-vrrp.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-vrt.c
${CMAKE_CURRENT_SOURCE_DIR}/packet-vsip.c

986
extras/wireshark/packet-vpp.c Normal file
View File

File diff suppressed because it is too large Load Diff

81
extras/wireshark/readme.md Normal file
View File

@ -0,0 +1,81 @@
How to build a vpp dispatch trace aware Wireshark
=================================================
At some point, we will upstream our vpp pcap dispatch trace dissector.
It's not finished - contributions welcome - and we have to work through
whatever issues will be discovered during the upstreaming process.
On the other hand, it's ready for some tire-kicking. Here's how to build
wireshark
Download and patch wireshark source code
-----------------------------------------
The wireshark git repo is large, so it takes a while to clone.
```
git clone https://code.wireshark.org/review/wireshark
cp .../extras/wireshark/packet-vpp.c wireshark/epan/dissectors
patch -p1 < .../extras/wireshark/diffs.txt
```
The small patch adds packet-vpp.c to the dissector list.
Install prerequisite Debian packages
------------------------------------
Here is a list of prerequisite packages which must be present in order
to compile wireshark, beyond what's typically installed on an Ubuntu
18.04 system:
```
libgcrypt11-dev flex bison qtbase5-dev qttools5-dev-tools qttools5-dev
qtmultimedia5-dev libqt5svg5-dev libpcap-dev qt5-default
```
Compile Wireshark
-----------------
Mercifully, Wireshark uses cmake, so it's relatively easy to build, at
least on Ubuntu 18.04.
```
$ cd wireshark
$ cmake -G Ninja
$ ninja -j 8
$ sudo ninja install
```
Make a pcap dispatch trace
--------------------------
Configure vpp to pass traffic in some fashion or other, and then:
```
vpp# pcap dispatch trace on max 10000 file vppcapture buffer-trace dpdk-input 1000
```
or similar. Run traffic for long enough to capture some data. Save the
dispatch trace capture like so:
```
vpp# pcap dispatch trace off
```
Display in Wireshark
--------------------
Display /tmp/vppcapture in the vpp-enabled version of wireshark. With
any luck, normal version of wireshark will refuse to process vpp
dispatch trace pcap files because they won't understand the encap type.
Set wireshark to filter on vpp.bufferindex to watch a single packet
traverse the forwarding graph. Otherwise, you'll see a vector of packets
in e.g. ip4-lookup, then a vector of packets in ip4-rewrite, etc.