ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update tcpdump / wireshark packet format writeup

Browse Source 
Change-Id: I8195bae1421f68a823b86e12373840f5292ac0df
Signed-off-by: Dave Barach <dave@barachs.net>
This commit is contained in:
Dave Barach
2019-01-06 15:06:06 -05:00
committed by Dave Barach
parent 78d62422e1
commit 8dc146e000
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/gettingstarted/developers/vnet.md
View File

@ -325,8 +325,16 @@ packet data, and a protocol hint.
The buffer index is an opaque 32-bit cookie which allows consumers of The buffer index is an opaque 32-bit cookie which allows consumers of
these data to easily filter/track single packets as they traverse the these data to easily filter/track single packets as they traverse the
forwarding graph. Multiple records per packet are normal, and to be forwarding graph.
expected.
Multiple records per packet are normal, and to be expected. Packets
will appear multipe times as they traverse the vpp forwarding
graph. In this way, vpp graph dispatch traces are significantly
different from regular network packet captures from an end-station.
This property complicates stateful packet analysis.
Restricting stateful analysis to records from a single vpp graph node
such as "ethernet-input" seems likely to improve the situation.
As of this writing: major version = 1, minor version = 0. Nstrings As of this writing: major version = 1, minor version = 0. Nstrings
SHOULD be 4 or 5. Consumers SHOULD be wary values less than 4 or SHOULD be 4 or 5. Consumers SHOULD be wary values less than 4 or
@ -352,7 +360,7 @@ Example: VLIB_NODE_PROTO_HINT_IP6 means that the first octet of packet
data SHOULD be 0x60, and should begin an ipv6 packet header. data SHOULD be 0x60, and should begin an ipv6 packet header.
Downstream consumers of these data SHOULD pay attention to the Downstream consumers of these data SHOULD pay attention to the
protocol hint. They MUST tolerate inaccurate hints, which WILL occur protocol hint. They MUST tolerate inaccurate hints, which MAY occur
from time to time. from time to time.
### Dispatch Pcap Trace Debug CLI ### Dispatch Pcap Trace Debug CLI
@ -381,9 +389,9 @@ It almost goes without saying that we built a companion wireshark
dissector to display these traces. As of this writing, we're in the dissector to display these traces. As of this writing, we're in the
process of trying to upstream the wireshark dissector. process of trying to upstream the wireshark dissector.
Until various games of "fetch me a rock" involved are finished, please Until we manage to upstream the wireshark dissector, please see the
see the "How to build a vpp dispatch trace aware Wireshark" page "How to build a vpp dispatch trace aware Wireshark" page for build
for build info, and/or take a look at .../extras/wireshark. info, and/or take a look at .../extras/wireshark.
Here is a sample packet dissection, with some fields omitted for Here is a sample packet dissection, with some fields omitted for
clarity. The point is that the wireshark dissector accurately clarity. The point is that the wireshark dissector accurately