7fff3d2054
VPP graph dispatch trace record description:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Major Version | Minor Version | NStrings | ProtoHint |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer index (big endian) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ VPP graph node name ... ... | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer Metadata ... ... | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer Opaque ... ... | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer Opaque 2 ... ... | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VPP ASCII packet trace (if NStrings > 4) | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Packet data (up to 16K) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Graph dispatch records comprise a version stamp, an indication of how
many NULL-terminated strings will follow the record header, and a
protocol hint.
The buffer index allows downstream consumers of these data to easily
filter/track single packets as they traverse the forwarding
graph. FWIW, the 32-bit buffer index is stored in big endian format.
As of this writing, major version = 1, minor version = 0. Nstrings
will be either 4 or 5.
Here is the current set of protocol hints:
typedef enum
{
VLIB_NODE_PROTO_HINT_NONE = 0,
VLIB_NODE_PROTO_HINT_ETHERNET,
VLIB_NODE_PROTO_HINT_IP4,
VLIB_NODE_PROTO_HINT_IP6,
VLIB_NODE_PROTO_HINT_TCP,
VLIB_NODE_PROTO_HINT_UDP,
VLIB_NODE_N_PROTO_HINTS,
} vlib_node_proto_hint_t;
Example: VLIB_NODE_PROTO_HINT_IP6 means that the first octet of packet
data SHOULD be 0x60, and should begin an ipv6 packet header.
Change-Id: Idf310bad80cc0e4207394c80f18db5f77c378741
Signed-off-by: Dave Barach <dave@barachs.net>
How to build a vpp dispatch trace aware Wireshark
At some point, we will upstream our vpp pcap dispatch trace dissector. It's not finished - contributions welcome - and we have to work through whatever issues will be discovered during the upstreaming process.
On the other hand, it's ready for some tire-kicking. Here's how to build wireshark
Download and patch wireshark source code
The wireshark git repo is large, so it takes a while to clone.
git clone https://code.wireshark.org/review/wireshark
cp .../extras/wireshark/packet-vpp.c wireshark/epan/dissectors
patch -p1 < .../extras/wireshark/diffs.txt
The small patch adds packet-vpp.c to the dissector list.
Install prerequisite Debian packages
Here is a list of prerequisite packages which must be present in order to compile wireshark, beyond what's typically installed on an Ubuntu 18.04 system:
libgcrypt11-dev flex bison qtbase5-dev qttools5-dev-tools qttools5-dev
qtmultimedia5-dev libqt5svg5-dev libpcap-dev qt5-default
Compile Wireshark
Mercifully, Wireshark uses cmake, so it's relatively easy to build, at least on Ubuntu 18.04.
$ cd wireshark
$ cmake -G Ninja
$ ninja -j 8
$ sudo ninja install
Make a pcap dispatch trace
Configure vpp to pass traffic in some fashion or other, and then:
vpp# pcap dispatch trace on max 10000 file vppcapture buffer-trace dpdk-input 1000
or similar. Run traffic for long enough to capture some data. Save the dispatch trace capture like so:
vpp# pcap dispatch trace off
Display in Wireshark
Display /tmp/vppcapture in the vpp-enabled version of wireshark. With any luck, normal version of wireshark will refuse to process vpp dispatch trace pcap files because they won't understand the encap type.
Set wireshark to filter on vpp.bufferindex to watch a single packet traverse the forwarding graph. Otherwise, you'll see a vector of packets in e.g. ip4-lookup, then a vector of packets in ip4-rewrite, etc.