On 17 Jan 2025, at 15:25, Adrian Moreno wrote:
> Use pcapng instead of pcap format and store the result and the input > port name so they are visible in wireshark/tshark. > > Signed-off-by: Adrian Moreno <[email protected]> In general, this looks good to me. Some small comments below. //Eelco > --- > utilities/usdt-scripts/upcall_monitor.py | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/utilities/usdt-scripts/upcall_monitor.py > b/utilities/usdt-scripts/upcall_monitor.py > index 104225cad..59828b064 100755 > --- a/utilities/usdt-scripts/upcall_monitor.py > +++ b/utilities/usdt-scripts/upcall_monitor.py > @@ -118,7 +118,7 @@ > > from bcc import BPF, USDT, USDTException > from os.path import exists > -from scapy.all import hexdump, wrpcap > +from scapy.all import hexdump, PcapNgWriter > from scapy.layers.l2 import Ether > > from usdt_lib import DpPortMapping > @@ -284,6 +284,8 @@ int kretprobe__ovs_dp_upcall(struct pt_regs *ctx) > #endif > """ > > +pcap_writer = None > + > > # > # print_key() > @@ -318,6 +320,8 @@ def print_key(event, decode_dump): > # print_event() > # > def print_event(ctx, data, size): > + global pcap_writer > + > event = b["events"].event(data) > dp = event.dpif_name.decode("utf-8") > > @@ -380,7 +384,12 @@ def print_event(ctx, data, size): > print(re.sub('^', ' ' * 4, packet.show(dump=True), > flags=re.MULTILINE)) > > if options.pcap is not None: > - wrpcap(options.pcap, packet, append=True, > snaplen=options.packet_size) If I’m correct this is introduced in scapy 2.4, which might not be available in all distros by default, for example, RHEL8? Are we ok with this and assume they need to pip-install it? > + if pcap_writer is None: > + pcap_writer = PcapNgWriter(options.pcap) > + > + packet.comment = f"result={event.result}" Should we put in the whole line related to this packet? i.e. the print() from above, maybe including the key_dump? > + packet.sniffed_on = port > + pcap_writer.write(packet) > > > # > -- > 2.48.1 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
