On Tue, Mar 11, 2025 at 04:06:41PM +0100, Eelco Chaudron wrote:
>
>
> On 11 Mar 2025, at 16:01, Eelco Chaudron wrote:
>
> > On 27 Feb 2025, at 18:23, Adrian Moreno wrote:
> >
> >> Use pcapng instead of pcap format and store the result, the key (if
> >> available) and the input port name so they are visible in
> >> wireshark/tshark.
> >>
> >> Signed-off-by: Adrian Moreno <[email protected]>
> >
> > Some comments minor below.
>
> Did some testing and the port number does not seem to be part of the capture.
>
> ./upcall_monitor.py -d decode -k nlraw -r error -w error.pcap
>
> $ tshark -r error.pcap -V
> Packet comments
> cpu=18 comm=ksoftirqd/18 pid=128 upcall_type=1 result=-11
>
> [Expert Info (Comment/Comment): cpu=18 comm=ksoftirqd/18 pid=128
> upcall_type=1 result=-11
> ]
> [cpu=18 comm=ksoftirqd/18 pid=128 upcall_type=1 result=-11
> ]
> [Severity level: Comment]
> [Group: Comment]
> Frame 1: 1496 bytes on wire (11968 bits), 64 bytes captured (512 bits) on
> interface unknown, id 0
> Interface id: 0 (unknown)
> Interface name: unknown
> ^^^^^^^
>
That's weird, I cannot reproduce it. How did you generate the failed
upcall?
> >> ---
> >> utilities/usdt-scripts/upcall_monitor.py | 53 +++++++++++++++++++-----
> >> 1 file changed, 42 insertions(+), 11 deletions(-)
> >>
> >> diff --git a/utilities/usdt-scripts/upcall_monitor.py
> >> b/utilities/usdt-scripts/upcall_monitor.py
> >> index a1adeee0a..77378751f 100755
> >> --- a/utilities/usdt-scripts/upcall_monitor.py
> >> +++ b/utilities/usdt-scripts/upcall_monitor.py
> >> @@ -118,7 +118,12 @@
> >>
> >> from bcc import BPF, USDT, USDTException
> >> from os.path import exists
> >> -from scapy.all import hexdump, wrpcap
> >> +try:
> >> + # Try using pcapng support from scapy >= 2.4.
> >> + from scapy.all import hexdump, PcapNgWriter
> >> +except ImportError:
> >> + from scapy.all import hexdump, wrpcap
> >> +
> >> from scapy.layers.l2 import Ether
> >>
> >> from usdt_lib import DpPortMapping
> >> @@ -282,40 +287,48 @@ int kretprobe__ovs_dp_upcall(struct pt_regs *ctx)
> >> #endif
> >> """
> >>
> >> +pcap_writer = None
> >> +
> >>
> >> #
> >> # print_key()
> >> #
> >> def print_key(event, decode_dump):
> >
> > As this is no longer printing a key, I would change it to format_key().
> >
> >> + lines = []
> >> if event.key_size < options.flow_key_size:
> >> key_len = event.key_size
> >> else:
> >> key_len = options.flow_key_size
> >>
> >> if not key_len:
> >> - return
> >> + return []
> >>
> >> if options.flow_key_decode != 'none':
> >> - print(" Flow key size {} bytes, size captured {} bytes.".
> >> - format(event.key_size, key_len))
> >> + lines.append(" Flow key size {} bytes, size captured {} bytes.".
> >> + format(event.key_size, key_len))
> >>
> >> if options.flow_key_decode == 'hex':
> >> #
> >> # Abuse scapy's hex dump to dump flow key
> >> #
> >> - print(re.sub('^', ' ' * 4,
> >> hexdump(Ether(bytes(event.key)[:key_len]),
> >> - dump=True),
> >> - flags=re.MULTILINE))
> >> + lines.extend(re.sub('^', ' ' * 4,
> >> + hexdump(
> >> + Ether(bytes(event.key)[:key_len]),
> >> + dump=True),
> >> + flags=re.MULTILINE).split("\n"))
> >>
> >> if options.flow_key_decode == "nlraw":
> >> - for line in decode_dump:
> >> - print(line)
> >> + lines.extend(decode_dump)
> >> +
> >> + return lines
> >>
> >>
> >> #
> >> # print_event()
> >> #
> >> def print_event(ctx, data, size):
> >> + global pcap_writer
> >> +
> >> event = b["events"].event(data)
> >> dp = event.dpif_name.decode("utf-8")
> >>
> >> @@ -350,7 +363,9 @@ def print_event(ctx, data, size):
> >> #
> >> # Dump flow key information
> >> #
> >> - print_key(event, key_dump)
> >> + key_lines = print_key(event, key_dump)
> >> + for line in key_lines:
> >> + print(line)
> >>
> >> #
> >> # Decode packet only if there is data
> >> @@ -383,7 +398,23 @@ def print_event(ctx, data, size):
> >> print(re.sub('^', ' ' * 4, packet.show(dump=True),
> >> flags=re.MULTILINE))
> >>
> >> if options.pcap is not None:
> >> - wrpcap(options.pcap, packet, append=True,
> >> snaplen=options.packet_size)
> >> + try:
> >> + if pcap_writer is None:
> >> + pcap_writer = PcapNgWriter(options.pcap)
> >> +
> >> + comment = "cpu={} comm={} pid={} upcall_type={} result={}".
> >> format(
> >
> > Adding the time stamp here might also be useful to “quickly” see the
> > inter-packet gap.
> >
> >> + event.cpu, event.comm.decode("utf-8"), event.pid,
> >> + event.upcall_type, event.result)
> >> +
> >> + if options.flow_key_decode != 'none':
> >> + comment = comment + "\n" + "\n".join(key_lines)
> >> +
> >> + packet.comment = comment
> >> + packet.sniffed_on = "{} ({})".format(port, dp)
> >> + pcap_writer.write(packet)
> >> + except NameError: # PcapNgWriter not found
> >> + wrpcap(options.pcap, packet, append=True,
> >> + snaplen=options.packet_size)
> >>
> >>
> >> #
> >> --
> >> 2.48.1
> >>
> >> _______________________________________________
> >> dev mailing list
> >> [email protected]
> >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
