I've built a wireshark dissector for fd.io vpp graph dispatcher pcap traces.
Please see https://fdio-vpp.readthedocs.io/en/latest/ for a description of the
code base / project, etc.
For development purposes, I borrowed one of the USERxxx encap types. Please
allocate a LINKTYPE_/DLT_ type for this file format, so I can upstream the
dissector.
Thanks... Dave Barach
Fd.io vpp PTL
Trace Record format
-------------------
VPP graph dispatch trace record description, in network byte order. Integers
wider than 8 bits are in little endian byte order.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Major Version |Minor Version |Buffer index high 16 bits |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Buffer index low 16 bits |Node Name Len | Node name ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Node name cont'd... ... | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Primary buffer metadata (64 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| [Secondary buffer metadata (64 octets, major version > 1)] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCII trace length 16 bits | ASCII trace ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ASCII trace cont'd ... ... | NULL octet |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Packet data (up to 16K) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Notes: as of this writing, major version = 1, minor version = 0. See below for
pro forma definitions of the primary buffer metadata and
primary opaque data. Please refer to fd.io vpp source code before you invest,
send money, or write code: "git clone https://gerrit.fd.io/r/vpp";
Trace records are generated by code in
.../src/vlib/main.c:dispatch_pcap_trace(...).
The secondary buffer metadata shown in the diagram above is NOT present in
version 1 traces.
Pro forma structure definitions:
--------------------------------
/*
* BIG FAT WARNING: it's impossible to #include the vpp header files,
* so this is a private copy of .../src/vnet/buffer.h, with
* some vpp typedefs thrown in for good measure.
*/
typedef unsigned int u32;
typedef unsigned short int u16;
typedef short int i16;
typedef unsigned char u8;
typedef unsigned long long u64;
/* VLIB buffer representation. */
typedef struct
{
/* Offset within data[] that we are currently processing.
If negative current header points into predata area. */
i16 current_data; /**< signed offset in data[], pre_data[]
that we are currently processing.
If negative current header points into predata area.
*/
u16 current_length; /**< Nbytes between current data and
the end of this buffer.
*/
u32 flags; /**< buffer flags */
u32 flow_id; /**< Generic flow identifier */
u32 next_buffer; /**< Next buffer for this linked-list of buffers.
Only valid if VLIB_BUFFER_NEXT_PRESENT flag is set.
*/
u32 current_config_index; /**< Used by feature subgraph arcs to
visit enabled feature nodes
*/
u16 error; /**< Error code for buffers to be enqueued
to error handler.
*/
u8 n_add_refs; /**< Number of additional references to this buffer. */
u8 buffer_pool_index; /**< index of buffer pool this buffer belongs. */
u32 opaque[10]; /**< Opaque data used by sub-graphs for their own purposes.
See above */
u32 trace_index; /**< Specifies index into trace buffer
if VLIB_PACKET_IS_TRACED flag is set.
*/
u32 recycle_count; /**< Used by L2 path recycle code */
u32 total_length_not_including_first_buffer;
/**< Only valid for first buffer in chain. Current length plus
total length given here give total number of bytes in buffer chain.
*/
u8 free_list_index; /** < only used if
VLIB_BUFFER_NON_DEFAULT_FREELIST
flag is set */
u8 align_pad[3]; /**< available */
u32 opaque2[12]; /**< More opaque data, see ../vnet/vnet/buffer.h */
/***** end of second cache line */
u8 pre_data[VLIB_BUFFER_PRE_DATA_SIZE]; /**< Space for inserting data
before buffer start.
Packet rewrite string will be
rewritten backwards and may
extend
back before buffer->data[0].
Must come directly before packet
data.
*/
u8 data[0]; /**< Packet data. Hardware DMA here */
} vlib_buffer_t; /* Must be a multiple of 64B. */
typedef struct
{
u32 sw_if_index[2];
i16 l2_hdr_offset;
i16 l3_hdr_offset;
i16 l4_hdr_offset;
u8 feature_arc_index;
u8 dont_waste_me;
union
{
/* IP4/6 buffer opaque. */
struct
{
/* Adjacency from destination IP address lookup [VLIB_TX].
Adjacency from source IP address lookup [VLIB_RX].
This gets set to ~0 until source lookup is performed. */
u32 adj_index[2];
union
{
struct
{
/* Flow hash value for this packet computed from IP src/dst
address
protocol and ports. */
u32 flow_hash;
union
{
/* next protocol */
u32 save_protocol;
/* Hint for transport protocols */
u32 fib_index;
};
/* Rewrite length */
u32 save_rewrite_length;
/* MFIB RPF ID */
u32 rpf_id;
};
/* ICMP */
struct
{
u8 type;
u8 code;
u32 data;
} icmp;
/* reassembly */
union
{
/* in/out variables */
struct
{
u32 next_index; /* index of next node - ignored if
"feature" node */
u16 estimated_mtu; /* estimated MTU calculated
during reassembly */
};
/* internal variables used during reassembly */
struct
{
u16 fragment_first;
u16 fragment_last;
u16 range_first;
u16 range_last;
u32 next_range_bi;
u16 ip6_frag_hdr_offset;
};
} reass;
};
} ip;
/*
* MPLS:
* data copied from the MPLS header that was popped from the packet
* during the look-up.
*/
struct
{
/* do not overlay w/ ip.adj_index[0,1] nor flow hash */
u32 pad[3];
u8 ttl;
u8 exp;
u8 first;
/* Rewrite length */
u32 save_rewrite_length;
/*
* BIER - the number of bytes in the header.
* the len field in the header is not authoritative. It's the
* value in the table that counts.
*/
struct
{
u8 n_bytes;
} bier;
} mpls;
/* l2 bridging path, only valid there */
struct opaque_l2
{
u32 feature_bitmap;
u16 bd_index; /* bridge-domain index */
u8 l2_len; /* ethernet header length */
u8 shg; /* split-horizon group */
u16 l2fib_sn; /* l2fib bd/int seq_num */
u8 bd_age; /* aging enabled */
} l2;
/* l2tpv3 softwire encap, only valid there */
struct
{
u32 pad[4]; /* do not overlay w/ ip.adj_index[0,1] */
u8 next_index;
u32 session_index;
} l2t;
/* L2 classify */
struct
{
struct opaque_l2 pad;
union
{
u32 table_index;
u32 opaque_index;
};
u64 hash;
} l2_classify;
/* vnet policer */
struct
{
u32 pad[8 - 2 - 1]; /* to end of opaque */
u32 index;
} policer;
/* interface output features */
struct
{
u32 flags;
u32 sad_index;
} ipsec;
/* MAP */
struct
{
u16 mtu;
} map;
/* MAP-T */
struct
{
u32 map_domain_index;
struct
{
u32 saddr, daddr;
u16 frag_offset; //Fragmentation header offset
u16 l4_offset; //L4 header overall offset
u8 l4_protocol; //The final protocol number
} v6; //Used by ip6_map_t only
u16 checksum_offset; //L4 checksum overall offset
u16 mtu; //Exit MTU
} map_t;
/* IP Fragmentation */
struct
{
u32 pad[2]; /* do not overlay w/ ip.adj_index[0,1] */
u16 mtu;
u8 next_index;
u8 flags; //See ip_frag.h
} ip_frag;
/* COP - configurable junk filter(s) */
struct
{
/* Current configuration index. */
u32 current_config_index;
} cop;
/* LISP */
struct
{
/* overlay address family */
u16 overlay_afi;
} lisp;
/* TCP */
struct
{
u32 connection_index;
u32 seq_number;
u32 seq_end;
u32 ack_number;
u16 hdr_offset; /**< offset relative to ip hdr */
u16 data_offset; /**< offset relative to ip hdr */
u16 data_len; /**< data len */
u8 flags;
} tcp;
/* SCTP */
struct
{
u32 connection_index;
u16 sid; /**< Stream ID */
u16 ssn; /**< Stream Sequence Number */
u32 tsn; /**< Transmission Sequence Number */
u16 hdr_offset; /**< offset relative to ip hdr */
u16 data_offset; /**< offset relative to ip hdr */
u16 data_len; /**< data len */
u8 subconn_idx; /**< index of the sub_connection being used */
u8 flags;
} sctp;
/* SNAT */
struct
{
u32 flags;
} snat;
u32 unused[6];
};
} vnet_buffer_opaque_t;
Sample packet generator definition
----------------------------------
packet-generator new {
name s0
limit 128
size 128-128
interface loop0
node ethernet-input
data { IP4: 1.2.3 -> 4.5.6
UDP: 11.22.33.44 -> 11.22.34.44
UDP: 1234 -> 2345
incrementing 114
}
}
Sample dissection of one trace record
-------------------------------------
No. Time Source Destination Protocol
Length Info
1 0.000000 11.22.33.44 11.22.34.44 KNET 617
Packet ID 32832: AppData (5)[Malformed Packet]
Frame 1: 617 bytes on wire (4936 bits), 617 bytes captured (4936 bits)
Encapsulation type: USER 13 (58)
Arrival Time: Dec 31, 1969 19:00:47.521366000 EST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 47.521366000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 617 bytes (4936 bits)
Capture Length: 617 bytes (4936 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: vpp:vpp-opaque:vpp-trace:eth:ethertype:ip:udp:knet]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
VPP Buffer Metadata
NodeName: ethernet-input
BufferIndex: 0x20000001
CurrentData: 0
CurrentLength: 128
BufferFlags: 0x00000002, Traced
FlowID: 0
NextBuffer: 0
CurrentConfigIndex: 0
ErrorIndex: 0
AddRefs: 0
BufferPoolIndex: 0
VPP Buffer Opaque
Raw : 00000001 ffffffff 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
Opaque: sw_if_index[VLIB_RX]: 1, sw_if_index[VLIB_TX]: -1
Opaque: L2 offset 0, L3 offset 0, L4 offset 0, feature arc index 0
Opaque: ip.adj_index[VLIB_RX]: 0, ip.adj_index[VLIB_TX]: 0
Opaque: ip.flow_hash: 0x0, ip.save_protocol: 0x0, ip.fib_index: 0
Opaque: ip.save_rewrite_length: 0, ip.rpf_id: 0
Opaque: ip.icmp.type: 0 ip.icmp.code: 0, ip.icmp.data: 0x0
Opaque: ip.reass.next_index: 0, ip.reass.estimated_mtu: 0
Opaque: ip.reass.fragment_first: 0 ip.reass.fragment_last: 0
Opaque: ip.reass.range_first: 0 ip.reass.range_last: 0
Opaque: ip.reass.next_range_bi: 0x0, ip.reass.ip6_frag_hdr_offset: 0
Opaque: mpls.ttl: 0, mpls.exp: 0, mpls.first: 0, mpls.save_rewrite_length:
0, mpls.bier.n_bytes: 0
Opaque: l2.feature_bitmap: 00000000, l2.bd_index: 0, l2.l2_len: 0, l2.shg:
0, l2.l2fib_sn: 0, l2.bd_age: 0
Opaque: l2t.next_index: 0, l2t.session_index: 0
Opaque: l2_classify.table_index: 0, l2_classify.opaque_index: 0,
l2_classify.hash: 0x0
Opaque: policer.index: 0
Opaque: ipsec.flags: 0x0, ipsec.sad_index: 0
Opaque: map.mtu: 0
Opaque: map_t.v6.saddr: 0x0, map_t.v6.daddr: 0x0, map_t.v6.frag_offset: 0,
map_t.v6.l4_offset: 0
Opaque: map_t.v6.l4_protocol: 0, map_t.checksum_offset: 0, map_t.mtu: 0
Opaque: ip_frag.mtu: 0, ip_frag.next_index: 0, ip_frag.flags: 0x0
Opaque: cop.current_config_index: 0
Opaque: lisp.overlay_afi: 0
Opaque: tcp.connection_index: 0, tcp.seq_number: 0, tcp.seq_end: 0,
tcp.ack_number: 0, tcp.hdr_offset: 0, tcp.data_offset: 0
Opaque: tcp.data_len: 0, tcp.flags: 0x0
Opaque: sctp.connection_index: 0, sctp.sid: 0, sctp.ssn: 0, sctp.tsn: 0,
sctp.hdr_offset: 0
Opaque: sctp.data_offset: 0, sctp.data_len: 0, sctp.subconn_idx: 0,
sctp.flags: 0x0
Opaque: snat.flags: 0x0
VPP Buffer Trace
Trace:
Trace: 00:00:47:471025: pg-input
Trace: stream s0, 128 bytes, 1 sw_if_index
Trace: current data 0, length 128, free-list 0, clone-count 0, trace 0x0
Trace: IP4: 00:01:00:02:00:03 -> 00:04:00:05:00:06
Trace: UDP: 11.22.33.44 -> 11.22.34.44
Trace: tos 0x00, ttl 64, length 114, checksum 0x20f8
Trace: fragment id 0x0000
Trace: UDP: 1234 -> 2345
Trace: length 94, checksum 0x8273
Ethernet II, Src: EquipTra_02:00:03 (00:01:00:02:00:03), Dst: LexmarkP_05:00:06
(00:04:00:05:00:06)
Destination: LexmarkP_05:00:06 (00:04:00:05:00:06)
Address: LexmarkP_05:00:06 (00:04:00:05:00:06)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 11.22.33.44, Dst: 11.22.34.44
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport
(0)
Total Length: 114
Identification: 0x0000 (0)
Flags: 0x0000
Time to live: 64
Protocol: UDP (17)
Header checksum: 0x20f8 [validation disabled]
[Header checksum status: Unverified]
Source: 11.22.33.44
Destination: 11.22.34.44
User Datagram Protocol, Src Port: 1234, Dst Port: 2345
Source Port: 1234
Destination Port: 2345
Length: 94
Checksum: 0x8273 [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
[Timestamps]
[Time since first frame: 0.000000000 seconds]
[Time since previous frame: 0.000000000 seconds]
_______________________________________________
tcpdump-workers mailing list
[email protected]
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
