Use pcapng instead of pcap format and store the result, the key (if
available) and the input port name so they are visible in
wireshark/tshark.
Signed-off-by: Adrian Moreno <amore...@redhat.com>
---
utilities/usdt-scripts/upcall_monitor.py | 53 +++++++++++++++++++-----
1 file changed, 42 insertions(+), 11 deletions(-)
diff --git a/utilities/usdt-scripts/upcall_monitor.py
b/utilities/usdt-scripts/upcall_monitor.py
index a1adeee0a..77378751f 100755
--- a/utilities/usdt-scripts/upcall_monitor.py
+++ b/utilities/usdt-scripts/upcall_monitor.py
@@ -118,7 +118,12 @@
from bcc import BPF, USDT, USDTException
from os.path import exists
-from scapy.all import hexdump, wrpcap
+try:
+ # Try using pcapng support from scapy >= 2.4.
+ from scapy.all import hexdump, PcapNgWriter
+except ImportError:
+ from scapy.all import hexdump, wrpcap
+
from scapy.layers.l2 import Ether
from usdt_lib import DpPortMapping
@@ -282,40 +287,48 @@ int kretprobe__ovs_dp_upcall(struct pt_regs *ctx)
#endif
"""
+pcap_writer = None
+
#
# print_key()
#
def print_key(event, decode_dump):
+ lines = []
if event.key_size < options.flow_key_size:
key_len = event.key_size
else:
key_len = options.flow_key_size
if not key_len:
- return
+ return []
if options.flow_key_decode != 'none':
- print(" Flow key size {} bytes, size captured {} bytes.".
- format(event.key_size, key_len))
+ lines.append(" Flow key size {} bytes, size captured {} bytes.".
+ format(event.key_size, key_len))
if options.flow_key_decode == 'hex':
#
# Abuse scapy's hex dump to dump flow key
#
- print(re.sub('^', ' ' * 4, hexdump(Ether(bytes(event.key)[:key_len]),
- dump=True),
- flags=re.MULTILINE))
+ lines.extend(re.sub('^', ' ' * 4,
+ hexdump(
+ Ether(bytes(event.key)[:key_len]),
+ dump=True),
+ flags=re.MULTILINE).split("\n"))
if options.flow_key_decode == "nlraw":
- for line in decode_dump:
- print(line)
+ lines.extend(decode_dump)
+
+ return lines
#
# print_event()
#
def print_event(ctx, data, size):
+ global pcap_writer
+
event = b["events"].event(data)
dp = event.dpif_name.decode("utf-8")
@@ -350,7 +363,9 @@ def print_event(ctx, data, size):
#
# Dump flow key information
#
- print_key(event, key_dump)
+ key_lines = print_key(event, key_dump)
+ for line in key_lines:
+ print(line)
#
# Decode packet only if there is data
@@ -383,7 +398,23 @@ def print_event(ctx, data, size):
print(re.sub('^', ' ' * 4, packet.show(dump=True), flags=re.MULTILINE))
if options.pcap is not None:
- wrpcap(options.pcap, packet, append=True, snaplen=options.packet_size)
+ try:
+ if pcap_writer is None:
+ pcap_writer = PcapNgWriter(options.pcap)
+
+ comment = "cpu={} comm={} pid={} upcall_type={} result={}". format(
+ event.cpu, event.comm.decode("utf-8"), event.pid,
+ event.upcall_type, event.result)
+
+ if options.flow_key_decode != 'none':
+ comment = comment + "\n" + "\n".join(key_lines)
+
+ packet.comment = comment
+ packet.sniffed_on = "{} ({})".format(port, dp)
+ pcap_writer.write(packet)
+ except NameError: # PcapNgWriter not found
+ wrpcap(options.pcap, packet, append=True,
+ snaplen=options.packet_size)
#
--
2.48.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
