I've built a wireshark dissector for fd.io vpp graph dispatcher pcap traces. Please see https://fdio-vpp.readthedocs.io/en/latest/ for a description of the code base / project, etc.
For development purposes, I borrowed one of the USERxxx encap types. Please allocate a LINKTYPE_/DLT_ type for this file format, so I can upstream the dissector. Thanks... Dave Barach Fd.io vpp PTL Trace Record format ------------------- VPP graph dispatch trace record description, in network byte order. Integers wider than 8 bits are in little endian byte order. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Major Version |Minor Version |Buffer index high 16 bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Buffer index low 16 bits |Node Name Len | Node name ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + Node name cont'd... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Primary buffer metadata (64 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | [Secondary buffer metadata (64 octets, major version > 1)] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCII trace length 16 bits | ASCII trace ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ASCII trace cont'd ... ... | NULL octet | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Packet data (up to 16K) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Notes: as of this writing, major version = 1, minor version = 0. See below for pro forma definitions of the primary buffer metadata and primary opaque data. Please refer to fd.io vpp source code before you invest, send money, or write code: "git clone https://gerrit.fd.io/r/vpp" Trace records are generated by code in .../src/vlib/main.c:dispatch_pcap_trace(...). The secondary buffer metadata shown in the diagram above is NOT present in version 1 traces. Pro forma structure definitions: -------------------------------- /* * BIG FAT WARNING: it's impossible to #include the vpp header files, * so this is a private copy of .../src/vnet/buffer.h, with * some vpp typedefs thrown in for good measure. */ typedef unsigned int u32; typedef unsigned short int u16; typedef short int i16; typedef unsigned char u8; typedef unsigned long long u64; /* VLIB buffer representation. */ typedef struct { /* Offset within data[] that we are currently processing. If negative current header points into predata area. */ i16 current_data; /**< signed offset in data[], pre_data[] that we are currently processing. If negative current header points into predata area. */ u16 current_length; /**< Nbytes between current data and the end of this buffer. */ u32 flags; /**< buffer flags */ u32 flow_id; /**< Generic flow identifier */ u32 next_buffer; /**< Next buffer for this linked-list of buffers. Only valid if VLIB_BUFFER_NEXT_PRESENT flag is set. */ u32 current_config_index; /**< Used by feature subgraph arcs to visit enabled feature nodes */ u16 error; /**< Error code for buffers to be enqueued to error handler. */ u8 n_add_refs; /**< Number of additional references to this buffer. */ u8 buffer_pool_index; /**< index of buffer pool this buffer belongs. */ u32 opaque[10]; /**< Opaque data used by sub-graphs for their own purposes. See above */ u32 trace_index; /**< Specifies index into trace buffer if VLIB_PACKET_IS_TRACED flag is set. */ u32 recycle_count; /**< Used by L2 path recycle code */ u32 total_length_not_including_first_buffer; /**< Only valid for first buffer in chain. Current length plus total length given here give total number of bytes in buffer chain. */ u8 free_list_index; /** < only used if VLIB_BUFFER_NON_DEFAULT_FREELIST flag is set */ u8 align_pad[3]; /**< available */ u32 opaque2[12]; /**< More opaque data, see ../vnet/vnet/buffer.h */ /***** end of second cache line */ u8 pre_data[VLIB_BUFFER_PRE_DATA_SIZE]; /**< Space for inserting data before buffer start. Packet rewrite string will be rewritten backwards and may extend back before buffer->data[0]. Must come directly before packet data. */ u8 data[0]; /**< Packet data. Hardware DMA here */ } vlib_buffer_t; /* Must be a multiple of 64B. */ typedef struct { u32 sw_if_index[2]; i16 l2_hdr_offset; i16 l3_hdr_offset; i16 l4_hdr_offset; u8 feature_arc_index; u8 dont_waste_me; union { /* IP4/6 buffer opaque. */ struct { /* Adjacency from destination IP address lookup [VLIB_TX]. Adjacency from source IP address lookup [VLIB_RX]. This gets set to ~0 until source lookup is performed. */ u32 adj_index[2]; union { struct { /* Flow hash value for this packet computed from IP src/dst address protocol and ports. */ u32 flow_hash; union { /* next protocol */ u32 save_protocol; /* Hint for transport protocols */ u32 fib_index; }; /* Rewrite length */ u32 save_rewrite_length; /* MFIB RPF ID */ u32 rpf_id; }; /* ICMP */ struct { u8 type; u8 code; u32 data; } icmp; /* reassembly */ union { /* in/out variables */ struct { u32 next_index; /* index of next node - ignored if "feature" node */ u16 estimated_mtu; /* estimated MTU calculated during reassembly */ }; /* internal variables used during reassembly */ struct { u16 fragment_first; u16 fragment_last; u16 range_first; u16 range_last; u32 next_range_bi; u16 ip6_frag_hdr_offset; }; } reass; }; } ip; /* * MPLS: * data copied from the MPLS header that was popped from the packet * during the look-up. */ struct { /* do not overlay w/ ip.adj_index[0,1] nor flow hash */ u32 pad[3]; u8 ttl; u8 exp; u8 first; /* Rewrite length */ u32 save_rewrite_length; /* * BIER - the number of bytes in the header. * the len field in the header is not authoritative. It's the * value in the table that counts. */ struct { u8 n_bytes; } bier; } mpls; /* l2 bridging path, only valid there */ struct opaque_l2 { u32 feature_bitmap; u16 bd_index; /* bridge-domain index */ u8 l2_len; /* ethernet header length */ u8 shg; /* split-horizon group */ u16 l2fib_sn; /* l2fib bd/int seq_num */ u8 bd_age; /* aging enabled */ } l2; /* l2tpv3 softwire encap, only valid there */ struct { u32 pad[4]; /* do not overlay w/ ip.adj_index[0,1] */ u8 next_index; u32 session_index; } l2t; /* L2 classify */ struct { struct opaque_l2 pad; union { u32 table_index; u32 opaque_index; }; u64 hash; } l2_classify; /* vnet policer */ struct { u32 pad[8 - 2 - 1]; /* to end of opaque */ u32 index; } policer; /* interface output features */ struct { u32 flags; u32 sad_index; } ipsec; /* MAP */ struct { u16 mtu; } map; /* MAP-T */ struct { u32 map_domain_index; struct { u32 saddr, daddr; u16 frag_offset; //Fragmentation header offset u16 l4_offset; //L4 header overall offset u8 l4_protocol; //The final protocol number } v6; //Used by ip6_map_t only u16 checksum_offset; //L4 checksum overall offset u16 mtu; //Exit MTU } map_t; /* IP Fragmentation */ struct { u32 pad[2]; /* do not overlay w/ ip.adj_index[0,1] */ u16 mtu; u8 next_index; u8 flags; //See ip_frag.h } ip_frag; /* COP - configurable junk filter(s) */ struct { /* Current configuration index. */ u32 current_config_index; } cop; /* LISP */ struct { /* overlay address family */ u16 overlay_afi; } lisp; /* TCP */ struct { u32 connection_index; u32 seq_number; u32 seq_end; u32 ack_number; u16 hdr_offset; /**< offset relative to ip hdr */ u16 data_offset; /**< offset relative to ip hdr */ u16 data_len; /**< data len */ u8 flags; } tcp; /* SCTP */ struct { u32 connection_index; u16 sid; /**< Stream ID */ u16 ssn; /**< Stream Sequence Number */ u32 tsn; /**< Transmission Sequence Number */ u16 hdr_offset; /**< offset relative to ip hdr */ u16 data_offset; /**< offset relative to ip hdr */ u16 data_len; /**< data len */ u8 subconn_idx; /**< index of the sub_connection being used */ u8 flags; } sctp; /* SNAT */ struct { u32 flags; } snat; u32 unused[6]; }; } vnet_buffer_opaque_t; Sample packet generator definition ---------------------------------- packet-generator new { name s0 limit 128 size 128-128 interface loop0 node ethernet-input data { IP4: 1.2.3 -> 4.5.6 UDP: 11.22.33.44 -> 11.22.34.44 UDP: 1234 -> 2345 incrementing 114 } } Sample dissection of one trace record ------------------------------------- No. Time Source Destination Protocol Length Info 1 0.000000 11.22.33.44 11.22.34.44 KNET 617 Packet ID 32832: AppData (5)[Malformed Packet] Frame 1: 617 bytes on wire (4936 bits), 617 bytes captured (4936 bits) Encapsulation type: USER 13 (58) Arrival Time: Dec 31, 1969 19:00:47.521366000 EST [Time shift for this packet: 0.000000000 seconds] Epoch Time: 47.521366000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 617 bytes (4936 bits) Capture Length: 617 bytes (4936 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: vpp:vpp-opaque:vpp-trace:eth:ethertype:ip:udp:knet] [Coloring Rule Name: UDP] [Coloring Rule String: udp] VPP Buffer Metadata NodeName: ethernet-input BufferIndex: 0x20000001 CurrentData: 0 CurrentLength: 128 BufferFlags: 0x00000002, Traced FlowID: 0 NextBuffer: 0 CurrentConfigIndex: 0 ErrorIndex: 0 AddRefs: 0 BufferPoolIndex: 0 VPP Buffer Opaque Raw : 00000001 ffffffff 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Opaque: sw_if_index[VLIB_RX]: 1, sw_if_index[VLIB_TX]: -1 Opaque: L2 offset 0, L3 offset 0, L4 offset 0, feature arc index 0 Opaque: ip.adj_index[VLIB_RX]: 0, ip.adj_index[VLIB_TX]: 0 Opaque: ip.flow_hash: 0x0, ip.save_protocol: 0x0, ip.fib_index: 0 Opaque: ip.save_rewrite_length: 0, ip.rpf_id: 0 Opaque: ip.icmp.type: 0 ip.icmp.code: 0, ip.icmp.data: 0x0 Opaque: ip.reass.next_index: 0, ip.reass.estimated_mtu: 0 Opaque: ip.reass.fragment_first: 0 ip.reass.fragment_last: 0 Opaque: ip.reass.range_first: 0 ip.reass.range_last: 0 Opaque: ip.reass.next_range_bi: 0x0, ip.reass.ip6_frag_hdr_offset: 0 Opaque: mpls.ttl: 0, mpls.exp: 0, mpls.first: 0, mpls.save_rewrite_length: 0, mpls.bier.n_bytes: 0 Opaque: l2.feature_bitmap: 00000000, l2.bd_index: 0, l2.l2_len: 0, l2.shg: 0, l2.l2fib_sn: 0, l2.bd_age: 0 Opaque: l2t.next_index: 0, l2t.session_index: 0 Opaque: l2_classify.table_index: 0, l2_classify.opaque_index: 0, l2_classify.hash: 0x0 Opaque: policer.index: 0 Opaque: ipsec.flags: 0x0, ipsec.sad_index: 0 Opaque: map.mtu: 0 Opaque: map_t.v6.saddr: 0x0, map_t.v6.daddr: 0x0, map_t.v6.frag_offset: 0, map_t.v6.l4_offset: 0 Opaque: map_t.v6.l4_protocol: 0, map_t.checksum_offset: 0, map_t.mtu: 0 Opaque: ip_frag.mtu: 0, ip_frag.next_index: 0, ip_frag.flags: 0x0 Opaque: cop.current_config_index: 0 Opaque: lisp.overlay_afi: 0 Opaque: tcp.connection_index: 0, tcp.seq_number: 0, tcp.seq_end: 0, tcp.ack_number: 0, tcp.hdr_offset: 0, tcp.data_offset: 0 Opaque: tcp.data_len: 0, tcp.flags: 0x0 Opaque: sctp.connection_index: 0, sctp.sid: 0, sctp.ssn: 0, sctp.tsn: 0, sctp.hdr_offset: 0 Opaque: sctp.data_offset: 0, sctp.data_len: 0, sctp.subconn_idx: 0, sctp.flags: 0x0 Opaque: snat.flags: 0x0 VPP Buffer Trace Trace: Trace: 00:00:47:471025: pg-input Trace: stream s0, 128 bytes, 1 sw_if_index Trace: current data 0, length 128, free-list 0, clone-count 0, trace 0x0 Trace: IP4: 00:01:00:02:00:03 -> 00:04:00:05:00:06 Trace: UDP: 11.22.33.44 -> 11.22.34.44 Trace: tos 0x00, ttl 64, length 114, checksum 0x20f8 Trace: fragment id 0x0000 Trace: UDP: 1234 -> 2345 Trace: length 94, checksum 0x8273 Ethernet II, Src: EquipTra_02:00:03 (00:01:00:02:00:03), Dst: LexmarkP_05:00:06 (00:04:00:05:00:06) Destination: LexmarkP_05:00:06 (00:04:00:05:00:06) Address: LexmarkP_05:00:06 (00:04:00:05:00:06) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 11.22.33.44, Dst: 11.22.34.44 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 114 Identification: 0x0000 (0) Flags: 0x0000 Time to live: 64 Protocol: UDP (17) Header checksum: 0x20f8 [validation disabled] [Header checksum status: Unverified] Source: 11.22.33.44 Destination: 11.22.34.44 User Datagram Protocol, Src Port: 1234, Dst Port: 2345 Source Port: 1234 Destination Port: 2345 Length: 94 Checksum: 0x8273 [unverified] [Checksum Status: Unverified] [Stream index: 0] [Timestamps] [Time since first frame: 0.000000000 seconds] [Time since previous frame: 0.000000000 seconds] _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers