mbox series

[v11,00/12] Packet capture framework enhancements

Message ID 20210924152202.7592-1-stephen@networkplumber.org (mailing list archive)
Headers
Series Packet capture framework enhancements |

Message

Stephen Hemminger Sept. 24, 2021, 3:21 p.m. UTC 
  This patch set is a more complete version of the the enhanced
packet capture support described last year.

The new capture library and utility are:
  - faster avoids lots of extra I/O, does bursting, etc.
  - gives more information (multiple ports, queues, etc)
  - has a better user interface (same as Wireshark dumpcap)
  - fixes structural problems with VLAN's and timestamps

There are no blocker items. The following are worth noting:
  * bogus checkpatch warnings
	- the correct flag to open is O_CREAT
        - intentionally keeping macro with goto since that
          was in original code and is clearer
        - the tempfile name can not be const since it is
          overwritten by tmpfile() call

  * enabling BPF tests causes CI to see a pre-existing bug
    https://bugs.dpdk.org/show_bug.cgi?id=811

  * filtering for stripped VLAN tags requires changes to
    libpcap (to be addressed in future)

v11
  - address review comments for pdump (patch 6)

v10:
  - fix to rte_bpf_dump to handle more instructions
    make sure all bpf_test cases are decoded

v9:
  - incorporate suggested change to BPF XOR
  - make autotest for pcapng more complete by reading the
    resulting file with libpcap

v8:
  - enable BPF tests in autotest
  - add more BPF test strings
  - use rte_strscpy to satisfy checkpatch
  - merge MAINTAINERS (put this in with existing pdump)

v7:
  - add functional tests for pcapng lib
  - bug fix for error returns in pcapng lib
  - handle long osname on FreeBSD
  - resolve almost all checkpatch issues

v5:
  - minor build and checkpatch fixes for RHEL/FreeBSD
  - disable lib/pdump on Windows. It was not useful before
    and now pdump depends on bpf.

v4:
  - minor checkpatch fixes.
    Note: some of the checkpatch warnings are bogus and won't be fixed.
  - fix build of dumpcap on FreeBSD

v3:
  - introduce packet filters using classic BPF to eBPF converter
    required small fix to DPDK BPF interpreter
  - introduce function to decode eBPF instructions
  - add option to dumpcap to show both classic BPF and eBPF result
  - drop some un-useful stubs
  - minor checkpatch warning cleanup

v2:
   fix formatting of packet blocks
   fix the new packet capture statistics
   fix crash when primary process exits
   record start/end time
   various whitespace/checkpatch warnings


Stephen Hemminger (12):
  librte_pcapng: add new library for writing pcapng files
  lib: pdump is not supported on Windows
  bpf: allow self-xor operation
  bpf: add function to convert classic BPF to DPDK BPF
  bpf: add function to dump eBPF instructions
  pdump: support pcapng and filtering
  app/dumpcap: add new packet capture application
  test: add test for bpf_convert
  test: add a test for pcapng library
  test: enable bpf autotest
  doc: changes for new pcapng and dumpcap
  MAINTAINERS: add entry for new packet capture features

 MAINTAINERS                                   |  11 +-
 app/dumpcap/main.c                            | 844 ++++++++++++++++++
 app/dumpcap/meson.build                       |  16 +
 app/meson.build                               |   1 +
 app/test/meson.build                          |   6 +
 app/test/test_bpf.c                           | 200 +++++
 app/test/test_pcapng.c                        | 272 ++++++
 doc/api/doxy-api-index.md                     |   1 +
 doc/api/doxy-api.conf.in                      |   1 +
 .../howto/img/packet_capture_framework.svg    |  96 +-
 doc/guides/howto/packet_capture_framework.rst |  67 +-
 doc/guides/prog_guide/index.rst               |   1 +
 doc/guides/prog_guide/pcapng_lib.rst          |  24 +
 doc/guides/prog_guide/pdump_lib.rst           |  28 +-
 doc/guides/rel_notes/release_21_11.rst        |  10 +
 doc/guides/tools/dumpcap.rst                  |  86 ++
 doc/guides/tools/index.rst                    |   1 +
 lib/bpf/bpf_convert.c                         | 575 ++++++++++++
 lib/bpf/bpf_dump.c                            | 139 +++
 lib/bpf/bpf_validate.c                        |   9 +-
 lib/bpf/meson.build                           |   6 +
 lib/bpf/rte_bpf.h                             |  39 +
 lib/bpf/version.map                           |   7 +
 lib/meson.build                               |   6 +-
 lib/pcapng/meson.build                        |   8 +
 lib/pcapng/pcapng_proto.h                     | 129 +++
 lib/pcapng/rte_pcapng.c                       | 574 ++++++++++++
 lib/pcapng/rte_pcapng.h                       | 194 ++++
 lib/pcapng/version.map                        |  12 +
 lib/pdump/meson.build                         |   2 +-
 lib/pdump/rte_pdump.c                         | 427 ++++++---
 lib/pdump/rte_pdump.h                         | 113 ++-
 lib/pdump/version.map                         |   8 +
 33 files changed, 3694 insertions(+), 219 deletions(-)
 create mode 100644 app/dumpcap/main.c
 create mode 100644 app/dumpcap/meson.build
 create mode 100644 app/test/test_pcapng.c
 create mode 100644 doc/guides/prog_guide/pcapng_lib.rst
 create mode 100644 doc/guides/tools/dumpcap.rst
 create mode 100644 lib/bpf/bpf_convert.c
 create mode 100644 lib/bpf/bpf_dump.c
 create mode 100644 lib/pcapng/meson.build
 create mode 100644 lib/pcapng/pcapng_proto.h
 create mode 100644 lib/pcapng/rte_pcapng.c
 create mode 100644 lib/pcapng/rte_pcapng.h
 create mode 100644 lib/pcapng/version.map