tcpdump mailing list archives
Re: Request for a new LINKTYPE_/DLT_ type.
From: "Dave Barach (dbarach)" <dbarach () cisco com>
Date: Sat, 29 Dec 2018 12:50:43 +0000
The same packet - with [traced] metadata changes - will appear multiple times as the packet traverses the vpp forwarding graph. Simple example: from the driver layer, an ip4 transit packet will visit ethernet-input, ip4-input[-no-checksum], ip4-lookup, ip4-rewrite, interface-output, and the device driver TX node. Each of those visits results in a trace record. The dispatch framework traces vectors of packets, so one sees N x trace records from ethernet-input, the N x trace records from ip4-input, and so on. Folks typically filter by buffer-index in wireshark, to see what happens to one packet in a convenient sequential view. In terms of medatadata: at ethernet input, b->current_data will be zero. At ip4-input, b->current_data will be 14 (or more, if the packet has 1 or 2 vlan tags). At interface-output, b->current_data is often [but not always] zero. TBH we've been using the dispatch tracer + not-yet-upstreamed wirshark dissector for a while. It's incredibly handy for chasing "new code" problems: broken L3 and/or L4 checksums, leaving b->current_data pointing to the wrong layer, forgetting to ask for hardware checksum offload insertion, and so on. Thanks... Dave -----Original Message----- From: Guy Harris <gharris () sonic net> Sent: Monday, December 24, 2018 6:47 PM To: Dave Barach (dbarach) <dbarach () cisco com> Cc: tcpdump-workers <tcpdump-workers () lists tcpdump org> Subject: Re: [tcpdump-workers] Request for a new LINKTYPE_/DLT_ type. On Nov 28, 2018, at 4:34 AM, Dave Barach (dbarach) <dbarach () cisco com> wrote:
The buffer index is an opaque 32-bit cookie which allows consumers of these data to easily filter/track single packets as they traverse the forwarding graph. Multiple records per packet are normal, and to be expected.
In what form?
For example, might you see:
an Ethernet packet, containing an IP datagram, containing a TCP segment or UDP datagram;
an IP packet, containing the same IP datagram as the previous packet;
a TCP segment or UDP datagram, containing the same segment/datagram as the previous packet;
or might you see the same {Ethernet,IP,TCP,UDP} packet more than once, or both?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: Request for a new LINKTYPE_/DLT_ type., (continued)
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Nov 26)
- Message not available
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Nov 27)
- Message not available
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Nov 27)
- Re: Request for a new LINKTYPE_/DLT_ type. Dave Barach (dbarach) (Nov 27)
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Nov 27)
- Re: Request for a new LINKTYPE_/DLT_ type. Dave Barach (dbarach) (Nov 28)
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Nov 28)
- Re: Request for a new LINKTYPE_/DLT_ type. Dave Barach (dbarach) (Nov 28)
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Dec 24)
- Re: Request for a new LINKTYPE_/DLT_ type. Guy Harris (Dec 24)
- Re: Request for a new LINKTYPE_/DLT_ type. Dave Barach (dbarach) (Dec 29)
- Re: Request for a new LINKTYPE_/DLT_ type. Michael Richardson (Dec 23)
- Re: Request for a new LINKTYPE_/DLT_ type. Dave Barach (dbarach) (Dec 23)