From: Ben Magistro <koncept1@gmail.com>
To: dev@dpdk.org, stephen@networkplumber.org
Cc: ben.magistro@trinitycyber.com, Ben Magistro <koncept1@gmail.com>
Subject: [PATCH 5/6] app/dumpcap: improve per interface arg parsing
Date: Mon, 2 Jan 2023 16:24:40 +0000 [thread overview]
Message-ID: <20230102162441.6205-5-koncept1@gmail.com> (raw)
In-Reply-To: <20230102162441.6205-1-koncept1@gmail.com>
This change improves the argument parsing to align closer to that of Wireshark
dumpcap allowing for per interface settings on promiscuous mode and the filter
string.
Cc: stephen@networkplumber.org
Signed-off-by: Ben Magistro <koncept1@gmail.com>
---
app/dumpcap/main.c | 149 +++++++++++++++++++++++------------
doc/guides/tools/dumpcap.rst | 17 +++-
2 files changed, 112 insertions(+), 54 deletions(-)
diff --git a/app/dumpcap/main.c b/app/dumpcap/main.c
index dc4d69ff6b..1dc4a38adb 100644
--- a/app/dumpcap/main.c
+++ b/app/dumpcap/main.c
@@ -55,18 +55,32 @@ static const char *progname;
static bool quit_signal;
static bool group_read;
static bool quiet;
-static bool promiscuous_mode = true;
static bool use_pcapng = true;
static char *output_name;
-static const char *filter_str;
static unsigned int ring_size = 2048;
static const char *capture_comment;
static const char *file_prefix;
-static uint32_t snaplen = RTE_MBUF_DEFAULT_BUF_SIZE;
static bool dump_bpf;
static bool show_interfaces;
static uint8_t interface_arg_count = 0; /* count of interfaces configured via -i */
-static const char *interface_arg[RTE_MAX_ETHPORTS]; /*array of interface parameters */
+
+/* struct representing args for each interface */
+struct interface_opts {
+ const char *intf_arg;
+ const char *filter_str;
+ bool promiscuous_mode;
+ uint32_t snaplen;
+};
+/* default parameters for interfaces */
+static struct interface_opts interface_defaults = {
+ .promiscuous_mode = true,
+ .snaplen = RTE_MBUF_DEFAULT_BUF_SIZE
+};
+//TODO this can be specified per interface but there are a few places
+// that need more review and possibly refactoring so leaving this one out
+uint32_t snaplen = RTE_MBUF_DEFAULT_BUF_SIZE;
+/* array of interface parameters */
+static struct interface_opts interface_args[RTE_MAX_ETHPORTS];
static struct {
uint64_t duration; /* nanoseconds */
@@ -75,7 +89,6 @@ static struct {
} stop;
/* Running state */
-static struct rte_bpf_prm *bpf_prm;
static uint64_t start_time, end_time;
static uint64_t packets_received;
static size_t file_size;
@@ -85,6 +98,8 @@ struct interface {
uint16_t port;
char name[RTE_ETH_NAME_MAX_LEN];
int promiscuous_exit; /* 1 when promicuous is set prior to starting dumpcap */
+ struct interface_opts *start_opts; /* cli parameters associated with interface */
+ struct rte_bpf_prm *bpf_prm;
struct rte_rxtx_callback *rx_cb[RTE_MAX_QUEUES_PER_PORT];
};
@@ -194,7 +209,7 @@ static void auto_stop(char *opt)
}
/* Add interface to list of interfaces to capture */
-static void add_interface(uint16_t port, const char *name)
+static void add_interface(uint16_t port, const char *name, struct interface_opts *opts)
{
struct interface *intf;
@@ -207,6 +222,7 @@ static void add_interface(uint16_t port, const char *name)
rte_strscpy(intf->name, name, sizeof(intf->name));
// not checking error here; should only error if given an invalid port id
intf->promiscuous_exit = rte_eth_promiscuous_get(port);
+ intf->start_opts = opts;
printf("Capturing on '%s'\n", name);
@@ -215,7 +231,7 @@ static void add_interface(uint16_t port, const char *name)
}
/* Select all valid DPDK interfaces */
-static void select_all_interfaces(void)
+static void select_all_interfaces(struct interface_opts *opts)
{
char name[RTE_ETH_NAME_MAX_LEN];
uint16_t p;
@@ -223,7 +239,7 @@ static void select_all_interfaces(void)
RTE_ETH_FOREACH_DEV(p) {
if (rte_eth_dev_get_name_by_port(p, name) < 0)
continue;
- add_interface(p, name);
+ add_interface(p, name, opts);
}
}
@@ -231,7 +247,7 @@ static void select_all_interfaces(void)
* Choose interface to capture if no -i option given.
* Select the first DPDK port, this matches what dumpcap does.
*/
-static void set_default_interface(void)
+static void set_default_interface(struct interface_opts *opts)
{
char name[RTE_ETH_NAME_MAX_LEN];
uint16_t p;
@@ -239,28 +255,28 @@ static void set_default_interface(void)
RTE_ETH_FOREACH_DEV(p) {
if (rte_eth_dev_get_name_by_port(p, name) < 0)
continue;
- add_interface(p, name);
+ add_interface(p, name, opts);
return;
}
}
/* Lookup interface by name or port and add it to the list */
-static void select_interface(const char *arg)
+static void select_interface(struct interface_opts *opts)
{
uint16_t port;
- if (strcmp(arg, "*") == 0)
- select_all_interfaces();
- else if (rte_eth_dev_get_port_by_name(arg, &port) == 0)
- add_interface(port, arg);
+ if (strcmp(opts->intf_arg, "*") == 0)
+ select_all_interfaces(opts);
+ else if (rte_eth_dev_get_port_by_name(opts->intf_arg, &port) == 0)
+ add_interface(port, opts->intf_arg, opts);
else {
char name[RTE_ETH_NAME_MAX_LEN];
- port = get_uint(arg, "port_number", UINT16_MAX);
+ port = get_uint(opts->intf_arg, "port_number", UINT16_MAX);
if (rte_eth_dev_get_name_by_port(port, name) < 0)
rte_exit(EXIT_FAILURE, "Invalid port number %u\n",
port);
- add_interface(port, name);
+ add_interface(port, name, opts);
}
}
@@ -276,10 +292,10 @@ static void collect_interfaces(void)
active = 0;
if (interface_arg_count == 0)
- set_default_interface();
+ set_default_interface(&interface_defaults);
else
for (uint8_t i = 0; i < interface_arg_count; ++i)
- select_interface(interface_arg[i]);
+ select_interface(&interface_args[i]);
TAILQ_FOREACH(intf, &interfaces, next)
active++;
@@ -330,37 +346,48 @@ static void dump_interfaces(void)
exit(0);
}
-static void compile_filter(void)
+static void compile_filters(void)
{
- struct bpf_program bf;
- pcap_t *pcap;
+ struct interface *intf;
- pcap = pcap_open_dead(DLT_EN10MB, snaplen);
- if (!pcap)
- rte_exit(EXIT_FAILURE, "can not open pcap\n");
+ TAILQ_FOREACH(intf, &interfaces, next) {
+ if (!intf->start_opts->filter_str)
+ continue;
- if (pcap_compile(pcap, &bf, filter_str,
- 1, PCAP_NETMASK_UNKNOWN) != 0)
- rte_exit(EXIT_FAILURE, "pcap filter string not valid (%s)\n",
- pcap_geterr(pcap));
+ struct bpf_program bf;
+ pcap_t *pcap;
- bpf_prm = rte_bpf_convert(&bf);
- if (bpf_prm == NULL)
- rte_exit(EXIT_FAILURE,
- "bpf convert failed: %s(%d)\n",
- rte_strerror(rte_errno), rte_errno);
-
- if (dump_bpf) {
- printf("cBPF program (%u insns)\n", bf.bf_len);
- bpf_dump(&bf, 1);
- printf("\neBPF program (%u insns)\n", bpf_prm->nb_ins);
- rte_bpf_dump(stdout, bpf_prm->ins, bpf_prm->nb_ins);
- exit(0);
+ // pcap = pcap_open_dead(DLT_EN10MB, intf->start_opts->snaplen);
+ pcap = pcap_open_dead(DLT_EN10MB, snaplen);
+ if (!pcap)
+ rte_exit(EXIT_FAILURE, "can not open pcap\n");
+
+ if (pcap_compile(pcap, &bf, intf->start_opts->filter_str,
+ 1, PCAP_NETMASK_UNKNOWN) != 0)
+ rte_exit(EXIT_FAILURE, "pcap filter string not valid (%s)\n",
+ pcap_geterr(pcap));
+
+ intf->bpf_prm = rte_bpf_convert(&bf);
+ if (intf->bpf_prm == NULL)
+ rte_exit(EXIT_FAILURE,
+ "bpf convert failed: %s(%d)\n",
+ rte_strerror(rte_errno), rte_errno);
+
+ if (dump_bpf) {
+ printf("\nPort: %d; Name: %s\n", intf->port, intf->name);
+ printf("cBPF program (%u insns)\n", bf.bf_len);
+ bpf_dump(&bf, 1);
+ printf("\neBPF program (%u insns)\n", intf->bpf_prm->nb_ins);
+ rte_bpf_dump(stdout, intf->bpf_prm->ins, intf->bpf_prm->nb_ins);
+ }
+
+ /* Don't care about original program any more */
+ pcap_freecode(&bf);
+ pcap_close(pcap);
}
- /* Don't care about original program any more */
- pcap_freecode(&bf);
- pcap_close(pcap);
+ if (dump_bpf)
+ exit(0);
}
/*
@@ -421,7 +448,10 @@ static void parse_opts(int argc, char **argv)
show_interfaces = true;
break;
case 'f':
- filter_str = optarg;
+ if (interface_arg_count == 0 )
+ interface_defaults.filter_str = optarg;
+ else
+ interface_args[interface_arg_count - 1].filter_str = optarg;
break;
case 'g':
group_read = true;
@@ -432,7 +462,13 @@ static void parse_opts(int argc, char **argv)
exit(0);
case 'i':
interface_arg_count++;
- interface_arg[interface_arg_count - 1] = optarg;
+ interface_args[interface_arg_count - 1].intf_arg = optarg;
+ // set interface to global parameters when new interface is configured
+ interface_args[interface_arg_count - 1].filter_str =
+ interface_defaults.filter_str;
+ interface_args[interface_arg_count - 1].promiscuous_mode =
+ interface_defaults.promiscuous_mode;
+ // interface_args[interface_arg_count - 1].snaplen = interface_defaults.snaplen;
break;
case 'n':
use_pcapng = true;
@@ -441,7 +477,10 @@ static void parse_opts(int argc, char **argv)
ring_size = get_uint(optarg, "packet_limit", 0);
break;
case 'p':
- promiscuous_mode = false;
+ if (interface_arg_count == 0 )
+ interface_defaults.promiscuous_mode = false;
+ else
+ interface_args[interface_arg_count - 1].promiscuous_mode = false;
break;
case 'P':
use_pcapng = false;
@@ -451,6 +490,12 @@ static void parse_opts(int argc, char **argv)
break;
case 's':
snaplen = get_uint(optarg, "snap_len", 0);
+ /*
+ if (interface_arg_count == 0 )
+ interface_defaults.snaplen = get_uint(optarg, "snap_len", 0);
+ else
+ interface_args[interface_arg_count - 1].snaplen = get_uint(optarg, "snap_len", 0);
+ */
break;
case 'w':
output_name = optarg;
@@ -490,7 +535,7 @@ cleanup_pdump_resources(void)
TAILQ_FOREACH(intf, &interfaces, next) {
rte_pdump_disable(intf->port,
RTE_PDUMP_ALL_QUEUES, RTE_PDUMP_FLAG_RXTX);
- if (!intf->promiscuous_exit && promiscuous_mode)
+ if (!intf->promiscuous_exit && intf->start_opts->promiscuous_mode)
rte_eth_promiscuous_disable(intf->port);
}
}
@@ -750,7 +795,7 @@ static void enable_pdump(struct rte_ring *r, struct rte_mempool *mp)
flags |= RTE_PDUMP_FLAG_PCAPNG;
TAILQ_FOREACH(intf, &interfaces, next) {
- if (promiscuous_mode) {
+ if (intf->start_opts->promiscuous_mode) {
ret = rte_eth_promiscuous_enable(intf->port);
if (ret != 0)
fprintf(stderr,
@@ -759,8 +804,9 @@ static void enable_pdump(struct rte_ring *r, struct rte_mempool *mp)
}
ret = rte_pdump_enable_bpf(intf->port, RTE_PDUMP_ALL_QUEUES,
+ // flags, intf->start_opts->snaplen,
flags, snaplen,
- r, mp, bpf_prm);
+ r, mp, intf->bpf_prm);
if (ret < 0)
rte_exit(EXIT_FAILURE,
"Packet dump enable failed: %s\n",
@@ -873,8 +919,7 @@ int main(int argc, char **argv)
collect_interfaces();
- if (filter_str)
- compile_filter();
+ compile_filters();
r = create_ring();
mp = create_mempool();
diff --git a/doc/guides/tools/dumpcap.rst b/doc/guides/tools/dumpcap.rst
index 0f89e6c5ca..0538f5833b 100644
--- a/doc/guides/tools/dumpcap.rst
+++ b/doc/guides/tools/dumpcap.rst
@@ -41,10 +41,19 @@ Running the Application
To list interfaces available for capture, use ``-D`` or ``--list-interfaces``.
-To filter packets in style of *tshark*, use the ``-f`` flag.
-
To capture on multiple interfaces at once, use multiple ``-i`` flags.
+To filter packets in style of *tshark*, use the ``-f`` flag. This flag
+can be specified multiple times. If this flag is specified prior to ``-i``
+it sets a default filter that will be used with all interfaces. If this
+flag is specified after ``-i`` it defines a filter for that interface only.
+
+To control the promiscuous mode of an interface, use the ``-p`` flag. This flag
+can be specified multiple times. If this flag is specified prior to ``-i`` it
+sets the default mode for all interfaces. If this flag is specified after ``-i``
+it sets the mode for that interface. If you want to allow some interfaces to
+remain in promiscuous mode, this must flag must be associated with an interface.
+
Example
-------
@@ -70,6 +79,10 @@ Example
Limitations
-----------
+The following option of Wireshark ``dumpcap`` has a different behavior:
+
+ * ``-s`` -- snaplen is not per interface
+
The following option of Wireshark ``dumpcap`` is not yet implemented:
* ``-b|--ring-buffer`` -- more complex file management.
--
2.27.0
next prev parent reply other threads:[~2023-01-02 16:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-02 16:24 [PATCH 1/6] app/dumpcap: add additional dump info Ben Magistro
2023-01-02 16:24 ` [PATCH 2/6] app/dumpcap: fix storing port identifier Ben Magistro
2023-01-02 16:58 ` Stephen Hemminger
2023-01-04 3:04 ` Stephen Hemminger
2023-01-02 16:24 ` [PATCH 3/6] app/dumpcap: fix preserving promiscuous mode Ben Magistro
2023-01-02 16:58 ` Stephen Hemminger
2023-01-04 3:04 ` Stephen Hemminger
2023-01-02 16:24 ` [PATCH 4/6] app/dumpcap: fix capturing on multiple interfaces Ben Magistro
2023-01-04 3:01 ` Stephen Hemminger
2023-01-02 16:24 ` Ben Magistro [this message]
2023-01-04 3:04 ` [PATCH 5/6] app/dumpcap: improve per interface arg parsing Stephen Hemminger
2023-01-02 16:24 ` [PATCH 6/6] app/dumpcap: refactor add all and default Ben Magistro
2023-01-02 16:57 ` [PATCH 1/6] app/dumpcap: add additional dump info Stephen Hemminger
2023-01-02 17:01 ` [RFT] dumpcap: fix multiple interface and promiscious handling Stephen Hemminger
2023-01-04 2:58 ` [PATCH 1/6] app/dumpcap: add additional dump info Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 0/6] dumpcap support multiple interfaces Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 1/6] app/dumpcap: fix storing port identifier Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 2/6] app/dumpcap: remove unused variable Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 3/6] app/dumpcap: check for invalid interface name Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 4/6] app/dumpcap: support multiple interfaces Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 5/6] pcapng: require per-interface information Stephen Hemminger
2023-01-04 3:38 ` [PATCH v2 6/6] app/dumpcap: support interface name and description Stephen Hemminger
2023-02-06 11:18 ` [PATCH v2 0/6] dumpcap support multiple interfaces Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230102162441.6205-5-koncept1@gmail.com \
--to=koncept1@gmail.com \
--cc=ben.magistro@trinitycyber.com \
--cc=dev@dpdk.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).