d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1419e8d9d8
numam-dpdk/doc/guides/prog_guide/pcapng_lib.rst
Stephen Hemminger 8d23ce8f5e pcapng: add new library for writing pcapng files 
This is utility library for writing pcapng format files
used by Wireshark family of utilities. Older tcpdump
also knows how to read (but not write) this format.

See
  https://github.com/pcapng/pcapng/

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Reshma Pattan <reshma.pattan@intel.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
2021-10-22 17:19:07 +02:00

48 lines
1.8 KiB
ReStructuredText
Raw Blame History

.. SPDX-License-Identifier: BSD-3-Clause
Copyright(c) 2021 Microsoft Corporation
Packet Capture Next Generation Library
======================================
Exchanging packet traces becomes more and more critical every day.
The de facto standard for this is the format define by libpcap;
but that format is rather old and is lacking in functionality
for more modern applications.
The `Pcapng file format`_ is the default capture file format
for modern network capture processing tools
such as `wireshark`_ (can also be read by `tcpdump`_).
The Pcapng library is a an API for formatting packet data
into a Pcapng file.
The format conforms to the current `Pcapng RFC`_ standard.
It is designed to be integrated with the packet capture library.
Usage
-----
Before the library can be used, the function ``rte_pcapng_init``
should be called once to initialize timestamp computation.
The output stream is created with ``rte_pcapng_fdopen``,
and should be closed with ``rte_pcapng_close``.
The library requires a DPDK mempool to allocate mbufs.
The mbufs need to be able to accommodate additional space
for the pcapng packet format header and trailer information;
the function ``rte_pcapng_mbuf_size`` should be used
to determine the lower bound based on MTU.
Collecting packets is done in two parts.
The function ``rte_pcapng_copy`` is used to format and copy mbuf data
and ``rte_pcapng_write_packets`` writes a burst of packets to the output file.
The function ``rte_pcapng_write_stats`` can be used
to write statistics information into the output file.
The summary statistics information is automatically added
by ``rte_pcapng_close``.
.. _Tcpdump: https://tcpdump.org/
.. _Wireshark: https://wireshark.org/
.. _Pcapng file format: https://github.com/pcapng/pcapng/
.. _Pcapng RFC: https://datatracker.ietf.org/doc/html/draft-tuexen-opsawg-pcapng
Reference in New Issue View Git Blame Copy Permalink