Packet capture prototype #229
Conversation
|
I have switched the PR into the ready state because I think it is in good enough shape to be tried and tested :-). BTW, the following commands can be used to capture our webserver traffic: And on host we can open it in Wireshark. The plan is now to write the thesis text but I think it would be really nice if Nataliia can get some feedback from the rest of the community too (and not only my complaints). |
uspace/lib/pcap/src/pcap_iface.c
Outdated
|
|
||
| void pcap_add_packet(const void *data, size_t size) | ||
| { | ||
| if (&pcap_writer.data == NULL) |
There was a problem hiding this comment.
Looks like a typo: the & should not be here.
uspace/drv/nic/e1k/e1k.c
Outdated
| @@ -1188,6 +1191,8 @@ static void e1000_receive_frames(nic_t *nic) | |||
| nic_frame_t *frame = nic_alloc_frame(nic, frame_size); | |||
| if (frame != NULL) { | |||
| memcpy(frame->data, e1000->rx_frame_virt[next_tail], frame_size); | |||
| pcapdump_packet(nic_get_pcap_iface(nic), frame->data, frame->size); | |||
There was a problem hiding this comment.
Why call the packet capture hooks here? Any reason not to do it inside libnic? Then it would work for all the drivers.
uspace/drv/nic/e1k/e1k.c
Outdated
| if (pcap_rc != EOK) { | ||
| printf("Failed creating pcapdump port\n"); | ||
| } | ||
| rc = ddf_fun_add_to_category(fun, "pcap"); |
There was a problem hiding this comment.
Again I would expect this to be handled inside libnic.
uspace/lib/pcap/include/pcap.h
Outdated
| uint32_t reserved2; | ||
| uint32_t snaplen; | ||
| uint32_t additional; /** The LinkType and additional information field is in the form */ | ||
| } __attribute__((packed, aligned(4))) pcap_file_header_t; |
There was a problem hiding this comment.
The attribute is not needed. Since all the structure fields are naturally aligned, there won't be any padding and so packed is not needed. aligned(4) is not needed either, because 4 already is the alignment of the structure.
uspace/lib/pcap/src/pcap_iface.c
Outdated
| pcap_writer_add_packet(&pcap_writer, data, size); | ||
| } | ||
|
|
||
| void pcap_close_file() |
There was a problem hiding this comment.
Should be pcap_close_file(void)
uspace/app/pcapctl/main.c
Outdated
|
|
||
| #define NAME "pcapctl" | ||
|
|
||
| #define LOGGER(msg, ...) \ |
There was a problem hiding this comment.
I don't think this is used anywhere.
uspace/lib/pcap/src/pcap.c
Outdated
| * @brief Headers and functions for .pcap file and packets to be dumped | ||
| */ | ||
|
|
||
| #define LOGGER(msg, ...) \ |
There was a problem hiding this comment.
Seems like overkill given it's used in one place only. I don't really thnk this is needed.
uspace/lib/pcap/src/pcapctl_dump.c
Outdated
| } | ||
| assert((count > 0) && "TODO: not implemented when no services are available\n"); | ||
|
|
||
| rc = loc_service_get_name(pcap_svcs[0], &svc_name); // Note: for now [0], because only one driver is in pcap_svcs and there is no need to find particular |
There was a problem hiding this comment.
Probably something that needs addressing.
uspace/lib/pcap/src/pcapctl_dump.c
Outdated
| async_exchange_end(exch); | ||
| } | ||
|
|
||
| errno_t pcapctl_dump_init(pcapctl_sess_t *sess) |
There was a problem hiding this comment.
To keep in line with the general object-oriented style, I would suggest that the constructor function should allocate the instance object (pcapctl_sess_t). Normally I would expect something like errno_t pcapctl_dump_open(const char *svcname, pcapctl_sess_t **rsess). There should also be a corresponding destructor function.
Ticket 629 (http://www.helenos.org/ticket/629).
That is a prototype of the support for network packet capture. I am doing it as a bachelor thesis at MFF UK. I will be grateful for any kind of feedback.
The support is implemented for e1k driver. And I tested it on ia32 architecture mostly. Now there are only two requests supported: start dumping all packets, stop dumping.
Usage
Application: pcapctl
pcapctl start (Example:
pcapctl start data.pcap, file format is .pcap)pcapctl stop
If someone is trying to start dumping, when it is already started the original file will be closed and saved, new file will be created and packets will be dumped to new file. If trying to stop when already stopped nothing will happen.
Then after getting the file out of HelenOS (through websrv for example) it can be opened with WireShark to see the packets, that were dumped.
Implementation
During start of the system
pcapcategory created and e1k driver is added topcapcategory. User uses applicationpcapctl.pcapctl start data.pcapwill send request for start of the dumping. Location server will forward it to the first device in category pcap. And driver will start dumping packets. For stopping it is the same.