15630257fSFerruh Yigit.. SPDX-License-Identifier: BSD-3-Clause 28d23ce8fSStephen Hemminger Copyright(c) 2017-2021 Intel Corporation. 3629122b8SReshma Pattan 48d23ce8fSStephen HemmingerDPDK packet capture libraries and tools 58d23ce8fSStephen Hemminger======================================= 6629122b8SReshma Pattan 7629122b8SReshma PattanThis document describes how the Data Plane Development Kit (DPDK) Packet 8629122b8SReshma PattanCapture Framework is used for capturing packets on DPDK ports. It is intended 9629122b8SReshma Pattanfor users of DPDK who want to know more about the Packet Capture feature and 10629122b8SReshma Pattanfor those who want to monitor traffic on DPDK-controlled devices. 11629122b8SReshma Pattan 128d23ce8fSStephen HemmingerThe DPDK packet capture framework was introduced in DPDK v16.07 138d23ce8fSStephen Hemmingerand enhanced in 21.11. 148d23ce8fSStephen HemmingerThe DPDK packet capture framework consists of the libraries 158d23ce8fSStephen Hemmingerfor collecting packets ``librte_pdump`` 168d23ce8fSStephen Hemmingerand writing packets to a file ``librte_pcapng``. 17*cbb44143SStephen HemmingerThere are two sample applications: ``dpdk-dumpcap`` and older ``dpdk-pdump``. 18629122b8SReshma Pattan 19629122b8SReshma PattanIntroduction 20629122b8SReshma Pattan------------ 21629122b8SReshma Pattan 228d23ce8fSStephen HemmingerThe :doc:`librte_pdump <../prog_guide/pdump_lib>` library provides the API 238d23ce8fSStephen Hemmingerrequired to allow users to initialize the packet capture framework 248d23ce8fSStephen Hemmingerand to enable or disable packet capture. 258d23ce8fSStephen HemmingerThe library works on a multi-process communication model 268d23ce8fSStephen Hemmingerand its usage is recommended for debugging purposes. 27629122b8SReshma Pattan 288d23ce8fSStephen HemmingerThe :doc:`librte_pcapng <../prog_guide/pcapng_lib>` library provides the API 298d23ce8fSStephen Hemmingerto format packets and write them to a file in Pcapng format. 30629122b8SReshma Pattan 31*cbb44143SStephen HemmingerThe :doc:`dpdk-dumpcap <../tools/dumpcap>` is a tool that captures packets in 32*cbb44143SStephen Hemmingerlike Wireshark dumpcap does for Linux. 33*cbb44143SStephen HemmingerIt runs as a DPDK secondary process and captures packets 34*cbb44143SStephen Hemmingerfrom one or more interfaces and writes them to a file in Pcapng format. 35*cbb44143SStephen HemmingerThe ``dpdk-dumpcap`` tool is designed to take 36*cbb44143SStephen Hemmingermost of the same options as the Wireshark ``dumpcap`` command. 37629122b8SReshma Pattan 38*cbb44143SStephen HemmingerWithout any options it will use the packet capture framework 39*cbb44143SStephen Hemmingerto capture traffic from the first available DPDK port. 40*cbb44143SStephen Hemminger 41*cbb44143SStephen HemmingerThe ``dpdk-testpmd`` application can be used to initialize 42*cbb44143SStephen Hemmingerthe packet capture framework and acts as a server, 43*cbb44143SStephen Hemmingerand the ``dpdk-dumpcap`` tool acts as a client. 44*cbb44143SStephen HemmingerTo view Rx or Tx packets of ``dpdk-testpmd``, 45*cbb44143SStephen Hemmingerthe application should be launched first, 46*cbb44143SStephen Hemmingerand then the ``dpdk-dumpcap`` tool. 47*cbb44143SStephen HemmingerPackets from ``dpdk-testpmd`` will be sent to the tool, 48*cbb44143SStephen Hemmingerand then to the Pcapng file. 49629122b8SReshma Pattan 50629122b8SReshma PattanSome things to note: 51629122b8SReshma Pattan 52*cbb44143SStephen Hemminger* All tools using ``librte_pdump`` can only be used in conjunction with a primary 53629122b8SReshma Pattan application which has the packet capture framework initialized already. In 54629122b8SReshma Pattan dpdk, only ``testpmd`` is modified to initialize packet capture framework, 55*cbb44143SStephen Hemminger other applications remain untouched. So, if the ``dpdk-dumpcap`` tool has to 56629122b8SReshma Pattan be used with any application other than the testpmd, the user needs to 57629122b8SReshma Pattan explicitly modify that application to call the packet capture framework 58629122b8SReshma Pattan initialization code. Refer to the ``app/test-pmd/testpmd.c`` code and look 59629122b8SReshma Pattan for ``pdump`` keyword to see how this is done. 60629122b8SReshma Pattan 61*cbb44143SStephen Hemminger* The ``dpdk-pdump`` tool is an older tool 62*cbb44143SStephen Hemminger created as demonstration of ``librte_pdump`` library. 63*cbb44143SStephen Hemminger The ``dpdk-pdump`` tool provides more limited functionality 64*cbb44143SStephen Hemminger and depends on the Pcap PMD. 65*cbb44143SStephen Hemminger It is retained only for compatibility reasons; 66*cbb44143SStephen Hemminger users should use ``dpdk-dumpcap`` instead. 67629122b8SReshma Pattan 68629122b8SReshma Pattan 69629122b8SReshma PattanTest Environment 70629122b8SReshma Pattan---------------- 71629122b8SReshma Pattan 72*cbb44143SStephen HemmingerThe overview of using the Packet Capture Framework and the ``dpdk-dumpcap`` utility 73629122b8SReshma Pattanfor packet capturing on the DPDK port in 74629122b8SReshma Pattan:numref:`figure_packet_capture_framework`. 75629122b8SReshma Pattan 76629122b8SReshma Pattan.. _figure_packet_capture_framework: 77629122b8SReshma Pattan 78629122b8SReshma Pattan.. figure:: img/packet_capture_framework.* 79629122b8SReshma Pattan 80*cbb44143SStephen Hemminger Packet capturing on a DPDK port using the dpdk-dumpcap utility. 81629122b8SReshma Pattan 82629122b8SReshma Pattan 83629122b8SReshma PattanRunning the Application 84629122b8SReshma Pattan----------------------- 85629122b8SReshma Pattan 86*cbb44143SStephen HemmingerThe following steps demonstrate how to run the ``dpdk-dumpcap`` tool to capture 87629122b8SReshma PattanRx side packets on dpdk_port0 in :numref:`figure_packet_capture_framework` and 88629122b8SReshma Pattaninspect them using ``tcpdump``. 89629122b8SReshma Pattan 90629122b8SReshma Pattan#. Launch testpmd as the primary application:: 91629122b8SReshma Pattan 9279238624SCiara Power sudo <build_dir>/app/dpdk-testpmd -c 0xf0 -n 4 -- -i --port-topology=chained 93629122b8SReshma Pattan 94*cbb44143SStephen Hemminger#. Launch the dpdk-dumpcap as follows:: 95629122b8SReshma Pattan 96*cbb44143SStephen Hemminger sudo <build_dir>/app/dpdk-dumpcap -w /tmp/capture.pcapng 97629122b8SReshma Pattan 98629122b8SReshma Pattan#. Send traffic to dpdk_port0 from traffic generator. 99*cbb44143SStephen Hemminger Inspect packets captured in the file capture.pcapng using a tool 100*cbb44143SStephen Hemminger such as tcpdump or tshark that can interpret Pcapng files:: 101629122b8SReshma Pattan 102*cbb44143SStephen Hemminger $ tcpdump -nr /tmp/capture.pcapng 103629122b8SReshma Pattan reading from file /tmp/capture.pcap, link-type EN10MB (Ethernet) 104629122b8SReshma Pattan 11:11:36.891404 IP 4.4.4.4.whois++ > 3.3.3.3.whois++: UDP, length 18 105629122b8SReshma Pattan 11:11:36.891442 IP 4.4.4.4.whois++ > 3.3.3.3.whois++: UDP, length 18 106629122b8SReshma Pattan 11:11:36.891445 IP 4.4.4.4.whois++ > 3.3.3.3.whois++: UDP, length 18 107