18d23ce8fSStephen Hemminger.. SPDX-License-Identifier: BSD-3-Clause 28d23ce8fSStephen Hemminger Copyright(c) 2021 Microsoft Corporation 38d23ce8fSStephen Hemminger 48d23ce8fSStephen HemmingerPacket Capture Next Generation Library 58d23ce8fSStephen Hemminger====================================== 68d23ce8fSStephen Hemminger 78d23ce8fSStephen HemmingerExchanging packet traces becomes more and more critical every day. 8*30278c44SCian FerriterThe de facto standard for this is the format defined by libpcap; 98d23ce8fSStephen Hemmingerbut that format is rather old and is lacking in functionality 108d23ce8fSStephen Hemmingerfor more modern applications. 118d23ce8fSStephen HemmingerThe `Pcapng file format`_ is the default capture file format 128d23ce8fSStephen Hemmingerfor modern network capture processing tools 138d23ce8fSStephen Hemmingersuch as `wireshark`_ (can also be read by `tcpdump`_). 148d23ce8fSStephen Hemminger 15*30278c44SCian FerriterThe Pcapng library is an API for formatting packet data 168d23ce8fSStephen Hemmingerinto a Pcapng file. 178d23ce8fSStephen HemmingerThe format conforms to the current `Pcapng RFC`_ standard. 188d23ce8fSStephen HemmingerIt is designed to be integrated with the packet capture library. 198d23ce8fSStephen Hemminger 208d23ce8fSStephen HemmingerUsage 218d23ce8fSStephen Hemminger----- 228d23ce8fSStephen Hemminger 238d23ce8fSStephen HemmingerThe output stream is created with ``rte_pcapng_fdopen``, 248d23ce8fSStephen Hemmingerand should be closed with ``rte_pcapng_close``. 258d23ce8fSStephen Hemminger 268d23ce8fSStephen HemmingerThe library requires a DPDK mempool to allocate mbufs. 278d23ce8fSStephen HemmingerThe mbufs need to be able to accommodate additional space 288d23ce8fSStephen Hemmingerfor the pcapng packet format header and trailer information; 298d23ce8fSStephen Hemmingerthe function ``rte_pcapng_mbuf_size`` should be used 308d23ce8fSStephen Hemmingerto determine the lower bound based on MTU. 318d23ce8fSStephen Hemminger 328d23ce8fSStephen HemmingerCollecting packets is done in two parts. 338d23ce8fSStephen HemmingerThe function ``rte_pcapng_copy`` is used to format and copy mbuf data 348d23ce8fSStephen Hemmingerand ``rte_pcapng_write_packets`` writes a burst of packets to the output file. 358d23ce8fSStephen Hemminger 368d23ce8fSStephen HemmingerThe function ``rte_pcapng_write_stats`` can be used 378d23ce8fSStephen Hemmingerto write statistics information into the output file. 388d23ce8fSStephen HemmingerThe summary statistics information is automatically added 398d23ce8fSStephen Hemmingerby ``rte_pcapng_close``. 408d23ce8fSStephen Hemminger 418d23ce8fSStephen Hemminger.. _Tcpdump: https://tcpdump.org/ 428d23ce8fSStephen Hemminger.. _Wireshark: https://wireshark.org/ 438d23ce8fSStephen Hemminger.. _Pcapng file format: https://github.com/pcapng/pcapng/ 448d23ce8fSStephen Hemminger.. _Pcapng RFC: https://datatracker.ietf.org/doc/html/draft-tuexen-opsawg-pcapng 45