Re: [vpp-dev] VPp 2101 (pcap trace)

Sun, 29 Aug 2021 10:09:00 -0700 

Hi Ben,

Any idea why it's not working? Or what I am doing wrong?

Thanks,
Chetan



On Thu, Aug 26, 2021, 20:59 chetan bhasin <chetan.bhasin...@gmail.com>
wrote:

> Hi Benoit,
>
> I have tried those options but it is not working , it is only capturing
> the section classify filter rule that is based on dst ip address.
>
> 1) Tried with classify filter [Only dest ip with *10.20.36.168 *is coming
> in pcap]
>
> classify filter pcap mask l3 ip4 src match l3 ip4 src 10.20.36.168
>
> *classify filter pcap mask l3 ip4 dst match l3 ip4 dst 10.20.36.168*
>
> pcap trace rx tx max 100 filter file capture.pcap
>
>
> vpp# show classify filter
>
> Filter Used By                 Table(s)
>
> --------------                 --------
>
> packet tracer:                 first table none
>
> pcap rx/tx/drop:               first table 1
>
>
> vpp# show classify tables index 1 verbose
>
>   TableIdx  Sessions   NextTbl  NextNode
>
>          1         1        -1        -1
>
>   Heap: base 0x7f5db406c000, size 128k, locked, unmap-on-destroy, name
> 'classify'
>
>           page stats: page-size 4K, total 32, mapped 2, not-mapped 0,
> unknown 30
>
>             numa 0: 2 pages, 8k bytes
>
>           total: 127.95K, used: 1.31K, free: 126.64K, trimmable: 126.56K
>
>   nbuckets 8, skip 1 match 2 flag 0 offset 0
>
>   mask 0000000000000000000000000000ffffffff0000000000000000000000000000
>
>   linear-search buckets 0
>
>
> [7]: heap offset 1216, elts 2, normal
>
>     0: [1216]: next_index 0 advance 0 opaque 0 action 0 metadata 0
>
>         k: 00000000000000000000000000000a1424a80000000000000000000000000000
>
>         hits 45, last_heard 0.00
>
>
>     1 active elements
>
>     1 free lists
>
>     0 linear-search buckets
>
>
> [root@bfs-dl360g10-47-vm14 ~]# tcpdump -n -r /tmp/capture.pcap
>
> reading from file /tmp/capture.pcap, link-type EN10MB (Ethernet)
>
> 01:00:33.671990 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9478, length 64
>
> 01:00:33.672834 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9478, length 64
>
> 01:00:33.672839 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9478, length 64
>
> 01:00:34.674316 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9479, length 64
>
> 01:00:34.675239 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9479, length 64
>
> 01:00:34.675239 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9479, length 64
>
> 01:00:35.676526 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9480, length 64
>
> 01:00:35.676565 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9480, length 64
>
> 01:00:35.676566 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 9480, length 64
>
>
>
> 2) Default behaviour without any classify filter .
>
> vpp# *pcap trace rx tx max 100 file capture.pcap*
>
> vpp# *pcap trace off*
>
> Write 100 packets to /tmp/capture.pcap, and stop capture...
>
>
>
>
>
> *tcpdump -n -r /tmp/capture.pcap |grep ICMP*
>
> reading from file /tmp/capture.pcap, link-type EN10MB (Ethernet)
>
> 01:02:36.635239 IP 10.20.36.168 > 10.20.35.126: ICMP echo request, id
> 26102, seq 11266, length 64
>
> 01:02:36.636018 IP 10.20.36.168 > 10.20.35.126: ICMP echo request, id
> 26102, seq 11266, length 64
>
> 01:02:36.636018 IP 10.20.36.168 > 10.20.35.126: ICMP echo request, id
> 26102, seq 11266, length 64
>
> 01:02:36.636108 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 11266, length 64
>
> 01:02:36.636975 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 11266, length 64
>
> 01:02:36.636975 IP 10.20.35.126 > 10.20.36.168: ICMP echo reply, id
> 26102, seq 11266, length 64
>
>
> Regards,
>
> Chetan
>
>
>
> On Thu, Aug 26, 2021 at 6:00 PM chetan bhasin <chetan.bhasin...@gmail.com>
> wrote:
>
>> Hi Ben,
>>
>> Thanks for your response . Let me try this and get back to you.
>>
>> Thanks,
>> Chetan
>>
>> On Thu, Aug 26, 2021 at 5:52 PM Benoit Ganne (bganne) <bga...@cisco.com>
>> wrote:
>>
>>> > We want to capture all packets with src ip or dest ip as 10.20.30.40 .I
>>> > have tried with classify filter but no success. Looks like I am missing
>>> > something.
>>> > Can anybody please suggest the commands .
>>>
>>> Something like this should do it:
>>>
>>> ~# vppctl classify filter pcap mask l3 ip4 src match l3 ip4 src
>>> 10.20.30.40
>>> ~# vppctl classify filter pcap mask l3 ip4 dst match l3 ip4 dst
>>> 10.20.30.40
>>> ~# vppctl pcap trace rx tx max 1000 filter
>>> <wait for some traffic to go through...>
>>> ~# vppctl pcap trace rx tx off
>>>
>>> Best
>>> ben
>>>
>>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20043): https://lists.fd.io/g/vpp-dev/message/20043
Mute This Topic: https://lists.fd.io/mt/85158833/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to