[ovs-dev] Question about ovs-tcpundump

Aaron Conole aconole at redhat.com
Tue Jul 23 14:06:07 UTC 2019 

"txfh2007" <txfh2007 at aliyun.com> writes:

> Hi Aaron:

Hi Timo,

>     Sorry to bother, I have found your patch about ovs-tcpundump(https://patchwork.ozlabs.org/patch/860190/), but I don't know how to use this script. From the ovs-tcpundump  -help I know this command need a file as its arg(am i right?), but I don't know which file type could be use, the .pcap file? 
>      Could you please explain the usage of the ovs-tcpundump script ?

Glad to help.  I've CC'd the ovs-dev list, also.  First, from the manpage:

  The ovs-tcpundump program reads 'tcpdump -xx' output on stdin, looking
  for hexadecimal packet data, and dumps each Ethernet as a single
  hexadecimal string on stdout.  This format is suitable for use with the
  'ofproto/trace' command supported by ovs-vswitchd(8) via ovs-appctl(8).

So the purpose of the program is to take output from tcpdump (or
ovs-tcpdump - maybe it would be a good idea to update that manpage?) and
convert it into something that can be passed to ofproto/trace.  I think
it could also be used as a way to generate data to pass to the
'packet-out' utility of the 'ovs-ofctl(8)' command.

The 'file' appearing in the command synopsis section of the manpage
might be misleading.  It isn't an argument.  I read it as indicating
that the 'ovs-tcpundump' utility takes input via stdin and that input
should be formatted in the same manner as 'tcpdump -xx' appears (so not
a pcap, but the actual text output).

ex:

  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
09:59:08.246074 ARP, Request who-has 10.18.25.205 tell _gateway, length 46
	0x0000:  ffff ffff ffff 54e0 3230 be81 0806 0001
	0x0010:  0800 0604 0001 54e0 3230 be81 0a12 19fe
	0x0020:  0000 0000 0000 0a12 19cd 0000 0000 0000
	0x0030:  0000 0000 0000 0000 0000 0000

I take that and pipe it into ovs-tcpundump:

   10:01:36 aconole at dhcp-25 {ct_error} ~/git/ovs/tests$ ../utilities/ovs-tcpundump < /tmp/foo.txt
   ffffffffffff54e03230be810806000108000604000154e03230be810a1219fe0000000000000a1219cd000000000000000000000000000000000000

If you have a pcap, it's possible to use tcpdump like:

  tcpdump -r some.pcap -xx | ./utilities/ovs-tcpundump

Did I answer the question?

> Thanks !
>
> Timo

More information about the dev mailing list