[ovs-dev] Re:Question about ovs-tcpundump

txfh2007 txfh2007 at aliyun.com
Wed Jul 24 01:57:31 UTC 2019

Hi Aaron:
    Perfect Answer! Thanks very much !!
    I have another question: how could the result of ovs-tcpundump get used in ofproto/trace ? From the document ovs-vswitchd I have found the ofproto/trace command shoud be formatted as "dpname + odp_flow + packet", but it seems the dpname + odp_flow is enough.  The original packet from ovs-tcpundump is necessary? 


Aaron Conole <aconole at redhat.com>
2019年7月23日(星期二) 22:06
txfh2007 <txfh2007 at aliyun.com>
dev <dev at openvswitch.org>
Re: Question about ovs-tcpundump

"txfh2007" <txfh2007 at aliyun.com> writes:

> Hi Aaron:

Hi Timo,

>     Sorry to bother, I have found your patch about ovs-tcpundump(https://patchwork.ozlabs.org/patch/860190/), but I don't know how to use this script. From the ovs-tcpundump  -help I know this command need a file as its arg(am i right?), but I don't know which file type could be use, the .pcap file? 
>      Could you please explain the usage of the ovs-tcpundump script ?

Glad to help.  I've CC'd the ovs-dev list, also.  First, from the manpage:

  The ovs-tcpundump program reads 'tcpdump -xx' output on stdin, looking
  for hexadecimal packet data, and dumps each Ethernet as a single
  hexadecimal string on stdout.  This format is suitable for use with the
  'ofproto/trace' command supported by ovs-vswitchd(8) via ovs-appctl(8).

So the purpose of the program is to take output from tcpdump (or
ovs-tcpdump - maybe it would be a good idea to update that manpage?) and
convert it into something that can be passed to ofproto/trace.  I think
it could also be used as a way to generate data to pass to the
'packet-out' utility of the 'ovs-ofctl(8)' command.

The 'file' appearing in the command synopsis section of the manpage
might be misleading.  It isn't an argument.  I read it as indicating
that the 'ovs-tcpundump' utility takes input via stdin and that input
should be formatted in the same manner as 'tcpdump -xx' appears (so not
a pcap, but the actual text output).


  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s31f6, link-type EN10MB (Ethernet), capture size 262144 bytes
09:59:08.246074 ARP, Request who-has tell _gateway, length 46
 0x0000:  ffff ffff ffff 54e0 3230 be81 0806 0001
 0x0010:  0800 0604 0001 54e0 3230 be81 0a12 19fe
 0x0020:  0000 0000 0000 0a12 19cd 0000 0000 0000
 0x0030:  0000 0000 0000 0000 0000 0000

I take that and pipe it into ovs-tcpundump:

   10:01:36 aconole at dhcp-25 {ct_error} ~/git/ovs/tests$ ../utilities/ovs-tcpundump < /tmp/foo.txt

If you have a pcap, it's possible to use tcpdump like:

  tcpdump -r some.pcap -xx | ./utilities/ovs-tcpundump

Did I answer the question?

> Thanks !
> Timo

More information about the dev mailing list