Re: [PATCH net-next 00/10] drop_monitor: Capture dropped packets and metadata

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: David Ahern <dsahern@gmail.com>
To: Ido Schimmel <idosch@idosch.org>, netdev@vger.kernel.org
Cc: davem@davemloft.net, nhorman@tuxdriver.com, jiri@mellanox.com,
	toke@redhat.com, roopa@cumulusnetworks.com,
	nikolay@cumulusnetworks.com, jakub.kicinski@netronome.com,
	andy@greyhouse.net, f.fainelli@gmail.com, andrew@lunn.ch,
	vivien.didelot@gmail.com, mlxsw@mellanox.com,
	Ido Schimmel <idosch@mellanox.com>
Subject: Re: [PATCH net-next 00/10] drop_monitor: Capture dropped packets and metadata
Date: Thu, 8 Aug 2019 15:08:25 -0600	[thread overview]
Message-ID: <745e5ab5-e254-ecd0-565a-371c5b6d0df0@gmail.com> (raw)
In-Reply-To: <20190807103059.15270-1-idosch@idosch.org>

On 8/7/19 4:30 AM, Ido Schimmel wrote:
> Example usage with patched dropwatch [1] can be found here [2]. Example
> dissection of drop monitor netlink events with patched wireshark [3] can
> be found here [4]. I will submit both changes upstream after the kernel
> changes are accepted. Another change worth making is adding a dropmon
> pseudo interface to libpcap, similar to the nflog interface [5]. This
> will allow users to specifically listen on dropmon traffic instead of
> capturing all netlink packets via the nlmon netdev.

Nice work, Ido.

On top of your dropwatch changes I added the ability to print the
payload as hex. e.g.,

Issue Ctrl-C to stop monitoring
drop at: nf_hook_slow+0x59/0x98 (0xffffffff814ec532)
input port ifindex: 1
timestamp: Thu Aug  8 15:04:02 2019 360015026 nsec
length: 64
00 00 00 00 00 00 00 00  00 00 00 00 08 00 45 00      ........ ......E.
00 3c e7 50 40 00 40 06  55 69 7f 00 00 01 7f 00      .<.P@.@. Ui......
00 01 80 2c 30 39 74 b9  c7 4d 00 00 00 00 a0 02      ...,09t. .M......
ff d7 fe 30 00 00 02 04  ff d7 04 02 08 0a 53 79       ...0.... ......Sy
original length: 74


Seems like the skb protocol is also needed to properly parse the payload
- ie., to know it is an ethernet header, followed by ip and tcp.

next prev parent reply	other threads:[~2019-08-08 21:08 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-07 10:30 [PATCH net-next 00/10] drop_monitor: Capture dropped packets and metadata Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 01/10] drop_monitor: Split tracing enable / disable to different functions Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 02/10] drop_monitor: Initialize timer and work item upon tracing enable Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 03/10] drop_monitor: Reset per-CPU data before starting to trace Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 04/10] drop_monitor: Require CAP_NET_ADMIN for drop monitor configuration Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 05/10] drop_monitor: Add alert mode operations Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 06/10] drop_monitor: Add packet alert mode Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 07/10] drop_monitor: Allow truncation of dropped packets Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 08/10] drop_monitor: Add a command to query current configuration Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 09/10] drop_monitor: Make drop queue length configurable Ido Schimmel
2019-08-07 10:30 ` [PATCH net-next 10/10] drop_monitor: Expose tail drop counter Ido Schimmel
2019-08-08 21:08 ` David Ahern [this message]
2019-08-09 12:38   ` [PATCH net-next 00/10] drop_monitor: Capture dropped packets and metadata Ido Schimmel
2019-08-09  8:41 ` Toke Høiland-Jørgensen
2019-08-09 12:54   ` Ido Schimmel
2019-08-09 18:15     ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=745e5ab5-e254-ecd0-565a-371c5b6d0df0@gmail.com \
    --to=dsahern@gmail.com \
    --cc=andrew@lunn.ch \
    --cc=andy@greyhouse.net \
    --cc=davem@davemloft.net \
    --cc=f.fainelli@gmail.com \
    --cc=idosch@idosch.org \
    --cc=idosch@mellanox.com \
    --cc=jakub.kicinski@netronome.com \
    --cc=jiri@mellanox.com \
    --cc=mlxsw@mellanox.com \
    --cc=netdev@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    --cc=nikolay@cumulusnetworks.com \
    --cc=roopa@cumulusnetworks.com \
    --cc=toke@redhat.com \
    --cc=vivien.didelot@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).