This document describes how the Data Plane Development Kit (DPDK) Packet Capture Framework is used for capturing packets on DPDK ports. It is intended for users of DPDK who want to know more about the Packet Capture feature and for those who want to monitor traffic on DPDK-controlled devices.
The DPDK packet capture framework was introduced in DPDK v16.07. The DPDK packet capture framework consists of the DPDK pdump library and DPDK pdump tool.
The librte_pdump library provides the APIs required to allow users to initialize the packet capture framework and to enable or disable packet capture. The library works on a client/server model and its usage is recommended for debugging purposes.
The dpdk-pdump tool is developed based on the librte_pdump library. It runs as a DPDK secondary process and is capable of enabling or disabling packet capture on DPDK ports. The dpdk-pdump tool provides command-line options with which users can request enabling or disabling of the packet capture on DPDK ports.
The application which initializes the packet capture framework will act as a server and the application that enables or disables the packet capture will act as a client. The server sends the Rx and Tx packets from the DPDK ports to the client.
In DPDK the testpmd application can be used to initialize the packet capture framework and act as a server, and the dpdk-pdump tool acts as a client. To view Rx or Tx packets of testpmd, the application should be launched first, and then the dpdk-pdump tool. Packets from testpmd will be sent to the tool, which then sends them on to the Pcap PMD device and that device writes them to the Pcap file or to an external interface depending on the command-line option used.
Some things to note:
The overview of using the Packet Capture Framework and the dpdk-pdump tool for packet capturing on the DPDK port in Figure.
Packet capturing on a DPDK port using the dpdk-pdump tool.
Modify the DPDK primary application to initialize the packet capture framework as mentioned in the above notes and enable the following config options and build DPDK:
CONFIG_RTE_LIBRTE_PMD_PCAP=y
CONFIG_RTE_LIBRTE_PDUMP=y
The following steps demonstrate how to run the dpdk-pdump tool to capture Rx side packets on dpdk_port0 in Figure and inspect them using tcpdump.
Launch testpmd as the primary application:
sudo ./app/testpmd -c 0xf0 -n 4 -- -i --port-topology=chained
Launch the pdump tool as follows:
sudo ./build/app/dpdk-pdump -- \
--pdump 'port=0,queue=*,rx-dev=/tmp/capture.pcap'
Send traffic to dpdk_port0 from traffic generator. Inspect packets captured in the file capture.pcap using a tool that can interpret Pcap files, for example tcpdump:
$tcpdump -nr /tmp/capture.pcap
reading from file /tmp/capture.pcap, link-type EN10MB (Ethernet)
11:11:36.891404 IP 4.4.4.4.whois++ > 3.3.3.3.whois++: UDP, length 18
11:11:36.891442 IP 4.4.4.4.whois++ > 3.3.3.3.whois++: UDP, length 18
11:11:36.891445 IP 4.4.4.4.whois++ > 3.3.3.3.whois++: UDP, length 18