utilities: upcall_monitor: Add result and port to pcap.

Use pcapng instead of pcap format and store the result and the input port name so they are visible in wireshark/tshark. Signed-off-by: Adrian Moreno <amorenoz@redhat.com> Signed-off-by: 0-day Robot <robot@bytheb.org>
ovsrobot · Jan 17, 2025 · 5069ba1 · 5069ba1
1 parent 5aa08a0
commit 5069ba1
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/utilities/usdt-scripts/upcall_monitor.py b/utilities/usdt-scripts/upcall_monitor.py
@@ -118,7 +118,7 @@
 
 from bcc import BPF, USDT, USDTException
 from os.path import exists
-from scapy.all import hexdump, wrpcap
+from scapy.all import hexdump, PcapNgWriter
 from scapy.layers.l2 import Ether
 
 from usdt_lib import DpPortMapping
@@ -284,6 +284,8 @@
 #endif
 """
 
+pcap_writer = None
+
 
 #
 # print_key()
@@ -318,6 +320,8 @@ def print_key(event, decode_dump):
 # print_event()
 #
 def print_event(ctx, data, size):
+    global pcap_writer
+
     event = b["events"].event(data)
     dp = event.dpif_name.decode("utf-8")
 
@@ -380,7 +384,12 @@ def print_event(ctx, data, size):
         print(re.sub('^', ' ' * 4, packet.show(dump=True), flags=re.MULTILINE))
 
     if options.pcap is not None:
-        wrpcap(options.pcap, packet, append=True, snaplen=options.packet_size)
+        if pcap_writer is None:
+            pcap_writer = PcapNgWriter(options.pcap)
+
+        packet.comment = f"result={event.result}"
+        packet.sniffed_on = port
+        pcap_writer.write(packet)
 
 
 #