Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [linuxtools-dev] TMF parser & Pcap
Hello,

I have been working on enabling TMF to read pcap traces. I am an intern within Ericsson Montreal, and this is my summer project, so I'll spend all my time on it.

So far, TMF can read pcaps and recognize a couple of protocols (Ethernet, IPv4, TCP/UDP). There is currently a perspective that displays the packets in a wiresharky way (there is a view that list all the packets, another view shows packet details, and another view that allows packet filtering although it is really limited ATM).

The goal is not to make a wireshark clone, but to offer some new functionality and features that wireshark doesn't have. Also, since we are a framework, I would also like to have it as easily extensible as possible, and make it easy to add new types of packet (which would be good for Kalray's usecase).

The cool thing is that you can already correlate packets with other events (kernel, userspace, etc), since it uses the default TMF views. In the following weeks I would like to:
- Improve the filter view, to be able to filter per packet/event field. Filtering is probably the most used feature of wireshark and having a good filter view in TMF is primordial.
- Add stream (conversation) based views. Basically, it filters the packets between two hosts (endpoints) and analyze it.
- Make nice graphs that are meaningful to network engineers
- Add more protocols (the widely used ones)
- Make the pcap parser faster (there is so much room to improve it)
- Support pcapng

The prototype is pretty limited ATM. There is a LOT of work to be done. If Kalray and Redhat (and others) would like to collaborate, that would be awesome. Input are very welcome. The more input the better.

Best regards,

Vincent
---------- Forwarded message ----------
From: Dominique Toupin <dominique.toupin@xxxxxxxxxxxx>
Date: Fri, Jun 20, 2014 at 9:32 AM
Subject: Re: [linuxtools-dev] TMF parser & Pcap
To: Linux Tools developer discussions <linuxtools-dev@xxxxxxxxxxx>


Hi,

 

Wireshark replacement was not our top priority this year, wireshark is already open source and doing a great job.

Having said that it is not the first time people are asking about pcap and wireshark for TMF, it make sense because people want to correlate the pcap network protocol tracing/monitoring info with other layers in the system, e.g. middleware, other libraries, proprietary code, KVM, libvert, QEMU, kernel, etc.

We are doing an investigation this summer for a pcap parser/visualizer, collaboration from RedHat, Kalray or others is of course welcome, we can setup an online meeting if need be.

 

Best Regards,

 

Dominique.

 

 

From: linuxtools-dev-bounces@xxxxxxxxxxx [mailto:linuxtools-dev-bounces@xxxxxxxxxxx] On Behalf Of Xavier Raynaud
Sent: June-20-14 3:08 AM


To: Linux Tools developer discussions
Subject: [linuxtools-dev] TMF parser & Pcap

 

Hi TMF guys,

 

I'm just back from the EclipseCON France. During the EclipseCON france, I had the opportunity to present TMF with a live demo.

After that, I had a discussion with Redhat guys, about having something similar to wireshark in Eclipse, using TMF.

 

Today, I checked my emails, and a saw that: https://git.eclipse.org/r/#/c/27887/

Is it possible to have more info about that? (Planning, expected features, ...)

 

In particular, Kalray may be interested: use-case is to monitor and visualize traffic on the MPPA NoC.

 

X

 

 

Xavier Raynaud

xavier.raynaud@xxxxxxxxx
Phone : +33 6 32 19 22 56


www.kalray.eu

Follow us on :

KALRAY SA

445 rue Lavoisier, 38330 Montbonnot FRANCE
Phone: +33 4 76 18 90 71
Fax: +33 4 76 89 80 26

 

 


_______________________________________________
linuxtools-dev mailing list
linuxtools-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/linuxtools-dev


Back to the top