Hello,
I have been working on enabling TMF to read pcap traces. I am an
intern within Ericsson Montreal, and this is my summer project, so
I'll spend all my time on it.
So far, TMF can read pcaps and recognize a couple of protocols
(Ethernet, IPv4, TCP/UDP). There is currently a perspective that
displays the packets in a wiresharky way (there is a view that list
all the packets, another view shows packet details, and another view
that allows packet filtering although it is really limited ATM).
The goal is not to make a wireshark clone, but to offer some new
functionality and features that wireshark doesn't have. Also, since
we are a framework, I would also like to have it as easily
extensible as possible, and make it easy to add new types of packet
(which would be good for Kalray's usecase).
The cool thing is that you can already correlate packets with other
events (kernel, userspace, etc), since it uses the default TMF
views. In the following weeks I would like to:
- Improve the filter view, to be able to filter per packet/event
field. Filtering is probably the most used feature of wireshark and
having a good filter view in TMF is primordial.
- Add stream (conversation) based views. Basically, it filters the
packets between two hosts (endpoints) and analyze it.
- Make nice graphs that are meaningful to network engineers
- Add more protocols (the widely used ones)
- Make the pcap parser faster (there is so much room to improve it)
- Support pcapng
The prototype is pretty limited ATM. There is a LOT of work to be
done. If Kalray and Redhat (and others) would like to collaborate,
that would be awesome. Input are very welcome. The more input the
better.
Best regards,
Vincent
Hi,
Wireshark
replacement was not our top priority this year,
wireshark is already open source and doing a great
job.
Having
said that it is not the first time people are
asking about pcap and wireshark for TMF, it make
sense because people want to correlate the pcap
network protocol tracing/monitoring info with
other layers in the system, e.g. middleware, other
libraries, proprietary code, KVM, libvert, QEMU,
kernel, etc.
We
are doing an investigation this summer for a pcap
parser/visualizer, collaboration from RedHat,
Kalray or others is of course welcome, we can
setup an online meeting if need be.
Best
Regards,
Dominique.
I'm just back from
the EclipseCON France. During the
EclipseCON france, I had the
opportunity to present TMF with a live
demo.
After that, I had
a discussion with Redhat guys, about
having something similar to wireshark
in Eclipse, using TMF.
Is it possible to
have more info about that? (Planning,
expected features, ...)
In particular,
Kalray may be interested: use-case is
to monitor and visualize traffic on
the MPPA NoC.
|