Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Follow up for PacketCapture feature. #6795

Open
hangyan opened this issue Nov 9, 2024 · 1 comment
Open

Follow up for PacketCapture feature. #6795

hangyan opened this issue Nov 9, 2024 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@hangyan
Copy link
Member

hangyan commented Nov 9, 2024
edited
Loading

Possible future improvements in the future:

  1. bi-direction capture
    This was marked as a future improvement during the design stage. We could add a bool field in the spec to turn this on.
  • ipv6
    currently the ipFamily field in spec has a fixed value ipv4.
  • tcp flags filter
  • icmp echo/reply filter
    add new section in transportHeader struct to support icmp filters.

Current issues:

  1. captured file cannot be opened by tcpdump on mac, works on linux. ( Wireshark is fine on mac) (Fix PacketCapture pcapng file issue on macOS #6804)

reading from PCAP-NG file pc-test-tcp.pcapng. tcpdump: pcap_loop: invalid packet capture length 74, bigger than snaplen of 524288

this is the error message shown when reading packets from tcpdump on mac. It works fine with linux and WIreshark(mac).

Related to:

  1. Add packetcatpure feature #6756
  2. [Proposal] A new PacketSampling CRD #5443
@hangyan hangyan added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 9, 2024
@hangyan
Copy link
Member Author

hangyan commented Nov 9, 2024

cc @luolanzone

@hangyan hangyan mentioned this issue Nov 12, 2024
Open
hangyan added a commit to hangyan/antrea that referenced this issue Nov 12, 2024
@hangyan
Fix captured packets file unrecognized issue on osx (antrea-io#6795)
12e1973 
By default, gopacket will write snap length=0 in the pcapng file
header, means unlimited snaplen. tcpdump on osx(libpcap version 1.10.1)
cannot recognize this and will report error. This patch will set
a default value(524288) for it.

Signed-off-by: Hang Yan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hangyan