41. Packet Capture Next Generation Library
Exchanging packet traces becomes more and more critical every day. The de facto standard for this is the format defined by libpcap; but that format is rather old and is lacking in functionality for more modern applications. The Pcapng file format is the default capture file format for modern network capture processing tools such as wireshark (can also be read by tcpdump).
The Pcapng library is an API for formatting packet data into a Pcapng file. The format conforms to the current Pcapng RFC standard. It is designed to be integrated with the packet capture library.
The output stream is created with
and should be closed with
The library requires a DPDK mempool to allocate mbufs.
The mbufs need to be able to accommodate additional space
for the pcapng packet format header and trailer information;
rte_pcapng_mbuf_size should be used
to determine the lower bound based on MTU.
Collecting packets is done in two parts.
rte_pcapng_copy is used to format and copy mbuf data
rte_pcapng_write_packets writes a burst of packets to the output file.
rte_pcapng_write_stats can be used
to write statistics information into the output file.
The summary statistics information is automatically added