From 67713e7a435f3f4af233916bf90e8586ef4f2f5c Mon Sep 17 00:00:00 2001 From: Antoine Tenart Date: Wed, 29 Jan 2025 11:55:11 +0100 Subject: [PATCH] docs: reflect latest changes in the skb collector output Signed-off-by: Antoine Tenart --- docs/collectors/skb.md | 71 +++++------------------------------------- docs/install.md | 5 +-- 2 files changed, 11 insertions(+), 65 deletions(-) diff --git a/docs/collectors/skb.md b/docs/collectors/skb.md index 03f56158c..75b75ae45 100644 --- a/docs/collectors/skb.md +++ b/docs/collectors/skb.md @@ -14,10 +14,9 @@ argument to the `kfree_skb_reason` function. ## Arguments The `skb` collector has a single specific argument, `--skb-sections`. This is -used to choose which parts of the `skb` metadata and/or data to retrieve and -export in the events. The raw start of the packet (headers), ARP, IPv4/6, TCP, -UDP and ICMPv4/v6 information are always included. See the `retis collect ---help` for a detailed description. +used to choose which parts of the `skb` metadata to retrieve and export in the +events. The raw start of the packet (headers) is always included. See the `retis +collect --help` for a detailed description. When collecting event for later `pcap-ng` file generation (see `retis pcap --help`), it's best to collect the `dev` and `ns` sections too. @@ -39,71 +38,12 @@ ns {namespace id} if {interface index} ({interface name}) rxif {rx interface index} ``` -### Ethernet section - -```none -{src mac} > {dst mac} ethertype {etype name} ({etype hex}) -``` - ### VLAN acceleration section ```none vlan_accel (id {id} prio {prio} [drop]) ``` -### ARP section - -```none -request who-has {ip} tell {ip} -``` - -or, - -```none -reply {ip} is at {mac} -``` - -### IP section - -For IPv4: - -```none -{src ip}.{src port} > {dst ip}.{dst port} {ECN info} ttl {ttl} tos {tos} id {id} - off {frag offset} [{flags}] len {packet len} proto {protocol name} -``` - -- `ECN info` can be one of `CE`, `ECT(0)` or `ECT(1)`. -- `flags` are constructed with a combination of `+`, `DF` and `rsvd`. - -For IPv6: - -```none -{src ip}.{src port} > {dst ip}.{dst port} {ECN info} ttl {ttl} label {flow label} - len {packet len} proto {protocol name} -``` - -### TCP section - -```none -flags [{flags}] seq {sequence} ack {acked sequence} win {window} -``` - -- `flags` are constructed using a combination of `F` (fin), `S` (syn), `R` - (reset), `P` (push), `.` (ack), `U` (urgent). -- `sequence` can be a range (`{start}:{end}`) or a single number (`{sequence}`). - -### UDP section - -```none -len {UDP data len} -``` - -### ICMP & ICMPv6 sections - -```none -type {type number} code {code number} -``` - ### Metadata & dataref sections Those two sections report metadata and reference counting from the socket buffer @@ -130,3 +70,8 @@ gso [type {GSO type} flags {GSO flags} frags {nr of GSO frags} - `GSO type`, see `SKBFL_*` in the Linux kernel `include/linux/skbuff.h`. - `GSO flags`, see `SKB_GSO_*` in the Linux kernel `include/linux/skbuff.h`. + +### Packet section + +The packet itself (payload) is printed on a dedicated line when using the +multi-line format and the output is coming from `tcpdump`. diff --git a/docs/install.md b/docs/install.md index 113ea9747..4c911e2ab 100644 --- a/docs/install.md +++ b/docs/install.md @@ -69,6 +69,7 @@ Retis depends on the following (in addition to Git and Cargo): - llvm - make - pkg-config +- tcpdump If the `python` feature is used (which is by default), the Python3 shared libraries and headers must be available. @@ -77,7 +78,7 @@ On Fedora, one can run: ```none $ dnf -y install git cargo clang elfutils-libelf-devel python3-devel \ - jq libpcap-devel llvm make pkgconf-pkg-config + jq libpcap-devel llvm make pkgconf-pkg-config tcpdump ``` On Ubuntu: @@ -85,7 +86,7 @@ On Ubuntu: ```none $ apt update $ apt -y install git cargo clang jq libelf-dev libpcap-dev python3-dev \ - llvm make pkg-config + llvm make pkg-config tcpdump ``` Then, to download and build Retis: