Replay pcap file on Xenomai kernel in real time

[Umair Ali]

Hello there,

I am working on the project of replaying the pcap files in the real time over the network. For this purpose I am using the real time Linux kernel 'Xenomai v 3.0.1'. My idea is to write a code in C which will read the pcap file packet by packet and then send the packet as raw Ethernet packet over the real time interface. When the pcap libraries are used on the xenomai then the process of reading pcap files does not behave in real time any more. Moreover the xenomai uses the mmap for reading the files in real time. I have tried to use the mmap technique to read pcap file but it is not perfect and works for small files. I have read the netsniff.ng tool uses the same mmap technique to read the pcap file for replaying the pcap file. My question is that how mmap is used in netsniff-ng tool to read the pcap file packet by packet. Can you give me the C code as an example to read the pcap file using mmap packet by packet. I shall be highly thankful.

Thanks & regards
Ali
Tampere University of Technology.

[Tobias Klauser]

Hi Ali

On 2016-01-27 at 13:01:55 +0100, Umair Ali <ali....@tut.fi> wrote:
> Hello there,
>
> I am working on the project of replaying the pcap files in the real time over the network. For this purpose I am using the real time Linux kernel 'Xenomai v 3.0.1'. My idea is to write a code in C which will read the pcap file packet by packet and then send the packet as raw Ethernet packet over the real time interface. When the pcap libraries are used on the xenomai then the process of reading pcap files does not behave in real time any more. Moreover the xenomai uses the mmap for reading the files in real time. I have tried to use the mmap technique to read pcap file but it is not perfect and works for small files. I have read the netsniff.ng tool uses the same mmap technique to read the pcap file for replaying the pcap file. My question is that how mmap is used in netsniff-ng tool to read the pcap file packet by packet. Can you give me the C code as an example to read the pcap file using mmap packet by packet. I shall be highly thankful.

Have a look at pcap_mm.c, the mmap base pcap read/write functions are
defined there.

Hope that helps
Tobias

[Tobias Klauser]

[resending with Ali in Cc in case he's not subscribed to the list]

Hi Ali

On 2016-01-27 at 13:01:55 +0100, Umair Ali <ali....@tut.fi> wrote:

> Hello there,
>
> I am working on the project of replaying the pcap files in the real time over the network. For this purpose I am using the real time Linux kernel 'Xenomai v 3.0.1'. My idea is to write a code in C which will read the pcap file packet by packet and then send the packet as raw Ethernet packet over the real time interface. When the pcap libraries are used on the xenomai then the process of reading pcap files does not behave in real time any more. Moreover the xenomai uses the mmap for reading the files in real time. I have tried to use the mmap technique to read pcap file but it is not perfect and works for small files. I have read the netsniff.ng tool uses the same mmap technique to read the pcap file for replaying the pcap file. My question is that how mmap is used in netsniff-ng tool to read the pcap file packet by packet. Can you give me the C code as an example to read the pcap file using mmap packet by packet. I shall be highly thankful.

[Umair Ali]

Hi Tobias,

Thanks for the quick reply. I have read pcap_mm.c file but cannot understand the flow of the code. Can you explain me the flow that once the pcap file is open using mmap then how it is further processed to extract packet by packet and replay. Is it possible with netsniff-ng to send packet every 5micro secs or less.

Thanks in advance

BR
Ali

[Tobias Klauser]

On 2016-01-27 at 15:15:01 +0100, Umair Ali <ali....@tut.fi> wrote:
> Hi Tobias,
>
> Thanks for the quick reply. I have read pcap_mm.c file but cannot understand the flow of the code. Can you explain me the flow that once the pcap file is open using mmap then how it is further processed to extract packet by packet and replay. Is it possible with netsniff-ng to send packet every 5micro secs or less.

The mmap pcap functions (like the scatter-gather and the standard file
i/o functions) are wired up in struct pcap_file_ops *pcap_ops and then
used by the respective functions in netsniff-ng.cx according to the pcap
access method is set in ctx->pcap (PCAP_OPS_MM in case of mmap).
read_pcap in netsniff-ng.c is probably most interesting to you.

HTH
Tobias

[Vadim Kochan]

> --
> You received this message because you are subscribed to the Google Groups "netsniff-ng" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

I was thinking that may be if trafgen's proto header crafting patches
will be applied then may be it will allow to
use same syntax to change only-specified proto params for incoming
packets - from ingress pcap/device
and send them changed via specified output device like:

{
ip(saddr=2.2.2.2)
}

should change each packet with only IPv4 src address with checksum
re-calculation. Not sure if it might be really useful.

Regards,
Vadim Kochan

[Umair Ali]

Hello Tobias,

I have read the read_pcap function. I am not expert in C just a beginner. I have understand the basic flow from the read_pcap function but still not fully. I am using the real time kernel Xenomai 3.0.1 and it uses the real time Ethernet driver and hence the name of the Ethernet interface is 'rteth'. If you read this link
https://xenomai.org/2014/08/porting-a-linux-application-to-xenomai-dual-kernel/ which explains that how I can port the Linux application to the xenomai. As I am not expert therefore I am asking you that can I port the netsniff-ng tool to xenomai. I can ask the xenomai expert but you have build this tool and you can easily understand therefore I asked you. Or can I send the packet after 10 µsecs in non-real time Linux. Can you provide me the separate code of reading the pcap file so I can run on xenomai. Sorry for being asking so many questions.

Thanks & Br

Ali
-----Original Message-----
From: Tobias Klauser [mailto:tkla...@distanz.ch]
Sent: January-27-16 5:02 PM
To: Umair Ali
Cc: netsn...@googlegroups.com
Subject: Re: [netsniff-ng] Replay pcap file on Xenomai kernel in real time

[Tobias Klauser]

Hi Ali

On 2016-02-01 at 11:39:38 +0100, Umair Ali <ali....@tut.fi> wrote:
> Hello Tobias,
>
> I have read the read_pcap function. I am not expert in C just a beginner. I have understand the basic flow from the read_pcap function but still not fully. I am using the real time kernel Xenomai 3.0.1 and it uses the real time Ethernet driver and hence the name of the Ethernet interface is 'rteth'. If you read this link

> https://xenomai.org/2014/08/porting-a-linux-application-to-xenomai-dual-kernel/ which explains that how I can port the Linux application to the xenomai. As I am not expert therefore I am asking you that can I port the netsniff-ng tool to xenomai. I can ask the xenomai expert but you have build this tool and you can easily understand therefore I asked you. Or can I send the packet after 10 盜ecs in non-real time Linux. Can you provide me the separate code of reading the pcap file so I can run on xenomai. Sorry for being asking so many questions.

I'm not really familiar with Xenomai (or other RT Linux systems for that
matter), so I can't really tell you what changes (if any) are needed to
have netsniff-ng running on such a system. In case you see any changes
necessary in order to support running netsniff-ng on Xenomai, feel free
to send patches and/or change requests.

As for the pcap reading code: It's all in the sources, so you can dig it
up from there. If you have specific questions about it, I'll happily try
to answer them. But I'm afraid, I won't be able to guide you step by
step through the code nor provide you with example code (that goes
beyond what's already in the netsniff-ng sources) specific to your use
case.

Regards
Tobias

[Tobias Klauser]

On 2016-02-01 at 15:38:28 +0100, Umair Ali <ali....@tut.fi> wrote:
> Thanks a lot for the help offer. I can understand what you want to say.
>
> I need your feedback on the code which I have written. The flow of the code is as follows
> - Reader the pcap file. the pcap file contained the captured Sampled Values packets (IEC 61850 9-2 SV, Datalink layer lever)
> - The length of each packet is fixed which is 126 bytes and pcap only contain SV packets.
> - The code below is opening pcap file and then mapping the file and closing the pcap file
> - the Variable packet_index is used to point the start of every packet
>
> It is very small code and it will few minutes to read. Please find the attached file. I will appreciate your feedback and points of suggestions. Thanks a lot once again and sorry for bugging you too much.

Sorry, but reviewing a random dump of code (that doesn't even compile)
goes beyond the scope of what I'd consider support/help for netsniff-ng.

As said, I'm happy to help with any problems you encounter specific to
the netsniff-ng toolkit or help you get patches integrated that make
netsniff-ng work better in your environment/application.

Good luck
Tobias

[Daniel Borkmann]

On 02/01/2016 04:51 PM, Tobias Klauser wrote:
> On 2016-02-01 at 15:38:28 +0100, Umair Ali <ali....@tut.fi> wrote:

[...]

> Sorry, but reviewing a random dump of code (that doesn't even compile)
> goes beyond the scope of what I'd consider support/help for netsniff-ng.

+1

Ali, I find your request very unreasonable. Tobias was kind enough
to point you to everything you need to look at and if it's for your
university project anyway, then consider the rest a learning process.
Wasting a maintainers precious time like this I consider rude.

Thank you,
Daniel