search

Xilinx-CNS / solarcapture

SolarCapture network packet capture suite
Other
16 stars 8 forks source link

streams does not work with mode=sniff #20

Open gaurang-lakesidetrading opened 2 weeks ago

gaurang-lakesidetrading commented 2 weeks ago

Maybe this is more of a how-to question rather than an issue, but it's unclear from the documentation how i can go about achieving this. I basically want to listen to multiple mcast groups on the same interface, and write them all to separate files, in sniff mode.

solar_capture format=pcap-ns mode=sniff interface=ens1f0 capture_cores=15 writeout_core=16 \ join_streams="udp:224.0.31.3:14312" output=/home/auto/cme.312.incremental.$DATETIME.md.pcap \ join_streams="udp:224.0.31.45:14312" output=/home/auto/cme.312.instruments.$DATETIME.md.pcap \ join_streams="udp:233.72.75.3:23312" output=/home/auto/cme.312.snapshots.$DATETIME.md.pcap \ join_streams="udp:224.0.31.9:14318" output=/home/auto/cme.318.incremental.$DATETIME.md.pcap \ join_streams="udp:224.0.31.51:14318" output=/home/auto/cme.318.instruments.$DATETIME.md.pcap \ join_streams="udp:233.72.75.9:23318" output=/home/auto/cme.318.snapshots.$DATETIME.md.pcap \ join_streams="udp:224.0.33.240:14326" output=/home/auto/cme.326.incremental.$DATETIME.md.pcap \ join_streams="udp:224.0.33.243:14326" output=/home/auto/cme.326.instruments.$DATETIME.md.pcap \ join_streams="udp:224.0.33.242:23326" output=/home/auto/cme.326.snapshots.$DATETIME.md.pcap \ join_streams="udp:224.0.31.71:14348" output=/home/auto/cme.348.incremental.$DATETIME.md.pcap \ join_streams="udp:224.0.31.113:14348" output=/home/auto/cme.348.instruments.$DATETIME.md.pcap \ join_streams="udp:233.72.75.39:23348" output=/home/auto/cme.348.snapshots.$DATETIME.md.pcap

Output:

ERROR: errno=95 from core/sc_stream.c:594 in sc_stream_add(): sc_stream_add: ERROR: unsupported stream with capture_mode=sniff (fields=158) sc_stream_add: ERROR: unsupported stream with capture_mode=sniff (fields=158)

Adapters: Solarflare XtremeScale X2522-25G Adapter

abrunnin-xilinx commented 2 weeks ago

Sniff is its own unique filter; you don't do "Sniff + stream"; you instead do a single sniff filter. (Joining all of the multicast groups with "join_mcasts" as needed.)

If you need to split this into separate streams, this separation must be done in software (e.g. using BNF with filter nodes). For just saving into separate files, this is most easily done as a post-process step via merge-cap.