Add ability to produce WireShark-compatible PCAP packet logging.#38
Add ability to produce WireShark-compatible PCAP packet logging.#38ke6jjj wants to merge 1 commit intohelium/hotspotfrom
Conversation
| /* signal handling variables */ | ||
| volatile bool exit_sig = false; /* 1 -> application terminates cleanly (shut down hardware, close open files, etc) */ | ||
| volatile bool quit_sig = false; /* 1 -> application terminates without shutting down the hardware */ | ||
| volatile bool reload_sig = false; /* 1 -> application re-opens logs/PCAP output */ |
There was a problem hiding this comment.
I’m guessing you’re just following the existing code, but these should all be atomics. Somehow I forgot it never noticed the (incorrect) use of volatile here
| #if __STDC_VERSION__ >= 199901L | ||
| #define _XOPEN_SOURCE 600 | ||
| #else | ||
| #define _XOPEN_SOURCE 500 | ||
| #endif |
There was a problem hiding this comment.
This pattern is something I've accepted in C source, but never understood. Or at least can't remember
|
|
||
| /* | ||
| * The PCAP file header. Using clever runtime checking of the | ||
| * magic number field, this structure can be written to disk |
There was a problem hiding this comment.
I see a write method for this struct, but no 'read'. Is that done elsewhere? Sorry if dump question, I don't know a whole lot about pcap
| uint16_t tag; /* !MISALIGNED */ | ||
| }; | ||
| static size_t kLoRaTapHeaderSize = 35; | ||
|
|
There was a problem hiding this comment.
I like that you use a literal for the size above (I dislike having to do math when reading code), but I always like to add a static assert in these situations:
| __Static_assert(sizeof(struct pcap_lora_tap_header) == kLoRaTapHeaderSize, "check LoRa header size"); | |
There was a problem hiding this comment.
I add the static assert suggestion from memory, so please double check syntax/usage before using if you chose to do so.
2 participants
Summary
This PR adds the ability to log received LoRa packets to "PCAP" file in a format that has been standardized by the WireShark network analysis project.
Usage
PCAP logging can be enabled via the JSON configuration file. When enabled, PCAP logging can be reset via SIGHUP to allow for log rotation without restarting the packet forwarder.
gateway_conf.pcap_dump_pathExample config
With this patch, PCAP logging is disabled by default, but it can be enabled by adding a
pcap_dump_pathitem togateway_confitem the global JSON configuration. For example:To rotate the PCAP file (for example, once a day), move the current PCAP output to a new location (say,
/var/tmp/lora-YYYY-MM-DD.pcap) then deliver a SIGHUP (signal 1) signal to the packet forwarder. It will open and initialize a new/var/tmp/lora.pcapfile on receipt.