NETOBSERV-2143 improve pcapng implementation (#293)

* allow custom registry

* vendor

* ng writer

* remove scanner return code

* switch to gopacket/gopacket

Author: jpinsonneau

cmd/flow_capture.go

@@ -25,13 +25,7 @@ var flowCmd = &cobra.Command{
 }
 
 func runFlowCapture(_ *cobra.Command, _ []string) {
-	go func() {
-		if !scanner() {
-			return
-		}
-		// scanner returns on exit request
-		os.Exit(0)
-	}()
+	go scanner()
 
 	captureType = "Flow"
 	wg := sync.WaitGroup{}

cmd/flow_display.go

@@ -235,10 +235,10 @@ func printBuf() {
 }
 
 // scanner returns true in case of normal exit (end of program execution) or false in case of error
-func scanner() bool {
+func scanner() {
 	if err := keyboard.Open(); err != nil {
 		keyboardError = fmt.Sprintf("Keyboard not supported %v", err)
-		return false
+		return
 	}
 	defer func() {
 		_ = keyboard.Close()
@@ -253,7 +253,8 @@ func scanner() bool {
 		case key == keyboard.KeyCtrlC, stopReceived:
 			log.Info("Ctrl-C pressed, exiting program.")
 			// exit program
-			return true
+			stopReceived = true
+			return
 		case key == keyboard.KeyArrowUp:
 			showCount++
 		case key == keyboard.KeyArrowDown:

cmd/map_format.go

@@ -474,6 +474,14 @@ func ToTableColWidth(id string) int {
 	return 6
 }
 
+func toColID(field string) string {
+	colIndex := slices.IndexFunc(cfg.Columns, func(c *ColumnConfig) bool { return c.Field == field })
+	if colIndex != -1 {
+		return cfg.Columns[colIndex].ID
+	}
+	return ""
+}
+
 func toFieldName(id string) string {
 	colIndex := slices.IndexFunc(cfg.Columns, func(c *ColumnConfig) bool { return c.ID == id })
 	if colIndex != -1 {
@@ -482,45 +490,47 @@ func toFieldName(id string) string {
 	return ""
 }
 
+func toDisplayValue(genericMap config.GenericMap, colID string, fieldName string) interface{} {
+	switch colID {
+	case "EndTime":
+		if captureType == "Flow" {
+			return toTimeString(genericMap, "TimeFlowEndMs")
+		}
+		return toTimeString(genericMap, "Time")
+	// special cases where autocompletes are involved
+	case "FlowDirection", "IfDirections":
+		return toDirection(genericMap, fieldName)
+	case "Proto":
+		return toProto(genericMap, fieldName)
+	case "Dscp":
+		return toDSCP(genericMap, fieldName)
+	// bytes count
+	case "Bytes":
+		return toCount(genericMap, "Bytes")
+	case "PktDropBytes":
+		return toCount(genericMap, "PktDropBytes")
+	// duration parsing
+	case "DNSLatency":
+		return toDuration(genericMap, fieldName, time.Millisecond)
+	case "TimeFlowRttMs":
+		return toDuration(genericMap, fieldName, time.Nanosecond)
+	case "NetworkEvents":
+		events := ovnutils.NetworkEventsToStrings(genericMap)
+		return strings.Join(events, ", ")
+	default:
+		// else simply pick field value as text from column name
+		return toValue(genericMap, fieldName)
+	}
+}
+
 func ToTableRow(genericMap config.GenericMap, colIDs []string) []interface{} {
 	row := []interface{}{}
 
 	for _, colID := range colIDs {
 		// convert column id to its field accordingly
 		fieldName := toFieldName(colID)
-
-		switch colID {
-		case "EndTime":
-			if captureType == "Flow" {
-				row = append(row, toTimeString(genericMap, "TimeFlowEndMs"))
-			} else {
-				row = append(row, toTimeString(genericMap, "Time"))
-			}
-		// special cases where autocompletes are involved
-		case "FlowDirection", "IfDirections":
-			row = append(row, toDirection(genericMap, fieldName))
-		case "Proto":
-			row = append(row, toProto(genericMap, fieldName))
-		case "Dscp":
-			row = append(row, toDSCP(genericMap, fieldName))
-		// bytes count
-		case "Bytes":
-			row = append(row, toCount(genericMap, "Bytes"))
-		case "PktDropBytes":
-			row = append(row, toCount(genericMap, "PktDropBytes"))
-		// duration parsing
-		case "DNSLatency":
-			row = append(row, toDuration(genericMap, fieldName, time.Millisecond))
-		case "TimeFlowRttMs":
-			row = append(row, toDuration(genericMap, fieldName, time.Nanosecond))
-		case "NetworkEvents":
-			events := ovnutils.NetworkEventsToStrings(genericMap)
-			row = append(row, strings.Join(events, ", "))
-		default:
-			// else simply pick field value as text from column name
-			row = append(row, toValue(genericMap, fieldName))
-		}
+		// append value to row
+		row = append(row, toDisplayValue(genericMap, colID, fieldName))
 	}
-
 	return row
 }

cmd/packet_capture.go

@@ -5,18 +5,19 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"sort"
 	"strings"
 	"sync"
 	"time"
 
-	"github.com/google/gopacket/layers"
+	"github.com/gopacket/gopacket"
+	"github.com/gopacket/gopacket/layers"
+	"github.com/gopacket/gopacket/pcapgo"
 	"github.com/jpillora/sizestr"
 	"github.com/netobserv/flowlogs-pipeline/pkg/config"
 	"github.com/netobserv/flowlogs-pipeline/pkg/pipeline/utils"
 	"github.com/netobserv/flowlogs-pipeline/pkg/pipeline/write/grpc"
 	"github.com/netobserv/flowlogs-pipeline/pkg/pipeline/write/grpc/genericmap"
-	"github.com/ryankurte/go-pcapng"
-	"github.com/ryankurte/go-pcapng/types"
 	"github.com/spf13/cobra"
 )
 
@@ -56,32 +57,27 @@ func runPacketCaptureOnAddr(port int, filename string) error {
 			":", "") // get rid of offensive colons
 	}
 
-	var f *os.File
 	err := os.MkdirAll("./output/pcap/", 0700)
 	if err != nil {
 		log.Errorf("Create directory failed: %v", err.Error())
 		log.Fatal(err)
 	}
 	log.Trace("Created pcap folder")
 
-	pw, err := pcapng.NewFileWriter("./output/pcap/" + filename + ".pcapng")
+	f, err := os.Create("./output/pcap/" + filename + ".pcapng")
 	if err != nil {
-		log.Errorf("Create file %s failed: %v", filename, err.Error())
 		log.Fatal(err)
 	}
+	defer f.Close()
 	log.Trace("Created pcapng file")
 
-	// write pcap file header
-	so := types.SectionHeaderOptions{
-		Comment:     filename,
-		Application: "netobserv-cli",
-	}
-	err = pw.WriteSectionHeader(so)
+	ngw, err := pcapgo.NewNgWriter(f, layers.LinkTypeEthernet)
 	if err != nil {
-		log.Fatal(err)
+		log.Error("Error while creating writer", err)
+		return nil
 	}
-	defer f.Close()
-	log.Trace("Wrote pcap section header")
+	defer ngw.Flush()
+	log.Trace("Wrote pcap section header & interface")
 
 	flowPackets := make(chan *genericmap.Flow, 100)
 	collector, err := grpc.StartCollector(port, flowPackets)
@@ -99,6 +95,10 @@ func runPacketCaptureOnAddr(port int, filename string) error {
 		log.Trace("Done")
 	}()
 
+	var srcComment strings.Builder
+	var dstComment strings.Builder
+	var commonComment strings.Builder
+
 	log.Trace("Ready ! Waiting for packets...")
 	go hearbeat()
 	for fp := range flowPackets {
@@ -141,15 +141,53 @@ func runPacketCaptureOnAddr(port int, filename string) error {
 				log.Error("Error while decoding data", err)
 				return nil
 			}
+			// sort generic map keys to keep comments ordered
+			keys := make([]string, 0, len(genericMap))
+			for k := range genericMap {
+				// ignore time field
+				if k == "Time" {
+					continue
+				}
+				keys = append(keys, k)
 
-			// write enriched data as interface
-			writeEnrichedData(pw, &genericMap)
+			}
+			sort.Strings(keys)
+
+			// generate comments per category
+			srcComment.WriteString("Source\n")
+			dstComment.WriteString("Destination\n")
+			commonComment.WriteString("Common\n")
+			for _, k := range keys {
+				id := toColID(k)
+				str := fmt.Sprintf("%s: %v\n", ToTableColName(id), toDisplayValue(genericMap, id, k))
+				if strings.HasPrefix(k, "Src") {
+					srcComment.WriteString(str)
+				} else if strings.HasPrefix(k, "Dst") {
+					dstComment.WriteString(str)
+				} else {
+					commonComment.WriteString(str)
+				}
+			}
 
-			// then append packet to file using totalPackets as unique id
-			err = pw.WriteEnhancedPacketBlock(totalPackets, ts, b, types.EnhancedPacketOptions{})
-			if err != nil {
-				return err
+			// write enriched data as interface
+			if err := ngw.WritePacketWithOptions(gopacket.CaptureInfo{
+				Timestamp:     ts,
+				Length:        len(b),
+				CaptureLength: len(b),
+			}, b, pcapgo.NgPacketOptions{
+				Comments: []string{
+					srcComment.String(),
+					dstComment.String(),
+					commonComment.String(),
+				},
+			}); err != nil {
+				log.Error("Error while writing packet", err)
+				return nil
 			}
+
+			srcComment.Reset()
+			dstComment.Reset()
+			commonComment.Reset()
 		} else {
 			if !captureStarted {
 				log.Trace("Data is missing")
@@ -167,7 +205,6 @@ func runPacketCaptureOnAddr(port int, filename string) error {
 				return nil
 			}
 		}
-		totalPackets++
 
 		// terminate capture if max time reached
 		now := currentTime()
@@ -183,36 +220,3 @@ func runPacketCaptureOnAddr(port int, filename string) error {
 	}
 	return nil
 }
-
-func writeEnrichedData(pw *pcapng.FileWriter, genericMap *config.GenericMap) {
-	var io types.InterfaceOptions
-	srcType := toValue(*genericMap, "SrcK8S_Type").(string)
-	if srcType != emptyText {
-		io = types.InterfaceOptions{
-			Name: fmt.Sprintf(
-				"%s: %s -> %s: %s",
-				srcType,
-				toValue(*genericMap, "SrcK8S_Name"),
-				toValue(*genericMap, "DstK8S_Type"),
-				toValue(*genericMap, "DstK8S_Name")),
-			Description: fmt.Sprintf(
-				"%s: %s Namespace: %s -> %s: %s Namespace: %s",
-				toValue(*genericMap, "SrcK8S_OwnerType"),
-				toValue(*genericMap, "SrcK8S_OwnerName"),
-				toValue(*genericMap, "SrcK8S_Namespace"),
-				toValue(*genericMap, "DstK8S_OwnerType"),
-				toValue(*genericMap, "DstK8S_OwnerName"),
-				toValue(*genericMap, "DstK8S_Namespace"),
-			),
-		}
-	} else {
-		io.Name = "Unknown resource"
-		io = types.InterfaceOptions{
-			Name: "Unknown kubernetes resource",
-		}
-	}
-	err := pw.WriteInterfaceDescription(uint16(layers.LinkTypeEthernet), io)
-	if err != nil {
-		log.Fatal(err)
-	}
-}

cmd/root.go

@@ -28,8 +28,7 @@ var (
 
 	mutex = sync.Mutex{}
 
-	totalBytes   = int64(0)
-	totalPackets = uint32(0)
+	totalBytes = int64(0)
 
 	rootCmd = &cobra.Command{
 		Use:   "network-observability-cli",

go.mod

@@ -7,15 +7,14 @@ toolchain go1.23.5
 require (
 	github.com/eiannone/keyboard v0.0.0-20220611211555-0d226195f203
 	github.com/fatih/color v1.18.0
-	github.com/google/gopacket v1.1.19
+	github.com/gopacket/gopacket v1.3.2-0.20250513021322-b23ac340366c
 	github.com/jpillora/sizestr v1.0.0
 	github.com/mattn/go-sqlite3 v1.14.28
 	github.com/netobserv/flowlogs-pipeline v1.9.0-crc1
 	github.com/netobserv/netobserv-ebpf-agent v1.9.0-crc0
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/rodaine/table v1.3.0
-	github.com/ryankurte/go-pcapng v0.0.0-20170712041429-73fd1a63fab4
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0

go.sum

@@ -65,12 +65,12 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
-github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/pprof v0.0.0-20250423184734-337e5dd93bb4 h1:gD0vax+4I+mAj+jEChEf25Ia07Jq7kYOFO5PPhAxFl4=
 github.com/google/pprof v0.0.0-20250423184734-337e5dd93bb4/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gopacket/gopacket v1.3.2-0.20250513021322-b23ac340366c h1:8f3IKyIbp1D5VM0g/LGuHFyMzcCcr5FOyp9VmQniWWk=
+github.com/gopacket/gopacket v1.3.2-0.20250513021322-b23ac340366c/go.mod h1:EpvsxINeehp5qj4YMKMLf2/dekdhKn2IIAO/ZOifS7o=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -159,8 +159,6 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryankurte/go-pcapng v0.0.0-20170712041429-73fd1a63fab4 h1:bt4n2XpGDTrbVf1ahF8n3b2hRaq2DcRhtU+ELSyuYRk=
-github.com/ryankurte/go-pcapng v0.0.0-20170712041429-73fd1a63fab4/go.mod h1:pIeU5V4EYPgLckKEp7pQ9QuCl2y0tyJdRjxZKd49q3A=
 github.com/safchain/ethtool v0.5.10 h1:Im294gZtuf4pSGJRAOGKaASNi3wMeFaGaWuSaomedpc=
 github.com/safchain/ethtool v0.5.10/go.mod h1:w9jh2Lx7YBR4UwzLkzCmWl85UY0W2uZdd7/DckVE5+c=
 github.com/sagikazarmark/locafero v0.9.0 h1:GbgQGNtTrEmddYDSAH9QLRyfAHY12md+8YFTqyMTC9k=
@@ -239,8 +237,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -297,7 +293,6 @@ golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=