common-tools-tcpdump-mesa/readme.md

 

 **TCPDUMP_MESA**

fork from tcpdump for MESA sapp platform

------

```
tcpdump version 4.8.1
libpcap version 1.8.1
OpenSSL 1.0.2k-fips  26 Jan 2017
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -j tstamptype ] [ -M secret ] [ --number ]
                [ -Q in|out|inout ]
                [ -r file ] [ -s snaplen ] [ --time-stamp-precision precision ]
                [ --immediate-mode ] [ -T type ] [ --version ] [ -V file ]
                [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]
                [ -Z user ] [ expression ]
----------------------------------------------------------------------------------------------.
                The follow args is customized for tcpdump_mesa:
                [ -a ] enable perceptive mode, can detect loss packet number.
                [ -g greedy-seek ] enable greedy seek to most inner IP layer, for tunnel, embed protocol.
                [ -k thread-id ] to assign sapp recv thread id, support multi-range, for example: 1,3,5,7.
                [ -o offset ] to assign offset from MAC, for skip some low layer data, for example: vxlan=50, mac_in_mac=14.
                [ -P port ] to assign sapp recv command port.
                [ --vlan-as-mac-in-mac ] force VLAN to be analysed as MAC-IN-MAC format.
```



------

 **2016-11-29 lijia** 

类似FTP方式, TCP连接传输命令, UDP连接传输实际捕包.

1.    随机打开本端UDP未用端口, 默认12345, 如被占用, 顺序后延

2. 与sapp建立TCP连接, 发送本端UDP监听端口

3. 给sapp发送捕包控制命令, 传输BPF-filter过滤字符串

4. 从UDP端口读取sapp捕获的数据包

5. 调用tcpdump原版流程, 解析打印或写文件

------

 **2017-08-08 lijia**

1. 增加指定线程号捕包功能

------

**2020-09-28** yangwei

1. 优化greedy_seek模式行为，构造DLT_RAW类型的cbpf用于从IP头部开始匹配过滤规则