RIOT icon indicating copy to clipboard operation
RIOT copied to clipboard
verified publisher icon RIOT-OS

gnrc_pktshark: add new module to pretty-print network traffic

Open benpicco opened this issue 9 months ago • 4 comments

Contribution description

Ever wondered what's going on on your system traffic wise but found gnrc_pktdump way too noisy and at the same time quite terse to use?

This adds a new module gnrc_pktshark that works just like gnrc_pktdump, but will only print (parsed) meta-data of packets.

Currently it's mostly just parsing and printing CoAP traffic, but it should be easy to add printers for other packets when the need arises to look deeper into them.

The idea is to have something like the tcpdump CLI output, just two lines per packet.

Testing procedure

Just enable the auto_init_gnrc_pktshark module to auto-start it. Alternatively, just enable the gnrc_pktshark module and enable/disable it with pktshark on/pktshark off at run-time.

2025-03-11 15:39:33,739 # fe80::7cd6:cdbb:77d4:d67e ⇒ ff02::2
2025-03-11 15:39:33,739 # 	ICMPv6 Router Sol
2025-03-11 15:39:33,739 # 
2025-03-11 15:39:33,740 # fe80::7cd6:cdbb:77d4:d67e ⇒ ff02::1a
2025-03-11 15:39:33,740 # 	ICMPv6 msg type 155 (4 bytes)
2025-03-11 15:39:33,740 # 
2025-03-11 15:39:33,741 # fe80::7cd6:cdbb:77d4:d67e ⇐ fe80::a4bd:21e5:ff5c:aec6
2025-03-11 15:39:33,741 # 	ICMPv6 Router Adv sl2a abr
2025-03-11 15:39:33,741 # 	  pfx[A]=2001:db8::/64 ltime={65518, 65518}
2025-03-11 15:39:33,741 # 	  6ctx[0]=2001:db8::/64 ltime=65520
2025-03-11 15:39:33,741 # 	  dns=2620:fe::fe ltime=4294966296
2025-03-11 15:39:33,741 # 	  default, ltime=1800
2025-03-11 15:39:33,741 # 
2025-03-11 15:39:33,742 # 2001:db8::7cd6:cdbb:77d4:d67e ⇒ fe80::a4bd:21e5:ff5c:aec6
2025-03-11 15:39:33,742 # 	ICMPv6 Neighbor Sol (fe80::a4bd:21e5:ff5c:aec6)
2025-03-11 15:39:33,742 # 
2025-03-11 15:39:33,742 # 2001:db8::7cd6:cdbb:77d4:d67e ⇐ 2001:db8::a4bd:21e5:ff5c:aec6
2025-03-11 15:39:33,742 # 	ICMPv6 Neighbor Adv (RS fe80::a4bd:21e5:ff5c:aec6) ar
2025-03-11 15:39:37,740 # 
2025-03-11 15:39:37,741 # 2001:db8::7cd6:cdbb:77d4:d67e ⇐ 2001:db8::a4bd:21e5:ff5c:aec6
2025-03-11 15:39:37,742 # 	ICMPv6 Neighbor Sol (2001:db8::7cd6:cdbb:77d4:d67e) sl2a
2025-03-11 15:39:37,742 # 
2025-03-11 15:39:37,742 # :: ⇒ 2001:db8::a4bd:21e5:ff5c:aec6
2025-03-11 15:39:37,742 # 	ICMPv6 Neighbor Adv (S 2001:db8::7cd6:cdbb:77d4:d67e)

2025-03-11 15:42:18,975 # ncget coap://[fdea:dbee:f::1]/
2025-03-11 15:42:18,976 # 
2025-03-11 15:42:18,977 # :: ⇒ fdea:dbee:f::1  UDP [59821 ↣ 5683]
2025-03-11 15:42:18,977 # 	CoAP CON GET id=15406 B2[0.64] (0 bytes)
2025-03-11 15:42:18,990 # 
2025-03-11 15:42:18,991 # 2001:db8::e87c:540d:fe83:ef65 ⇐ fdea:dbee:f::1  UDP [5683 ↣ 59821]
2025-03-11 15:42:18,991 # 	CoAP ACK 205 id=15406 opt=4 B2[0.64 M] application/link-format (64 bytes)
2025-03-11 15:42:18,992 # /.cargo/
2025-03-11 15:42:18,992 # /Makefile.features
2025-03-11 15:42:18,992 # /uncrustify-riot.cfg
2025-03-11 15:42:18,992 # 
2025-03-11 15:42:18,992 # :: ⇒ fdea:dbee:f::1  UDP [59821 ↣ 5683]
2025-03-11 15:42:18,993 # 	CoAP CON GET id=15407 B2[1.64] (0 bytes)
2025-03-11 15:42:21,872 # 
2025-03-11 15:42:21,874 # :: ⇒ fdea:dbee:f::1  UDP [59821 ↣ 5683]
2025-03-11 15:42:21,875 # 	CoAP CON GET id=15407 B2[1.64] (0 bytes)
2025-03-11 15:42:21,882 # 
2025-03-11 15:42:21,884 # 2001:db8::e87c:540d:fe83:ef65 ⇐ fdea:dbee:f::1  UDP [5683 ↣ 59821]
2025-03-11 15:42:21,886 # 	CoAP ACK 205 id=15407 opt=4 B2[1.64 M] application/link-format (64 bytes)
2025-03-11 15:42:21,887 # /kconfigs/
2025-03-11 15:42:21,887 # /.editorconfig
2025-03-11 15:42:21,889 # /Makefile.base
2025-03-11 15:42:21,889 # 
2025-03-11 15:42:21,890 # :: ⇒ fdea:dbee:f::1  UDP [59821 ↣ 5683]
2025-03-11 15:42:21,894 # 	CoAP CON GET id=15408 B2[2.64] (0 bytes)
2025-03-11 15:42:21,895 # 
2025-03-11 15:42:21,896 # 2001:db8::e87c:540d:fe83:ef65 ⇐ fdea:dbee:f::1  UDP [5683 ↣ 59821]
2025-03-11 15:42:21,898 # 	CoAP ACK 205 id=15407 opt=4 B2[1.64 M] application/link-format (64 bytes)
2025-03-11 15:42:21,898 # 
2025-03-11 15:42:21,899 # 2001:db8::e87c:540d:fe83:ef65 ⇐ fdea:dbee:f::1  UDP [5683 ↣ 59821]
2025-03-11 15:42:21,900 # 	CoAP ACK 205 id=15407 opt=4 B2[1.64 M] application/link-format (64 bytes)

Issues/PRs references

benpicco avatar Mar 10 '25 10:03 benpicco

This adds a new module gnrc_pktprint that works just like gnrc_pktdump, but will only print (parsed) meta-data of packets.

I find the naming somewhat confusing then... If it doesn't print packets (as a whole) why is it called pktprint. Maybe rather gnrc_pktprint_parsed or gnrc_pktsniff or gnrc_pktshark (since the example output reminds me somewhat of tshark) something like that?

The idea is to have something like the tcpdump CLI output, just two lines per packet.

Your output already has more lines than two lines per packet. Also keep in mind that output with >1 line typically is harder to parse with tools such as sed or awk (in case that is the goal).

miri64 avatar Mar 11 '25 17:03 miri64

gnrc_pktshark sounds nice, I'll go with that

Also keep in mind that output with >1 line typically is harder to parse with tools such as sed or awk (in case that is the goal).

the goal for this is very much to be easy for humans to read, that's why I deviated from the strict two-lines/packet idea for better readability.

benpicco avatar Mar 11 '25 17:03 benpicco

Murdock results

:heavy_check_mark: PASSED

f68f3c44683015b2a9ddcab37eeec9d02ca7a696 fixup! fixup! fixup! fixup! fixup! fixup! gnrc_pktshark: add new module to pretty-print network traffic

Success Failures Total Runtime
10932 0 10932 11m:43s

Artifacts

riot-ci avatar Apr 03 '25 12:04 riot-ci