Wireshark does not capture dpdk interface packets

Question

I am trying to capture the data packets from dpdk interface. Using pdump+testpmd, able to capture the data packets. However, if Wireshark is used with testpmd, the above fails.

Any suggestions highly appreciated. Thanks

Working on Ubuntu v 18+, DPDK v 19+ Wireshark v 3+

Answer 1

As soon as you bind the physical interface from kernel to a DPDK driver (igb_uio, uio_pci_generic, vfio-pci) it becomes removed from kernel netdev for both Physical Function and Virtual Function. These NIC ports are accessible via UIO driver, and application like DPDK which has the PMD can probe and init the devices (with some exceptions).

If you want to use the port with Wireshark, unfortunately you have to bind it back to the kernel. You can also just capture packets to a .pcap file using DPDK and analyse it with Wireshark offline - if that fits your needs.

[EDIT-1] There are 2 ways to capture packets on UIO DPDK bind

1. make use of rte_pdump_init API in the primary (desired) DPDK application and use DPDK example dpdk-pdump to capture packets for RX or TX for desired queues.
2. Unbind the device from UIO and bind it back to kernel driver for netdev interface. start the DPDK rte_eal_init with special argument --vdev=net_pcap0,iface=[kernel nic interface instance]

Note: In option 2, one can run Wireshark and capture the packets too. But will lose out on performance and DPDK specific functionality.

Answer 2

The solution is to use the pdump application. As others mentioned, once your DPDK application takes ownership of the network card, the kernel will not see the packets, and tcpdump hooks will not be triggered. The documentation explains how to i) compile dpdk with support for pdump and pcap ii) enable your primary process - your application - to give packet information to a secondary process - the pdump sample application.

You can then use the generated pcap with wireshark.