FFShark is a hardware network debugging tool developed by J.C. Vega and M.A. Merlini at the University of Toronto through P. Chow’s research group. It can be used in high speed data centers capable of 100G speeds, that is, running at 100 Gbit/s. Our project connects FFShark to the industry standard Wireshark network debugging/analyzer tool.

ffshark_c_lang_drivers Set of C drivers to allow interfacing Wireshark with FFShark. These drivers are an alternative to the python drivers of ffshark_read_packets.py and ffshark_send_packets.py. These C drivers perform much faster than the python drivers, thus further optimizations and improvements should be carried on with the C drivers. Find out more in the README in the ffshark_c_lang_drivers directory.

ffshark_read_packets.py Reads packets from FFShark. It then outputs packets into PCAP format so that packets can be displayed on Wireshark. It can also take in filtering instructions for Wireshark as user arguments. Use the --help option to see more about it.

ffshark_send_packets.py Sends test packets to ffshark. User must provide a directory of packet text files as argument. The script will then randomly select packets from this directory to send to ffshark. Use the --help option to see more about it.

test_packets.py is used to generate "random" packets. These packets can be stored in a directory, then sent to FFShark with ffshark_send_packets.py for testing. Running it with the --help option will provide details on all arguments that can be provided.

sendfilter.c Configures filtering instruction into FFShark. Was used to generate sendfilter. Run gcc -o sendfilter sendfilter.c -lpcap to regenerate sendfilter after any changes.

sendfilter an exe that programs FFShark with a filter. Requires a .bpf file as input.

compilefilt.c uses pcap library to compile filtering instructions into raw bpf filter. This was taken from https://github.com/UofT-HPRC/fpga-bpf/tree/main/utilities/compilefilt. This script currently outputs generated bpf instructions into the terminal. These outputs may need to be disabled to avoid interference of pcap packet transaction through sshdump. Run gcc -o compilefilt compilefilt.c -lpcap to regenerate compilefilt after any changes.

compilefilt an exe that compiles a PCAP filter.

compile_and_send_filter.py takes a filtering instruction, compiles it and sends the bpf compiled instructions to FFShark to be configured. Uses compilefilt and sendfilt to compile and send the filter respectively. This is called by ffshark_read_packets.py to allow users to set the packet filter on Wireshark.

acceptall.bpf used to reset FFshark filter to accept all packets.

This method gets about 81kbps (kilobits per second) with locking but no contention.

1. Ensure no one else using mpsoc
2. On MPSoC,

sudo su
set_clocks 100
program ffshark_fifo.bin
exit

3. On MPSoC, send in packets python3 ffshark_send_packets.py --packets-directory sample_packets/multiple_8 --num-packets 100
4. On sshdump interface in Wireshark, set capture command to python3 /home/savi/alex/FFShark_Wireshark_Integration/ffshark_read_packets.py. Can also add a filter like python3 /home/savi/alex/FFShark_Wireshark_Integration/ffshark_read_packets.py --capture-filter=udp or set to "tcp".
5. Once done using MPSoC, send message in Slack to say done using.

This method gets about 35Mbps (megabits per second) without any locking.

1. Ensure no one else using mpsoc
2. On MPSoC,

sudo su
set_clocks 100
program ffshark_fifo.bin
exit

3. cd ffshark_c_lang_drivers
4. Run make to compile.
5. On MPSoC, send in packets ./ffshark_send_packets --directory ../sample_packets/multiple_8 --num-packets 5.
6. On sshdump interface in Wireshark, set capture command to /home/savi/alex/FFShark_Wireshark_Integration/ffshark_c_lang_drivers/ffshark_read_packets
7. Once done using MPSoC, send message in Slack to say done using.

1. Run ffshark_send_packets.py with the --save-sent-packets option. E.g. python3 ffshark_send_packets.py --packets-directory sample_packets/multiple_8 --num-packets 100 --save-sent-packets "saved_packets.log"
2. On Wireshark, go to "File->Export Packet Dissections->As Plaintext". Then select "Bytes" as Packet Format and deselect the other two options.
3. Save this file. E.g. "received_packets.txt".
4. Copy over the sent file from MPSoC to the Wireshark machine. scp [email protected]:/home/savi/alex/FFShark_Wireshark_Integration/saved_packets.log saved_packets.log. If you need to find the location on savi, you can use realpath <file> and just copy that.
5. Run diff <(cat received_packets.txt | sed 's/ .*//g' | awk '{$1=""; print $0}' | sed 's/ //g') saved_packets.log. If no differences, you're guchi. This command just changes the formatting from the Wireshark file so it's the same as the output from the Python script.

Note, if we have out of order packets, this technique won't work anymore. We could run a sort beforehand though and then do the diff so we'll know all that data was still sent and received. For example, you could run diff <(cat received_packets.txt | sed 's/ .*//g' | awk '{$1=""; print $0}' | sed 's/ //g' | sort) <(sort saved_packets.log). However, our script seems to be too slow to go out of order.

If you need to debug, running, cat received_packets.txt | sed 's/ .*//g' | awk '{$1=""; print $0}' | sed 's/ //g' will be useful to get the same output format as saved_packets.log.

If you're trying to verify multiple separate bursts of sending in data, you'd have to save each one to a different file. Then in Wireshark, you need to select the packets to export that correspond to what you sent in and export a separate file for each.

• Need to optimize packet filtering throughput. Currently using AXI FIFO interface. Should try AXI DMA

• Getting Started Guide by Marco
• Running sshdump Guide
• FFShark Communication
• Research Doc