Levandor

packet-capture-system

1 min read

Packet Capture System

Overview

Pcapng-based packet capture for railscale. Feature-gated behind feature flag in .

Architecture

  • Layer 1 (format.rs): Pure serialization helpers — , ,
  • Layer 2 (planned): — StreamDestination that writes pcapng files
  • Layer 3 (planned): — background writer with async channel

pcapng Block Format

All blocks: (little-endian)

BlockTypeTotal Length
SHB (Section Header)0x0A0D0D0A28
IDB (Interface Description)0x0000000120
EPB (Enhanced Packet)0x0000000632 + padded_data + options

EPB Details

  • Timestamp split into ts_high (upper 32 bits) and ts_low (lower 32 bits) of microsecond timestamp
  • Data padded to 4-byte boundary
  • Options: opt_comment (code=1) with value , padded to 4 bytes, then opt_endofopt (code=0, len=0)
  • link_type = 147 (LINKTYPE_USER0)

Files

  • — SHB/IDB/EPB serialization
  • — module root
  • — 3 tests (all passing)
  • Feature flag: in
  • :

Status

  • Task 1: pcapng binary format helpers
  • Task 2: PcapDestination
  • Task 3: CaptureHandle and background writer
  • Task 4: Integrate connection ID into PcapDestination
  • Task 5: Pipeline integration
  • Task 6: Consumer updates
  • Task 7: Integration test

Graph View