README for tremashark
*********************

  Copyright (C) 2008-2012 NEC Corporation

  Copying and distribution of this file, with or without modification,
  are permitted in any medium without royalty provided the copyright
  notice and this notice are preserved. This file is offered as-is,
  without warranty of any kind.

What is tremashark?
===================

"tremashark" provides a wireshark (http://www.wireshark.org/) plugin and a
bridge between the Trema world and wireshark to display various events on
wireshark. You can monitor any IPC events among Trema modules, packets on
network interfaces/links, or log messages in realtime. It should be useful
for learning the Trema world and debugging your OpenFlow controller
applications.


How to build and install?
=========================

Pre-requirements
----------------

You need to download the source code of wireshark before you start to build
tremashark. We have tested with wireshark 1.4.4. Note that the package
"wireshark-dev" included in Ubuntu or Debian will not work for building the
wireshark plugin. You can get the source code from the following site:

  http://www.wireshark.org/download.html

Also, you may need to install several software packages.

  $ sudo apt-get install wireshark flex bison libgtkmm-2.4-dev

Build and install
-----------------

Before building tremashark, you should compile Trema (see INSTALL) first.
Then build the plugin as follows:

  $ cd [trema]/src/tremashark/plugin
  $ tar xvf /somewhere/wireshark-X.Y.Z.tar.bz2
  $ ln -s wireshark-X.Y.Z wireshark
  $ cd wireshark
  $ ./configure
  $ cd ../packet-trema
  $ make
  $ mkdir -p ~/.wireshark/plugins
  $ cp packet-trema.so ~/.wireshark/plugins
  $ cp ../user_dlts ~/.wireshark/


How to run?
===========

1. Add `use_tremashark' directive in your Trema configuration. e.g.,

  use_tremashark

  vswitch {
    datapath_id "0x1"
  }
  ...

2. Send SIGUSR2 to processes to be monitored by tremashark. e.g.,

  $ sudo kill -USR2 `cat tmp/pid/learning_switch.pid`
  $ sudo kill -USR2 `cat tmp/pid/switch.0x1.pid`

Known issue
===========

- Wireshark plugin would not correctly reassemble messages when plural
  fragments are on a single packet.