This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot decode ROCEv2 traffic

0

Hi

I am using 2.3.0 (tried 2.2.3 also) and feeding it a capture file containing ROCEv2 traffic. But it is not able to decode those packets. Any idea how to do the same ?

Thanks Sumit

asked 04 Jan '17, 18:20

SumitGupta's gravatar image

SumitGupta
6112
accept rate: 0%

One Answer:

0

It would appear that Wireshark will dissect traffic as ROCE if:

  1. The EtherType is 0x8915 (ROCEv1)
  2. (or) if the UDP port is 4791* (or whatever you set the preference to) (this is for ROCEv2)

[*] In version 2.2.x and earlier the default UDP port number is 0 so you must set the preference to the right port number. Reference change 17971.

If one of those are true and it's still not working we'd need to see the capture file (you can put it someplace like Cloudshark or Dropbox).

answered 05 Jan '17, 05:50

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

edited 05 Jan '17, 06:10

Thanks. I have uploaded the pcap file to my google drive. Here is the link.

https://drive.google.com/file/d/0By0m-D3lG9uAMDJGZzd1Q3dxWmM/view?usp=sharing

Also in my case I do not see the "Infiniband" protocol in the wireshark->preferences ? I only see "Infiniband SDP". I am using the OSX version of wireshark.

Thanks Sumit

(05 Jan '17, 13:31) SumitGupta

[I converted your answer to a comment--this is a Q&A site, not a forum--see the FAQ.]

The only non-TCP traffic in that capture file (which I'm presuming is your ROCE traffic) is running over IPv4 with an IP protocol (ip.proto) of 254. That's not a standard way to transport ROCE (at least according to the Wikipedia article referenced in my answer).

Are you sure that's ROCE traffic? What kind of device is it? Do you know why they're using a non-standard way of transporting ROCE?

(05 Jan '17, 13:46) JeffMorriss ♦

Its a mellanox CX-4 adapter. I am running ib_send_lat on 2 mellanox adapters which are connected back to back. On the client side of ib_send_lat, I used the ethtool --set-priv_flag sniffer 1 to set the sniffing for mellanox adapter and then used tcpdump to capture the pcap file.

Sumit

(05 Jan '17, 14:00) SumitGupta

Oh, to answer your earlier question: the Infiniband dissector is known as IB in the preferences list. It took me a while to find that too.

It's still not clear to me why your RROCE is running directly over IPv4 rather than UDP. It wouldn't be hard to modify Wireshark do allow you to Decode-As that traffic as IB/RROCE but it would be nice to know how common it is or why it is like that.

(05 Jan '17, 18:24) JeffMorriss ♦

I submitted a change that will allow you to Decode-As this traffic as RROCE: you need to right-click on the traffic, choose Decode-As, and decode the IP Protocol as IB (Infiniband). You can pick up an automated build to try it out (just choose the latest file). The change will show up in Wireshark 2.4.0 which is expected in the summer.

(07 Jan '17, 10:46) JeffMorriss ♦