Add instructions for converting SCTP verbose log to pcap file.

This is pretty useful if you need to debug an SCTP issue. SCTP goes over DTLS, which is encrypted, which means you need a private key in order to decrypt a normal packet capture. We don't log this key, for understandable reasons. So the alternative is to turn on SCTP verbose logging, then turn the text log into a pcap file. NOTRY=True TBR=zhihuang@webrtc.org Bug: None Change-Id: If3380d7953ea829b3ae9945326d3c820ce7cc6a3 Reviewed-on: https://webrtc-review.googlesource.com/14561 Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org> Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org> Cr-Commit-Position: refs/heads/master@{#20380}
2017-10-22 16:09:34 -07:00 · 2017-10-22 16:09:34 -07:00 · 5526687dfc
commit 5526687dfc
parent cb423c43b0
1 changed files with 17 additions and 0 deletions
--- a/media/sctp/sctptransport.cc
+++ b/media/sctp/sctptransport.cc
@ -186,6 +186,23 @@ bool GetDataMediaType(PayloadProtocolIdentifier ppid,
 }

 // Log the packet in text2pcap format, if log level is at LS_VERBOSE.
+//
+// In order to turn these logs into a pcap file you can use, first filter the
+// "SCTP_PACKET" log lines:
+//
+//   cat chrome_debug.log | grep SCTP_PACKET > filtered.log
+//
+// Then run through text2pcap:
+//
+//   text2pcap -t "%H:%M:%S." -D -u 1024,1024 filtered.log filtered.pcap
+//
+// The value "1024" isn't important, we just need a port for the dummy UDP
+// headers generated. Lastly, you should be able to open filtered.pcap in
+// Wireshark, then right click a packet and "Decode As..." SCTP.
+//
+// Why do all this? Because SCTP goes over DTLS, which is encrypted. So just
+// getting a normal packet capture won't help you, unless you have the DTLS
+// keying material.
 void VerboseLogPacket(const void* data, size_t length, int direction) {
  if (LOG_CHECK_LEVEL(LS_VERBOSE) && length > 0) {
    char* dump_buf;