DescriptionStefan Hajnoczi
2017-06-23 09:01:19 UTC
The vsockmon kernel module offers packet capture for AF_VSOCK traffic sent between the host and virtualized KVM guests. (It works in a similar way to the nlmon module for netlink packet capture.)
More info here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/vsockmon.hhttp://wiki.qemu.org/Features/VirtioVsock
I am working upstream to add AF_VSOCK support to the libpcap/tcpdump/wireshark stack so that users can analyze traffic for troubleshooting or during development.
The request for a pcap linktype assignment is here:
http://lists.sandelman.ca/pipermail/tcpdump-workers/2017-May/000772.html
Upstream has not been responsive. I am now trying to ping Guy Harris and Michael Richardson to see if we can make progress. Any help would be appreciated!
Once the linktype is assigned I will submit the libpcap patch upstream. That would need to be included in RHEL so that tcpdump/wireshark can capture AF_VSOCK packets.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2018:0694