Bug 1464362

Summary: RFE: AF_VSOCK support in libpcap
Product: Red Hat Enterprise Linux 7 Reporter: Stefan Hajnoczi <stefanha>
Component: libpcapAssignee: Michal Ruprich 🐧 <mruprich>
Status: CLOSED ERRATA QA Contact: FuXiangChun <xfu>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.5CC: areis, chayang, dschoenb, juzhang, kdreyer, lpol, michen, mtessun, psklenar, salmy, stefanha, thozza, todoleza, virt-bugs, xfu
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libpcap-1.5.3-10.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 10:08:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1470219    
Bug Blocks: 1363787, 1464390, 1464395, 1465928    

Description Stefan Hajnoczi 2017-06-23 09:01:19 UTC
The vsockmon kernel module offers packet capture for AF_VSOCK traffic sent between the host and virtualized KVM guests.  (It works in a similar way to the nlmon module for netlink packet capture.)

More info here:
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/vsockmon.h
  http://wiki.qemu.org/Features/VirtioVsock

I am working upstream to add AF_VSOCK support to the libpcap/tcpdump/wireshark stack so that users can analyze traffic for troubleshooting or during development.

The request for a pcap linktype assignment is here:
http://lists.sandelman.ca/pipermail/tcpdump-workers/2017-May/000772.html

Upstream has not been responsive.  I am now trying to ping Guy Harris and Michael Richardson to see if we can make progress.  Any help would be appreciated!

Once the linktype is assigned I will submit the libpcap patch upstream.  That would need to be included in RHEL so that tcpdump/wireshark can capture AF_VSOCK packets.

Comment 3 Stefan Hajnoczi 2017-07-12 14:13:16 UTC
Patches posted upstream:
https://github.com/the-tcpdump-group/libpcap/pull/594

Comment 26 errata-xmlrpc 2018-04-10 10:08:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0694