Bug 1464395
Summary: | RFE: AF_VSOCK support in Wireshark | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Stefan Hajnoczi <stefanha> | ||||||
Component: | wireshark | Assignee: | Michal Ruprich <mruprich> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Karel Volný <kvolny> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 7.5 | CC: | areis, kdreyer, lmiksik, mruprich, mtessun, omoris, psklenar, stefanha, thozza | ||||||
Target Milestone: | rc | Keywords: | FutureFeature, Patch | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | wireshark-1.10.14-16.el7 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2018-10-30 09:35:53 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1290760, 1464362, 1470219 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Stefan Hajnoczi
2017-06-23 10:45:14 UTC
The following patches are required from upstream: $ git log --oneline epan/dissectors/packet-vsock.c 73d9550 vsock: add missing vsockmon header reserved field 41415aa vsock: add WTAP_ENCAP_VSOCK constant e2f36ef vsock: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang 55069da Add vSocket dissector Created attachment 1299894 [details]
Example AF_VSOCK packet capture file
I have attached an example AF_VSOCK packet capture file. Use this to test the Wireshark dissector.
Upon opening the file in Wireshark you should see the following Op: RW frames (among other frames):
No 3, 3->host, Payload: Hello\n
No 5, 3->host, Payload: World\n
No 7, host->3, Payload: Hi :-)\n
Created attachment 1453246 [details]
Packet capture taken using tshark
(In reply to Michal Ruprich from comment #17) > (In reply to Stefan Hajnoczi from comment #3) > > The following patches are required from upstream: > > > > $ git log --oneline epan/dissectors/packet-vsock.c > > 73d9550 vsock: add missing vsockmon header reserved field > > 41415aa vsock: add WTAP_ENCAP_VSOCK constant > > e2f36ef vsock: Fix Dead Store (Dead assignement/Dead increment) Warning > > found by Clang > > 55069da Add vSocket dissector > > I created a patch from these commits but it needed some more work, because a > lot of functions are either missing or are a bit different. > > Stefan, the output of tshark now looks good but I am concerned with > capturing. Do you have the means to use this older package and try to > capture some vsock communication with it? Then try to print it out? > > Here is a scratch build: > https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16766863 Tested-by: Stefan Hajnoczi <stefanha> I ran it inside a RHEL 7.5 guest: # ip link add vsockmon0 type vsockmon # ip link set vsockmon0 up # tshark -w /tmp/vsock.pcapng -i vsockmon0 I've attached the pcap file. It contains a single SOCK_STREAM connection where "Hello" and "world" were sent between the server and client. tshark printed the conversation correctly: 1 0.000000000 3 -> host vSocket 76 [Connect] Virtio: Stream, Op: Request, Buf alloc: 262144, Fwd cnt: 0 2 0.000107936 host -> 3 vSocket 76 [Connect] Virtio: Stream, Op: Response, Buf alloc: 262144, Fwd cnt: 0 3 2.799236146 3 -> host vSocket 82 [Payload] Virtio: Stream, Op: RW, Buf alloc: 262144, Fwd cnt: 0 4 2.799666678 host -> 3 vSocket 76 [Control] Virtio: Stream, Op: Credit update, Buf alloc: 262144, Fwd cnt: 6 5 4.949114581 host -> 3 vSocket 82 [Payload] Virtio: Stream, Op: RW, Buf alloc: 262144, Fwd cnt: 6 6 4.949296138 3 -> host vSocket 76 [Control] Virtio: Stream, Op: Credit update, Buf alloc: 262144, Fwd cnt: 6 7 9.149629676 3 -> host vSocket 76 [Disconnect] Virtio: Stream, Op: Shutdown, Buf alloc: 262144, Fwd cnt: 6 8 9.149849352 host -> 3 vSocket 76 [Disconnect] Virtio: Stream, Op: Rst, Buf alloc: 262144, Fwd cnt: 6 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3089 |