Bug 1464362 - RFE: AF_VSOCK support in libpcap
RFE: AF_VSOCK support in libpcap
Status: VERIFIED
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libpcap (Show other bugs)
7.5
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Michal Ruprich
FuXiangChun
: FutureFeature
Depends On: 1470219
Blocks: 1363787 1464390 1464395 1465928
  Show dependency treegraph
 
Reported: 2017-06-23 05:01 EDT by Stefan Hajnoczi
Modified: 2017-12-19 11:47 EST (History)
15 users (show)

See Also:
Fixed In Version: libpcap-1.5.3-10.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stefan Hajnoczi 2017-06-23 05:01:19 EDT
The vsockmon kernel module offers packet capture for AF_VSOCK traffic sent between the host and virtualized KVM guests.  (It works in a similar way to the nlmon module for netlink packet capture.)

More info here:
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/vsockmon.h
  http://wiki.qemu.org/Features/VirtioVsock

I am working upstream to add AF_VSOCK support to the libpcap/tcpdump/wireshark stack so that users can analyze traffic for troubleshooting or during development.

The request for a pcap linktype assignment is here:
http://lists.sandelman.ca/pipermail/tcpdump-workers/2017-May/000772.html

Upstream has not been responsive.  I am now trying to ping Guy Harris and Michael Richardson to see if we can make progress.  Any help would be appreciated!

Once the linktype is assigned I will submit the libpcap patch upstream.  That would need to be included in RHEL so that tcpdump/wireshark can capture AF_VSOCK packets.
Comment 3 Stefan Hajnoczi 2017-07-12 10:13:16 EDT
Patches posted upstream:
https://github.com/the-tcpdump-group/libpcap/pull/594

Note You need to log in before you can comment on or make changes to this bug.