Bug 1464362 - RFE: AF_VSOCK support in libpcap
Summary: RFE: AF_VSOCK support in libpcap
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libpcap
Version: 7.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Michal Ruprich 🐧
QA Contact: FuXiangChun
Depends On: 1470219
Blocks: 1363787 1464390 1464395 1465928
TreeView+ depends on / blocked
Reported: 2017-06-23 09:01 UTC by Stefan Hajnoczi
Modified: 2018-04-10 10:08 UTC (History)
15 users (show)

Fixed In Version: libpcap-1.5.3-10.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-04-10 10:08:02 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2018:0694 None None None 2018-04-10 10:08:34 UTC

Description Stefan Hajnoczi 2017-06-23 09:01:19 UTC
The vsockmon kernel module offers packet capture for AF_VSOCK traffic sent between the host and virtualized KVM guests.  (It works in a similar way to the nlmon module for netlink packet capture.)

More info here:

I am working upstream to add AF_VSOCK support to the libpcap/tcpdump/wireshark stack so that users can analyze traffic for troubleshooting or during development.

The request for a pcap linktype assignment is here:

Upstream has not been responsive.  I am now trying to ping Guy Harris and Michael Richardson to see if we can make progress.  Any help would be appreciated!

Once the linktype is assigned I will submit the libpcap patch upstream.  That would need to be included in RHEL so that tcpdump/wireshark can capture AF_VSOCK packets.

Comment 3 Stefan Hajnoczi 2017-07-12 14:13:16 UTC
Patches posted upstream:

Comment 26 errata-xmlrpc 2018-04-10 10:08:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.