Re: [libvirt] Feature Request: sniff a virtual interface of a guest

Hi Dave,

I'm using libvirt for quite a while but I'm relatively new to the code.
So thank you for your hints. I will have a look at the streaming api this week.


On 27.01.2012 15:39, Dave Allan wrote:
On Fri, Jan 27, 2012 at 09:28:21AM +0100, Hendrik Schwartke wrote:

there is currently no support for sniffing the network traffic of a virtual
nic, from local or remote. In some cases the debugging or monitoring of a guest
is therefore not as easy as it could be.

Although it's easy to start a network sniffer on the physical host, it requires
direct access to a shell and some knowledge of the current configuration of
the virtual networks.

I think it would be a great benefit for libvirt if network sniffing would be
possible out of the box.
Cool idea.

One idea would be to start a local tshark sniffing on the card and connect this
to a local socket. This could then be forwarded by ssh to a wireshark process
running on a desktop.
I would favor doing the minimum in libvirt side to specify a packet
filter and a start/stop of the packet mirror, and then let the user
consume the resulting packet stream however they want on the client.
Other people may have more concrete suggestions.

I created a feature request for that: https://bugzilla.redhat.com/show_bug.cgi?id=784893

Any thoughts or hints to implement that?
This seems like a good candidate for using libvirt's support for
streaming data, similar to consoles or screenshots.  Take a look
through the code for how those APIs are implemented for a guide.

I'm not sure how familiar you are with the libvirt code, so forgive me
if you already know this: if you start with tools/virsh.c you can see
how the virsh console and virsh screenshot commands call their
respective APIs and then how those APIs use libvirt's streams to
deliver the resulting data.


Hendrik Schwartke

