[libvirt] [RFC]Libvirt Wireshark Dissector

Daniel P. Berrange berrange at redhat.com
Thu Aug 29 12:02:59 UTC 2013 

On Thu, Aug 29, 2013 at 01:22:56AM +0900, Yuto KAWAMURA wrote:
> Hi libvirt developers,
> 
> I would like to ask you to review the dissector of libvirt RPC
> protocol which I've been developing on project of Google Summer of
> Code 2013[1][2][3].
> 
> It can add support for dissecting libvirt RPC protocol packet which
> communicate via TCP socket to Wireshark.
> 
> This feature was presented by Michal Privoznik year before last[4].
> But it did only support dissecting packet headers.
> This time I enhanced that dissector to support dissecting packet
> payload. Furthermore, I provide code generator of dissector. So you
> can get fresh build of dissector from libvirt RPC specification file
> at any version you like.
> 
> Now it is available to build and install dissector from repository[3].
> Only you need to do is:
> 
>     git clone https://github.com/kawamuray/libvirt-wireshark-dissector.git
>     cd libvirt-wireshark-dissector
>     autoreconf --install
>     ./configure && make
>     sudo make install
> 
> Above commands only install a single shared object: $(dirname `which
> wireshark`)/../lib/wireshark/plugins/<wireshark version>/libvirt.so .
> 
> After rebooting wireshark(or tshark), your wireshark have support for
> dissecting libvirt RPC packet.
> 
> Please make sure your libvirtd is listening on port 16509(default
> libvirtd port) and connect to libvirtd using TCP socket(e.g.
> qemu+tcp:///system).
> 
> You can also try the feature; generate dissector from your libvirt
> source tree by adding few options to ./configure.
> Please see README and ./configure --help output for more detail.
> 
> Please try and review it. Any comments, reviews and patches for
> dissector code, generator code and usability are welcome.

I tested it and managed to get it working in wireshark.

NB, there's a Fedora 19 wireshark bug preventing it building, but
that's easy to fix

  https://bugzilla.redhat.com/show_bug.cgi?id=1002517


What is your intention with this work long term. Do you want it to live
in a standalone project ? It seems to me that it would be better if we
had this code present in the main libvirt.git repository. Having it
separate means you have a manual task to update  the dissector every
time the RPC protocol changes. If we have it in main libvirt.git we can
make it automatically generate the dissector from our XDR files during
libvirt build.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list