[libvirt] [PATCH] dissectors: Create dissector for Libvirt RPC
Michal Privoznik
mprivozn at redhat.com
Tue Oct 11 10:36:37 UTC 2011
On 11.10.2011 09:26, Daniel P. Berrange wrote:
> On Mon, Oct 10, 2011 at 11:54:16AM +0200, Michal Privoznik wrote:
>> This patch creates basic dissector for Libvirt RPC. The protocol
>> description can be found here:
>>
>> http://libvirt.org/internals/rpc.html
>>
>> Currently, only packet head dissecting is written. To fully dissect
>> packet payloads a more effort is needed, as each function has
>> different arguments (in general). However, this can be good
>> stepping stone for later expansion. Ideally, a script that
>> will generate this dissector from libvirt RPC file would be written.
>> ---
>>
>> Okay, this patch obviously belongs to wireshark mailing list,
>> but before I'll send it there, I guess we should decide if we
>> want it there. I mean there are 2 modes/ways for wireshark
>> dissectors:
>> 1) Place it into wireshark repo as many others.
>> Advantage: wireshark will be shipped with support for libvirt RPC
>> Disadvantage: wireshark will be shipped with support for libvirt RPC
>>
>> In other words, if you look at wireshark releases, they are not
>> as often as ours, so in the end, this dissector will be always one
>> or more step behind current libvirt. But many users will be able
>> to use it right after box open.
>>
>> 2) Dissector as plugin
>> Advantage: we can update it as often as we want
>> Disadvantage: users needs to install a plugin
>>
>> Personally, I prefer 2) as libvirt RPC is expanded pretty often,
>> and I expect this dissector to be used by libvirt developer mainly,
>> for who installing a plugin into wireshark can't be a real problem :)
>
> Yeah, option 2) is the one I'd like to see us focus on.
>
> As Dave says, if Wireshark want to include the libvirt plugin
> themselves too, that's great, but we need to make sure we ship
> one that is guarenteed up2date for it to be most useful to us.
>
Yeah, that would be nice, although I am not sure it is possible,
because we need to use different symbols then (at least). And I am not
sure how wireshark deals with 2 dissectors fighting for one tcp port.
I'll investigate further and keep you updated.
More information about the libvir-list
mailing list