[libvirt] [RFC]Libvirt Wireshark Dissector

Fri Aug 30 09:50:14 UTC 2013

2013/8/29 Daniel P. Berrange <berrange at redhat.com>:
> On Thu, Aug 29, 2013 at 01:22:56AM +0900, Yuto KAWAMURA wrote:
>> Hi libvirt developers,
>>
>> I would like to ask you to review the dissector of libvirt RPC
>> protocol which I've been developing on project of Google Summer of
>> Code 2013[1][2][3].
>>
>> It can add support for dissecting libvirt RPC protocol packet which
>> communicate via TCP socket to Wireshark.
>>
>> This feature was presented by Michal Privoznik year before last[4].
>> But it did only support dissecting packet headers.
>> This time I enhanced that dissector to support dissecting packet
>> payload. Furthermore, I provide code generator of dissector. So you
>> can get fresh build of dissector from libvirt RPC specification file
>> at any version you like.
>>
>> Now it is available to build and install dissector from repository[3].
>> Only you need to do is:
>>
>>     git clone https://github.com/kawamuray/libvirt-wireshark-dissector.git
>>     cd libvirt-wireshark-dissector
>>     autoreconf --install
>>     ./configure && make
>>     sudo make install
>>
>> Above commands only install a single shared object: $(dirname `which
>> wireshark`)/../lib/wireshark/plugins/<wireshark version>/libvirt.so .
>>
>> After rebooting wireshark(or tshark), your wireshark have support for
>> dissecting libvirt RPC packet.
>>
>> Please make sure your libvirtd is listening on port 16509(default
>> libvirtd port) and connect to libvirtd using TCP socket(e.g.
>> qemu+tcp:///system).
>>
>> You can also try the feature; generate dissector from your libvirt
>> source tree by adding few options to ./configure.
>> Please see README and ./configure --help output for more detail.
>>
>> Please try and review it. Any comments, reviews and patches for
>> dissector code, generator code and usability are welcome.
>
> I tested it and managed to get it working in wireshark.
>

Thanks Daniel.

> NB, there's a Fedora 19 wireshark bug preventing it building, but
> that's easy to fix
>
>   https://bugzilla.redhat.com/show_bug.cgi?id=1002517
>
>

I didn't know this issue. I found another report of last month(
https://bugzilla.redhat.com/show_bug.cgi?id=981366 ).
Should I leave this issue or include ws_symbol_export.h in src/ and
add -Isrc/ to CPPFLAGS? Then people doesn't need to apply the patch.
Of course it is temporary aid until patch is applied to wireshark rpm.

> What is your intention with this work long term. Do you want it to live
> in a standalone project ? It seems to me that it would be better if we
> had this code present in the main libvirt.git repository. Having it
> separate means you have a manual task to update  the dissector every
> time the RPC protocol changes.

I have motivation to keep improving and maintaining for this project.
But I think merging dissector source tree to libvirt.git is the best
option for me and libvirt developers. Then dissector can be get
contribution from libvirt developers.
I and Michal already had discussed about this and I decided to send
patches which does create new directory
"devtools/wireshark-dissector/" in libvirt.git.

> If we have it in main libvirt.git we can
> make it automatically generate the dissector from our XDR files during
> libvirt build.

Well, this already can be done easily with util/genxdrdef.pl in
dissector repository, but yes, keeping dissector inside libvirt.git is
make it more easy and quick.

kawamuray