[libvirt] [PATCH v3 1/2] Introduce Libvirt Wireshark dissector

Michal Privoznik mprivozn at redhat.com
Mon Sep 30 14:40:48 UTC 2013 

On 30.09.2013 14:15, Yuto KAWAMURA(kawamuray) wrote:
> From: "Yuto KAWAMURA(kawamuray)" <kawamuray.dadada at gmail.com>
> 
> Introduce Wireshark dissector plugin which adds support to Wireshark
> for dissecting libvirt RPC protocol.
> Added following files to build Wireshark dissector from libvirt source
> tree.
> * tools/wireshark/*: Source tree of Wireshark dissector plugin.
> 
> Added followings to configure.ac or Makefile.am.
> configure.ac
> * --with-wireshark-dissector: Enable support for building Wireshark
>   dissector.
> * --with-ws-plugindir: Specify wireshark plugin directory that dissector
>   will installed.
> * Added tools/wireshark/{Makefile,src/Makefile} to  AC_CONFIG_FILES.
> Makefile.am
> * Added tools/wireshark/ to SUBDIR.
> ---
>  Makefile.am                             |    3 +-
>  cfg.mk                                  |    8 +-
>  configure.ac                            |   72 ++-
>  tools/wireshark/Makefile.am             |   29 +
>  tools/wireshark/README.md               |   31 +
>  tools/wireshark/src/.gitignore          |    4 +
>  tools/wireshark/src/Makefile.am         |   42 ++
>  tools/wireshark/src/packet-libvirt.c    |  512 ++++++++++++++++
>  tools/wireshark/src/packet-libvirt.h    |  128 ++++
>  tools/wireshark/util/genxdrstub.pl      | 1009 +++++++++++++++++++++++++++++++
>  tools/wireshark/util/make-dissector-reg |  198 ++++++
>  11 files changed, 2030 insertions(+), 6 deletions(-)
>  create mode 100644 tools/wireshark/Makefile.am
>  create mode 100644 tools/wireshark/README.md
>  create mode 100644 tools/wireshark/src/.gitignore
>  create mode 100644 tools/wireshark/src/Makefile.am
>  create mode 100644 tools/wireshark/src/packet-libvirt.c
>  create mode 100644 tools/wireshark/src/packet-libvirt.h
>  create mode 100755 tools/wireshark/util/genxdrstub.pl
>  create mode 100755 tools/wireshark/util/make-dissector-reg

I think we want tools/wireshark/src/.gitignore merged to global
$(srcdir)/.gitignore.

Moreover, I've noticed a strange behavior when dissecting some strings.
Try to dissect an opening sequence. The client calls CONNECT_OPEN
function with 2 arguments:

libvirt.remote_connect_open_args.name
libvirt.remote_connect_open_args.flags

While @flags are correctly dissected, the @name isn't. For example,
while executing "virsh -c qemu+tcp:///system list" I got this:

0000   00 00 00 38 20 00 80 86 00 00 00 01 00 00 00 01  ...8 ...........
0010   00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 01  ................
0020   00 00 00 0e 71 65 6d 75 3a 2f 2f 2f 73 79 73 74  ....qemu:///syst
0030   65 6d 00 00 00 00 00 00                          em......

where the @name is at 0x1c-10x1f  and @flags at 0x20-0x24. However, some
strings are still dissected correctly

And when running 'virsh domfstrim $dom' I've encountered:

[Dissector bug, protocol libvirt: proto.c:2541: failed assertion
"hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ"]

Besides this I like this approach the most and once you solve the string
dissecting bugs I will give you my ACK.

Michal

More information about the libvir-list mailing list