From: Gerard Garcia <ggar...@deic.uab.cat> Virtual sockets AF_VSOCK are used for guest<->hypervisor communication. Right now the mainline linux kernel has support for AF_VSOCK sockets that make use of the vmware VMCI transport and there is an ongoing effort to include support for the VIRTIO transport which is used by the QEMU virtualizer.
Simultaneously, we are implementig a virtual network device called vsockmon that exposes this traffic to user space. This patch adds printing support for the vsockmon traffic to tcpdump. We are still in process of integrating the vsockmon device into the linux kernel (http://lists.openwall.net/netdev/2016/05/28/18) so it is still possible that there are some small changes of the header, but if meanwhile we can get this code reviewd to ease the development of the final patch that would be great. This patch links the identifier DLT_USER0 to vsockmon traffic so it is necessary to link the header type ARPHRD_VSOCKMON to this identifier in libpcap: https://github.com/GerardGarcia/libpcap/tree/vsock. I understand that once the vosckmon code is merged into the mainline kernel we have to ask for an identifier in the mailing list. Additionally, to test the code it is necessary to have a kernel patched with virtio-vsock and vsockmon support, and to setup a QEMU virtual machine to be able generate traffic. The repository in https://github.com/GerardGarcia/linux/tree/vsock-next provides a patched kernel and a go.sh script that facilitates the setup, if anyone is interested in testing the code I can provide additional detailed instructions. To see which is the format of the printed messages I have uploaded a screenshot in http://imgur.com/7YrRHzJ Any comments will be greatly appreciated, thanks. Gerard Garcia (1): Add printing support for vsockmon devices. Makefile.in | 1 + netdissect.h | 1 + print-vsock.c | 211 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ print.c | 3 + 4 files changed, 216 insertions(+) create mode 100644 print-vsock.c -- 2.9.0 _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
