ni...@lysator.liu.se (Niels Möller) writes:
[ I think the message I reply to got stuck in moderation, and has not
yet appeared on the list. ]
> I'm setting up a test network with qemu and vde. I would like to be able
> to sniff traffic by running tcpdump on the host machine, by attaching
> tcpdump to one of the ports of an emulated vde_switch. (I'll configure
> vde_switch it to act as hub rather thna a switch if that's needed; not
> sure if there are other ways, like a second attach to port I'm really
> interested in, or some port-replication feature as found in some other
> switches).
>
> I'd prefer to not have to route packets via some real network interfaces
> on the host computer, just to be able to sniff it.
>
> I've been searching for tools to do this, but I couldn't find anything.
> Ideally, I'd like to use something like vde_plug the-hub | tcpdump -r -,
> but vde_plug and tcpdump don't use the same format.
>
> I have looked briefly at the vde_pcapplug source code, but it appears it
> doesn't support pcap savefiles. I imagine it wouldn't be very hard to
> extend vde_pcapplug to be able to read and/or write pcap files, instead
> of working with a real network interface. But before I try that, I'd
> like to know if there's any other tool I should be using instead?
I've now hacked vde_pcapplug to be able to do this. The patch below
seems to work.
If no interface is specified, packets are dumped in
pcap format to stdout. Reading a save file from stdin is not
implemented.
Example usage:
./vde_pcapplug -s .vde-hubs/hub02 | tcpdump -r -
Regards,
/Niels
Line offsets in this patch may be a bit off, since I had to do a few
unrelated edits to get the file to compile outside of the vde tree, and
those changes are not included here. Also indentation changes are
excluded to reduce clutter, so one should reindent after applying the
patch.
diff --git a/vde_pcapplug.c b/vde_pcapplug.c
index 8045146..aef8f1c 100644
--- a/vde_pcapplug.c
+++ b/vde_pcapplug.c
@@ -68,6 +68,7 @@
static VDECONN *conn = NULL;
static pcap_t *pcap = NULL;
+static pcap_dumper_t *dumper = NULL;
char *prog;
int logok;
@@ -96,6 +97,8 @@ static void cleanup(void)
printlog(LOG_WARNING,"Couldn't remove pidfile '%s': %s",
pidfile, strerror(errno));
}
+ if (dumper)
+ pcap_dump_close(dumper);
if (pcap)
pcap_close(pcap);
if (conn)
@@ -155,7 +158,7 @@ static void setsighandlers()
struct pollfd
pollv[]={{0,POLLIN|POLLHUP},{0,POLLIN|POLLHUP},{0,POLLIN|POLLHUP}};
static void usage(void) {
- fprintf(stderr, "Usage: %s [OPTION]... interface\n\n", prog);
+ fprintf(stderr, "Usage: %s [OPTION]... [interface]\n\n", prog);
fprintf(stderr, " -p, --port=portnum Port number in the VDE
switch\n"
" -g, --group=group Group for the
socket\n"
" -m, --mode=mode Octal
mode for the socket\n"
@@ -359,12 +362,11 @@ int main(int argc, char **argv)
if (optind < argc)
ifname=argv[optind];
- else
- usage(); // implies exit
atexit(cleanup);
setsighandlers();
+ if (ifname) {
pcap = pcap_open_live(ifname, BUFSIZE, 1, 0, errbuf);
if (pcap == NULL) {
printlog(LOG_ERR, "Open %s: %s\n", ifname, errbuf);
@@ -380,8 +382,13 @@ int main(int argc, char **argv)
exit(1);
}
setup_fd(pcapfd);
-
pollv[0].fd=pcapfd;
+ }
+ else {
+ pcap = pcap_open_dead (DLT_EN10MB, BUFSIZE);
+ dumper = pcap_dump_open (pcap, "-");
+ pollv[0].fd=-1;
+ }
pollv[1].fd=vde_datafd(conn);
pollv[2].fd=vde_ctlfd(conn);
@@ -399,10 +406,18 @@ int main(int argc, char **argv)
nx=vde_recv(conn,bufin,sizeof(bufin),0);
if (nx<=0)
break;
+ if (dumper) {
+ struct pcap_pkthdr hdr;
+ gettimeofday (&hdr.ts, NULL);
+ hdr.len = hdr.caplen = nx;
+ pcap_dump ((void *) dumper, &hdr, bufin);
+ }
+ else if (ifname) {
nx = pcap_inject(pcap, bufin, nx);
if (nx<=0)
break;
}
}
+ }
return(0);
}
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
vde-users mailing list
vde-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vde-users
