Re: [libvirt] Feature Request: sniff a virtual interface of a guest

On Fri, Jan 27, 2012 at 09:28:21AM +0100, Hendrik Schwartke wrote: > Hi, > > there is currently no support for sniffing the network traffic of a virtual > nic, from local or remote. In some cases the debugging or monitoring of a guest > is therefore not as easy as it could be. > > Although it's easy to start a network sniffer on the physical host, it requires > direct access to a shell and some knowledge of the current configuration of > the virtual networks. > > I think it would be a great benefit for libvirt if network sniffing would be > possible out of the box. Cool idea. > One idea would be to start a local tshark sniffing on the card and connect this > to a local socket. This could then be forwarded by ssh to a wireshark process > running on a desktop. I would favor doing the minimum in libvirt side to specify a packet filter and a start/stop of the packet mirror, and then let the user consume the resulting packet stream however they want on the client. Other people may have more concrete suggestions. > I created a feature request for that: https://bugzilla.redhat.com/show_bug.cgi?id=784893 > > Any thoughts or hints to implement that? This seems like a good candidate for using libvirt's support for streaming data, similar to consoles or screenshots. Take a look through the code for how those APIs are implemented for a guide. I'm not sure how familiar you are with the libvirt code, so forgive me if you already know this: if you start with tools/virsh.c you can see how the virsh console and virsh screenshot commands call their respective APIs and then how those APIs use libvirt's streams to deliver the resulting data. Dave > Hendrik Schwartke > > -- > libvir-list mailing list > libvir-list(a)redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list