[libvirt] Feature Request: sniff a virtual interface of a guest

Hi, there is currently no support for sniffing the network traffic of a virtual nic, from local or remote. In some cases the debugging or monitoring of a guest is therefore not as easy as it could be. Although it's easy to start a network sniffer on the physical host, it requires direct access to a shell and some knowledge of the current configuration of the virtual networks. I think it would be a great benefit for libvirt if network sniffing would be possible out of the box. One idea would be to start a local tshark sniffing on the card and connect this to a local socket. This could then be forwarded by ssh to a wireshark process running on a desktop. I created a feature request for that: https://bugzilla.redhat.com/show_bug.cgi?id=784893 Any thoughts or hints to implement that? Hendrik Schwartke

On Fri, Jan 27, 2012 at 09:28:21AM +0100, Hendrik Schwartke wrote:
Hi,
there is currently no support for sniffing the network traffic of a virtual nic, from local or remote. In some cases the debugging or monitoring of a guest is therefore not as easy as it could be.
Although it's easy to start a network sniffer on the physical host, it requires direct access to a shell and some knowledge of the current configuration of the virtual networks.
I think it would be a great benefit for libvirt if network sniffing would be possible out of the box.
Cool idea.
One idea would be to start a local tshark sniffing on the card and connect this to a local socket. This could then be forwarded by ssh to a wireshark process running on a desktop.
I would favor doing the minimum in libvirt side to specify a packet filter and a start/stop of the packet mirror, and then let the user consume the resulting packet stream however they want on the client. Other people may have more concrete suggestions.
I created a feature request for that: https://bugzilla.redhat.com/show_bug.cgi?id=784893
Any thoughts or hints to implement that?
This seems like a good candidate for using libvirt's support for streaming data, similar to consoles or screenshots. Take a look through the code for how those APIs are implemented for a guide. I'm not sure how familiar you are with the libvirt code, so forgive me if you already know this: if you start with tools/virsh.c you can see how the virsh console and virsh screenshot commands call their respective APIs and then how those APIs use libvirt's streams to deliver the resulting data. Dave
Hendrik Schwartke
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Hi Dave, I'm using libvirt for quite a while but I'm relatively new to the code. So thank you for your hints. I will have a look at the streaming api this week. Thanks Hendrik On 27.01.2012 15:39, Dave Allan wrote:
On Fri, Jan 27, 2012 at 09:28:21AM +0100, Hendrik Schwartke wrote:
Hi,
there is currently no support for sniffing the network traffic of a virtual nic, from local or remote. In some cases the debugging or monitoring of a guest is therefore not as easy as it could be.
Although it's easy to start a network sniffer on the physical host, it requires direct access to a shell and some knowledge of the current configuration of the virtual networks.
I think it would be a great benefit for libvirt if network sniffing would be possible out of the box. Cool idea.
One idea would be to start a local tshark sniffing on the card and connect this to a local socket. This could then be forwarded by ssh to a wireshark process running on a desktop. I would favor doing the minimum in libvirt side to specify a packet filter and a start/stop of the packet mirror, and then let the user consume the resulting packet stream however they want on the client. Other people may have more concrete suggestions.
I created a feature request for that: https://bugzilla.redhat.com/show_bug.cgi?id=784893
Any thoughts or hints to implement that? This seems like a good candidate for using libvirt's support for streaming data, similar to consoles or screenshots. Take a look through the code for how those APIs are implemented for a guide.
I'm not sure how familiar you are with the libvirt code, so forgive me if you already know this: if you start with tools/virsh.c you can see how the virsh console and virsh screenshot commands call their respective APIs and then how those APIs use libvirt's streams to deliver the resulting data.
Dave
Hendrik Schwartke
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
participants (2)
-
Dave Allan
-
Hendrik Schwartke