Wireshark-bugs: [Wireshark-bugs] [Bug 12623] New: Add vSocket dissector support

Date: Fri, 15 Jul 2016 16:41:02 +0000
Bug ID 12623
Summary Add vSocket dissector support
Product Wireshark
Version unspecified
Hardware x86
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 14735 [details]
vSocket pcap

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Virtual sockets AF_VSOCK are used for guest<->hypervisor communication. Right
now the mainline linux kernel has support for AF_VSOCK sockets that make use of
the vmware VMCI transport and there is an ongoing effort to include support for
the VIRTIO transport which is used by the QEMU virtualizer.

Simultaneously, we are implementing a virtual network device called vsockmon
that exposes this traffic to user space.

We are still in process of integrating the vsockmon device into the linux
kernel (http://marc.info/?l=linux-netdev&m=146661193816961&w=2) but once merged
we would like wireshark and tcpdump
(http://lists.sandelman.ca/pipermail/tcpdump-workers/2016-June/000546.html) to
support it.

The vsockmon header definition can be found in
https://github.com/GerardGarcia/linux/blob/vsockmon/include/uapi/linux/vsockmon.h

Pcap file attached.


You are receiving this mail because:
  • You are watching all bug changes.