Hi Stefan.
Wireshark supports a lot more than just SCSI over iSCSI It dissects SCSI over USB, FCOE, raw-FC, FCIP, iFCP (I never got access to traces for mFCP :-( ) and also over NDMP. I never got access to HyperSCSI traces either, so that is missing too. Since I never got HyperSCSI or mFCP (very short-lived attempt from HBA vendors) those two are the only ones today I think where we miss decode. virt-scsi from QEMU sounds interesting! SCSI has a very well defined API in wireshark so assind a new transport should be trivial. I have done so several times. First you need a DLT value from the tcpdump folks to wrap your packets in. Once you have that it should be semi-trivial to hook the SCSI-dissector into your transport/DLT Depending on what the framing looks like, you need at least a wrapper around the SCSI payload that can contain an I_T identifier, then a LUN field, and then scoped per LUN you need a task-tag or similar. Wireshark would need I_T to be able to track initiators and targets separately and form a "conversation" between an arbitrary pair. A LUN identifier to track different luns on the same I_T separately. Finally it also needs a task-tag so that on a specific ILT nexus it will be able to match a SCSI CDB with DATA-IN/OUT blobs and a SCSI response/sense to make it map well you might need to wrap thing inside a struct scsi_wrapper { initiator identifier target identifier lun task-tag opcode (cdb, datain, dataout, response/sense) scsi * } if your transport also supports multiple datain/out blobs for a single task, in order to reassemble the data we would also need a offset/length for each datain/out blob. regards ronnie sahlberg On Tue, Feb 28, 2012 at 8:59 PM, Stefan Hajnoczi <stefa...@gmail.com> wrote: > Wireshark today supports SCSI dissectors for iSCSI. > > In the QEMU system emulator we have an emulated SCSI target which > handles devices for SCSI Parallel Interface (SPI), USB Mass Storage > Device, and now supports the new virtio-scsi transport (for efficient > virtual machine SCSI I/O). > > Cong and I would like to add pcap support to the emulated SCSI target > in QEMU, making it easy to use Wireshark for SCSI debugging and > analysis. I'm looking for advice on getting started because we are > not familiar with Wireshark/dissector internals. > > I believe the SCSI dissector does not support raw CDB dissection - it > requires a SCSI transport dissector (currently iSCSI). A few options > come to mind: > > 1. Change the SCSI dissector to support top-level dissecting of raw > SCSI CDBs without transport information (initiator, target, and other > metadata). > > 2. Add virtio-scsi and perhaps SPI SCSI transport dissectors. > > 3. A simpler approach I'm missing? :) > > Suggestions appreciated. > > Stefan