Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
On Tuesday 11 December 2007, andrzej zaborowski wrote: > On 10/12/2007, Balazs Attila-Mihaly (Cd-MaN) <[EMAIL PROTECTED]> wrote: > > Here goes v0.2 for my patch :-) > > Changes > > - now the option is a separate command line switch: > > -net capture,vlan=2,file=test.pcap > > - it is also available from the monitor > > - added some more constants / defines to avoid repeating portions of the > > code > > Would it be possible to implement this as simply another vlan client > that does the logging in it's fd_read callback? I think this would be > cleaner, we would avoid the special case and an additional condition > check in every qemu_send_packet(). That's exactly what I was imagining when I suggested making it a -net option. Paul
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
On 10/12/2007, Balazs Attila-Mihaly (Cd-MaN) <[EMAIL PROTECTED]> wrote: > Here goes v0.2 for my patch :-) > Changes > - now the option is a separate command line switch: > -net capture,vlan=2,file=test.pcap > - it is also available from the monitor > - added some more constants / defines to avoid repeating portions of the code Would it be possible to implement this as simply another vlan client that does the logging in it's fd_read callback? I think this would be cleaner, we would avoid the special case and an additional condition check in every qemu_send_packet(). Regards
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Anthony Liguori wrote: > Balazs Attila-Mihaly (Cd-MaN) wrote: >> Here goes v0.2 for my patch :-) >> Changes >> - now the option is a separate command line switch: >> -net capture,vlan=2,file=test.pcap >> > > Is it really necessary/useful to specify this on the command line since it > can be controlled from the monitor? FWIW, I prefer to have symmetry between monitor and command line options (to help those use cases the programmer didn't think of). Thiemo
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Johannes Schindelin wrote: Hi, On Mon, 10 Dec 2007, Anthony Liguori wrote: Johannes Schindelin wrote: However, I have no problem maintaining my own fork. Much like I will do with VNC again, since I recently had to use QEmu via VNC and the artefacts are just horrible. I just sent a patch to the mailing list that should fix those artifacts. Let me know if it doesn't and I'll track down whatever the issue is. Unfortunately I am way overloaded with work right now, and cannot test. However, from your description it does not seem likely that it fixes the problem: AFAICT Kubuntu's installer does not us CGA or VMWare's VGA driver. I might be wrong, but I do not even have the time to test that. Were you using the alternate installer or the desktop installer? Kubuntu uses ubiquity which is the same as what Ubuntu uses. We've got Ubuntu in the kvm-test harness and I've done dozens of installs with it without any problems. kvm-test uses VNC and would be very sensitive to artifacts. What client were you using? Regards, Anthony Liguori Sorry, Dscho
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Hi, On Mon, 10 Dec 2007, Anthony Liguori wrote: > Johannes Schindelin wrote: > > > However, I have no problem maintaining my own fork. Much like I will > > do with VNC again, since I recently had to use QEmu via VNC and the > > artefacts are just horrible. > > I just sent a patch to the mailing list that should fix those artifacts. > Let me know if it doesn't and I'll track down whatever the issue is. Unfortunately I am way overloaded with work right now, and cannot test. However, from your description it does not seem likely that it fixes the problem: AFAICT Kubuntu's installer does not us CGA or VMWare's VGA driver. I might be wrong, but I do not even have the time to test that. Sorry, Dscho
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Hi Johannes, Johannes Schindelin wrote: Hi, However, I have no problem maintaining my own fork. Much like I will do with VNC again, since I recently had to use QEmu via VNC and the artefacts are just horrible. I just sent a patch to the mailing list that should fix those artifacts. Let me know if it doesn't and I'll track down whatever the issue is. Regards, Anthony Liguori Ciao, Dscho
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Hi, On Mon, 10 Dec 2007, Anthony Liguori wrote: > Johannes Schindelin wrote: > > > > On Mon, 10 Dec 2007, Anthony Liguori wrote: > > > > > > > Balazs Attila-Mihaly (Cd-MaN) wrote: > > > > > > > Here goes v0.2 for my patch :-) > > > > Changes > > > > - now the option is a separate command line switch: > > > > -net capture,vlan=2,file=test.pcap > > > > > > > Is it really necessary/useful to specify this on the command line > > > since it can be controlled from the monitor? > > > > > > > As was said in another mail, if you want to guarantee that _every_ > > packet is logged, the command line is the most convenient. > > > > Besides, if you get your monitor support, why do you care about > > command line support? > > > > It's just an issue of usability. If you don't have to expose something > two ways, then it's better not to. Okay, since you so nicely ask for it: I _want_ the command line option. I do not like having to type the same thing into the monitor every time I start QEmu. But I expressly do _not_ ask to scrap the monitor interface, even if I have no use for it. However, I have no problem maintaining my own fork. Much like I will do with VNC again, since I recently had to use QEmu via VNC and the artefacts are just horrible. Ciao, Dscho
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Johannes Schindelin wrote: Hi, On Mon, 10 Dec 2007, Anthony Liguori wrote: Balazs Attila-Mihaly (Cd-MaN) wrote: Here goes v0.2 for my patch :-) Changes - now the option is a separate command line switch: -net capture,vlan=2,file=test.pcap Is it really necessary/useful to specify this on the command line since it can be controlled from the monitor? As was said in another mail, if you want to guarantee that _every_ packet is logged, the command line is the most convenient. Besides, if you get your monitor support, why do you care about command line support? It's just an issue of usability. If you don't have to expose something two ways, then it's better not to. Regards, Anthony Liguori Ciao, Dscho
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
The use case I need it for is for honeypot-like systems. Ie. the system starts from a snapshot and accesses links / runs executables while observing the behaviour. For this use case it is the best if it is setable from the command line. ___ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Paul Brook wrote: On Monday 10 December 2007, Anthony Liguori wrote: Balazs Attila-Mihaly (Cd-MaN) wrote: Here goes v0.2 for my patch :-) Changes - now the option is a separate command line switch: -net capture,vlan=2,file=test.pcap Is it really necessary/useful to specify this on the command line since it can be controlled from the monitor? By that argument you could remove half the rest of the commandline options (e.g. the USB options). I was thinking about the use-case. For instance, you probably want to start and end the capture at specific times. I don't think the common case it trapping traffic for the entire duration the guest is running. Regards, Anthony Liguori I think it would be good to expose the whole -net functionality via the monitor, rather than have a special hack for -net monitor. Obviously some functionality would only be usable via the commandline (e.g. non-hotplug NICs) Paul
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
On Monday 10 December 2007, Anthony Liguori wrote: > Balazs Attila-Mihaly (Cd-MaN) wrote: > > Here goes v0.2 for my patch :-) > > Changes > > - now the option is a separate command line switch: > > -net capture,vlan=2,file=test.pcap > > Is it really necessary/useful to specify this on the command line since > it can be controlled from the monitor? By that argument you could remove half the rest of the commandline options (e.g. the USB options). I think it would be good to expose the whole -net functionality via the monitor, rather than have a special hack for -net monitor. Obviously some functionality would only be usable via the commandline (e.g. non-hotplug NICs). Paul
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Hi, On Mon, 10 Dec 2007, Anthony Liguori wrote: > Balazs Attila-Mihaly (Cd-MaN) wrote: > > Here goes v0.2 for my patch :-) > > Changes > > - now the option is a separate command line switch: > > -net capture,vlan=2,file=test.pcap > > > > Is it really necessary/useful to specify this on the command line since > it can be controlled from the monitor? As was said in another mail, if you want to guarantee that _every_ packet is logged, the command line is the most convenient. Besides, if you get your monitor support, why do you care about command line support? Ciao, Dscho
Re: [Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Balazs Attila-Mihaly (Cd-MaN) wrote: Here goes v0.2 for my patch :-) Changes - now the option is a separate command line switch: -net capture,vlan=2,file=test.pcap Is it really necessary/useful to specify this on the command line since it can be controlled from the monitor? Regards, Anthony Liguori - it is also available from the monitor - added some more constants / defines to avoid repeating portions of the code __ Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
[Qemu-devel] [PATCH] Capture network traffic to a tcpdump file - updated
Here goes v0.2 for my patch :-)
Changes
- now the option is a separate command line switch:
-net capture,vlan=2,file=test.pcap
- it is also available from the monitor
- added some more constants / defines to avoid repeating portions of the code
__
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
Index: vl.c
===
RCS file: /sources/qemu/qemu/vl.c,v
retrieving revision 1.377
diff -u -r1.377 vl.c
--- vl.c 6 Dec 2007 22:11:20 - 1.377
+++ vl.c 10 Dec 2007 10:28:35 -
@@ -237,6 +237,17 @@
static CPUState *next_cpu;
static int event_pending;
+/* File header which needs to be written at the start of each PCAP file*/
+static const PCAPHeader pcap_file_header = {
+0xa1b2c3d4,
+2,
+4,
+0,
+0,
+MAX_CAPTURED_PACKET_SIZE,
+1 /* Ethernet */
+};
+
#define TFR(expr) do { if ((expr) != -1) break; } while (errno == EINTR)
/***/
@@ -3588,6 +3599,8 @@
return NULL;
vlan->id = id;
vlan->next = NULL;
+vlan->pcap_fh = -1;
+vlan->last_packet_time = 0;
pvlan = &first_vlan;
while (*pvlan != NULL)
pvlan = &(*pvlan)->next;
@@ -3635,6 +3648,22 @@
{
VLANState *vlan = vc1->vlan;
VLANClientState *vc;
+
+if (vlan->pcap_fh >= 0) {
+vlan->packet_header.timestamp_sec = time(NULL);
+if (vlan->packet_header.timestamp_sec == vlan->last_packet_time) {
+if (vlan->packet_header.timestamp_usec < 100)
+ ++vlan->packet_header.timestamp_usec;
+} else {
+ vlan->packet_header.timestamp_usec = 0;
+ vlan->last_packet_time = vlan->packet_header.timestamp_sec;
+}
+
+vlan->packet_header.orig_len = size;
+vlan->packet_header.saved_len = (size > MAX_CAPTURED_PACKET_SIZE) ? MAX_CAPTURED_PACKET_SIZE : size;
+write(vlan->pcap_fh, &vlan->packet_header, sizeof(PCAPPacketHeader));
+write(vlan->pcap_fh, buf, vlan->packet_header.saved_len);
+}
#if 0
printf("vlan %d send:\n", vlan->id);
@@ -4641,7 +4670,8 @@
char device[64];
char buf[1024];
int vlan_id, ret;
-VLANState *vlan;
+VLANState *vlan;
+const char *capture_file_name;
p = str;
q = device;
@@ -4761,6 +4791,27 @@
}
vlan->nb_host_devs++;
} else
+if (!strcmp(device, "capture")) {
+if (vlan->pcap_fh >= 0) {
+ fprintf(stderr, "vlan %d has already a capture file defined! "
+ "Can't have multiple capture files for the same vlan\n", vlan->id);
+ return -1;
+}
+
+capture_file_name = DEFAULT_CAPTURE_FILENAME;
+if (get_param_value(buf, sizeof(buf), "file", p))
+capture_file_name = buf;
+
+vlan->pcap_fh = open(capture_file_name, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
+ if (vlan->pcap_fh < 0) {
+ fprintf(stderr, "Failed to open capture file \"%s\": %d\n", capture_file_name, errno);
+ return -1;
+ }
+
+ write(vlan->pcap_fh, &pcap_file_header, sizeof(pcap_file_header));
+
+ ret = 0;
+} else
{
fprintf(stderr, "Unknown network device: %s\n", device);
return -1;
@@ -4784,6 +4835,59 @@
}
}
+void do_net_capture (const char *path,
+int has_vlan, int vlan_id)
+{
+VLANState *vlan;
+
+vlan_id = (has_vlan) ? vlan_id : 0;
+vlan = qemu_find_vlan(vlan_id);
+if (!vlan) {
+term_printf("Failed to find vlan %d\n", vlan_id);
+return;
+}
+
+if (vlan->pcap_fh >= 0) {
+ term_printf("Vlan %d is already capturing!\n", vlan_id);
+ return;
+}
+
+vlan->pcap_fh = open(path, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
+ if (vlan->pcap_fh < 0) {
+ term_printf("Failed to open capture file \"%s\": %d\n", path, errno);
+ return;
+ }
+
+ vlan->last_packet_time = 0;
+ write(vlan->pcap_fh, &pcap_file_header, sizeof(pcap_file_header));
+}
+
+void do_stop_net_capture(int has_vlan, int vlan_id)
+{
+VLANState *vlan;
+
+if (has_vlan) {
+vlan = qemu_find_vlan(vlan_id);
+if (!vlan) {
+term_printf("Failed to find vlan %d\n", vlan_id);
+return;
+}
+
+if (vlan->pcap_fh < 0) {
+term_printf("Vlan %d is not capturing!\n", vlan_id);
+return;
+}
+
+close(vlan->pcap_fh);
+vlan->pcap_fh = -1;
+vlan->last_packet_time = 0;
+} else {
+for(vlan = first_vlan; vlan != NULL; vlan = vlan->next)
+if (vlan->pcap_fh >= 0)
+close(vlan->pcap_fh);
+}
+}
+
#define HD_ALIAS "file=\"%s\",index=%d,media=disk"
#ifdef TARGET_PPC
#define CDROM_ALIAS "index=1,media=cdrom"
