[tcpdump-workers] [RFC 1/1] Add printing support for vsockmon devices.

2016-06-20 Thread ggarcia 
From: Gerard Garcia 

---
 Makefile.in   |   1 +
 netdissect.h  |   1 +
 print-vsock.c | 211 ++
 print.c   |   3 +
 4 files changed, 216 insertions(+)
 create mode 100644 print-vsock.c

diff --git a/Makefile.in b/Makefile.in
index 4a97d87..90afeb6 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -225,6 +225,7 @@ LIBNETDISSECT_SRC=\
print-vjc.c \
print-vqp.c \
print-vrrp.c \
+   print-vsock.c \
print-vtp.c \
print-vxlan.c \
print-vxlan-gpe.c \
diff --git a/netdissect.h b/netdissect.h
index 1febc88..f45abce 100644
--- a/netdissect.h
+++ b/netdissect.h
@@ -435,6 +435,7 @@ extern u_int symantec_if_print IF_PRINTER_ARGS;
 extern u_int token_if_print IF_PRINTER_ARGS;
 extern u_int usb_linux_48_byte_print IF_PRINTER_ARGS;
 extern u_int usb_linux_64_byte_print IF_PRINTER_ARGS;
+extern u_int vsock_print IF_PRINTER_ARGS;
 
 /* The printer routines. */
 
diff --git a/print-vsock.c b/print-vsock.c
new file mode 100644
index 000..b8dbb6e
--- /dev/null
+++ b/print-vsock.c
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
+ * The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code distributions
+ * retain the above copyright notice and this paragraph in its entirety, (2)
+ * distributions including binary code include the above copyright notice and
+ * this paragraph in its entirety in the documentation or other materials
+ * provided with the distribution, and (3) all advertising materials mentioning
+ * features or use of this software display the following acknowledgement:
+ * ``This product includes software developed by the University of California,
+ * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+ * the University nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include 
+#include 
+
+#include "netdissect.h"
+#include "extract.h"
+
+static const char tstr[] = " [|vsock]";
+
+enum af_vsockmon_t {
+   AF_VSOCK_T_UNKNOWN = 0,
+   AF_VSOCK_T_NO_INFO = 1, /* No transport information */
+   AF_VSOCK_T_VIRTIO = 2,  /* Virtio transport header */
+};
+
+static const struct tok vsock_type[] = {
+{AF_VSOCK_T_UNKNOWN, "UNKNOWN"},
+{AF_VSOCK_T_NO_INFO, "NO_INFO"},
+{AF_VSOCK_T_VIRTIO, "VIRTIO"},
+   { 0, NULL }
+};
+
+enum af_vsockmon_op {
+   AF_VSOCK_OP_UNKNOWN = 0,
+   AF_VSOCK_OP_CONNECT = 1,
+   AF_VSOCK_OP_DISCONNECT = 2,
+   AF_VSOCK_OP_CONTROL = 3,
+   AF_VSOCK_OP_PAYLOAD = 4,
+};
+
+static const struct tok vsock_op[] = {
+{AF_VSOCK_OP_UNKNOWN, "UNKNOWN"},
+{AF_VSOCK_OP_CONNECT, "CONNECT"},
+{AF_VSOCK_OP_DISCONNECT, "DISCONNECT"},
+{AF_VSOCK_OP_CONTROL, "CONTROL"},
+{AF_VSOCK_OP_PAYLOAD, "PAYLOAD"},
+   { 0, NULL }
+};
+
+enum virtio_vsock_type {
+   VIRTIO_VSOCK_TYPE_STREAM = 1,
+};
+
+static const struct tok virtio_type[] = {
+{VIRTIO_VSOCK_TYPE_STREAM, "STREAM"},
+   { 0, NULL }
+};
+
+enum virtio_vsock_op {
+   VIRTIO_VSOCK_OP_INVALID = 0,
+   VIRTIO_VSOCK_OP_REQUEST = 1,
+   VIRTIO_VSOCK_OP_RESPONSE = 2,
+   VIRTIO_VSOCK_OP_RST = 3,
+   VIRTIO_VSOCK_OP_SHUTDOWN = 4,
+   VIRTIO_VSOCK_OP_RW = 5,
+   VIRTIO_VSOCK_OP_CREDIT_UPDATE = 6,
+   VIRTIO_VSOCK_OP_CREDIT_REQUEST = 7,
+};
+
+static const struct tok virtio_op[] = {
+{VIRTIO_VSOCK_OP_INVALID, "INVALID"},
+{VIRTIO_VSOCK_OP_REQUEST, "REQUEST"},
+{VIRTIO_VSOCK_OP_RESPONSE, "RESPNOSE"},
+{VIRTIO_VSOCK_OP_RST, "RST"},
+{VIRTIO_VSOCK_OP_SHUTDOWN, "SHUTDOWN"},
+{VIRTIO_VSOCK_OP_RW, "RW"},
+{VIRTIO_VSOCK_OP_CREDIT_UPDATE, "CREDIT UPDATE"},
+{VIRTIO_VSOCK_OP_CREDIT_REQUEST, "CREDIT REQUEST"},
+   { 0, NULL }
+};
+
+struct virtio_vsock_hdr {
+   uint64_tsrc_cid;
+   uint64_tdst_cid;
+   uint32_tsrc_port;
+   uint32_tdst_port;
+   uint32_tlen;
+   uint16_ttype;   /* enum virtio_vsock_type */
+   uint16_top; /* enum virtio_vsock_op */
+   uint32_tflags;
+   uint32_tbuf_alloc;
+   uint32_tfwd_cnt;
+};
+
+// Little-endian
+struct af_vsockmon_hdr {
+   uint64_t src_cid;
+   uint32_t src_port;
+   uint64_t dst_cid;
+   uint32_t dst_port;
+   uint16_t op;/* enum af_vsockmon_op */
+   uint16_t t; /* enum

[tcpdump-workers] [RFC 0/1] Add printing support for vsockmon devices.

2016-06-20 Thread ggarcia 
From: Gerard Garcia 

Virtual sockets AF_VSOCK are used for guest<->hypervisor communication. Right 
now the mainline linux kernel has support for AF_VSOCK sockets that make use of 
the vmware VMCI transport and there is an ongoing effort to include support for 
the VIRTIO transport which is used by the QEMU virtualizer.

Simultaneously, we are implementig a virtual network device called vsockmon 
that exposes this traffic to user space. This patch adds printing support for 
the vsockmon traffic to tcpdump.

We are still in process of integrating the vsockmon device into the linux 
kernel (http://lists.openwall.net/netdev/2016/05/28/18) so it is still possible 
that there are some small changes of the header, but if meanwhile we can get 
this code reviewd to ease the development of the final patch that would be 
great. 

This patch links the identifier DLT_USER0 to vsockmon traffic so it is 
necessary to link the header type ARPHRD_VSOCKMON to this identifier in 
libpcap: https://github.com/GerardGarcia/libpcap/tree/vsock. I understand that 
once the vosckmon code is merged into the mainline kernel we have to ask for an 
identifier in the mailing list.

Additionally, to test the code it is necessary to have a kernel patched with 
virtio-vsock and vsockmon support, and to setup a QEMU virtual machine to be 
able generate traffic. The repository in 
https://github.com/GerardGarcia/linux/tree/vsock-next provides a patched kernel 
and a go.sh script that facilitates the setup, if anyone is interested in 
testing the code I can provide additional detailed instructions.

To see which is the format of the printed messages I have uploaded a screenshot 
in http://imgur.com/7YrRHzJ

Any comments will be greatly appreciated, thanks.

Gerard Garcia (1):
  Add printing support for vsockmon devices.

 Makefile.in   |   1 +
 netdissect.h  |   1 +
 print-vsock.c | 211 ++
 print.c   |   3 +
 4 files changed, 216 insertions(+)
 create mode 100644 print-vsock.c

-- 
2.9.0

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers