GitXplorerGitXplorer
m

wireshark-plugin-rhcs

public
5 stars
3 forks
1 issues

Commits

List of commits on branch master.
Unverified
13859982398a73c378e4daf1e50f75bd4a477a63

Write about qdisk

mmasatake committed 11 years ago
Unverified
489f2045d548ee2d7ae9d0e85e567f4522d8e57e

Show node id on address line

mmasatake committed 11 years ago
Unverified
169f0fda7e2ce5208df0e51c7a5d90ab103faf26

update copyright notice

mmasatake committed 11 years ago
Unverified
adbd5ac821a0f12d9fddf27bdb6f93c2cb5ecd24

Trim whitespaces.

mmasatake committed 11 years ago
Unverified
3ef32f7cabcd38497ef7d0a1b3f532eefb198aec

Trim whitespaces.

mmasatake committed 11 years ago
Unverified
f271a7554ef6a89cc0c0fbd9ed43ce15388a9aa4

Move the comment about license again

mmasatake committed 11 years ago

README

The README file for this repository.

This is wireshark packet dissector for protocols used in RHCS.

I've written wireshark packet dissectors for higher level protocols of rhel5(cluster 2?)/rhel6(cluster 3) cluster. See screenshots/clvmd.png.

Coverage of the communications:

corosync_totemnet: Most of all but new encryption method.
  corosync_totemsrp: Maybe completed.
corosync_totempg: Needs more work for fragmentation handling.
  openais_cman: DONE.
    clvmd: DONE.
    rgmanager: Most of all but not completed.
    qdiskd(CLUSTER_PORT_QDISKD): done nothing yet. 
  openais_a: DONE.
    openais_cpg: DONE.
      groupd: DONE.
      fenced: DONE.
      dlm_controld: Needs much more work.
      gfs_controld: most of all but not completed.
    openais_evt: Needs much more work.
    openais_clm: Needs much more work.
    openais_ckpt: Needs much more work.
  flowcontrol: DONE.
  sync: DONE.
  sync2: DONE.

NOTE

This plugin doesn't be compiled well with svn version of wireshark. See [1] if you want to use this plugin with the svn version.

Background

Dissectors for the base protocols are already submmited as a patch to wireshark project[1]. However, it has not been included to the official source tree.

So that shooting the trouble about RHCS and understanding the protocols NOW, I provide the dissectors as a dynamic loadadble plugin. I assumed you are using Fedora-14.

A dissector for protocol used between ccsd is not built because the dissector uses tcp_dissect_pdus function. It is declared in wireshark/epan/dissectors/packet-tcp.h, however is is not included in wireshark-devel package[2].

Building & Installing

$ bash autogen.sh $ ./configure $ make $ make rpm $ sudo rpm -Uvh build/RPM//wireshark-plugin-rhcs.rpm

When updating wireshark itself, don't forget to rebuild and install wireshark-plugin-rhcs. The plugin is installed to the wireshark version specific directory. In stead of installing the plugin to the system directory, you can put it to ~/.wireshark/plugins.

Example captures

pcap/corosync-totemsrp--noencypted--2nodes.pcap pcap/corosync-totemsrp--key:example.com--3nodes.pcap

corosync-totemsrp--noencypted--2nodes.pcap: The packets in this file are not encrypted. So you can dissect the packets in this file with no special operation.

corosync-totemsrp--key:example.com--3nodes.pcap: The packets in this file are encrypted. So a key is needed to decrypt them. Open the Preferences dialog and choose COROSYNC/TOTEMNET in Protocols branch. You will see "Totemnet Layer of Corosync Cluster Engine" dialog. Give a key, "example.com" to "Private Keys" text field. Then push Apply or OK button. See screenshots/corosync_totemnet__pref.png.

You can specify the private key with command line, too:

wireshark  -o "corosync_totemnet.private_keys:${PRIVATE_KEY}"

If you don't specify key explicitly in cluster.conf, the name of cluster is used as key.

You can specify multiple keys with command line:

wireshark  -o "corosync_totemnet.private_keys:${PRIVATE_KEY0};${PRIVATE_KEY1}"

Semicolon is the separator here.

Reference

[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3232 [2] https://bugzilla.redhat.com/show_bug.cgi?id=662969

Contact

Masatake YAMATO yamato@redhat.com