masatake/wireshark-plugin-rhcs
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This is wireshark packet dissector for protocols used in RHCS. I've written wireshark packet dissectors for higher level protocols of rhel5(cluster 2?)/rhel6(cluster 3) cluster. See screenshots/clvmd.png. Coverage of the communications: corosync_totemnet: Most of all but new encryption method. corosync_totemsrp: Maybe completed. corosync_totempg: Needs more work for fragmentation handling. openais_cman: DONE. clvmd: DONE. rgmanager: Most of all but not completed. qdiskd(CLUSTER_PORT_QDISKD): done nothing yet. openais_a: DONE. openais_cpg: DONE. groupd: DONE. fenced: DONE. dlm_controld: Needs much more work. gfs_controld: most of all but not completed. openais_evt: Needs much more work. openais_clm: Needs much more work. openais_ckpt: Needs much more work. flowcontrol: DONE. sync: DONE. sync2: DONE. NOTE ---------- This plugin doesn't be compiled well with svn version of wireshark. See [1] if you want to use this plugin with the svn version. Background ---------- Dissectors for the base protocols are already submmited as a patch to wireshark project[1]. However, it has not been included to the official source tree. So that shooting the trouble about RHCS and understanding the protocols NOW, I provide the dissectors as a dynamic loadadble plugin. I assumed you are using Fedora-14. A dissector for protocol used between ccsd is not built because the dissector uses tcp_dissect_pdus function. It is declared in wireshark/epan/dissectors/packet-tcp.h, however is is not included in wireshark-devel package[2]. Building & Installing ---------------------- $ bash autogen.sh $ ./configure $ make $ make rpm $ sudo rpm -Uvh build/RPM/*/wireshark-plugin-rhcs*.rpm When updating wireshark itself, don't forget to rebuild and install wireshark-plugin-rhcs. The plugin is installed to the wireshark version specific directory. In stead of installing the plugin to the system directory, you can put it to ~/.wireshark/plugins. Example captures ------------------ pcap/corosync-totemsrp--noencypted--2nodes.pcap pcap/corosync-totemsrp--key:example.com--3nodes.pcap corosync-totemsrp--noencypted--2nodes.pcap: The packets in this file are not encrypted. So you can dissect the packets in this file with no special operation. corosync-totemsrp--key:example.com--3nodes.pcap: The packets in this file are encrypted. So a key is needed to decrypt them. Open the Preferences dialog and choose COROSYNC/TOTEMNET in Protocols branch. You will see "Totemnet Layer of Corosync Cluster Engine" dialog. Give a key, "example.com" to "Private Keys" text field. Then push Apply or OK button. See screenshots/corosync_totemnet__pref.png. You can specify the private key with command line, too: wireshark -o "corosync_totemnet.private_keys:${PRIVATE_KEY}" If you don't specify key explicitly in cluster.conf, the name of cluster is used as key. You can specify multiple keys with command line: wireshark -o "corosync_totemnet.private_keys:${PRIVATE_KEY0};${PRIVATE_KEY1}" Semicolon is the separator here. Reference --------- [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3232 [2] https://bugzilla.redhat.com/show_bug.cgi?id=662969 Contact -------- Masatake YAMATO <yamato@redhat.com>
About
wireshark packet dissector for protocols used in RHCS
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published