Hi everyone,
I would like to pitch an idea to improve network protocol debugging on Genode.
I value the verbosity option of the `nic_router` and the `nic_dump` components, but sometimes I'd like the ability delve deeper into packets, like I am used to with Wireshark. But extending the log based network debugging in Genode to reach that level of detail clearly doesn't make sense.
Another option is to introduce an intercepting `nic_tap` component that implements a bump-in-the-interface between a Nic client and a Nic server and duplicates all packets between the client and the server to a dedicated Nic tap interface. A Nic client connected to the Nic tap interface is presented with all network packets, both up- and downstream, of the intercepted Nic session.
The nic_tap is especially useful when running on real hardware. There are various ways to use the nic_tap. An obvious scenario is to setup an instance of VirtualBox with Linux and Wireshark that is routed to use the Nic tap. But it should also be possible to route the Nic tap to an external Nic interface (granted that you have a solution to tie two Nic clients together, but thatâs easy enough).
In my view the nic_tap would be a valuable and complementing addition to the set of Genode network debugging tools.
What do you think, would you benefit from such a component?
Hi Martijn,
I had considered doing this, but didn't find enought time. I did some research though. The 'pcapng' is the file format to use if you want compatibility with wireshark. It is also the same format that QEMU outputs when used with the '-nic dump,file=...' option. The spec is pretty easy to understand: https://github.com/pcapng/pcapng
I had started on a component, but I can't find any code. I don't remember getting very far, but I do remember using the pcapfix utility was helpful to see how bad my dumps were. http://f00l.de/pcapfix/
Cheers, Emery
On Thu, 5 Apr 2018 15:07:40 +0200 Martijn Verschoor <verschoor@...434...> wrote:
Hi everyone,
I would like to pitch an idea to improve network protocol debugging on Genode.
I value the verbosity option of the `nic_router` and the `nic_dump` components, but sometimes I'd like the ability delve deeper into packets, like I am used to with Wireshark. But extending the log based network debugging in Genode to reach that level of detail clearly doesn't make sense.
Another option is to introduce an intercepting `nic_tap` component that implements a bump-in-the-interface between a Nic client and a Nic server and duplicates all packets between the client and the server to a dedicated Nic tap interface. A Nic client connected to the Nic tap interface is presented with all network packets, both up- and downstream, of the intercepted Nic session.
The nic_tap is especially useful when running on real hardware. There are various ways to use the nic_tap. An obvious scenario is to setup an instance of VirtualBox with Linux and Wireshark that is routed to use the Nic tap. But it should also be possible to route the Nic tap to an external Nic interface (granted that you have a solution to tie two Nic clients together, but that’s easy enough).
In my view the nic_tap would be a valuable and complementing addition to the set of Genode network debugging tools.
What do you think, would you benefit from such a component?
Hi Emery,
Thanks for your suggestion to log the intercepted network packets in a pcap(ng) file. This could be a valuable extension to the nic_tap component.
I would recommend to use the proposed nic_tap component to deal with the interception and implement the pcap(ng) implementation in a dedicated component.
The proposed nic_tap component only duplicates intercepted packets to the 'tap' Nic client. Its purpose is to delegate further processing of the intercepted network packets to other components. For example to a guest running Linux and Wireshark, or to a component that writes pcap(ng) files to a storage location.
-
Emery Hemingway -
Martijn Verschoor