Wireshark mailing list archives
Re: Wireshark SCSI dissectors for new transports
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Tue, 28 Feb 2012 21:19:41 +1100
Hi Stefan.
Wireshark supports a lot more than just SCSI over iSCSI
It dissects SCSI over USB, FCOE, raw-FC, FCIP, iFCP (I never got
access to traces for mFCP :-( ) and also over NDMP.
I never got access to HyperSCSI traces either, so that is missing too.
Since I never got HyperSCSI or mFCP (very short-lived attempt from HBA
vendors) those two are the only ones today I think where we miss
decode.
virt-scsi from QEMU sounds interesting!
SCSI has a very well defined API in wireshark so assind a new
transport should be trivial.
I have done so several times.
First you need a DLT value from the tcpdump folks to wrap your packets in.
Once you have that it should be semi-trivial to hook the
SCSI-dissector into your transport/DLT
Depending on what the framing looks like, you need at least a wrapper
around the SCSI payload that can contain
an I_T identifier, then a LUN field, and then scoped per LUN you need
a task-tag or similar.
Wireshark would need I_T to be able to track initiators and targets
separately and form a "conversation" between an arbitrary pair.
A LUN identifier to track different luns on the same I_T separately.
Finally it also needs a task-tag so that on a specific ILT nexus it
will be able to match a SCSI CDB with DATA-IN/OUT blobs and a SCSI
response/sense
to make it map well you might need to wrap thing inside a
struct scsi_wrapper {
initiator identifier
target identifier
lun
task-tag
opcode (cdb, datain, dataout, response/sense)
scsi *
}
if your transport also supports multiple datain/out blobs for a single
task, in order to reassemble the data we would also need a
offset/length for each datain/out blob.
regards
ronnie sahlberg
On Tue, Feb 28, 2012 at 8:59 PM, Stefan Hajnoczi <stefanha () gmail com> wrote:
Wireshark today supports SCSI dissectors for iSCSI. In the QEMU system emulator we have an emulated SCSI target which handles devices for SCSI Parallel Interface (SPI), USB Mass Storage Device, and now supports the new virtio-scsi transport (for efficient virtual machine SCSI I/O). Cong and I would like to add pcap support to the emulated SCSI target in QEMU, making it easy to use Wireshark for SCSI debugging and analysis. I'm looking for advice on getting started because we are not familiar with Wireshark/dissector internals. I believe the SCSI dissector does not support raw CDB dissection - it requires a SCSI transport dissector (currently iSCSI). A few options come to mind: 1. Change the SCSI dissector to support top-level dissecting of raw SCSI CDBs without transport information (initiator, target, and other metadata). 2. Add virtio-scsi and perhaps SPI SCSI transport dissectors. 3. A simpler approach I'm missing? :) Suggestions appreciated. Stefan
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark SCSI dissectors for new transports Stefan Hajnoczi (Feb 28)
- Re: Wireshark SCSI dissectors for new transports ronnie sahlberg (Feb 28)
- Re: Wireshark SCSI dissectors for new transports Stefan Hajnoczi (Feb 28)
- Re: Wireshark SCSI dissectors for new transports ronnie sahlberg (Feb 28)