wireshark packet dissector for protocols used in RHCS
C Shell
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


This is wireshark packet dissector for protocols used in RHCS.

I've written wireshark packet dissectors for higher level protocols of
rhel5(cluster 2?)/rhel6(cluster 3) cluster.  See screenshots/clvmd.png.

Coverage of the communications:

    corosync_totemnet: Most of all but new encryption method.
      corosync_totemsrp: Maybe completed.
	corosync_totempg: Needs more work for fragmentation handling.
	  openais_cman: DONE.
	    clvmd: DONE.
	    rgmanager: Most of all but not completed.
	    qdiskd(CLUSTER_PORT_QDISKD): done nothing yet. 
	  openais_a: DONE.
	    openais_cpg: DONE.
	      groupd: DONE.
	      fenced: DONE.
	      dlm_controld: Needs much more work.
	      gfs_controld: most of all but not completed.
	    openais_evt: Needs much more work.
	    openais_clm: Needs much more work.
	    openais_ckpt: Needs much more work.
	  flowcontrol: DONE.
	  sync: DONE.
	  sync2: DONE.

This plugin doesn't be compiled well with svn version of wireshark.
See [1] if you want to use this plugin with the svn version.


Dissectors for the base protocols are already submmited as a patch to
wireshark project[1]. However, it has not been included to the official
source tree.

So that shooting the trouble about RHCS and understanding the
protocols NOW, I provide the dissectors as a dynamic loadadble plugin.
I assumed you are using Fedora-14. 

A dissector for protocol used between ccsd is not built because
the dissector uses tcp_dissect_pdus function.  It is declared in
wireshark/epan/dissectors/packet-tcp.h, however is is not included
in wireshark-devel package[2]. 

Building & Installing

   $ bash autogen.sh
   $ ./configure
   $ make
   $ make rpm
   $ sudo rpm -Uvh build/RPM/*/wireshark-plugin-rhcs*.rpm

When updating wireshark itself, don't forget to rebuild and install
wireshark-plugin-rhcs. The plugin is installed to the wireshark
version specific directory. In stead of installing the plugin
to the system directory, you can put it to ~/.wireshark/plugins.

Example captures

corosync-totemsrp--noencypted--2nodes.pcap: The packets in this file are not
encrypted. So you can dissect the packets in this file with no special

corosync-totemsrp--key:example.com--3nodes.pcap: The packets in this file are
encrypted. So a key is needed to decrypt them. Open the Preferences dialog and
choose COROSYNC/TOTEMNET in Protocols branch. You will see "Totemnet Layer of
Corosync Cluster Engine" dialog. Give a key, "example.com" to "Private Keys"
text field. Then push Apply or OK button.  See screenshots/corosync_totemnet__pref.png.

You can specify the private key with command line, too:

    wireshark  -o "corosync_totemnet.private_keys:${PRIVATE_KEY}"

If you don't specify key explicitly in cluster.conf, the name of cluster is used
as key.

You can specify multiple keys with command line:

    wireshark  -o "corosync_totemnet.private_keys:${PRIVATE_KEY0};${PRIVATE_KEY1}"

Semicolon is the separator here.

[1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3232
[2] https://bugzilla.redhat.com/show_bug.cgi?id=662969

Masatake YAMATO <yamato@redhat.com>