Skip to content


Subversion checkout URL

You can clone with
Download ZIP
wireshark packet dissector for protocols used in RHCS
C Shell
Branch: master
Failed to load latest commit information.
pcap Added dlm3 capture file
pdml update master pdml files for testing
screenshots first commit
src first commit
README Write about qdisk Handle the if following two functions are not exported from libwiresh…


This is wireshark packet dissector for protocols used in RHCS.

I've written wireshark packet dissectors for higher level protocols of
rhel5(cluster 2?)/rhel6(cluster 3) cluster.  See screenshots/clvmd.png.

Coverage of the communications:

    corosync_totemnet: Most of all but new encryption method.
      corosync_totemsrp: Maybe completed.
	corosync_totempg: Needs more work for fragmentation handling.
	  openais_cman: DONE.
	    clvmd: DONE.
	    rgmanager: Most of all but not completed.
	    qdiskd(CLUSTER_PORT_QDISKD): done nothing yet. 
	  openais_a: DONE.
	    openais_cpg: DONE.
	      groupd: DONE.
	      fenced: DONE.
	      dlm_controld: Needs much more work.
	      gfs_controld: most of all but not completed.
	    openais_evt: Needs much more work.
	    openais_clm: Needs much more work.
	    openais_ckpt: Needs much more work.
	  flowcontrol: DONE.
	  sync: DONE.
	  sync2: DONE.

This plugin doesn't be compiled well with svn version of wireshark.
See [1] if you want to use this plugin with the svn version.


Dissectors for the base protocols are already submmited as a patch to
wireshark project[1]. However, it has not been included to the official
source tree.

So that shooting the trouble about RHCS and understanding the
protocols NOW, I provide the dissectors as a dynamic loadadble plugin.
I assumed you are using Fedora-14. 

A dissector for protocol used between ccsd is not built because
the dissector uses tcp_dissect_pdus function.  It is declared in
wireshark/epan/dissectors/packet-tcp.h, however is is not included
in wireshark-devel package[2]. 

Building & Installing

   $ bash
   $ ./configure
   $ make
   $ make rpm
   $ sudo rpm -Uvh build/RPM/*/wireshark-plugin-rhcs*.rpm

When updating wireshark itself, don't forget to rebuild and install
wireshark-plugin-rhcs. The plugin is installed to the wireshark
version specific directory. In stead of installing the plugin
to the system directory, you can put it to ~/.wireshark/plugins.

Example captures

corosync-totemsrp--noencypted--2nodes.pcap: The packets in this file are not
encrypted. So you can dissect the packets in this file with no special
operation. The packets in this file are
encrypted. So a key is needed to decrypt them. Open the Preferences dialog and
choose COROSYNC/TOTEMNET in Protocols branch. You will see "Totemnet Layer of
Corosync Cluster Engine" dialog. Give a key, "" to "Private Keys"
text field. Then push Apply or OK button.  See screenshots/corosync_totemnet__pref.png.

You can specify the private key with command line, too:

    wireshark  -o "corosync_totemnet.private_keys:${PRIVATE_KEY}"

If you don't specify key explicitly in cluster.conf, the name of cluster is used
as key.

You can specify multiple keys with command line:

    wireshark  -o "corosync_totemnet.private_keys:${PRIVATE_KEY0};${PRIVATE_KEY1}"

Semicolon is the separator here.


Masatake YAMATO <>
Something went wrong with that request. Please try again.