From: Kevin Cox <kevincox@kevincox.ca>
To: ceph-devel@vger.kernel.org
Subject: Wireshark Dissector and the Future
Date: Sun, 10 Aug 2014 08:22:32 -0400 [thread overview]
Message-ID: <53E76408.9050000@kevincox.ca> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
This summer as a GSOC project I have implemented a Wireshark dissector
for Ceph. It has been committed to Wireshark master and will be
available in the next release.
I have been talking with Sage and we have been identifying a couple of
next steps that need to be discussed about how the dissector will be
kept up to date and related issues.
Firstly there is the issue of the two existing dissectors sitting in the
Ceph tree. Neither compile with a modern Wireshark and the new one is
far more complete. The current plan is simply to delete them unless
anyone has objections or a better idea.
Secondly there is the issue of keeping the dissector up to date. The
way it is written it should be fairly resilient to new messages and
encodings but of course to be the most useful it would understand the
latest version of the protocol.
There is documentation coming to both the Ceph tree and the top of the
Wireshark dissector (both mostly written but uncommitted) describing how
to update the dissector. However we were wondering how updating the
dissector could become part of the regular workflow when updating Ceph.
I have a couple of ideas myself but wanted to pitch it to the community
to see what we could come up with in addition to my thoughts which are
below.
1. Make if part of the review process. "Hey, I noticed you updated the
encoding of 'x' could you update the wireshark dissector as well."
2. Create a "static analysis" tool to check for current encoding
versions and warn if they are newer then what is supported by the
dissector.
3. Run the network traffic of automated tests (such as teuthology)
through Wireshark and check the warnings/errors.
I think number 3 is particularly interesting because it can catch more
then encoding mismatches and possibly other errors in the traffic.
However it needs much more integration and requires that the new
encodings are properly tested (although they should be anyway).
I would appreciate ideas and feedback about how this can/should be
handled and integrated into the pipeline.
Cheers,
Kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iF4EAREIAAYFAlPnZAcACgkQwHWKOzTVLnTV/AD8D+ASjEYM4QEZY7LeP3hwFIaO
icK8icddehuxgqYL2qcA/jyHz8gKlQXu7uvjx/qHp0Crd3i8OohTyMbD2DkVMO/c
=Vzto
-----END PGP SIGNATURE-----
next reply other threads:[~2014-08-10 12:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-10 12:22 Kevin Cox [this message]
2014-08-21 16:15 ` Wireshark Dissector and the Future Gregory Farnum
2014-08-22 20:58 ` Kevin Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53E76408.9050000@kevincox.ca \
--to=kevincox@kevincox.ca \
--cc=ceph-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.