[mdlug] Sniffing scsi traffic to/from scsi device driven from a virtual machine
David Favro
mdlug at meta-dynamic.com
Mon Feb 5 23:16:38 EST 2007
greenproc wrote:
> My approach is to run windows on a vmware virtual machine, and then use a linux
> utility to watch the scsi bus. Which utility to use I'm not sure, and given the
> fact that I'm bound to have choices after doing some research, I'm hoping to get
> some feedback from anyone who may have useful suggestions.
>
Sounds like a good idea -- no hardware sniffer!
Did you try talking to the VMWare people to ask their recommendation? I
think that by far the best way would be a tool that works in tandem with
the virtual machine itself to monitor the existing "pseudo-device" that
it already creates. If VMWare doesn't have such a tool or wants too
much money for it, try a different virtual machine -- especially an
open-source one so that if it has no such tool, you can hook into the
source code to create one (or just add some printf()s to get what you
want). I'm not familiar with virtual-machine software, but I think I
heard that VirtualBox is open-source. Maybe also xen or qemu.
Alternately, look for a tool that does the same thing, but within the
kernel itself -- kernel-debugging in effect, as you said, but what you
want is a simple option to trace all/some of the SCSI commands, from the
SCSI driver, just as it sends/receives them from the hardware. I assume
that even closed-source VMs must eventually hand off the I/O to the
Linux drivers. Again, if no such tool exists, you could create one
(again, maybe just a few printk()s if you don't want too much work). It
might be a pain, but I'll bet you're not the only person who could make
use of it.
If not, I think that strace might work for certain VMs, it's a question
of getting the right filter figured out to separate what you want from
the "noise" -- but if the VM has a kernel-module component, especially a
closed-source one (and I think that most probably do), it could be
difficult to figure out what is really happening just from user<->kernel
traffic, but rather you might need to trace the calls that the
kernel-module makes. All things considered, I think that it's probably
easier to work with the VM rather than trying to reverse-engineer it.
I'm interested in what you finally come up with, so please post to the
list if you can.
Thanks,
David
More information about the mdlug
mailing list