Wireshark mailing list archives
Re: Wireshark SCSI dissectors for new transports
From: Stefan Hajnoczi <stefanha () gmail com>
Date: Tue, 28 Feb 2012 10:55:36 +0000
On Tue, Feb 28, 2012 at 10:19 AM, ronnie sahlberg <ronniesahlberg () gmail com> wrote:
Since I never got HyperSCSI or mFCP (very short-lived attempt from HBA vendors) those two are the only ones today I think where we miss decode. virt-scsi from QEMU sounds interesting!
Great, thanks for your help.
First you need a DLT value from the tcpdump folks to wrap your packets in.
Okay, I am sending an email to request that.
Depending on what the framing looks like, you need at least a wrapper
around the SCSI payload that can contain
an I_T identifier, then a LUN field, and then scoped per LUN you need
a task-tag or similar.
Wireshark would need I_T to be able to track initiators and targets
separately and form a "conversation" between an arbitrary pair.
A LUN identifier to track different luns on the same I_T separately.
Finally it also needs a task-tag so that on a specific ILT nexus it
will be able to match a SCSI CDB with DATA-IN/OUT blobs and a SCSI
response/sense
to make it map well you might need to wrap thing inside a
struct scsi_wrapper {
initiator identifier
target identifier
lun
task-tag
opcode (cdb, datain, dataout, response/sense)
scsi *
}
if your transport also supports multiple datain/out blobs for a single
task, in order to reassemble the data we would also need a
offset/length for each datain/out blob.
All these things make sense, I think it will be pretty straightforward since virtio-scsi uses a simple header/footer for SCSI transport metadata including some of the things you've mentioned. I will post more information once we have the DLT. Stefan ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark SCSI dissectors for new transports Stefan Hajnoczi (Feb 28)
- Re: Wireshark SCSI dissectors for new transports ronnie sahlberg (Feb 28)
- Re: Wireshark SCSI dissectors for new transports Stefan Hajnoczi (Feb 28)
- Re: Wireshark SCSI dissectors for new transports ronnie sahlberg (Feb 28)