Hi Stefan.
Wireshark supports a lot more than just SCSI over iSCSI
It dissects SCSI over USB, FCOE, raw-FC, FCIP, iFCP (I never got
access to traces for mFCP :-( ) and also over NDMP.
I never got access to HyperSCSI traces either, so that is missing too.
Since I never got HyperSCSI or mFCP (very short-lived attempt from HBA
vendors) those two are the only ones today I think where we miss
decode.
virt-scsi from QEMU sounds interesting!
SCSI has a very well defined API in wireshark so assind a new
transport should be trivial.
I have done so several times.
First you need a DLT value from the tcpdump folks to wrap your packets in.
Once you have that it should be semi-trivial to hook the
SCSI-dissector into your transport/DLT
Depending on what the framing looks like, you need at least a wrapper
around the SCSI payload that can contain
an I_T identifier, then a LUN field, and then scoped per LUN you need
a task-tag or similar.
Wireshark would need I_T to be able to track initiators and targets
separately and form a "conversation" between an arbitrary pair.
A LUN identifier to track different luns on the same I_T separately.
Finally it also needs a task-tag so that on a specific ILT nexus it
will be able to match a SCSI CDB with DATA-IN/OUT blobs and a SCSI
response/sense
to make it map well you might need to wrap thing inside a
struct scsi_wrapper {
initiator identifier
target identifier
lun
task-tag
opcode (cdb, datain, dataout, response/sense)
scsi *
}
if your transport also supports multiple datain/out blobs for a single
task, in order to reassemble the data we would also need a
offset/length for each datain/out blob.
regards
ronnie sahlberg
On Tue, Feb 28, 2012 at 8:59 PM, Stefan Hajnoczi <stefanha@xxxxxxxxx> wrote:
> Wireshark today supports SCSI dissectors for iSCSI.
>
> In the QEMU system emulator we have an emulated SCSI target which
> handles devices for SCSI Parallel Interface (SPI), USB Mass Storage
> Device, and now supports the new virtio-scsi transport (for efficient
> virtual machine SCSI I/O).
>
> Cong and I would like to add pcap support to the emulated SCSI target
> in QEMU, making it easy to use Wireshark for SCSI debugging and
> analysis. I'm looking for advice on getting started because we are
> not familiar with Wireshark/dissector internals.
>
> I believe the SCSI dissector does not support raw CDB dissection - it
> requires a SCSI transport dissector (currently iSCSI). A few options
> come to mind:
>
> 1. Change the SCSI dissector to support top-level dissecting of raw
> SCSI CDBs without transport information (initiator, target, and other
> metadata).
>
> 2. Add virtio-scsi and perhaps SPI SCSI transport dissectors.
>
> 3. A simpler approach I'm missing? :)
>
> Suggestions appreciated.
>
> Stefan
