[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] sniffing traffic between virtual machines
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] sniffing traffic between virtual machines |
|
Date: |
Thu, 19 Dec 2013 10:05:19 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Wed, Dec 18, 2013 at 01:53:56PM +0200, Alexander Binun wrote:
> We are trying to monitor the traffic (network packets etc) between VMs in
> KVM. We succeeded to get the address of the system call table (see
> http://syprog.blogspot.co.il/2011/10/hijack-linux-system-calls-part-iii.html)
> and intercept the system calls going through the kernel.
>
> In such a way we see ALL system calls (including those which were not
> initiated from within VMs).
You do not see guest system calls when you hook host system calls. You
only see host system calls (including those made by QEMU).
> How can we filter out the system calls not related to VMs ? What is your
> opinion regarding our approach ?
Maybe I'm missing context for this discussion but I wouldn't intercept
sytems calls in order to monitor VM network traffic.
You can monitor VM traffic using libpcap on the VM's tap interface on
the host. If you want fancier deep packet inspection, Open vSwitch
offers a flow-based interface so you can monitor just certain
conversations.
Stefan