Sunday, May 27, 2012

Gluster support for Wireshark is maturing!

A lot of changes were committed recently to the gluster-wireshark repository. A lot of effort was put into the details (click on the image to enlarge):

  • UUIDs and GFIDs are now displayed as 4-2-2-2-6 bytes
  • flags for OPEN, CREATE etc are now shown in detail
  • mode/umask permissions are now shown in detail
  • dictionaries are displayed more user friendly
Most of the work was done so that the dissector files get in shape for (requesting) inclusion in upstream.

The full log is available, and so are updated RPMs for Fedora-16, Fedora-17 and EPEL-6. If installing a patched Wireshark isn't an option, you can build a wireshark-plugin-gluster easily with the steps in the provided README. On the project wiki, there are some pre-captured tcpdumps for consumption. Only a hand full of minor issues are know at this time, more reviewing and reporting is definitely welcome!

If you notice that some packets/frames are not displayed as Gluster, and you think they should, check gluster-wireshark wiki where is explained how to prevent PCEP and other protocols from claiming packers/frames.

Thursday, May 17, 2012

Updated Wireshark packages for RHEL-6 and Fedora-17 available for testing

[From an email to the gluster-devel mailinglist] 
 
today I have merged support for GlusterFS 3.2 and 3.3 into one Wireshark 
'dissector'. The packages with date 20120516 in the version support both 
the current stable 3.2.x version, and the latest 3.3.0qa41. Older 3.3.0 
versions will likely have issues due to some changes in the RPC-AUTH 
protocol used. Updating to the latest qa41 release (or newer) is 
recommended anyway. I do not expect that we'll add support for earlier 
3.3.0 releases.

My repository with packages for RHEL-6 and Fedora-17 contains a .repo 
file for yum (save it in /etc/yum.repos.d):
- http://repos.fedorapeople.org/repos/devos/wireshark-gluster/

RPMs for other Fedora or RHEL versions can be provided on request. Let 
me know if you need an other version (or architecture).

Single patches for some different Wireshark versions are available from 
https://github.com/nixpanic/gluster-wireshark.

A full history of commits can be found here:
- https://github.com/nixpanic/gluster-wireshark-1.4/commits/master/
   (Support for GlusterFS 3.3 was added by Akhila and Shree, thanks!)

Please test and report success and problems, file a issues on github: 
https://github.com/nixpanic/gluster-wireshark-1.4/issues
Some functionality is still missing, but with the current status, it 
should be good for most analysing already. With more issues filed, it 
makes it easier to track what items are important.

Of course, you can also respond to this email and give feedback :-)

After some more cleanup of the code, this dissector will be passed on 
for review and inclusion in the upstream Wireshark project. Some more 
testing results is therefore much appreciated.