在 QEMU 中,是否可以拦截 Linux Guest OS 发送/接收的数据包?
我们正在做一个小项目,涉及从虚拟机管理程序层(即 QEMU)监控来宾操作系统(例如 Linux)。我们想要监控的事情之一是进出客户操作系统的网络流量。是否可以在不修改来宾操作系统的情况下做到这一点?
一种方法是拦截创建套接字时进行的相关系统调用,并在执行指令时从相关寄存器中获取值。但我们不太确定这是否容易或者是否是正确的方法。
We are doing a little project that involves monitoring the Guest OS (for example Linux) from the hypervisor layer (i.e. QEMU). One of the things that we want to monitor is network traffic going in/out of the Guest OS. Is it possible to do so without modifying the Guest OS?
One way to do it is to intercept the relevant syscalls which are made when sockets are created and fetch the values from the relevant registers as the instructions are being executed. But we are not too sure if it is easy or if its the right way to do it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
除了@usr57368 的回答 -
对于使用“-netdev”创建的设备,请使用“-object filter-dump,...”而不是 -net dump:
In addition to @usr57368 answer -
For devices created with ’-netdev’, use ’-object filter-dump,...’ instead -net dump:
来自 QEMU 文档:
如果您
--net tap,您还应该能够通过在主机上运行 Wireshark 进行实时监控。From the QEMU documentation:
You should also be able to monitor in real-time by running Wireshark on the host if you
--net tap.使用名为wireshark 的程序。输入搜索过滤器(ip.src eq [IP] 或 ip.dst eq [same ip]),它会告诉您进出该计算机的所有数据。对于寻找很有用
更深入地了解它与网络的交互或某些操作。
use a program called wireshark. Enter the search filter (ip.src eq [IP] or ip.dst eq [same ip]) and, it will tell you all the data going to and from that computer. Useful for looking
deeper into it's interaction with the network, or certain actions.
由于 qemu 是开源的,因此您可以获取源代码并将代码插入网络设备模拟中,以捕获并记录通过设备的数据包。例如,请参见 hw/virtio-net.c 中的 virtio_net_flush_tx() 例程。
Since qemu is open source, you can get the source and insert code into the network device emulation to capture and log the data packets as they come through the device. For example, see the virtio_net_flush_tx() routine in hw/virtio-net.c.