This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am looking into writing a Wireshark plugin to handle the Layer 3 DSR (Direct Server Return) scheme we are using. Currently traffic cannot be reassembled due to the load balancing scheme we are using.

What happens is that based on various DSCP bits, an incoming packet will get its destination address rewritten (via iptables) to match that of the load balancer. This combined with an alias on the loopback interface allows a host behind the load balancer to accept traffic coming from the load balancer, and the reply packet goes directly to the client.

My question is whether this can even be done in a plugin. I suspect that I may have to modify the packet reassembly code to support to a DSCP-bit->IP lookup table to perform the same address rewrite done on the servers so that the streams can be properly reassembled.

Thanks,

Peter

asked 27 Sep '10, 18:48

pafriend's gravatar image

pafriend
1112
accept rate: 0%

edited 27 Sep '10, 18:49


I used the wrong terminology. My problem is not with reassembly, but with building the conversation. After spending some time looking at the code, it looks like it is technically possible to modify find_conversation() to support a conditionally rewritten address, but it appears such a change would cause numerous problems in other parts of the code like SSL decryption. I took the easy way out of whipped up a tool with libpcap to take an existing trace file and perform the same mangle operations done by iptables on the server. This new trace file can then be handled as usual by Wireshark.

permanent link

answered 07 Oct '10, 08:33

pafriend's gravatar image

pafriend
1112
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×78
×7

question asked: 27 Sep '10, 18:48

question was seen: 3,833 times

last updated: 07 Oct '10, 08:33

p​o​w​e​r​e​d by O​S​Q​A