Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kvmi-v6: some fields of kvmi_qemu2introspector and kvmi_introspector2qemu are empty #34

Open
Wenzel opened this issue Apr 8, 2020 · 5 comments
Open

kvmi-v6: some fields of kvmi_qemu2introspector and kvmi_introspector2qemu are empty #34

Wenzel opened this issue Apr 8, 2020 · 5 comments
Labels
KVMi-v6

Comments

@Wenzel
Copy link
Member

Wenzel commented Apr 8, 2020

Hi,

I would like to print the available information in the KVMi handshake callback:

static int cb_handshake(
    const struct kvmi_qemu2introspector *qemu,
    struct kvmi_introspector2qemu *intro,
    void *ctx)
{
    (void)ctx;
    if (!qemu || !intro) {
        errprint("Invalid parameters in KVMi handshake callback");
        return 1;
    }
    char str_time[20] = {0};
    strftime(str_time, 20, "%Y-%m-%d %H:%M:%S", localtime(&qemu->start_time));
    // print name and start time
    dbprint(VMI_DEBUG_KVM, "--KVMi handshake - Domain name: %s, Start time: %s\n", qemu->name, str_time);
    // print UUID
    for (int i = 0; i < 16; i++)
        printf("%.2X ", qemu->uuid[i]);
    printf("\n");
    // print cookie
    for (int i = 0; i < 20; i++)
        printf("%.2X ", intro->cookie_hash[i]);
    printf("\n");
    return 0;
}

However some of the fields are empty:
Capture d’écran de 2020-04-08 15-21-39

cc @adlazar, @mdontu is this not implemented yet ?
@adlazar
Copy link
Collaborator

adlazar commented Apr 8, 2020

This QEMU, matching KVM with KVMI-v6 patches, doesn't send the name, nor the VM start time (padding2). see

I've only changed the handshake structure to match KVMI-v6 :(

kvmi_introspector2qemu.cookie is what the introspection app sets, if the guest is configured to authenticate the app. So, it should be empty when that callback is called.

@Wenzel Wenzel added the KVMi-v6 label Apr 24, 2020
@Wenzel
Copy link
Member Author

Wenzel commented Apr 24, 2020

On KVMi-v7 the name is set now.
The VM start time is still empty though

@adlazar
Copy link
Collaborator

adlazar commented Apr 24, 2020

kvmi-test.c shows both fields as non-empty.

@Wenzel
Copy link
Member Author

Wenzel commented Apr 24, 2020

@adlazar my bad, it is my translation to a string date that seem to be incorrect.

--KVMi handshake:
--    VM name: winxp
--    VM start time: 2159253 
--    VM start time: Sun Jan 25 1970

but as I got the same date than on my last attempt, i figured the timestamp was empty and therefore starting at 1970.

this is how I translated

    char date[64] = {'\0'};
    const char *format = "%a %b %d %Y";
    struct tm *tm = NULL;
    tm = localtime(&qemu->start_time);
    if (strftime(date, sizeof(date), format, tm) <= 0) {
        errprint("Failed to convert time to string\n");
    } else {
        dbprint(VMI_DEBUG_KVM, "--    VM start time: %s\n", date);
    }

@adlazar
Copy link
Collaborator

adlazar commented May 4, 2020

KVM-VMI/qemu@58840c5 fixes the VM start time issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
KVMi-v6
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Wenzel @adlazar