Hello Friends, Thanks for your hints; they really helped us! We are trying to monitor the traffic (network packets etc) between VMs in KVM. We succeeded to get the address of the system call table (see http://syprog.blogspot.co.il/2011/10/hijack-linux-system-calls-part-iii.html) and intercept the system calls going through the kernel.
In such a way we see ALL system calls (including those which were not initiated from within VMs). How can we filter out the system calls not related to VMs ? What is your opinion regarding our approach ? Best Regards, Mark, Martin, Alex On Mon 14 Oct 11:12 2013 Stefan Hajnoczi wrote: > On Sat, Oct 12, 2013 at 05:45:52PM +0300, Alexander Binun wrote: > > The qemu used by me is the one installed using apt-get install qemu. The > > executable is in /usr/bin. The KVM driver is the one supplied with Ubuntu > > 13.04. > > > > The version of qemu is 1.4.0 (after running qemu --version I get the message > > > > --- QEMU emulator version 1.4.0 (Debian 1.4.0+dfsg-1expubuntu4), > > Copyright (c) 2003-2008 Fabrice Bellard > > > > You mean I should use the build-from-sources qemu (getting the sources from > > git://git.qemu-project.org/qemu.git) ? Should I then compile from sources > > and mount the KVM ? > > In that case it sounds like everything is coming from Ubuntu 13.04 and > should work together. > > Sorry, I don't know about Ubuntu 13.04. Perhaps there is already a > solution if you search the Ubuntu bug tracker. > > Stefan >