Re: [Qemu-block] follow file modifications made by guest os with qemu

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] follow file modifications made by guest os with qemu

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-block] follow file modifications made by guest os with qemu
Date:	Mon, 20 Mar 2017 13:40:27 +0000
User-agent:	Mutt/1.7.1 (2016-10-04)

On Tue, Mar 14, 2017 at 02:13:46PM +0100, Pascal wrote:
> how could I (easily) follow file modifications made by guest os (Windows)
> with qemu ?
> could I exploit the growing overlay image based on an original Windows
> image ?

Not easily because Windows has a file system (e.g. NTFS) on top of the
block device that QEMU emulates.  You would need to parse the file
system metadata in order to do the Logical Block Address (LBA) -> file
lookup.

In other words, the disk emulation just sees sector reads/writes to an
LBA.  It does not see open(), read(), rename(), or other file system
operations.

A less invasive way is to use the CIFS (Samba) network file system and
instrument the file server.  That way you see higher-level operations
and just block I/O.

You could even just use tcpdump and analyze the traffic offline or
interactively using Wireshark.

Stefan

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-block] follow file modifications made by guest os with qemu, Pascal, 2017/03/14
- Re: [Qemu-block] follow file modifications made by guest os with qemu, Stefan Hajnoczi <=

Prev by Date: Re: [Qemu-block] [Qemu-devel] callout to *file in bdrv_co_get_block_status
Next by Date: Re: [Qemu-block] [PATCH] file-win32: Remove unnecessary include
Previous by thread: [Qemu-block] follow file modifications made by guest os with qemu
Next by thread: [Qemu-block] [PATCH] migration/block: Avoid involve into blk_drain too frequently
Index(es):
- Date
- Thread