Mailing List Archive: PF_RING capture for non-root user

Hello.

I have a problem capturing from a pf_ring ZC interface with a non-root
user. Capabilities are set on the tcpdump binary but the error is access
denied.

% /sbin/getcap tcpdump |
tcpdump = cap_net_admin,cap_net_raw+eip

% ls -l /mnt/huge/pfring_zc_88
-rwxr-xr-x 1 bro bro 2147483648 Apr 5 16:41 /mnt/huge/pfring_zc_88

% strace ./tcpdump -ni zc:88@3 -c 10
(.......)
access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or
direc
tory)

socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
open("/proc/net/dev", O_RDONLY) =
3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) =
0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7ff
161be5000

read(3, "Inter-| Receive "..., 1024) =
1024
read(3, " 7 0 0 0 0 "..., 1024) =
46
read(3, "", 1024) =
0
close(3) =
0
munmap(0x7ff161be5000, 4096) =
0
socket(PF_PACKET, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
write(2, "tcpdump: ", 9tcpdump: ) =
9
write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have
permis
sion to capture on that
device
(socket: Operation not permitted)) = 94
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++

I forgot to add important detail. The system is Debian Jessie and the
PF_RING version is 6.3.0. I have configured hugepages from the pf_ring
documentation and zbalance_ipc works ok.

On Wed, Apr 6, 2016 at 1:43 AM, Hovsep Levi <hovsep.sanjay.levi@gmail.com>
wrote:

> Hello.
>
> I have a problem capturing from a pf_ring ZC interface with a non-root
> user. Capabilities are set on the tcpdump binary but the error is access
> denied.
>
>
>
> % /sbin/getcap tcpdump |
> tcpdump = cap_net_admin,cap_net_raw+eip
>
> % ls -l /mnt/huge/pfring_zc_88
> -rwxr-xr-x 1 bro bro 2147483648 Apr 5 16:41 /mnt/huge/pfring_zc_88
>
>
> % strace ./tcpdump -ni zc:88@3 -c 10
> (.......)
> access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or
> direc
> tory)
>
> socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not
> permitted)
> open("/proc/net/dev", O_RDONLY) =
> 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) =
> 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7ff
> 161be5000
>
> read(3, "Inter-| Receive "..., 1024) =
> 1024
> read(3, " 7 0 0 0 0 "..., 1024) =
> 46
> read(3, "", 1024) =
> 0
> close(3) =
> 0
> munmap(0x7ff161be5000, 4096) =
> 0
> socket(PF_PACKET, SOCK_RAW, 768) = -1 EPERM (Operation not
> permitted)
> write(2, "tcpdump: ", 9tcpdump: ) =
> 9
> write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have
> permis
> sion to capture on that
> device
> (socket: Operation not permitted)) = 94
> write(2, "\n", 1
> ) = 1
> exit_group(1) = ?
> +++ exited with 1 +++
>
>
>
>