Hello all,
I have a problem capturing from a pf_ring ZC interface with a non-root
user. Capabilities are set on the tcpdump binary but the error is access
denied. The system is Debian Jessie and the PF_RING version is 6.3.0. I
have configured hugepages from the pf_ring documentation and zbalance_ipc
works ok.
tcpdump works as a user for non-ZC interfaces so it suggests something with
the PF_RING setup.
Thanks for your help !
% /sbin/getcap tcpdump |
tcpdump = cap_net_admin,cap_net_raw+eip
% ls -l /mnt/huge/pfring_zc_88
-rwxr-xr-x 1 bro bro 2147483648 Apr 5 16:41 /mnt/huge/pfring_zc_88
% strace ./tcpdump -ni zc:88@3 -c 10
(.......)
access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or
direc
tory)
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
open("/proc/net/dev", O_RDONLY) =
3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) =
0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7ff
161be5000
read(3, "Inter-| Receive "..., 1024) =
1024
read(3, " 7 0 0 0 0 "..., 1024) =
46
read(3, "", 1024) =
0
close(3) =
0
munmap(0x7ff161be5000, 4096) =
0
socket(PF_PACKET, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
write(2, "tcpdump: ", 9tcpdump: ) =
9
write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have
permis
sion to capture on that
device
(socket: Operation not permitted)) = 94
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++
I have a problem capturing from a pf_ring ZC interface with a non-root
user. Capabilities are set on the tcpdump binary but the error is access
denied. The system is Debian Jessie and the PF_RING version is 6.3.0. I
have configured hugepages from the pf_ring documentation and zbalance_ipc
works ok.
tcpdump works as a user for non-ZC interfaces so it suggests something with
the PF_RING setup.
Thanks for your help !
% /sbin/getcap tcpdump |
tcpdump = cap_net_admin,cap_net_raw+eip
% ls -l /mnt/huge/pfring_zc_88
-rwxr-xr-x 1 bro bro 2147483648 Apr 5 16:41 /mnt/huge/pfring_zc_88
% strace ./tcpdump -ni zc:88@3 -c 10
(.......)
access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or
direc
tory)
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
open("/proc/net/dev", O_RDONLY) =
3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) =
0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7ff
161be5000
read(3, "Inter-| Receive "..., 1024) =
1024
read(3, " 7 0 0 0 0 "..., 1024) =
46
read(3, "", 1024) =
0
close(3) =
0
munmap(0x7ff161be5000, 4096) =
0
socket(PF_PACKET, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
write(2, "tcpdump: ", 9tcpdump: ) =
9
write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have
permis
sion to capture on that
device
(socket: Operation not permitted)) = 94
write(2, "\n", 1
) = 1
exit_group(1) = ?
+++ exited with 1 +++