[Ntop-misc] PF_RING capture for non-root user

Hovsep Levi Tue, 05 Apr 2016 18:44:08 -0700

Hello.

I have a problem capturing from a pf_ring ZC interface with a non-root
user.  Capabilities are set on the tcpdump binary but the error is access
denied.




% /sbin/getcap tcpdump                                      |
tcpdump = cap_net_admin,cap_net_raw+eip

% ls -l /mnt/huge/pfring_zc_88
-rwxr-xr-x 1 bro bro 2147483648 Apr  5 16:41 /mnt/huge/pfring_zc_88


% strace ./tcpdump -ni zc:88@3 -c 10
(.......)
access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or
direc
tory)

socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not
permitted)
open("/proc/net/dev", O_RDONLY)         =
3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) =
0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7ff
161be5000

read(3, "Inter-|   Receive               "..., 1024) =
1024
read(3, "    7    0    0    0     0      "..., 1024) =
46
read(3, "", 1024)                       =
0
close(3)                                =
0
munmap(0x7ff161be5000, 4096)            =
0
socket(PF_PACKET, SOCK_RAW, 768)        = -1 EPERM (Operation not
permitted)
write(2, "tcpdump: ", 9tcpdump: )                =
9
write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have
permis
sion to capture on that
device
(socket: Operation not permitted)) = 94
write(2, "\n", 1
)                       = 1
exit_group(1)                           = ?
+++ exited with 1 +++

_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] PF_RING capture for non-root user

Reply via email to