Re: [Ntop-misc] PF_RING ZC capture for non-root user

Mon, 11 Apr 2016 10:03:00 -0700 

Hi Hovsep
please note this is not a problem with cap_net_admin (this is due to strace),
the real problem is with permissions for accessing the hugepages.
Please try with:

sudo setcap cap_net_admin,cap_ipc_lock+eip tcpdump

and setting permissions for the user to /mnt/huge/* after starting zbalance_ipc

Alfredo

> On 07 Apr 2016, at 18:09, Hovsep Levi <[email protected]> wrote:
> 
> Hello all,
> 
> I have a problem capturing from a pf_ring ZC interface with a non-root user.  
> Capabilities are set on the tcpdump binary but the error is access denied.  
> The system is Debian Jessie and the PF_RING version is 6.3.0.  I have 
> configured hugepages from the pf_ring documentation and zbalance_ipc works ok.
> 
> tcpdump works as a user for non-ZC interfaces so it suggests something with 
> the PF_RING setup.
> 
> Thanks for your help !
> 
> 
> 
> % /sbin/getcap tcpdump                                      |
> tcpdump = cap_net_admin,cap_net_raw+eip
> 
> % ls -l /mnt/huge/pfring_zc_88
> -rwxr-xr-x 1 bro bro 2147483648 <tel:2147483648> Apr  5 16:41 
> /mnt/huge/pfring_zc_88
> 
> 
> % strace ./tcpdump -ni zc:88@3 -c 10
> (.......)
> access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or 
> direc
> tory)
> socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not permitted)
> open("/proc/net/dev", O_RDONLY)         = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x7ff
> 161be5000
> read(3, "Inter-|   Receive               "..., 1024) = 1024
> read(3, "    7    0    0    0     0      "..., 1024) = 46
> read(3, "", 1024)                       = 0
> close(3)                                = 0
> munmap(0x7ff161be5000, 4096)            = 0
> socket(PF_PACKET, SOCK_RAW, 768)        = -1 EPERM (Operation not permitted)
> write(2, "tcpdump: ", 9tcpdump: )                = 9
> write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have 
> permis
> sion to capture on that device
> (socket: Operation not permitted)) = 94
> write(2, "\n", 1
> )                       = 1
> exit_group(1)                           = ?
> +++ exited with 1 +++
> 
> 
> 
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Reply via email to