This works now, thanks. Hovsep
On Mon, Apr 11, 2016 at 5:02 PM, Alfredo Cardigliano <[email protected]> wrote: > Hi Hovsep > please note this is not a problem with cap_net_admin (this is due to > strace), > the real problem is with permissions for accessing the hugepages. > Please try with: > > sudo setcap cap_net_admin,cap_ipc_lock+eip tcpdump > > and setting permissions for the user to /mnt/huge/* after starting > zbalance_ipc > > Alfredo > > On 07 Apr 2016, at 18:09, Hovsep Levi <[email protected]> > wrote: > > Hello all, > > I have a problem capturing from a pf_ring ZC interface with a non-root > user. Capabilities are set on the tcpdump binary but the error is access > denied. The system is Debian Jessie and the PF_RING version is 6.3.0. I > have configured hugepages from the pf_ring documentation and zbalance_ipc > works ok. > > tcpdump works as a user for non-ZC interfaces so it suggests something > with the PF_RING setup. > > Thanks for your help ! > > > > % /sbin/getcap tcpdump | > tcpdump = cap_net_admin,cap_net_raw+eip > > % ls -l /mnt/huge/pfring_zc_88 > -rwxr-xr-x 1 bro bro 2147483648 Apr 5 16:41 /mnt/huge/pfring_zc_88 > > > % strace ./tcpdump -ni zc:88@3 -c 10 > (.......) > access("/proc/net/pf_ring/dev/88/info", F_OK) = -1 ENOENT (No such file or > direc > tory) > > socket(0x1b /* PF_??? */, SOCK_RAW, 768) = -1 EPERM (Operation not > permitted) > open("/proc/net/dev", O_RDONLY) = > 3 > fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = > 0 > mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0x7ff > 161be5000 > > read(3, "Inter-| Receive "..., 1024) = > 1024 > read(3, " 7 0 0 0 0 "..., 1024) = > 46 > read(3, "", 1024) = > 0 > close(3) = > 0 > munmap(0x7ff161be5000, 4096) = > 0 > socket(PF_PACKET, SOCK_RAW, 768) = -1 EPERM (Operation not > permitted) > write(2, "tcpdump: ", 9tcpdump: ) = > 9 > write(2, "zc:88@3: You don't have permissi"..., 94zc:88@3: You don't have > permis > sion to capture on that > device > (socket: Operation not permitted)) = 94 > write(2, "\n", 1 > ) = 1 > exit_group(1) = ? > +++ exited with 1 +++ > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
