Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tcpdump support #173

Open
amscanne opened this issue Mar 25, 2019 · 9 comments
Open

tcpdump support #173

amscanne opened this issue Mar 25, 2019 · 9 comments

Comments

@amscanne
Copy link
Collaborator

@amscanne amscanne commented Mar 25, 2019

No description provided.

@kevinGC
Copy link
Contributor

@kevinGC kevinGC commented Dec 6, 2019

Fixed by #731.

@kevinGC kevinGC closed this Dec 6, 2019
@fvoznika
Copy link
Member

@fvoznika fvoznika commented Dec 19, 2019

There are TODOs still referencing this bug.

@fvoznika fvoznika reopened this Dec 19, 2019
@ianlewis
Copy link
Contributor

@ianlewis ianlewis commented Mar 11, 2020

related: #1409

@hbhasker
Copy link
Member

@hbhasker hbhasker commented May 26, 2020

Just documenting something i identified trying to get tcpdump working. Our RAW/AF_PACKET sockets are not populating the sockaddr_ll structure correctly, eg Protocol is missing and we don't seem to set the ha_type field correctly as well as Packet Type is always set to PACKET_HOST this needs to be different when we loop outbound packets etc to raw sockets. Today raw/af_packet sockets only see inbound packets and none of the outbound ones (that's another missing feature)

Address types
The sockaddr_ll structure is a device-independent physical-layer
address.

       struct sockaddr_ll {
           unsigned short sll_family;   /* Always AF_PACKET */
           unsigned short sll_protocol; /* Physical-layer protocol */
           int            sll_ifindex;  /* Interface number */
           unsigned short sll_hatype;   /* ARP hardware type */
           unsigned char  sll_pkttype;  /* Packet type */
           unsigned char  sll_halen;    /* Length of address */
           unsigned char  sll_addr[8];  /* Physical-layer address */
       };

   The fields of this structure are as follows:

   *  sll_protocol is the standard ethernet protocol type in network
      byte order as defined in the <linux/if_ether.h> include file.  It
      defaults to the socket's protocol.

   *  sll_ifindex is the interface index of the interface (see
      netdevice(7)); 0 matches any interface (only permitted for bind‐
      ing).  sll_hatype is an ARP type as defined in the
      <linux/if_arp.h> include file.

   *  sll_pkttype contains the packet type.  Valid types are PACKET_HOST
      for a packet addressed to the local host, PACKET_BROADCAST for a
      physical-layer broadcast packet, PACKET_MULTICAST for a packet
      sent to a physical-layer multicast address, PACKET_OTHERHOST for a
      packet to some other host that has been caught by a device driver
      in promiscuous mode, and PACKET_OUTGOING for a packet originating
      from the local host that is looped back to a packet socket.  These
      types make sense only for receiving.

   *  sll_addr and sll_halen contain the physical-layer (e.g., IEEE
      802.3) address and its length.  The exact interpretation depends
      on the device.
@hbhasker
Copy link
Member

@hbhasker hbhasker commented May 26, 2020

@hbhasker
Copy link
Member

@hbhasker hbhasker commented May 26, 2020

In most cases what we want probably is https://github.com/torvalds/linux/blob/master/include/uapi/linux/if_arp.h#L30 to indicate ethernet.

@hbhasker
Copy link
Member

@hbhasker hbhasker commented May 26, 2020

Also missing is the Protocol field which seems rather complicated to get to because the endpoint.Read() returns a raw buffer.View and the only way to pass protocol back to be populated in sockaddr_ll will require changing Read() to either return a SockAddrLink in addition or change the signature to return something like PacketBuffer which will be significantly more complicated.

copybara-service bot pushed a commit that referenced this issue Jun 8, 2020
Updates #173,#6

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 8, 2020
Updates #173,#6

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 8, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 9, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 11, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 16, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 16, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 16, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 16, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 17, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jun 17, 2020
Updates #173,#6
Fixes #2888

PiperOrigin-RevId: 312689994
copybara-service bot pushed a commit that referenced this issue Jul 15, 2020
Packet sockets also seem to allow double binding and do not return an error on
linux. This was tested by running the syscall test in a linux namespace as root
and the current test DoubleBind fails@HEAD.

Passes after this change.

Updates #173

PiperOrigin-RevId: 321275807
copybara-service bot pushed a commit that referenced this issue Jul 15, 2020
Packet sockets also seem to allow double binding and do not return an error on
linux. This was tested by running the syscall test in a linux namespace as root
and the current test DoubleBind fails@HEAD.

Passes after this change.

Updates #173

PiperOrigin-RevId: 321275807
copybara-service bot pushed a commit that referenced this issue Jul 15, 2020
Packet sockets also seem to allow double binding and do not return an error on
linux. This was tested by running the syscall test in a linux namespace as root
and the current test DoubleBind fails@HEAD.

Passes after this change.

Updates #173

PiperOrigin-RevId: 321275807
copybara-service bot pushed a commit that referenced this issue Jul 15, 2020
Packet sockets also seem to allow double binding and do not return an error on
linux. This was tested by running the syscall test in a linux namespace as root
and the current test DoubleBind fails@HEAD.

Passes after this change.

Updates #173

PiperOrigin-RevId: 321445137
copybara-service bot pushed a commit that referenced this issue Jul 16, 2020
Updates #173

PiperOrigin-RevId: 313305250
copybara-service bot pushed a commit that referenced this issue Jul 16, 2020
Updates #173

PiperOrigin-RevId: 313305250
copybara-service bot pushed a commit that referenced this issue Jul 16, 2020
Updates #173

PiperOrigin-RevId: 313305250
copybara-service bot pushed a commit that referenced this issue Jul 16, 2020
Updates #173

PiperOrigin-RevId: 313305250
copybara-service bot pushed a commit that referenced this issue Jul 17, 2020
Updates #173

PiperOrigin-RevId: 313305250
copybara-service bot pushed a commit that referenced this issue Jul 17, 2020
Updates #173

PiperOrigin-RevId: 321690756
copybara-service bot pushed a commit that referenced this issue Jul 17, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 17, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 17, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 21, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 21, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 21, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 22, 2020
Updates #173

PiperOrigin-RevId: 313430843
copybara-service bot pushed a commit that referenced this issue Jul 22, 2020
Updates #173

PiperOrigin-RevId: 313430843
@hbhasker
Copy link
Member

@hbhasker hbhasker commented Jul 22, 2020

tcpdump now works in gVisor.

The following should work

tcpdump -i any
&
tcpdump -i -p

Promiscuous mode is not yet supported due to some missing features in our AF_PACKET implementation.

I am going to close this bug and open a new to add support for promiscuous mode. But that is a lot lower priority.

@hbhasker hbhasker closed this Jul 22, 2020
copybara-service bot pushed a commit that referenced this issue Jul 22, 2020
Updates #173

PiperOrigin-RevId: 322665518
copybara-service bot pushed a commit that referenced this issue Jul 22, 2020
Updates #173

PiperOrigin-RevId: 322665518
@github-actions github-actions bot reopened this Aug 4, 2020
@github-actions
Copy link

@github-actions github-actions bot commented Aug 4, 2020

There are TODOs still referencing this issue:

  1. pkg/tcpip/transport/packet/endpoint.go:196: Implement.
  2. pkg/tcpip/transport/packet/endpoint.go:237: Add Bind support.
  3. pkg/tcpip/transport/packet/endpoint.go:435: Return network protocol.
  4. pkg/sentry/socket/netstack/netstack.go:426: Return protocol too.
  5. pkg/sentry/socket/netstack/netstack.go:2438: Return protocol too.
  6. test/syscalls/linux/packet_socket.cc:58: gVisor support.
  7. test/syscalls/linux/packet_socket.cc:191: Verify protocol once we return it.
  8. test/syscalls/linux/packet_socket.cc:237: Remove once we support packet socket writing.
  9. test/syscalls/linux/packet_socket_raw.cc:61: gVisor support.
  10. test/syscalls/linux/packet_socket_raw.cc:198: Verify protocol once we return it.
  11. test/syscalls/linux/packet_socket_raw.cc:243: Remove once we support packet socket writing.

Search TODO

hbhasker added a commit that referenced this issue Nov 19, 2020
Add description for tcpdump support in gvisor.

Updates #173
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants