-
Notifications
You must be signed in to change notification settings - Fork 907
Description
I have a problem with Ubuntu 16.04. I gave capability CAP_NET_RAW to tcpdump binary and it was able to sniff traffic on all interfaces (I need immediate mode). Once I upgraded kernel to version 4.15 it stopped working for USB network (it does not support offloading) with error message:
tcpdump: WARNING: enp0s20u6: SIOCETHTOOL(ETHTOOL_GUFO) ioctl failed: Operation not permitted
Warning: Kernel filter failed: Bad file descriptor
tcpdump: can't remove kernel filter: Bad file descriptor
However it sitll works with onboard interface (eno1) as it supports offloading and it never
ask for ETHTOOL_GUFO (this is not permitted now).
To be honest I don't see a reason to fail when offloading questions (in iface_get_offload don't have enough permission). From my point of view it's enough to expect worse scenario and continue. It is in create_ring (case TPACKET_V2). It's enough to comment out the part:
if (offload == -1) {
*status = PCAP_ERROR;
return -1;
}
and it works perfectly for all interfaces now.
Is it good idea or do I miss something? I can prepare pull request but I'm not 100% sure if it is good idea.
I take a look it's still the same in git master.