Skip to content

CAP_NET_RAW is not enough with kernel 4.15 #689

@lufik

Description

@lufik

I have a problem with Ubuntu 16.04. I gave capability CAP_NET_RAW to tcpdump binary and it was able to sniff traffic on all interfaces (I need immediate mode). Once I upgraded kernel to version 4.15 it stopped working for USB network (it does not support offloading) with error message:

tcpdump: WARNING: enp0s20u6: SIOCETHTOOL(ETHTOOL_GUFO) ioctl failed: Operation not permitted
Warning: Kernel filter failed: Bad file descriptor
tcpdump: can't remove kernel filter: Bad file descriptor

However it sitll works with onboard interface (eno1) as it supports offloading and it never
ask for ETHTOOL_GUFO (this is not permitted now).

To be honest I don't see a reason to fail when offloading questions (in iface_get_offload don't have enough permission). From my point of view it's enough to expect worse scenario and continue. It is in create_ring (case TPACKET_V2). It's enough to comment out the part:
if (offload == -1) {
*status = PCAP_ERROR;
return -1;
}
and it works perfectly for all interfaces now.

Is it good idea or do I miss something? I can prepare pull request but I'm not 100% sure if it is good idea.

I take a look it's still the same in git master.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions