Open majek opened 4 years ago
hbhasker
commented
4 years ago Thanks for the feature request and the program. Could you also provide use cases that you expect this to unblock. Currently we have not priortized AF_PACKET features beyond what we have already added and knowing more about the use case will help us with our prioritization.
majek
commented
4 years ago The most important is compatibility with debugging tools (tcpdump). Right now its very hard to debug netstack, since there is very little visibility into flying packets. Asking my users to run workloads on a platform that doesn't have tcpdump working is rather a tough sell.
hbhasker
commented
4 years ago I believe tcpdump works now. @kevinGC could you confirm?
majek
commented
4 years ago Not the stock one
root@runsc:/# strace -e trace=network -f tcpdump
socket(AF_PACKET, SOCK_DGRAM, 768) = 3
setsockopt(3, SOL_PACKET, PACKET_AUXDATA, [1], 4) = -1 EOPNOTSUPP (Operation not supported)
tcpdump: setsockopt: Operation not supportedand with interface
root@runsc:/# strace -e trace=network -f tcpdump -i lo
socket(AF_UNIX, SOCK_RAW, 0) = 3
ioctl(3, SIOCETHTOOL, 0x7f7392966280) = -1 ENOTTY (Inappropriate ioctl for device)
...
tcpdump: lo: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: Inappropriate ioctl for deviceAs the code I linked shows, you can get some packet capture functionality by using lower level stuff (raw AF_PACKET, without SIOCETHTOOL, binding to interface, etc), but you still see packets in only one direction.
hbhasker
commented
4 years ago Thanks. I will let Kevin take a look at this as he is the most experienced with our raw socket and af_packet socket implementations.
kevinGC
commented
4 years ago I believe tcpdump was working before -- I'll take a look.
I can prioritize outbound packets, but as @hbhasker mentioned it would be helpful to know more in order to prioritize other AF_PACKET features.
github-actions[bot]
commented
4 years ago This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.
hbhasker
commented
4 years ago Just an update some of the things below are now addressed. Tcpdump now works in non promiscuous mode.
Currently netstack supports only extremaly basic AF_PACKET sockets. Needed features:
AF_PACKET seem to see inbound only packets. No way to see outbound packets.
SIOCETHTOOL (needed for tcpdump to run) <-- stubbed out to make tcpdump happy. tcpdump seems to care for exactly one command.
bind(AF_PACKET, ifnumber) (binding to interface) <-- Supported. Binding to specific interface works in non promiscuous mode.
socket(AF_PACKET, SOCK_RAW, 0) (for example netsniff-ng uses "zero" as protocol) -> Not done yet, not sure what that is supposed to mean? IS it equivalent to specifying ETH_P_ALL?
setsocktopt(SO_ATTACH_FILTER) -> Unsupported . I have a PR that adds it but it breaks tcpdump as it requires us to implement all the socket EBPF extensions. tcpdump works without this by just falling back to user-space filtering.
setsocktopt(SO_RCVBUF) -> Supported
setsocktopt(PACKET_AUXDATA) -> Not done . tcpdump only seems to use this in promiscuous mode.
setsocktopt(SO_DETACH_FILTER) -> Stubbed out to support tcpdump.
getsocktopt(PACKET_STATISTICS) => Not supported. Should be easy to add but this doesn't break tcpdump. It just causes it to print a warning on exit.
github-actions[bot]
commented
3 years ago This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.
Currently netstack supports only extremaly basic AF_PACKET sockets. Needed features:
SIOCETHTOOL(needed for tcpdump to run)bind(AF_PACKET, ifnumber)(binding to interface)socket(AF_PACKET, SOCK_RAW, 0)(for example netsniff-ng uses "zero" as protocol)setsocktopt(SO_ATTACH_FILTER)setsocktopt(SO_RCVBUF)setsocktopt(PACKET_AUXDATA)setsocktopt(SO_DETACH_FILTER)getsocktopt(PACKET_STATISTICS)I wrote a simple C program that can be helpful in testing these features https://gist.github.com/majek/9668716d4bb88fbe562037a912d0ae35