mozillazg
commented
1 month ago @rapkin61 Thanks for reporting. To run ptcpdump on Raspberry Pi you need rebuild the kernel with /sys/kernel/btf/vmlinux enabled:
Closed rapkin61 closed 1 week ago
mozillazg
commented
1 month ago @rapkin61 Thanks for reporting. To run ptcpdump on Raspberry Pi you need rebuild the kernel with /sys/kernel/btf/vmlinux enabled:
rapkin61
commented
1 month ago Thank you for your suggestions! I finally succeded in building a kernel that supports /sys/kernel/btf/vmlinux.
Nevertheless ptcpdump does not work:
./ptcpdump 2024-10-18 11:16:00 FATAL cmd/log.go:22] operation not permitted
The error appears regardless if I download the binary or build ptcpdump from source
this is the head of cmd/log.go 1 package cmd 2 3 import ( 4 "errors" 5 "flag" 6 "io" 7 8 "github.com/cilium/ebpf" 9 "github.com/go-logr/logr" 10 "github.com/mozillazg/ptcpdump/internal/log" 11 plog "github.com/phuslu/log" 12 "k8s.io/klog/v2" 13 ) 14 15 func logFatal(err error) { 16 var ve *ebpf.VerifierError 17 if errors.As(err, &ve) { 18 // Using %+v will print the whole verifier error, not just the last 19 // few lines. 20 log.Fatalf("Verifier error: %+v", ve) 21 } 22 log.Fatalf("%+v", err) 23 } 24
mozillazg
commented
1 month ago @rapkin61 ptcpdump need root user to run. Would you please try again with sudo ./ptcpdump or sudo ./ptcpdump --log-level=debug ?
rapkin61
commented
1 month ago ah ... thank you! That looks much better (-:
sudo ./ptcpdump -i lan0 --pid 9073 2024-10-18 12:45:54 WARN skip Docker Engine integration due to Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? 2024-10-18 12:45:56 WARN skip containerd integration due to failed to dial "/run/containerd/containerd.sock": context deadline exceeded 2024-10-18 12:45:56 WARN skip kubernetes integration due to [connect using endpoint /var/run/dockershim.sock: no such file or directory, connect using endpoint /var/run/cri-dockerd.sock: no such file or directory, connect using endpoint /run/crio/crio.sock: no such file or directory, connect using endpoint /run/containerd/containerd.sock: no such file or directory] 2024-10-18 12:45:57 WARN the kernel does not support netfilter based NAT feature, skip attach kprobe/nf_nat_packet 2024-10-18 12:45:57 WARN the kernel does not support netfilter based NAT feature, skip attach kprobe/nf_nat_manip_pkt 2024-10-18 12:45:57 WARN ptcpdump: verbose output suppressed, use -v[v]... for verbose output 2024-10-18 12:45:57 WARN capturing on [lan0], link-type EN10MB (Ethernet), snapshot length 262144 bytes
When running ptcpdump, this messages appear:
2024-10-10 13:48:33 WARN load BTF specs from /var/lib/ptcpdump/btf/vmlinux failed: open /var/lib/ptcpdump/btf/vmlinux: no such file or directory 2024-10-10 13:48:33 WARN load BTF specs from /var/lib/ptcpdump/btf/vmlinux-6.6.51+rpt-rpi-2712 failed: open /var/lib/ptcpdump/btf/vmlinux-6.6.51+rpt-rpi-2712: no such file or directory 2024-10-10 13:48:33 WARN could not load BTF specs from local: open /var/lib/ptcpdump/btf/vmlinux-6.6.51+rpt-rpi-2712: no such file or directory, try to load from remote 2024-10-10 13:48:34 ERROR btf/btf.go:85] load BTF specs from OpenAnolis failed: download BTF specs from https://mirrors.openanolis.cn/coolbpf/btf/aarch64/vmlinux-6.6.51+rpt-rpi-2712: status code is not 200: 404 2024-10-10 13:48:35 ERROR btf/btf.go:94] load BTF specs from BTFHub failed: download BTF specs from https://github.com/aquasecurity/btfhub-archive/raw/main/debian/"12"/arm64/6.6.51+rpt-rpi-2712.btf.tar.xz: status code is not 200: 404 2024-10-10 13:48:35 WARN load BTF specs from remote failed: download BTF specs from https://github.com/aquasecurity/btfhub-archive/raw/main/debian/"12"/arm64/6.6.51+rpt-rpi-2712.btf.tar.xz: status code is not 200: 404 2024-10-10 13:48:35 FATAL cmd/log.go:22] download BTF specs from https://github.com/aquasecurity/btfhub-archive/raw/main/debian/"12"/arm64/6.6.51+rpt-rpi-2712.btf.tar.xz: status code is not 200: 404
just try to run ptcpdump
just try to run ptcpdump
Environment
./ptcpdump --version ptcpdump version 0.24.0 libpcap version 1.10.5 (with TPACKET_V3)
OS:
cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" NAME="Debian GNU/Linux" VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/"
Kernel:
uname -a Linux ns2 6.6.51+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.51-1+rpt1 (2024-09-26) aarch64 GNU/Linux
Additional context