search

rust-pcap / pcap

Rust language pcap library
Apache License 2.0
595 stars 138 forks source link

debugging pcap PcapError("socket: Operation not permitted") #278

Closed Mair closed 1 year ago

Mair commented 1 year ago

Hi there, looking for some guidance and hopping you can help.

As per the documentation

Note: If not running as root, you need to set capabilities like so: sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin.

This works great when running the application however, when trying to debug using break points I get PcapError("socket: Operation not permitted"). I get this despite having running sudo setcap cap_net_raw,cap_net_admin=eip path/to/bin. Any idea how I could debug this?

Wojtek242 commented 1 year ago

I'm no expert on this, but could it be that in this case gdb needs to also have these capabilities set? I have no idea how gdb and Linux access permissions interact so this is just a guess though.

Mair commented 1 year ago

thanks @Wojtek242 I tried sudo setcap cap_net_raw,cap_net_admin=eip usr/bin/gdb but no luck

stappersg commented 1 year ago

On Mon, Oct 17, 2022 at 06:45:21PM -0700, Mair Swartz wrote:

thanks @Wojtek242 I tried sudo setcap cap_net_raw,cap_net_admin=eip usr/bin/gdb but no luck

Probably /usr/bin/gdb (note the leading slash)

And this comment is just a request to report back on the result of a websearch on "gdb setcap".

Groeten Geert Stappers -- Silence is hard to parse

Wojtek242 commented 1 year ago

Seems like this is exactly what you need @Mair: https://stackoverflow.com/questions/4357057/gdb-appears-to-ignore-executable-capabilities

Therefore, I'm closing this issue.

stappersg commented 1 year ago

On Wed, Oct 19, 2022 at 02:12:43AM -0700, Wojciech Kozlowski wrote:

Therefore, I'm closing this issue.

Know that closed issues are allowed to get updates.

Please report your success story. a.k.a. Share knowledge about what works for you.

Groeten Geert Stappers -- Silence is hard to parse

Mair commented 1 year ago

@Wojtek242 I really appreciate the input I tried 

sudo setcap cap_net_admin,cap_net_raw=eip target/debug/test-prom
sudo setcap cap_net_admin,cap_net_raw=eip /usr/bin/gdb
udo setcap cap_net_admin,cap_net_raw=eip /bin/bash

unfortunately no luck

Mair commented 1 year ago

I got it to work.

My situation is that I am running code on a Debian machine that I am using VSCode to remotely develop against using the VSCode SSH capabilities

my sample code as follows 

fn main() {
    let mut cap = pcap::Capture::from_device("eth0")
        .unwrap()
        .immediate_mode(true)
        .open()
        .unwrap();

    while let Ok(packet) = cap.next_packet() {
        println!("got packet! {:?}", packet);
    }
}

Even though I could start the debugger on the first line, trying to progress I would get the error PcapError("socket: Operation not permitted") taking a hint from the article https://stackoverflow.com/questions/4357057/gdb-appears-to-ignore-executable-capabilities I started the debugger and did a ps aux where I noticed these 2 processes

<home dir>.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/lldb/bin/lldb-server
<home dir>.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/adapter/codelldb

I gave both of these processes permissions

sudo setcap cap_net_admin,cap_net_raw+eip ~/.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/adapter/codelldb
sudo setcap cap_net_admin,cap_net_raw+eip ~/.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/lldb/bin/lldb-server

restarted the debugger and presto image

Every time the app compiles I need to give the executable permissions again using sudo setcap cap_net_admin,cap_net_raw=eip target/debug/test-prom but this is a minor nuisance and an be worked around with scripts

mokeyish commented 1 year ago

I got it to work.

My situation is that I am running code on a Debian machine that I am using VSCode to remotely develop against using the VSCode SSH capabilities

my sample code as follows

fn main() {
    let mut cap = pcap::Capture::from_device("eth0")
        .unwrap()
        .immediate_mode(true)
        .open()
        .unwrap();

    while let Ok(packet) = cap.next_packet() {
        println!("got packet! {:?}", packet);
    }
}

Even though I could start the debugger on the first line, trying to progress I would get the error PcapError("socket: Operation not permitted") taking a hint from the article https://stackoverflow.com/questions/4357057/gdb-appears-to-ignore-executable-capabilities I started the debugger and did a ps aux where I noticed these 2 processes

<home dir>.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/lldb/bin/lldb-server
<home dir>.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/adapter/codelldb

I gave both of these processes permissions

sudo setcap cap_net_admin,cap_net_raw+eip ~/.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/adapter/codelldb
sudo setcap cap_net_admin,cap_net_raw+eip ~/.vscode-server/extensions/vadimcn.vscode-lldb-1.8.1/lldb/bin/lldb-server

restarted the debugger and presto image

Every time the app compiles I need to give the executable permissions again using sudo setcap cap_net_admin,cap_net_raw=eip target/debug/test-prom but this is a minor nuisance and an be worked around with scripts

It seems codelldb is unnecessary. just target/debug/test-prom and lldb-server is enough. Thanks for your solution.