search

sflow / host-sflow

host-sflow agent
http://sflow.net
Other
146 stars 55 forks source link

PCAP + Linux possible race condition #16

Closed Bun closed 7 years ago

Bun commented 7 years ago

I've been experiencing issues with running host-sflow on Linux in combination with privilege dropping enabled. Sometimes (but often enough) hsflowd will refuse to start because it is unable to open some of the interfaces.

I've modified the code to log the actual PCAP error:

--- host-sflow-2.0.4.orig/src/Linux/mod_pcap.c
+++ host-sflow-2.0.4/src/Linux/mod_pcap.c
@@ -267,7 +267,7 @@
                                0, /* timeout==poll */
                                bpfs->pcap_err);
     if(bpfs->pcap == NULL) {
-      myLog(LOG_ERR, "PCAP: device %s open failed", bpfs->deviceName);
+      myLog(LOG_ERR, "PCAP: device %s open failed: %s", bpfs->deviceName, bpfs->pcap_err);
       return;
     }

This results in the following errors, when it fails:

Nov 29 15:16:43 localhost user.err hsflowd: PCAP: device eth2 open failed: eth2: You don't have permission to capture on that device (socket: Operation not permitted)
Nov 29 15:16:43 localhost user.err hsflowd: PCAP: device eth3 open failed: eth3: You don't have permission to capture on that device (socket: Operation not permitted)

Restarting the host-sflow service in a loop will eventually result in success, so this must be a race condition somewhere.

Bun commented 7 years ago

Oops. I guess this was fixed in a version after 2.0.4. I've updated and the issue is now resolved, sorry about that.