Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add promiscuous mode capture support w/ tcpdump #3333

Open
hbhasker opened this issue Jul 22, 2020 · 1 comment
Open

Add promiscuous mode capture support w/ tcpdump #3333

hbhasker opened this issue Jul 22, 2020 · 1 comment
Labels
area: compatibility Issue related to (Linux) kernel compatibility area: networking Issue related to networking type: enhancement New feature or request

Comments

@hbhasker
Copy link
Contributor

#173 is now fixed and tcpdump mostly works except when using it with gVisor in promiscuous mode. This requires supporting a few missing AF_PACKET features namely

https://man7.org/linux/man-pages/man7/packet.7.html

PACKET_ADD_MEMBERSHIP
PACKET_DROP_MEMBERSHIP
Packet sockets can be used to configure physical-layer multi‐
casting and promiscuous mode. PACKET_ADD_MEMBERSHIP adds a
binding and PACKET_DROP_MEMBERSHIP drops it. They both expect
a packet_mreq structure as argument:

              struct packet_mreq {
                  int            mr_ifindex;    /* interface index */
                  unsigned short mr_type;       /* action */
                  unsigned short mr_alen;       /* address length */
                  unsigned char  mr_address[8]; /* physical-layer address */
              };

          mr_ifindex contains the interface index for the interface
          whose status should be changed.  The mr_type field specifies
          which action to perform.  PACKET_MR_PROMISC enables receiving
          all packets on a shared medium (often known as "promiscuous
          mode"), PACKET_MR_MULTICAST binds the socket to the physical-
          layer multicast group specified in mr_address and mr_alen, and
          PACKET_MR_ALLMULTI sets the socket up to receive all multicast
          packets arriving at the interface.

          In addition, the traditional ioctls SIOCSIFFLAGS, SIOCADD‐
          MULTI, SIOCDELMULTI can be used for the same purpose.

tcpdump also seems to use

PACKET_AUXDATA (since Linux 2.6.21)
If this binary option is enabled, the packet socket passes a
metadata structure along with each packet in the recvmsg(2)
control field. The structure can be read with cmsg(3). It is
defined as

              struct tpacket_auxdata {
                  __u32 tp_status;
                  __u32 tp_len;      /* packet length */
                  __u32 tp_snaplen;  /* captured length */
                  __u16 tp_mac;
                  __u16 tp_net;
                  __u16 tp_vlan_tci;
                  __u16 tp_vlan_tpid; /* Since Linux 3.14; earlier, these
                                         were unused padding bytes */
              };

Separately we may at some point need to add support for PACKET_RX_RING etc for high speed packet capture but that is a very low priority.
@hbhasker hbhasker assigned hbhasker and unassigned hbhasker Jul 22, 2020
@hbhasker hbhasker added area: compatibility Issue related to (Linux) kernel compatibility area: networking Issue related to networking labels Jul 22, 2020
@github-actions
Copy link

This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the stale The Issue or PR is stale. label Oct 21, 2020
@tamird tamird added type: enhancement New feature or request and removed stale The Issue or PR is stale. labels Jun 8, 2021
@tamird tamird reopened this Jun 8, 2021
@copybara-service copybara-service bot mentioned this issue Jun 19, 2021
Merged
copybara-service bot pushed a commit that referenced this issue Jun 22, 2021
@kevinGC @gvisor-bot
clean up tcpdump TODOs
c6da1b0 
tcpdump is largely supported. We've also chose not to implement writeable
AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333).

Fixes #173.

PiperOrigin-RevId: 380733686
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: compatibility Issue related to (Linux) kernel compatibility area: networking Issue related to networking type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hbhasker @tamird