PacketStreamer icon indicating copy to clipboard operation
PacketStreamer copied to clipboard

Published 20 hours ago verified publisher icon deepfence

Packet capture not working on kubernetes

Open abasitt opened this issue 2 years ago • 0 comments

I Installed the default helm installation of packet streamer as daemonset on kubernetes but I am not able to capture any traffic. The sensor shows the traffic capture count, but the receiver side the the logs shows 0B and also the size of the /tmp/dump file never increase. If i enable to save packets at the sensor side, again I don't see the size of the /tmp/dump file increasing.

To Reproduce kind create cluster --config config.yaml

three node (two workers) cluster config

kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 name: cluster1 nodes:

  • role: control-plane image: kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae
  • role: worker image: kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae
  • role: worker image: kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae

+++++ kubectl apply -f ./contrib/kubernetes/namespace.yaml helm install packetstreamer ./contrib/helm/ --namespace packetstreamer

+++ root@abasit-PC:~/kind# k get pods -n packetstreamer NAME READY STATUS RESTARTS AGE packetstreamer-receiver-596fb5dddf-bp9sc 1/1 Running 0 37m packetstreamer-sensor-clh4w 1/1 Running 0 37m packetstreamer-sensor-k89jn 1/1 Running 0 37m

+++++++

root@abasit-PC:~# k logs packetstreamer-sensor-clh4w -n packetstreamer -f 2022/07/18 07:25:43 Start sending 2022/07/18 07:25:43 Now waiting in main 2022/07/18 07:26:43 Total packets read from interface is 27 2022/07/18 07:27:43 Total packets read from interface is 28 2022/07/18 07:28:43 Total packets read from interface is 28 2022/07/18 07:29:43 Total packets read from interface is 28 2022/07/18 07:30:43 Total packets read from interface is 29 2022/07/18 07:31:43 Total packets read from interface is 29 2022/07/18 07:32:43 Total packets read from interface is 29 2022/07/18 07:33:43 Total packets read from interface is 29 2022/07/18 07:34:43 Total packets read from interface is 30 2022/07/18 07:35:43 Total packets read from interface is 30 2022/07/18 07:36:43 Total packets read from interface is 30 2022/07/18 07:37:43 Total packets read from interface is 30 2022/07/18 07:38:43 Total packets read from interface is 30 2022/07/18 07:39:43 Total packets read from interface is 30 2022/07/18 07:40:43 Total packets read from interface is 30 2022/07/18 07:41:43 Total packets read from interface is 30 2022/07/18 07:42:43 Total packets read from interface is 31 2022/07/18 07:43:43 Total packets read from interface is 31

++++++

root@abasit-PC:~/kind/PacketStreamer# k logs packetstreamer-receiver-596fb5dddf-bp9sc -n packetstreamer -f 2022/07/18 07:25:45 Start receiving 2022/07/18 07:25:45 Now waiting in main

2022/07/18 07:26:45 Total data transfer size is 0 B 2022/07/18 07:27:45 Total data transfer size is 0 B 2022/07/18 07:28:45 Total data transfer size is 0 B 2022/07/18 07:29:45 Total data transfer size is 0 B 2022/07/18 07:30:45 Total data transfer size is 0 B 2022/07/18 07:31:45 Total data transfer size is 0 B 2022/07/18 07:32:45 Total data transfer size is 0 B 2022/07/18 07:33:45 Total data transfer size is 0 B 2022/07/18 07:34:45 Total data transfer size is 0 B 2022/07/18 07:35:45 Total data transfer size is 0 B 2022/07/18 07:36:45 Total data transfer size is 0 B 2022/07/18 07:37:45 Total data transfer size is 0 B 2022/07/18 07:38:45 Total data transfer size is 0 B 2022/07/18 07:39:45 Total data transfer size is 0 B 2022/07/18 07:40:45 Total data transfer size is 0 B 2022/07/18 07:41:45 Total data transfer size is 0 B 2022/07/18 07:42:45 Total data transfer size is 0 B 2022/07/18 07:43:45 Total data transfer size is 0 B

++ root@abasit-PC:~# k exec -it packetstreamer-receiver-596fb5dddf-bp9sc -n packetstreamer sh kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. / # cd tmp/ /tmp # ls dump /tmp # ls -l total 4 -rw-r--r-- 1 root root 24 Jul 18 07:25 dump /tmp # ls -l total 4 -rw-r--r-- 1 root root 24 Jul 18 07:25 dump /tmp #

Expected behavior I should be seeing the packet arriving at the receiver and the size of the /tmp/dump should increase

Additional context I have tried the similar installation on kubeadm Calico cluster but facing the same issue.

abasitt avatar Jul 18 '22 08:07 abasitt