google
Support advanced AF_PACKET features in netstack
Currently netstack supports only extremaly basic AF_PACKET sockets. Needed features:
- AF_PACKET seem to see inbound only packets. No way to see outbound packets.
SIOCETHTOOL(needed for tcpdump to run)bind(AF_PACKET, ifnumber)(binding to interface)socket(AF_PACKET, SOCK_RAW, 0)(for example netsniff-ng uses "zero" as protocol)setsocktopt(SO_ATTACH_FILTER)setsocktopt(SO_RCVBUF)setsocktopt(PACKET_AUXDATA)setsocktopt(SO_DETACH_FILTER)getsocktopt(PACKET_STATISTICS)
I wrote a simple C program that can be helpful in testing these features https://gist.github.com/majek/9668716d4bb88fbe562037a912d0ae35
Thanks for the feature request and the program. Could you also provide use cases that you expect this to unblock. Currently we have not priortized AF_PACKET features beyond what we have already added and knowing more about the use case will help us with our prioritization.
The most important is compatibility with debugging tools (tcpdump). Right now its very hard to debug netstack, since there is very little visibility into flying packets. Asking my users to run workloads on a platform that doesn't have tcpdump working is rather a tough sell.
Not the stock one
root@runsc:/# strace -e trace=network -f tcpdump
socket(AF_PACKET, SOCK_DGRAM, 768) = 3
setsockopt(3, SOL_PACKET, PACKET_AUXDATA, [1], 4) = -1 EOPNOTSUPP (Operation not supported)
tcpdump: setsockopt: Operation not supported
and with interface
root@runsc:/# strace -e trace=network -f tcpdump -i lo
socket(AF_UNIX, SOCK_RAW, 0) = 3
ioctl(3, SIOCETHTOOL, 0x7f7392966280) = -1 ENOTTY (Inappropriate ioctl for device)
...
tcpdump: lo: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: Inappropriate ioctl for device
As the code I linked shows, you can get some packet capture functionality by using lower level stuff (raw AF_PACKET, without SIOCETHTOOL, binding to interface, etc), but you still see packets in only one direction.
Thanks. I will let Kevin take a look at this as he is the most experienced with our raw socket and af_packet socket implementations.
I believe tcpdump was working before -- I'll take a look.
I can prioritize outbound packets, but as @hbhasker mentioned it would be helpful to know more in order to prioritize other AF_PACKET features.
This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Just an update some of the things below are now addressed. Tcpdump now works in non promiscuous mode.
Currently netstack supports only extremaly basic AF_PACKET sockets. Needed features:
AF_PACKET seem to see inbound only packets. No way to see outbound packets.
-
SIOCETHTOOL (needed for tcpdump to run) <-- stubbed out to make tcpdump happy. tcpdump seems to care for exactly one command.
-
bind(AF_PACKET, ifnumber) (binding to interface) <-- Supported. Binding to specific interface works in non promiscuous mode.
-
socket(AF_PACKET, SOCK_RAW, 0) (for example netsniff-ng uses "zero" as protocol) -> Not done yet, not sure what that is supposed to mean? IS it equivalent to specifying ETH_P_ALL?
-
setsocktopt(SO_ATTACH_FILTER) -> Unsupported . I have a PR that adds it but it breaks tcpdump as it requires us to implement all the socket EBPF extensions. tcpdump works without this by just falling back to user-space filtering.
-
setsocktopt(SO_RCVBUF) -> Supported
-
setsocktopt(PACKET_AUXDATA) -> Not done . tcpdump only seems to use this in promiscuous mode.
-
setsocktopt(SO_DETACH_FILTER) -> Stubbed out to support tcpdump.
-
getsocktopt(PACKET_STATISTICS) => Not supported. Should be easy to add but this doesn't break tcpdump. It just causes it to print a warning on exit.
This issue is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 30 days.