Date: Mon, 29 Sep 2014 17:27:09 +0000 From: Brooks Davis <brooks@freebsd.org> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: current@freebsd.org Subject: Re: capsicum and netmap ? Message-ID: <20140929172709.GC99239@spindle.one-eyed-alien.net> In-Reply-To: <20140929153043.GA78397@onelab2.iet.unipi.it> References: <20140929153043.GA78397@onelab2.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
--0vzXIDBeUiKkjNJl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 29, 2014 at 05:30:43PM +0200, Luigi Rizzo wrote: >=20 > Hi, > while trying the netmap-enabled libpcap library with tcpdump, i > noticed it fails to return data on a kernel with capsicum (the > string "capability mode sandbox enabled" made me suspicious, and > removing the cap_*() calls from tcpdump.c seems to make things > work again). >=20 > Would anyone be able to point me what should be done in the netmap > kernel module to make it work with capsicum ? >=20 > I am sure the cambridge folks are very interested in this :) Without knowing what modifications have been made to libpcap, it's hard to say what you need to change, but the short version is that once cap_enter is called, you must not attempt to open any file handles as that's won't work. I can't think of any other likely cause. Are all the returns of all open(), socket(), etc calls checked? In practice that means that either opening files must come earlier, or a singling mechanism needs to be added to tcpdump and libpcap to tell tcpdump not to enter capability mode when using netmap. -- Brooks --0vzXIDBeUiKkjNJl Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQplm0ACgkQXY6L6fI4GtQRJQCfcYvLpO5yLtQ1YxXp72Y/Zf3i HeEAn3MalT5aN36Dr9XfKhACZgFxgc6p =KItP -----END PGP SIGNATURE----- --0vzXIDBeUiKkjNJl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140929172709.GC99239>