On Mon, Sep 29, 2014 at 05:30:43PM +0200, Luigi Rizzo wrote: > > Hi, > while trying the netmap-enabled libpcap library with tcpdump, i > noticed it fails to return data on a kernel with capsicum (the > string "capability mode sandbox enabled" made me suspicious, and > removing the cap_*() calls from tcpdump.c seems to make things > work again). > > Would anyone be able to point me what should be done in the netmap > kernel module to make it work with capsicum ? > > I am sure the cambridge folks are very interested in this :) Without knowing what modifications have been made to libpcap, it's hard to say what you need to change, but the short version is that once cap_enter is called, you must not attempt to open any file handles as that's won't work. I can't think of any other likely cause. Are all the returns of all open(), socket(), etc calls checked? In practice that means that either opening files must come earlier, or a singling mechanism needs to be added to tcpdump and libpcap to tell tcpdump not to enter capability mode when using netmap. -- Brooks
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:52 UTC