[erlang-questions] low level packet access from erlang

Michael Santos michael.santos@REDACTED
Wed Jun 5 15:23:08 CEST 2013


On Tue, Jun 04, 2013 at 07:49:43PM -0400, Garry Hodgson wrote:
> ha! success!

Awesome.

> r3:init: procket got {ok,13}
> r3:init:got socket #Port<0.1538>
> r3:init: dev is <0.58.0>
> r3:init: ip address is "135.207.243.86"
> 
> poking around just now, i noticed that while i had
> a sudoers entry, the permissions on my procket
> were not what you specified in README:
> 
> [root@REDACTED ~]# ls -l /usr/local/sut/sut/deps/procket/priv/procket
> -rwxr-xr-x 1 root root 11712 Jun  4 13:37
> /usr/local/sut/sut/deps/procket/priv/procket
> 
> so i changed them:
> 
> [root@REDACTED ~]# chmod 4750 /usr/local/sut/sut/deps/procket/priv/procket
> [root@REDACTED ~]# ls -l /usr/local/sut/sut/deps/procket/priv/procket
> -rwsr-x--- 1 root root 11712 Jun  4 13:37
> /usr/local/sut/sut/deps/procket/priv/procket
> 
> and your tests worked:
> 
> (r3@REDACTED)2> tuncer:create( <<"tun9">> ).
> {ok,<0.64.0>}
> (r3@REDACTED)3> procket:dev("net/tun").
> {ok,16}
> 
> as did my code:
> 
> r3:init: procket got {ok,13}
> r3:init:got socket #Port<0.1538>
> r3:init: dev is <0.58.0>
> r3:init: ip address is "135.207.243.86"
> 
> i think i recall doing this before, but it may have been on a different
> machine. and it's odd that it helped, given that i've been running
> as root.

That's really weird. I changed the code to be "smarter" about calling
sudo, I'll have to check if I broke something.

> in any case, i appear to be unstuck. i'll likely have more
> questions, but i'm good for now. thanks for your help,
> and your willingness to be helpful.
> 
> this is gonna be fun.

Ask away and if you have any comments/suggestions, please let me know!

> On 06/04/2013 07:07 PM, Garry Hodgson wrote:
> >On 06/04/2013 11:30 AM, Michael Santos wrote:
> >>Looks like you have everything set up correctly. Just to make sure, I
> >>tried creating a tun device as root:
> >>
> >>     ~/src/erlang/tunctl(master)$ sudo ./start.sh
> >>     Erlang R16B01 (erts-5.10.2) [source-e72043e] [smp:2:2]
> >>[async-threads:10] [hipe] [kernel-poll:false]
> >>          Eshell V5.10.2  (abort with ^G)
> >>     1> tuncer:create( <<"tun0">> ).
> >>     {ok,<0.35.0>}
> >>     2>
> >hmmm...that gives me the aforementioned error.
> >>You can try creating the tun device manually:
> >>
> >>     $ sudo ./start.sh
> >>          1> {ok, FD} = procket:dev("net/tun").
> >>     {ok,9}
> >--> erl -pa  /usr/local/sut/sut/deps/pkt/ebin -pa
> >/usr/local/sut/sut/ebin -pa  /usr/local/sut/sut/deps/procket/ebin
> >Erlang R15B02 (erts-5.9.2) [source] [64-bit] [smp:8:8]
> >[async-threads:0] [hipe] [kernel-poll:false]
> >
> >Eshell V5.9.2  (abort with ^G)
> >1> procket:dev("net/tun").
> >{error,eperm}
> >
> >--> ls -l /dev/net/tun
> >crw-rw-rw- 1 root root 10, 200 Jun  3 17:23 /dev/net/tun
> >--> getcap /usr/local/lib/erlang/erts-5.9.2/bin/beam
> >/usr/local/lib/erlang/erts-5.9.2/bin/beam.smp
> >/usr/local/lib/erlang/erts-5.9.2/bin/beam = cap_net_admin+ep
> >/usr/local/lib/erlang/erts-5.9.2/bin/beam.smp = cap_net_admin+ep
> >
> >>          2> procket:ioctl(FD, 1074025674, <<"tun0", 0:96,
> >>1:2/native-integer-unit:8, 0:112>>).
> >>{ok,<<116,117,110,48,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,
> >>           0,0,0,0,0,...>>}
> >>
> >>Are you able to create a tun device using other utilities? This should
> >>work:
> >>
> >>     ip tuntap add mode tun foo
> >
> >that does not:
> >
> >--> ip tuntap add mode tun foo
> >Object "tuntap" is unknown, try "ip help".
> >
> >but i can create tun using tunctl:
> >
> >--> tunctl -n -u garry -g garry
> >Set 'tun0' persistent and owned by uid 1234 gid 1234
> >
> >>
> >>Is selinux enabled?
> >i believe not:
> >
> >--> /usr/sbin/getenforce
> >Disabled
> >
> >puzzling.
> >
> 
> 
> -- 
> Garry Hodgson
> AT&T Chief Security Office (CSO)
> 
> "This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."
> 



More information about the erlang-questions mailing list