[erlang-questions] low level packet access from erlang

Garry Hodgson garry@REDACTED
Wed Jun 5 01:07:45 CEST 2013


On 06/04/2013 11:30 AM, Michael Santos wrote:
> Looks like you have everything set up correctly. Just to make sure, I
> tried creating a tun device as root:
>
>      ~/src/erlang/tunctl(master)$ sudo ./start.sh
>      Erlang R16B01 (erts-5.10.2) [source-e72043e] [smp:2:2] [async-threads:10] [hipe] [kernel-poll:false]
>      
>      Eshell V5.10.2  (abort with ^G)
>      1> tuncer:create( <<"tun0">> ).
>      {ok,<0.35.0>}
>      2>
>      
hmmm...that gives me the aforementioned error.
> You can try creating the tun device manually:
>
>      $ sudo ./start.sh
>      
>      1> {ok, FD} = procket:dev("net/tun").
>      {ok,9}
--> erl -pa  /usr/local/sut/sut/deps/pkt/ebin -pa 
/usr/local/sut/sut/ebin -pa  /usr/local/sut/sut/deps/procket/ebin
Erlang R15B02 (erts-5.9.2) [source] [64-bit] [smp:8:8] [async-threads:0] 
[hipe] [kernel-poll:false]

Eshell V5.9.2  (abort with ^G)
1> procket:dev("net/tun").
{error,eperm}

--> ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jun  3 17:23 /dev/net/tun
--> getcap /usr/local/lib/erlang/erts-5.9.2/bin/beam 
/usr/local/lib/erlang/erts-5.9.2/bin/beam.smp
/usr/local/lib/erlang/erts-5.9.2/bin/beam = cap_net_admin+ep
/usr/local/lib/erlang/erts-5.9.2/bin/beam.smp = cap_net_admin+ep

>      
>      2> procket:ioctl(FD, 1074025674, <<"tun0", 0:96, 1:2/native-integer-unit:8, 0:112>>).
>      {ok,<<116,117,110,48,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,
>            0,0,0,0,0,...>>}
>
> Are you able to create a tun device using other utilities? This should
> work:
>
>      ip tuntap add mode tun foo

that does not:

--> ip tuntap add mode tun foo
Object "tuntap" is unknown, try "ip help".

but i can create tun using tunctl:

--> tunctl -n -u garry -g garry
Set 'tun0' persistent and owned by uid 1234 gid 1234

>
> Is selinux enabled?
i believe not:

--> /usr/sbin/getenforce
Disabled

puzzling.

-- 
Garry Hodgson
AT&T Chief Security Office (CSO)

"This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."




More information about the erlang-questions mailing list