[erlang-questions] low level packet access from erlang

Garry Hodgson garry@REDACTED
Wed Jun 5 01:49:43 CEST 2013


ha! success!

r3:init: procket got {ok,13}
r3:init:got socket #Port<0.1538>
r3:init: dev is <0.58.0>
r3:init: ip address is "135.207.243.86"

poking around just now, i noticed that while i had
a sudoers entry, the permissions on my procket
were not what you specified in README:

[root@REDACTED ~]# ls -l /usr/local/sut/sut/deps/procket/priv/procket
-rwxr-xr-x 1 root root 11712 Jun  4 13:37 
/usr/local/sut/sut/deps/procket/priv/procket

so i changed them:

[root@REDACTED ~]# chmod 4750 /usr/local/sut/sut/deps/procket/priv/procket
[root@REDACTED ~]# ls -l /usr/local/sut/sut/deps/procket/priv/procket
-rwsr-x--- 1 root root 11712 Jun  4 13:37 
/usr/local/sut/sut/deps/procket/priv/procket

and your tests worked:

(r3@REDACTED)2> tuncer:create( <<"tun9">> ).
{ok,<0.64.0>}
(r3@REDACTED)3> procket:dev("net/tun").
{ok,16}

as did my code:

r3:init: procket got {ok,13}
r3:init:got socket #Port<0.1538>
r3:init: dev is <0.58.0>
r3:init: ip address is "135.207.243.86"

i think i recall doing this before, but it may have been on a different
machine. and it's odd that it helped, given that i've been running
as root.

in any case, i appear to be unstuck. i'll likely have more
questions, but i'm good for now. thanks for your help,
and your willingness to be helpful.

this is gonna be fun.

On 06/04/2013 07:07 PM, Garry Hodgson wrote:
> On 06/04/2013 11:30 AM, Michael Santos wrote:
>> Looks like you have everything set up correctly. Just to make sure, I
>> tried creating a tun device as root:
>>
>>      ~/src/erlang/tunctl(master)$ sudo ./start.sh
>>      Erlang R16B01 (erts-5.10.2) [source-e72043e] [smp:2:2] 
>> [async-threads:10] [hipe] [kernel-poll:false]
>>           Eshell V5.10.2  (abort with ^G)
>>      1> tuncer:create( <<"tun0">> ).
>>      {ok,<0.35.0>}
>>      2>
> hmmm...that gives me the aforementioned error.
>> You can try creating the tun device manually:
>>
>>      $ sudo ./start.sh
>>           1> {ok, FD} = procket:dev("net/tun").
>>      {ok,9}
> --> erl -pa  /usr/local/sut/sut/deps/pkt/ebin -pa 
> /usr/local/sut/sut/ebin -pa  /usr/local/sut/sut/deps/procket/ebin
> Erlang R15B02 (erts-5.9.2) [source] [64-bit] [smp:8:8] 
> [async-threads:0] [hipe] [kernel-poll:false]
>
> Eshell V5.9.2  (abort with ^G)
> 1> procket:dev("net/tun").
> {error,eperm}
>
> --> ls -l /dev/net/tun
> crw-rw-rw- 1 root root 10, 200 Jun  3 17:23 /dev/net/tun
> --> getcap /usr/local/lib/erlang/erts-5.9.2/bin/beam 
> /usr/local/lib/erlang/erts-5.9.2/bin/beam.smp
> /usr/local/lib/erlang/erts-5.9.2/bin/beam = cap_net_admin+ep
> /usr/local/lib/erlang/erts-5.9.2/bin/beam.smp = cap_net_admin+ep
>
>>           2> procket:ioctl(FD, 1074025674, <<"tun0", 0:96, 
>> 1:2/native-integer-unit:8, 0:112>>).
>> {ok,<<116,117,110,48,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,
>>            0,0,0,0,0,...>>}
>>
>> Are you able to create a tun device using other utilities? This should
>> work:
>>
>>      ip tuntap add mode tun foo
>
> that does not:
>
> --> ip tuntap add mode tun foo
> Object "tuntap" is unknown, try "ip help".
>
> but i can create tun using tunctl:
>
> --> tunctl -n -u garry -g garry
> Set 'tun0' persistent and owned by uid 1234 gid 1234
>
>>
>> Is selinux enabled?
> i believe not:
>
> --> /usr/sbin/getenforce
> Disabled
>
> puzzling.
>


-- 
Garry Hodgson
AT&T Chief Security Office (CSO)

"This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."




More information about the erlang-questions mailing list