On Aug 7, 2012, at 7:53 AM, Joseph Freemaker wrote:
> Using libpcap 1.3.0.
>
> libpcap had a patch applied in October of 2011 for the Solaris Zone.
>
> However when libpcap is used with a C program (that is very similar to
> tcpdump - makes the same calls) that is run in a Solaris Zone (Solaris 10)
> the
> following message is received:
>
> A network mask
> lookup for ce0 could not be completed
> due to a
> 'SIOCGIFADDR: ce0: No such device or address' error condition.
>
> Is anyone familiar with what the procedure is to use libpcap for a Solaris
> Zone?
The same as anywhere else - if you need to call pcap_lookupnet(), and it
returns -1, print a message, make the message clearly a *warning* rather than
an *error*, and just use 0 as the network address and:
if PCAP_NETMASK_UNKNOWN is #defined, use it as the netmask;
otherwise, use 0 as the netmask.
If you do that, then you will receive a message such as
WARNING: A network mask lookup for ce0 could not be completed due to a
'SIOCGIFADDR: ce0: No such device or address' error condition.
(that condition is *NOT* unique to sniffing in a Solaris zone:
$ tcpdump -i en0
tcpdump: WARNING: en0: no IPv4 address assigned
and that isn't even being done on Solaris, much less in a Solaris zone), and,
as long as nothing else goes wrong, the capture will continue. The warning
lets the user know that any capture filter expression that requires the network
address or netmask, such as "ip broadcast", will not work on that interface
(and, if you set the netmask to PCAP_NETMASK_UNKNOWN, filter expressions of
that sort will fail to compile, so a capture attempt using that filter will
fail, as it should).
Note, however, that:
1) The patch in question applies only to BPF, not DLPI, so it only
applies, as far as I know, on Solaris 11, and will only work if you've
configured and built libpcap on Solaris 11 (if you configure and build it on
Solaris 10, which lacks BPF, it won't use BPF).
2) What it did was provide a *syntax* by which a libpcap-based program
running in a global zone can capture on network interfaces in non-global zones
- you do that by prefixing the interface name with the zone name, with a slash
separating the zone name and the interface name. It did *NOT* affect any other
situations, e.g. capturing, on a program running in a zone, on an interface
that belongs to that zone.
3) It did not affect the code used to fetch the network address and
mask, so that might not work if you've specified something such as "foo/xx0" as
the interface when running the program in a global zone and telling it to
capture on the interface "xx0" in the non-global zone "foo".
So is ce0 an interface in the zone in which you're running the program?
If not, you presumably have to run the program in a global zone and specify
{zonename}/ce0 as the interface on which to capture.
If so, then what does "ifconfig -a" print when run in the zone in question?
Does it list ce0?
(See also
http://ask.wireshark.org/questions/13371/can-wireshark-sniff-a-network-interface-in-a-solaris-zone
for some additional information on Solaris zones and traffic capture; it
applies to any program capturing traffic, not just Wireshark.)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
