[Nfd-dev] NFD Ethernet faces and PrivilegeHelper
Junxiao Shi
shijunxiao at email.arizona.edu
Mon Mar 26 19:24:36 PDT 2018
Dear folks
I'm a bit confused on how Ethernet faces are activated in NFD.
I have a backported NFD 0.6.1 running on a Debian Stretch system, and it
fails to create Ethernet faces.
Mar 27 01:57:54 beaglebone nfd[9727]: 1522115874.916868 INFO:
[PrivilegeHelper] dropped to effective uid=109 gid=116
Mar 27 01:57:55 beaglebone nfd[9727]: 1522115874.919167 INFO:
[EthernetChannel] [dev://eth0] Creating channel
Mar 27 01:57:55 beaglebone nfd[9727]: 1522115874.938101 WARNING:
[EthernetFactory] Cannot listen on eth0: pcap_activate: You don't have
permission to capture on that device
Mar 27 01:57:55 beaglebone nfd[9727]: 1522115874.944578 WARNING:
[EthernetFactory] Cannot create multicast face on eth0: pcap_activate: You
don't have permission to capture on that device
UDP multicast faces are created normally:
Mar 27 01:57:55 beaglebone nfd[9727]: 1522115875.016260 INFO:
[PrivilegeHelper] elevated to effective uid=0 gid=0
Mar 27 01:57:55 beaglebone nfd[9727]: 1522115875.016816 INFO:
[PrivilegeHelper] dropped to effective uid=109 gid=116
Mar 27 01:57:55 beaglebone nfd[9727]: 1522115875.024138 INFO:
[MulticastUdpTransport] [id=0,local=udp4://192.168.5.10:47396,remote=udp4://
224.0.23.170:56363] Creating transport
In NFD source code I notice that a setsockopt call in UDP multicast face
creation
<https://github.com/named-data/NFD/blob/85a36632a72017e21c72cf57bab85125832d2cea/daemon/face/multicast-udp-transport.cpp#L124>
is elevated to root, but there isn't a runElevated wrapper around
pcap_activate
<https://github.com/named-data/NFD/blob/85a36632a72017e21c72cf57bab85125832d2cea/daemon/face/pcap-helper.cpp#L64>
.
NDN testbed router seems to be able to create Ethernet faces with no
problem, but they have disabled privilege dropping altogether
<https://github.com/WU-ARL/NDN_Ansible/blob/b0f6a6c333dd3c6ec5fa79fa9a7f0de6c7c108f8/roles/nfd/templates/nfd.conf.j2#L2>
.
What's the recommended method to enable Ethernet faces for a PPA package
deployment? Am I supposed to disable privilege dropping as well? If so,
should this be configured in PPA's nfd.conf?
<https://github.com/named-data/NFD/blob/85a36632a72017e21c72cf57bab85125832d2cea/daemon/face/multicast-udp-transport.cpp#L124>
Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20180326/bb3094b4/attachment.html>
More information about the Nfd-dev
mailing list