Commit ca7b6d21 authored by Dimitris Aragiorgis's avatar Dimitris Aragiorgis
Browse files

Fix a bug related to capng_update()



We need to update CAP_NET_RAW, CAP_NET_ADMIN separetly.
Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
parent 0fbb25c0
...@@ -414,7 +414,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -414,7 +414,7 @@ class VMNetProxy(object): # pylint: disable=R0902
q = nfqueue.queue() q = nfqueue.queue()
q.set_callback(callback) q.set_callback(callback)
q.fast_open(queue_num, family) q.fast_open(queue_num, family)
q.set_queue_maxlen(30) q.set_queue_maxlen(5000)
# This is mandatory for the queue to operate # This is mandatory for the queue to operate
q.set_mode(nfqueue.NFQNL_COPY_PACKET) q.set_mode(nfqueue.NFQNL_COPY_PACKET)
self.nfq[q.get_fd()] = q self.nfq[q.get_fd()] = q
...@@ -427,7 +427,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -427,7 +427,7 @@ class VMNetProxy(object): # pylint: disable=R0902
if isinstance(data, BasePacket): if isinstance(data, BasePacket):
data = str(data) data = str(data)
logging.debug(" - Sending raw packet %s", data) logging.debug(" - Sending raw packet %r", data)
self.l2socket.bind((dev, ETH_P_ALL)) self.l2socket.bind((dev, ETH_P_ALL))
try: try:
...@@ -1047,10 +1047,17 @@ if __name__ == "__main__": ...@@ -1047,10 +1047,17 @@ if __name__ == "__main__":
# Keep only the capabilities we need # Keep only the capabilities we need
# CAP_NET_ADMIN: we need to send nfqueue packet verdicts to a netlinkgroup # CAP_NET_ADMIN: we need to send nfqueue packet verdicts to a netlinkgroup
# CAP_NET_RAW: we need to reopen socket in case the buffer gets full # CAP_NET_RAW: we need to reopen socket in case the buffer gets full
# CAP_SETPCAP: needed by capng_change_id()
capng.capng_clear(capng.CAPNG_SELECT_BOTH) capng.capng_clear(capng.CAPNG_SELECT_BOTH)
capng.capng_update(capng.CAPNG_ADD, capng.capng_update(capng.CAPNG_ADD,
capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED,
capng.CAP_NET_ADMIN | capng.CAP_NET_RAW) capng.CAP_NET_ADMIN)
capng.capng_update(capng.CAPNG_ADD,
capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED,
capng.CAP_NET_RAW)
capng.capng_update(capng.CAPNG_ADD,
capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED,
capng.CAP_SETPCAP)
capng.capng_change_id(uid.pw_uid, uid.pw_gid, capng.capng_change_id(uid.pw_uid, uid.pw_gid,
capng.CAPNG_DROP_SUPP_GRP | capng.CAPNG_CLEAR_BOUNDING) capng.CAPNG_DROP_SUPP_GRP | capng.CAPNG_CLEAR_BOUNDING)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment