PCAP reader IO exception [...].pcap (Permission denied)
16 views
Skip to first unread message
Jonas Schmitte
Apr 29, 2024, 10:06:43 AMApr 29
to sFlow-RT
Hello everyone,
I'm currently trying to use s-flow-rt to analyze SMPTE ST 2110 network streams for my master thesis. For this purpose, two Docker containers are running, one with s-Flow-Rt and Prometheus, and one with InfluxDB for processing the data.
Apparently, s-Flow-Rt does not process my pcap file - I'm getting the error message:
sflow-rt_4 | 2024-04-26T10:09:10Z INFO: Reading PCAP file test2.pcap, sFlow port 6343
sflow-rt_4 | 2024-04-26T10:09:10Z WARNING: PCAP reader IO exception test2.pcap (Permission denied)
What I have tried so far:
Running everything with elevated privileges, Docker is currently running with root privileges
Assigning user and group ID "0" with the use of "environments" in the docker-compose.yml file (Also to grant the highest possible privileges)
Trying various pcap files with different content, different file extensions (No extension, .pcap, and .pcapng)
Additionally, it is not possible to access the console of the s-flow-rt container with Portainer (Error: "Unable to retrieve image details"). Whether this is related is currently unclear to me.
Does anyone have an idea how I could proceed here? Thank you in advance!
I'm currently trying to use s-flow-rt to analyze SMPTE ST 2110 network streams for my master thesis. For this purpose, two Docker containers are running, one with s-Flow-Rt and Prometheus, and one with InfluxDB for processing the data.
Apparently, s-Flow-Rt does not process my pcap file - I'm getting the error message:
sflow-rt_4 | 2024-04-26T10:09:10Z INFO: Reading PCAP file test2.pcap, sFlow port 6343
sflow-rt_4 | 2024-04-26T10:09:10Z WARNING: PCAP reader IO exception test2.pcap (Permission denied)
What I have tried so far:
Running everything with elevated privileges, Docker is currently running with root privileges
Assigning user and group ID "0" with the use of "environments" in the docker-compose.yml file (Also to grant the highest possible privileges)
Trying various pcap files with different content, different file extensions (No extension, .pcap, and .pcapng)
Additionally, it is not possible to access the console of the s-flow-rt container with Portainer (Error: "Unable to retrieve image details"). Whether this is related is currently unclear to me.
Does anyone have an idea how I could proceed here? Thank you in advance!
Peter Phaal
Apr 29, 2024, 1:18:46 PMApr 29
to sFlow-RT
I just tried running sFlow-RT with a pcap under docker compose and it works. I started with the example, https://github.com/sflow-rt/prometheus-grafana, and put the file test.pcap in the sflow-rt subdirectory.
sflow-rt:
image: sflow/${RT_IMAGE:-prometheus}
container_name: sflow-rt
user: ${DOCKER_USER}
restart: unless-stopped
environment:
- RTPROP=-Dsflow.file=sflow.pcap
volumes:
- ./sflow-rt/store:/sflow-rt/store
- ./sflow-rt/sflow.pcap:/sflow-rt/sflow.pcap
ports:
- '8008:8008'
networks:
- monitoring
image: sflow/${RT_IMAGE:-prometheus}
container_name: sflow-rt
user: ${DOCKER_USER}
restart: unless-stopped
environment:
- RTPROP=-Dsflow.file=sflow.pcap
volumes:
- ./sflow-rt/store:/sflow-rt/store
- ./sflow-rt/sflow.pcap:/sflow-rt/sflow.pcap
ports:
- '8008:8008'
networks:
- monitoring
I modified the sflow-rt service to mount the test.pcap file and set the system property sflow.file to read the file.
You shouldn't need any elevated privileges to run sflow-rt, if it can't open the file it is likely that the sflow user doesn't have read privileges, try chmod a+r sflow.pcap.
FYI the pcap file must contain captured sFlow, e.g.
sudo tcpdump -i any -s 0 -w sflow.pcap udp port 6343
Jonas Schmitte
May 2, 2024, 7:08:11 AMMay 2
to Peter Phaal, sFlow-RT
Hey Peter,
thanks so much for your quick response and help.
I modified my docker-compse.yml by your suggestions, i came from:
version: '3'
services:
influxdb:
image: influxdb:latest
ports:
- "8086:8086"
volumes:
- ./data:/var/lib/influxdb2
- ./config:/etc/influxdb2
- ./scripts:/docker-entrypoint-initdb.d
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: admin
DOCKER_INFLUXDB_INIT_PASSWORD: Admin12345
DOCKER_INFLUXDB_INIT_ORG: test
DOCKER_INFLUXDB_INIT_BUCKET: init-ignore
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: l3xogDgjYlQyEkDxPZcWx8GfzKMKwdGMhCAgq2RsbHFAsAAj4yuNnMK7RrOKZv8dfzSznHHBcjL6HhEnYkpL-Q==
command: --nats-max-payload-bytes=10000000
restart: unless-stopped
sflow-rt:
image: sflow/prometheus
container_name: sflow-rt_4
environment:
- PUID=0
- PGID=0
ports:
- "8008:8008"
volumes:
- ./test2.pcap:/sflow-rt/test2.pcap
command: -Dsflow.file=test2.pcap
restart: unless-stopped
services:
influxdb:
image: influxdb:latest
ports:
- "8086:8086"
volumes:
- ./data:/var/lib/influxdb2
- ./config:/etc/influxdb2
- ./scripts:/docker-entrypoint-initdb.d
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: admin
DOCKER_INFLUXDB_INIT_PASSWORD: Admin12345
DOCKER_INFLUXDB_INIT_ORG: test
DOCKER_INFLUXDB_INIT_BUCKET: init-ignore
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: l3xogDgjYlQyEkDxPZcWx8GfzKMKwdGMhCAgq2RsbHFAsAAj4yuNnMK7RrOKZv8dfzSznHHBcjL6HhEnYkpL-Q==
command: --nats-max-payload-bytes=10000000
restart: unless-stopped
sflow-rt:
image: sflow/prometheus
container_name: sflow-rt_4
environment:
- PUID=0
- PGID=0
ports:
- "8008:8008"
volumes:
- ./test2.pcap:/sflow-rt/test2.pcap
command: -Dsflow.file=test2.pcap
restart: unless-stopped
and changed to:
#version: '3'
services:
influxdb:
image: influxdb:latest
ports:
- "8086:8086"
volumes:
- ./data:/var/lib/influxdb2
- ./config:/etc/influxdb2
- ./scripts:/docker-entrypoint-initdb.d
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: admin
DOCKER_INFLUXDB_INIT_PASSWORD: Admin12345
DOCKER_INFLUXDB_INIT_ORG: test
DOCKER_INFLUXDB_INIT_BUCKET: init-ignore
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: l3xogDgjYlQyEkDxPZcWx8GfzKMKwdGMhCAgq2RsbHFAsAAj4yuNnMK7RrOKZv8dfzSznHHBcjL6>
command: --nats-max-payload-bytes=10000000
restart: unless-stopped
sflow-rt:
image: sflow/prometheus
container_name: sflow-rt_5
services:
influxdb:
image: influxdb:latest
ports:
- "8086:8086"
volumes:
- ./data:/var/lib/influxdb2
- ./config:/etc/influxdb2
- ./scripts:/docker-entrypoint-initdb.d
environment:
DOCKER_INFLUXDB_INIT_MODE: setup
DOCKER_INFLUXDB_INIT_USERNAME: admin
DOCKER_INFLUXDB_INIT_PASSWORD: Admin12345
DOCKER_INFLUXDB_INIT_ORG: test
DOCKER_INFLUXDB_INIT_BUCKET: init-ignore
DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: l3xogDgjYlQyEkDxPZcWx8GfzKMKwdGMhCAgq2RsbHFAsAAj4yuNnMK7RrOKZv8dfzSznHHBcjL6>
command: --nats-max-payload-bytes=10000000
restart: unless-stopped
sflow-rt:
image: sflow/prometheus
container_name: sflow-rt_5
environment:
- RTPROP=-Dsflow.file=sflow.pcap
volumes:
- ./sflow-rt/store:/sflow-rt/store
- ./sflow-rt/sflow.pcap:/sflow-rt/sflow.pcap
ports:
- '8008:8008'
#networks:
# - monitoring
command: -Dsflow.file=sflow.pcap
restart: unless-stopped
# - monitoring
command: -Dsflow.file=sflow.pcap
restart: unless-stopped
(I took out the "version" and "networks" because they caused other unrelated errors...)
I also captured a new, fresh pcap file with tcpdump instead of wireshark (which was used previously):
sudo tcpdump -i enp65s0 -s 0 -G 60 -w sflow.pcap udp port 6343
Which gave me the Feedback of a couple thousand packets captured, so i can assume it worked and also captured somewhat usable data:
And: the original error Message is gone! :). However, it gives me another error and also, s-flowRT still doesn't sees any Data:
I also ran Portainer, to check if there is anything wrong with the Docker itself and to ensure no other of my test-dockers were running.
Do you have any Idea what to do about this?
Greetings and thanks again!
Jonas
--
You received this message because you are subscribed to a topic in the Google Groups "sFlow-RT" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sflow-rt/-YjEZdQbKn4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sflow-rt+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sflow-rt/889cbcd9-d5be-44e2-b315-f4ea22c96dbdn%40googlegroups.com.
Peter Phaal
May 2, 2024, 10:24:03 AMMay 2
to sFlow-RT
The error messages suggest that sFlow-RT volumes aren't mounting and/or permissions are wrong:
volumes:
- ./sflow-rt/store:/sflow-rt/store
- ./sflow-rt/sflow.pcap:/sflow-rt/sflow.pcap
- ./sflow-rt/store:/sflow-rt/store
- ./sflow-rt/sflow.pcap:/sflow-rt/sflow.pcap
Did you have an sflow-rt/store directory in the path where you are running docker compose up? Is the sflow.pcap file in the sflow-rt directory? It would be a good idea to pass your user id in the docker compose command, e.g.
env DOCKER_USER="$(id -u):$(id -g)" docker compose up -d
You can then pick it up in the compose.yml file, e.g.
sflow-rt:
image: sflow/${RT_IMAGE:-prometheus}
container_name: sflow-rt
user: ${DOCKER_USER}
image: sflow/${RT_IMAGE:-prometheus}
container_name: sflow-rt
user: ${DOCKER_USER}
It would be a good idea to do the same for your influxdb service since it is also trying to read/write files locally mounted file paths. Are you sure that influxdb is actually writing in the ./data directory?
Reply all
Reply to author
Forward
0 new messages