summaryrefslogtreecommitdiffhomepage
path: root/test/packetimpact
diff options
context:
space:
mode:
authorTamir Duberstein <tamird@google.com>2020-12-08 10:18:04 -0800
committergVisor bot <gvisor-bot@google.com>2020-12-08 10:20:38 -0800
commitcc522a9cfb0a2d5976a3a592cba8e9d23b06c6ce (patch)
tree80716e85c7df353664aa1caa17afd59fdb1d7d18 /test/packetimpact
parent5ea6419478676560e617fe0c19c9e37bf88dd8bc (diff)
Run tcpdump as root
Prior to this change tcpdump would fail to create its output file because the destination directory was owned by root. This would later cause killall to fail, as tcpdump was not running. Check exit code of tcpdump/tshark to produce better error messages should this regress. PiperOrigin-RevId: 346353911
Diffstat (limited to 'test/packetimpact')
-rw-r--r--test/packetimpact/runner/dut.go20
1 files changed, 19 insertions, 1 deletions
diff --git a/test/packetimpact/runner/dut.go b/test/packetimpact/runner/dut.go
index b607c0b04..8be2c6526 100644
--- a/test/packetimpact/runner/dut.go
+++ b/test/packetimpact/runner/dut.go
@@ -272,6 +272,17 @@ func TestWithDUT(ctx context.Context, t *testing.T, mkDevice func(*dockerutil.Co
"--packet-buffered",
// Disable DNS resolution.
"-n",
+ // run tcpdump as root since the output directory is owned by root. From
+ // `man tcpdump`:
+ //
+ // -Z user
+ // --relinquish-privileges=user
+ // If tcpdump is running as root, after opening the capture device
+ // or input savefile, change the user ID to user and the group ID to
+ // the primary group of user.
+ // This behavior is enabled by default (-Z tcpdump), and can be
+ // disabled by -Z root.
+ "-Z", "root",
}
if tshark {
baseSnifferArgs = []string{
@@ -294,10 +305,17 @@ func TestWithDUT(ctx context.Context, t *testing.T, mkDevice func(*dockerutil.Co
filepath.Join(testOutputDir, fmt.Sprintf("%s.pcap", n.LocalDevName)),
)
}
- _, err := testbenchContainer.ExecProcess(ctx, dockerutil.ExecOpts{}, snifferArgs...)
+ p, err := testbenchContainer.ExecProcess(ctx, dockerutil.ExecOpts{}, snifferArgs...)
if err != nil {
t.Fatalf("failed to start exec a sniffer on %s: %s", n.LocalDevName, err)
}
+ t.Cleanup(func() {
+ if snifferOut, err := p.Logs(); err != nil {
+ t.Errorf("sniffer logs failed: %s\n%s", err, snifferOut)
+ } else {
+ t.Logf("sniffer logs:\n%s", snifferOut)
+ }
+ })
// When the Linux kernel receives a SYN-ACK for a SYN it didn't send, it
// will respond with an RST. In most packetimpact tests, the SYN is sent
// by the raw socket, the kernel knows nothing about the connection, this