Wireshark-bugs: [Wireshark-bugs] [Bug 10886] New: QT interface can't capture on NF interfaces

Date: Fri, 23 Jan 2015 13:02:29 +0000
Bug ID 10886
Summary QT interface can't capture on NF interfaces
Product Wireshark
Version Git
Hardware x86
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Qt UI
Assignee [email protected]
Reporter [email protected]

Build Information:
Wireshark 1.99.2 (v1.99.2rc0-847-gf452258 from master)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.2.1, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.8, with GLib 2.40.2, without SMI, with c-ares
1.10.0, without Lua, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT Kerberos,
with GeoIP, without PortAudio, without AirPcap.

Running on Linux 3.13.0-44-generic, with locale
LC_CTYPE=en_US.UTF-8;LC_NUMERIC=it_IT.UTF-8;LC_TIME=it_IT.UTF-8;LC_COLLATE=en_US.UTF-8;LC_MONETARY=it_IT.UTF-8;LC_MESSAGES=en_US.UTF-8;LC_PAPER=it_IT.UTF-8;LC_NAME=it_IT.UTF-8;LC_ADDRESS=it_IT.UTF-8;LC_TELEPHONE=it_IT.UTF-8;LC_MEASUREMENT=it_IT.UTF-8;LC_IDENTIFICATION=it_IT.UTF-8,
with libpcap version 1.5.3, with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt
1.5.3.
Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz (with SSE4.2)

Built using gcc 4.8.2.

--
When running the QT interface, you can't capture on NF interfaces (nflog,
nfqueue). To reproduce the bug simply run wireshark qt, and choose nflog or
nfqueue as capture interface. The error got is:

"

The capture session could not be initiated on interface 'nflog' (Can't listen
on group group index: Operation not permitted).

Please check to make sure you have sufficient permissions, and that you have
the proper interface or pipe specified.

"

As noted by Peter Wu, this is due to the double connection that wireshark-qt
makes to nflog.

Reproducer:
$ dumpcap -i nflog -w /dev/null
Capturing on 'nflog'
File: /dev/null
(in a different shell)
$ dumpcap -i nflog -w /dev/null
Capturing on 'nflog'
dumpcap: The capture session could not be initiated on interface 'nflog' (Can't
listen on group group index: Operation not permitted).
Please check to make sure you have sufficient permissions, and that you have
the proper interface or pipe specified.

In home screen wireshark-qt runs "dumpcap -S -Z none" that opens a connection
to every interface. When the capture is started, another connectio to nflog is
opened.

The problem is that NFLOG can only be
opened by one user which is a kernel limitation. From
net/netfilter/nfnetlink_log.c:

        inst = instance_lookup_get(log, group_num);
        if (inst && inst->peer_portid != NETLINK_CB(skb).portid) {
                ret = -EPERM;
                goto out_put;
        }

The solution could be to stop the stats collection before capturing, and
restart it when back to home screen.


You are receiving this mail because:
  • You are watching all bug changes.