-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
netlink receive: no such file or directory on Android 12 #347
Comments
similar #331 |
在 #331 里也提到了这个报错,按照他的环境,我无法重现。 你可以自己先多测试测试,尝试给出其他更多环境不同的信息吗? 发一下 In #331, this error was also mentioned. According to their environment, I am unable to reproduce it. Can you please do more testing yourself and try to provide additional information about different environments? upload result please ,shell : bin/ecapture tls -i eth0 -w a.pcapng
tls_2023/04/16 03:59:22 ECAPTURE :: ecapture Version : linux_x86_64:0.5.1-20230415-fffcd0f:[CORE]
tls_2023/04/16 03:59:22 ECAPTURE :: Pid Info : 9095
tls_2023/04/16 03:59:22 ECAPTURE :: Kernel Info : 6.2.8
2023/04/16 03:59:22 read keylogger :/etc/ld.so.conf.d/*.conf error .
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL module initialization
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL Module.Run()
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL TC MODEL
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL OpenSSL/BoringSSL version not found from shared library file, used default version:linux_default_3_0
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL HOOK type:2, binrayPath:/lib/libssl.so.3
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL Ifname:eth0, Ifindex:2, Port:443, Pcapng filepath:/root/ecapture/a.pcapng
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL Hook masterKey function:SSL_write
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL target all process.
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL target all users.
tls_2023/04/16 03:59:22 EBPFProbeOPENSSL BPF bytecode filename:user/bytecode/openssl_3_0_0_kern.o
tls_2023/04/16 03:59:24 EBPFProbeOPENSSL module started successfully.
tls_2023/04/16 03:59:24 EBPFProbeGNUTLS module initialization
tls_2023/04/16 03:59:24 EBPFProbeGNUTLS Module.Run()
tls_2023/04/16 03:59:24 EBPFProbeGNUTLS BPF bytecode filename:user/bytecode/gnutls_kern.o
tls_2023/04/16 03:59:24 EBPFProbeGNUTLS HOOK type:2, binrayPath:/usr/lib/libgnutls.so.30
tls_2023/04/16 03:59:24 EBPFProbeGNUTLS target all process.
tls_2023/04/16 03:59:25 EBPFProbeGNUTLS module started successfully.
tls_2023/04/16 03:59:25 EBPFProbeNSPR module initialization failed. [skip it]. error:stat /usr/lib/libnspr4.so: no such file or directory
tls_2023/04/16 03:59:25 ECAPTURE :: cant found module EBPFProbeGoTLS config info.
tls_2023/04/16 03:59:25 ECAPTURE :: start 2 modules |
blueline:/ # tc qdisc add dev eth0 clsact |
歪个楼,请问你的blueline是怎么用上5.10的内核的,可以展开一下吗 😃 |
17万刀片服务器自带的 |
了解了,那应该是 redroid 或者 cuttlefish 之类的技术吧? |
应该是你的内核不支持network emulation。 内核编译需要启用相关配置,你可以参考如下链接。 It should be that your kernel does not support network emulation. Enabling relevant configurations is required during kernel compilation, and you can refer to the following link. https://itecnote.com/tecnote/linux-rtnetlink-answers-no-such-file-or-directory-error/ |
抓包文件 |
你使用的启动命令、测试shell分别是什么? 我觉得大概是你监听的网卡不对,不是流量经过的网卡 What are the startup commands and test shells you are using? I think it's probably because you're monitoring the wrong network interface, not the one that the traffic is passing through. |
我想把抓包的数据写到数据库,将记录保存下来 |
应该是eth0 130|blueline:/data/local/tmp # ifconfig eth0 Link encap:Ethernet HWaddr 48:ad:08:45:1c:01 |
使用命令 tc qdisc add dev eth0 clsact |
嗯? 这条命令有什么问题吗? 你这个问题的错误原因,在 #347 (comment) 描述的很详细了。 |
执行命令不反馈空记录了,到记录无法写入pcap |
_2023/04/23 06:51:44 EBPFProbeOPENSSL saving pcapng file /data/local/tmp/test.pcapng |
文件都1kb大小 |
完整的命令行发出来,别总发不全的信息。沟通成本很高 |
blueline:/data/local/tmp # ./ecapt tls -i eth0 -w test.pcapng ^Ctls_2023/04/23 14:39:16 EBPFProbeOPENSSL saving pcapng file /data/local/tmp/test.pcapng |
这里抱错了,我第一次遇到,租需要debug一下。 你的运行环境可以给一下吗? 详细信息。 |
可以的,给个邮箱我发你 |
版本信息贴在这呗,不用发邮箱 |
OS: [安卓12] 这是环境信息,我的意思你要不远程设备看下 |
嗯,这硬件配置,我确实准备不来。 你在我微信公众号里留言吧,我到时加你。 |
感谢大神的支持 |
已关注公众号,todesk远程信息已发 |
blueline:/data/local/tmp # ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 48:ad:08:45:1c:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
// pcapgo/ngwrite.go
func (w *NgWriter) WritePacket(ci gopacket.CaptureInfo, data []byte) error {
if ci.InterfaceIndex >= int(w.intf) || ci.InterfaceIndex < 0 {
return fmt.Errorf("Can't send statistics for non existent interface %d; have only %d interfaces", ci.InterfaceIndex, w.intf)
}
// ... |
…ing to a pcapng file. (#347) Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
…ing to a pcapng file. (#347) Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
使用ecapture-v0.5.1-android-aarch64.tar.gz在安卓12上运行命令报错,报错信息,如下:
ecapt tls -w save_android.pcapng -i eth0
module run failed, [skip it]. error:couldn't start bootstrap manager error:2 errors occurred:
* error:error:netlink receive: no such file or directory , couldn't add a ", err clsact" qdisc to interface 5, {UID:, EbpfFuncName:egress_cls_func}
* error:error:netlink receive: no such file or directory , couldn't add a ", err clsact" qdisc to interface 5, {UID:, EbpfFuncName:ingress_cls_func}
, probes activation validation failed .
tls_2023/04/14 01:45:40 ECAPTURE :: No runnable modules, Exit(1)
ecapt tls -w save_android.pcapng -i wlan0
module run failed, [skip it]. error:route ip+net: no such network interface
tls_2023/04/14 01:48:57 ECAPTURE :: No runnable modules, Exit(1)
The text was updated successfully, but these errors were encountered: