[Pkg-netmeasure-discuss] scamper sniff: sniff_state_alloc: could not get dl: Success

Matthew Luckie mjl at luckie.org.nz
Sun Feb 11 20:38:41 GMT 2024 

On 10/02/24 12:59, Marek Küthe wrote:
> Hello,
> 
> I am currently trying out some things with Scamper. I wanted to test
> `sc_warts2pcap` and wanted to catch some packets with sniff. I used the
> following command:
> ```
> $ scamper -O warts -o test.warts -I "sniff -S fd04:234e:fc31:e::21 -c 2
> icmp[icmpid] == 1"
> ```
> 
> Where the IP address belongs to a Layer-3 WireGuard interface:
> ```
> $ ip a s dnet
> 10: dnet: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue state
> UNKNOWN group default qlen 1000 link/none
>      inet 172.22.149.122/32 scope global noprefixroute dnet
>         valid_lft forever preferred_lft forever
>      inet6 fd04:234e:fc31:e::21/128 scope global noprefixroute
>         valid_lft forever preferred_lft forever
>      inet6 fe80::c302:40cf:a818:c23d/64 scope link noprefixroute
>         valid_lft forever preferred_lft forever
> ```
> 
> However, the program terminates with `[23:50:17:695] sniff_state_alloc:
> could not get dl: Success`.

scamper needs to know what type of datalink interface the system 
provides.  In your followup email:

[09:19:15:937] dl_linux_node_init: dnet unhandled datalink 65534

this corresponds to

#define ARPHRD_NONE	  0xFFFE	/* Zero header length.  */

I will look into getting this working on wireguard.

> I then tested it with the loopback interface and the IP address `::1`.
> This worked. Then I tried my WLAN interface: The program started there,
> but did not pick up a packet.
> WLAN interface while pinging with tcpdump:
> ```
> 23:57:44.475056 lo    In  IP6 ciel > ciel: ICMP6, echo request, id 1,
> seq 9, length 64
> ```
> (probably because scamper didn't listen to lo?)

Correct.  It listens to the interface with the IP address specified, and 
packets that stay within the host will use the loopback interface.

Note: the sniff command was added to support Reverse Traceroute, where 
other systems send packets with a spoofed source address, whose 
responses then end up at the system with that address, where the sniff 
command is running.  So receiving on the loopback interface is not an 
intended use case of this measurement primitive.

https://revtr.ccs.neu.edu/
https://www.usenix.org/legacy/event/nsdi10/tech/full_papers/katz-bassett.pdf

Matthew

More information about the Pkg-netmeasure-discuss mailing list