Sun, Jul 19, 2015

Pcap4J container with runC

Pcap4J container with runC

I tried to run a Pcap4J container with runC.

What is Pcap4J?

Pcap4J is a Java library for capturing, crafting, and sending packets. It’s actually a Java wrapper for libpcap/WinPcap plus packet analyzer. We can see the details in its README.

What is runC?

runC is a container runtime developed by Docker and released on June 22, 2015. With runC, we can start a container from a docker image without the docker service or the docker command.

That said, as of now, runC cannot directory use docker images. We need to create a container form a docker image and export its filesystem before executing runC.

It seems currently it supports only Linux but Windows support is in the roadmap.

What I did

  • Environment
    • OS: CentOS 7 (on VMware Player 7.1.0 on Windows 7)
    • user: root
    • runC version: 0.2
    • Pcap4J version: 1.5.1-SNAPSHOT
    • Docker version: 1.6.2

  • Prerequisites:
    • Docker is installed and Docker service is started
    • Go is installed

  • Step by step

    1. Install runC

      [[email protected] ~]# mkdir -p $GOPATH/src/
      [[email protected] ~]# cd $GOPATH/src/
      [[email protected] opencontainers]# git clone
      [[email protected] opencontainers]# cd runc
      [[email protected] runc]# make && make install
    2. Pull the Pcap4J docker image.

      [[email protected] ~]# docker pull kaitoy/pcap4j
    3. Create a container from the image.

      [[email protected] ~]# docker run -d --name pcap4j-tmp kaitoy/pcap4j:latest /bin/bash
    4. Export the container’s file system.

      [[email protected] ~]# mkdir /tmp/pcap4j-test
      [[email protected] pcap4j-test]# cd /tmp/pcap4j-test
      [[email protected] pcap4j-test]# docker export pcap4j-tmp > pcap4j.tar
      [[email protected] pcap4j-test]# tar xf pcap4j.tar

      We are now free from Docker. We don’t need Docker service, Docker command, Docker images, nor Docker containers anymore.

    5. Generate a container config file.

      [[email protected] pcap4j-test]# runc spec | sed -e 's/rootfs/\/root\/Desktop\/pcap4j-container/' -e 's/"readonly": true/"readonly": false/' -e 's/"NET_BIND_SERVICE"/"NET_BIND_SERVICE","NET_ADMIN","NET_RAW"/' > config.json

      In the above command, runc spec generates a standard container config file and sed modifies it for Pcap4J.

    6. Run a container.

      [[email protected] pcap4j-test]# runc
    7. In the container, enable lo.

      As far as I saw, lo is the only interface we can use in a container. So, I used it to capture packets.

      sh-4.1# ifconfig lo up
    8. Generate a script to ping localhost and run it background.

      sh-4.1# cd /usr/local/src/pcap4j/bin
      sh-4.1# echo ping \> /dev/null >
      sh-4.1# chmod +x
      sh-4.1# ./ &

      In the next step, ICMP packets from this will be captured.

    9. Generate a script to start capturing packets with Pcap4J and run it.

      sh-4.1# cat | sed -e 's/eth0/lo/' >
      sh-4.1# chmod +x
      sh-4.1# ./

      We will see the ICMP packets are dumped on the terminal. That’s it!

comments powered by Disqus