Pcap4J container with runC
What is Pcap4J?
Pcap4J is a Java library for capturing, crafting, and sending packets. It’s actually a Java wrapper for libpcap/WinPcap plus packet analyzer. We can see the details in its README.
What is runC?
runC is a container runtime developed by Docker and released on June 22, 2015. With runC, we can start a container from a docker image without the docker service or the docker command.
That said, as of now, runC cannot directory use docker images. We need to create a container form a docker image and export its filesystem before executing runC.
It seems currently it supports only Linux but Windows support is in the roadmap.
What I did
- OS: CentOS 7 (on VMware Player 7.1.0 on Windows 7)
- user: root
- runC version: 0.2
- Pcap4J version: 1.5.1-SNAPSHOT
- Docker version: 1.6.2
- Docker is installed and Docker service is started
- Go is installed
Step by step
[root@localhost ~]# mkdir -p $GOPATH/src/github.com/opencontainers [root@localhost ~]# cd $GOPATH/src/github.com/opencontainers [root@localhost opencontainers]# git clone https://github.com/opencontainers/runc [root@localhost opencontainers]# cd runc [root@localhost runc]# make && make install
Pull the Pcap4J docker image.
[root@localhost ~]# docker pull kaitoy/pcap4j
Create a container from the image.
[root@localhost ~]# docker run -d --name pcap4j-tmp kaitoy/pcap4j:latest /bin/bash
Export the container’s file system.
[root@localhost ~]# mkdir /tmp/pcap4j-test [root@localhost pcap4j-test]# cd /tmp/pcap4j-test [root@localhost pcap4j-test]# docker export pcap4j-tmp > pcap4j.tar [root@localhost pcap4j-test]# tar xf pcap4j.tar
We are now free from Docker. We don’t need Docker service, Docker command, Docker images, nor Docker containers anymore.
Generate a container config file.
[root@localhost pcap4j-test]# runc spec | sed -e 's/rootfs/\/root\/Desktop\/pcap4j-container/' -e 's/"readonly": true/"readonly": false/' -e 's/"NET_BIND_SERVICE"/"NET_BIND_SERVICE","NET_ADMIN","NET_RAW"/' > config.json
In the above command,
runc specgenerates a standard container config file and
sedmodifies it for Pcap4J.
Run a container.
[root@localhost pcap4j-test]# runc
In the container, enable lo.
As far as I saw, lo is the only interface we can use in a container. So, I used it to capture packets.
sh-4.1# ifconfig lo up
Generate a script to ping localhost and run it background.
sh-4.1# cd /usr/local/src/pcap4j/bin sh-4.1# echo ping 127.0.0.1 \> /dev/null > pinger.sh sh-4.1# chmod +x pinger.sh sh-4.1# ./pinger.sh &
In the next step, ICMP packets from this pinger.sh will be captured.
Generate a script to start capturing packets with Pcap4J and run it.
sh-4.1# cat runGetNextPacket.sh | sed -e 's/eth0/lo/' > foo.sh sh-4.1# chmod +x foo.sh sh-4.1# ./foo.sh
We will see the ICMP packets are dumped on the terminal. That’s it!