Skip to content

fix: PCAP Receiver Unix Command (PIPE-678) #2983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Caleb-Hurshman merged 1 commit into from
Dec 17, 2025
Merged

fix: PCAP Receiver Unix Command (PIPE-678) #2983

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion receiver/pcapreceiver/factory_unix.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func createLogsReceiver(
if err := receiverCfg.Validate(); err != nil {
return nil, fmt.Errorf("validate config: %w", err)
}
params.Logger.Warn("PCAP receiver requires root privileges or tcpdump capabilities (cap_net_raw,cap_net_admin). Ensure the collector has sufficient privileges to capture network packets")

receiver, err := newReceiver(settings, receiverCfg, params.Logger, consumer, tb)
if err != nil {
return nil, err
Expand Down
38 changes: 30 additions & 8 deletions receiver/pcapreceiver/receiver_unix.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ import (
"io"
"os"
"os/exec"
"runtime"
"strings"

"go.opentelemetry.io/collector/component"
"go.uber.org/zap"
Expand Down Expand Up @@ -146,15 +148,35 @@ func (r *pcapReceiver) Shutdown(_ context.Context) error {

// buildCaptureCommand builds the tcpdump capture command for Unix systems
func (r *pcapReceiver) buildCaptureCommand() *exec.Cmd {
return newCommand(
"tcpdump",
args := []string{
"-i", r.config.Interface,
"-n", // Don't convert addresses to names
"-tt", // Print timestamps as Unix time
"-x", // Print hex data
"-s", fmt.Sprintf("%d", r.config.SnapLen), // Snapshot length
r.config.Filter, // BPF filter
)
"-n", // Don't resolve hostnames
"-xx", // Print packet data in hex with link-level headers
"-l", // Line buffered output
}

// Add macOS-specific flag to include interface name in output
// Used to parse the interface name when capturing from "any" interface
if runtime.GOOS == "darwin" {
args = append(args, "--apple-md-print", "I")
}

// Add -p flag to disable promiscuous mode if requested
if !r.config.Promiscuous {
args = append(args, "-p")
}

// Add snapshot length
args = append(args, "-s", fmt.Sprintf("%d", r.config.SnapLen))

// Add filter if specified
if r.config.Filter != "" {
// Split filter into words for proper argument passing
filterParts := strings.Fields(r.config.Filter)
args = append(args, filterParts...)
}

return newCommand("tcpdump", args...)
}

// readStderr reads error messages from tcpdump
Expand Down
Loading