Re: [weewx-user] v5 pip - interceptor in sniff mode permissions question

2024-03-20 Thread John Smith 
I dont know why weewx isnt started as root and once up and running drop
privledges. Itd solve a number of these issues.

On Thu, 21 Mar 2024, 06:46 vince,  wrote:

> I'm fiddling around trying to learn interceptor and how to set it up for
> v5 and have it at least listening without errors as user 'pi' as long as
> I'm listening on an unprivileged port.
>
> But 'sniff' mode requires being able to get into promiscuous mode it seems
> and then I'm hitting permission issues. I use the 'pip' installation for
> weewx but I'd expect the dpkg would have the same issues since weewx now
> runs unprivileged.
>
> I did find some cryptic google hits suggesting that I can give the python
> interpreter permission to do so ala "sudo setcap cap_net_raw+eip
> /usr/bin/python3.11"  which seems to permit weewxd to sniff for packets,
> but that seems like a security risk isn't it ?
>
> Is there a preferred way to get the unprivileged weewxd user the ability
> to sniff for packets if you have to run interceptor in that mode ???
>
> My pip3 list includes:
>
> PackageVersion
> -- ---
> libpcap1.11.0b8
> pypcap 1.3.0
> (others omitted for brevity)
>
> My Interceptor stanza looks like:
> [Interceptor]
> # This section is for the network traffic interceptor driver.
>
> # The driver to use:
> driver = user.interceptor
>
> # Specify the hardware device to capture. Options include:
> #   acurite-bridge - acurite internet bridge, smarthub, or access
> #   observer - fine offset WH2600/HP1000/HP1003, ambient WS2902
> #   lw30x - oregon scientific LW301/LW302
> #   lacrosse-bridge - lacrosse GW1000U/C84612 internet bridge
> #   ecowitt-client - any hardware that uses the ecowitt protocol
> #   wu-client - any hardware that uses the weather underground protocol
> device_type = ecowitt-client
> iface = wlan0
>
> # listen
> #mode = listen
> #port = 8000
>
> # or sniff
>mode = sniff
>pcap_filter = src 192.168.1.201 and dst port 8001
>
> --
> You received this message because you are subscribed to the Google Groups
> "weewx-user" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to weewx-user+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/weewx-user/38403d42-3bb5-4003-9786-308c39309ec9n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to weewx-user+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/weewx-user/CAGTinV4Kf7cOdwJfskLti91ArCUf%3DbPixynQN9aV9_t6y5qevA%40mail.gmail.com.

[weewx-user] v5 pip - interceptor in sniff mode permissions question

2024-03-20 Thread vince 
I'm fiddling around trying to learn interceptor and how to set it up for v5 
and have it at least listening without errors as user 'pi' as long as I'm 
listening on an unprivileged port.   

But 'sniff' mode requires being able to get into promiscuous mode it seems 
and then I'm hitting permission issues. I use the 'pip' installation for 
weewx but I'd expect the dpkg would have the same issues since weewx now 
runs unprivileged.

I did find some cryptic google hits suggesting that I can give the python 
interpreter permission to do so ala "sudo setcap cap_net_raw+eip 
/usr/bin/python3.11"  which seems to permit weewxd to sniff for packets, 
but that seems like a security risk isn't it ?

Is there a preferred way to get the unprivileged weewxd user the ability to 
sniff for packets if you have to run interceptor in that mode ???

My pip3 list includes:

PackageVersion
-- ---
libpcap1.11.0b8
pypcap 1.3.0
(others omitted for brevity)

My Interceptor stanza looks like:
[Interceptor]
# This section is for the network traffic interceptor driver.

# The driver to use:
driver = user.interceptor

# Specify the hardware device to capture. Options include:
#   acurite-bridge - acurite internet bridge, smarthub, or access
#   observer - fine offset WH2600/HP1000/HP1003, ambient WS2902
#   lw30x - oregon scientific LW301/LW302
#   lacrosse-bridge - lacrosse GW1000U/C84612 internet bridge
#   ecowitt-client - any hardware that uses the ecowitt protocol
#   wu-client - any hardware that uses the weather underground protocol
device_type = ecowitt-client
iface = wlan0

# listen
#mode = listen
#port = 8000

# or sniff
   mode = sniff
   pcap_filter = src 192.168.1.201 and dst port 8001

-- 
You received this message because you are subscribed to the Google Groups 
"weewx-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to weewx-user+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/weewx-user/38403d42-3bb5-4003-9786-308c39309ec9n%40googlegroups.com.