Description of problem: https://issues.redhat.com/browse/SDN-1760 added an option to capture tcpdump packets, however while testing it fails to do so as below: $ ./oc adm must-gather --dest-dir ./tmp --source-dir '/tmp/tcpdump/' --image quay.io/openshift/origin-network-tools:latest --node-selector 'kubernetes.io/os=linux,node-role.kubernetes.io/master' --host-network -- timeout 30 tcpdump -i any -w /tmp/tcpdump/\$POD_NAME-%Y-%m-%dT%H:%M:%S.pcap -W 1 -G 300 [must-gather ] OUT Using must-gather plug-in image: quay.io/openshift/origin-network-tools:latest When opening a support case, bugzilla, or issue please include the following summary data along with any other requested information. ClusterID: bc06a2a8-d1c9-415e-9e17-8fa6e43c993b ClusterVersion: Stable at "4.10.0-0.nightly-2021-11-04-001635" ClusterOperators: All healthy and stable [must-gather ] OUT namespace/openshift-must-gather-6cz8g created [must-gather ] OUT clusterrolebinding.rbac.authorization.k8s.io/must-gather-zqk67 created Warning: would violate "latest" version of "baseline" PodSecurity profile: host namespaces (hostNetwork=true) [must-gather ] OUT pod: must-gather-f6s2q on node: ci-ln-tp3hvw2-72292-t8rf7-master-0 for plug-in image quay.io/openshift/origin-network-tools:latest created [must-gather ] OUT pod: must-gather-jfhrz on node: ci-ln-tp3hvw2-72292-t8rf7-master-1 for plug-in image quay.io/openshift/origin-network-tools:latest created [must-gather ] OUT pod: must-gather-jqzn4 on node: ci-ln-tp3hvw2-72292-t8rf7-master-2 for plug-in image quay.io/openshift/origin-network-tools:latest created [must-gather-jfhrz] POD 2021-11-04T16:58:28.800868866Z tcpdump: any: You don't have permission to capture on that device [must-gather-jfhrz] POD 2021-11-04T16:58:28.800868866Z (socket: Operation not permitted) [must-gather-f6s2q] POD 2021-11-04T16:58:28.573518008Z tcpdump: 2021-11-04T16:58:28.573646835Z any: You don't have permission to capture on that device [must-gather-f6s2q] POD 2021-11-04T16:58:28.573646835Z (socket: Operation not permitted)2021-11-04T16:58:28.573673551Z [must-gather-jqzn4] POD 2021-11-04T16:58:28.589776570Z tcpdump: any: You don't have permission to capture on that device [must-gather-jqzn4] POD 2021-11-04T16:58:28.589776570Z (socket: Operation not permitted) [must-gather-jfhrz] OUT waiting for gather to complete [must-gather-f6s2q] OUT waiting for gather to complete [must-gather-jqzn4] OUT waiting for gather to complete [must-gather-jfhrz] OUT downloading gather output [must-gather-f6s2q] OUT downloading gather output [must-gather-jqzn4] OUT downloading gather output [must-gather-jqzn4] OUT receiving file list ... done [must-gather-jfhrz] OUT receiving file list ... done [must-gather-jqzn4] OUT [must-gather-jqzn4] OUT sent 16 bytes received 44 bytes 40.00 bytes/sec [must-gather-jqzn4] OUT total size is 0 speedup is 0.00 [must-gather-jfhrz] OUT [must-gather-jfhrz] OUT sent 16 bytes received 44 bytes 24.00 bytes/sec [must-gather-jfhrz] OUT total size is 0 speedup is 0.00 [must-gather-f6s2q] OUT receiving file list ... done [must-gather-f6s2q] OUT [must-gather-f6s2q] OUT sent 16 bytes received 44 bytes 9.23 bytes/sec [must-gather-f6s2q] OUT total size is 0 speedup is 0.00 [must-gather ] OUT clusterrolebinding.rbac.authorization.k8s.io/must-gather-zqk67 deleted [must-gather ] OUT namespace/openshift-must-gather-6cz8g deleted When opening a support case, bugzilla, or issue please include the following summary data along with any other requested information. ClusterID: bc06a2a8-d1c9-415e-9e17-8fa6e43c993b ClusterVersion: Stable at "4.10.0-0.nightly-2021-11-04-001635" ClusterOperators: All healthy and stable Version-Release number of selected component (if applicable): [root@ocp-edge50 ~]# oc version Client Version: 4.10.0-0.nightly-2021-11-03-111400 Server Version: 4.10.0-0.nightly-2021-11-03-111400 How reproducible: Reliably Steps to Reproduce: 1.install 4.10 cluster, login as kubeadmin 2. Run above "oc adm mustgather" command 3. Actual results: Command fails to capture tcpdump packets due to permissions issue. Expected results: tcpdump packet capture should succeed. Additional info:
Correct oc version: $ ./oc version Client Version: 4.10.0-0.nightly-2021-11-04-001635 Server Version: 4.10.0-0.nightly-2021-11-04-001635 Kubernetes Version: v1.22.1+1b2affc
@
(In reply to zhaozhanqi from comment #4) > @ Mehul Modi assign you this bug for verification, thanks.
Marking Verified, attached testing notes above.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056