From 55ad07f8f1081ad7183f4028fa9fa96524cc97b1 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Tue, 1 Aug 2023 07:11:10 +0930 Subject: [PATCH] alter never install behaviour to allow install if no Npcap DLL is already installed --- .../_meta/config/windows_npcap.yml.tmpl | 2 +- packetbeat/beater/install_npcap.go | 29 ++++++++++++------- packetbeat/docs/packetbeat-options.asciidoc | 2 +- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/packetbeat/_meta/config/windows_npcap.yml.tmpl b/packetbeat/_meta/config/windows_npcap.yml.tmpl index 62605c20250..23647cc6d01 100644 --- a/packetbeat/_meta/config/windows_npcap.yml.tmpl +++ b/packetbeat/_meta/config/windows_npcap.yml.tmpl @@ -8,6 +8,6 @@ #packetbeat.npcap: # # If a specific local version of Npcap is required, installation by packetbeat # # can be blocked by setting never_install to true. No action is taken if this -# # option is set to true. +# # option is set to true unless no Npcap is already installed. # never_install: false {{- end -}} diff --git a/packetbeat/beater/install_npcap.go b/packetbeat/beater/install_npcap.go index 017fb35e9ae..c1413fdb6d9 100644 --- a/packetbeat/beater/install_npcap.go +++ b/packetbeat/beater/install_npcap.go @@ -23,6 +23,7 @@ import ( "os" "path/filepath" "runtime" + "strings" "sync" "time" @@ -61,13 +62,21 @@ func installNpcap(b *beat.Beat, cfg *conf.C) error { } log := logp.NewLogger("npcap_install") - canInstall, err := canInstallNpcap(b, cfg, log) - if err != nil { - return err - } - if !canInstall { - log.Warn("npcap installation/upgrade disabled by user") - return nil + // Only check whether we have been requested to never_install if there + // is already an Npcap installation present. This should not be necessary, + // but the start-up logic of packetbeat is tightly coupled to the presence + // of a backing sniffer. This should really not be necessary, but the changes + // to modify this behaviour are non-trivial, so just avoid the issue. + isInstalled := strings.HasPrefix(npcap.Version(), "Npcap version") + if isInstalled { + canInstall, err := canInstallNpcap(b, cfg, log) + if err != nil { + return err + } + if !canInstall { + log.Warn("npcap installation/upgrade disabled by user") + return nil + } } ctx, cancel := context.WithTimeout(context.Background(), installTimeout) @@ -121,12 +130,12 @@ func canInstallNpcap(b *beat.Beat, rawcfg *conf.C, log *logp.Logger) (bool, erro if len(cfg.Streams) == 0 { // We have no stream to monitor, so we don't need to install // anything. We may be in the middle of a config check. - log.Info("cannot install because no configured stream") + log.Debug("cannot install because no configured stream") return false, nil } for _, c := range cfg.Streams { if c.NeverInstall { - log.Infof("cannot install because %s has never_install set to true", c.Type) + log.Debugf("cannot install because %s has never_install set to true", c.Type) return false, nil } } @@ -140,7 +149,7 @@ func canInstallNpcap(b *beat.Beat, rawcfg *conf.C, log *logp.Logger) (bool, erro return false, fmt.Errorf("failed to unpack npcap config from packetbeat configuration: %w", err) } if cfg.NeverInstall { - log.Infof("cannot install because %s has never_install set to true", cfg.Type) + log.Debugf("cannot install because %s has never_install set to true", cfg.Type) } return !cfg.NeverInstall, err } diff --git a/packetbeat/docs/packetbeat-options.asciidoc b/packetbeat/docs/packetbeat-options.asciidoc index 5266dac8d33..4a74dd5593e 100644 --- a/packetbeat/docs/packetbeat-options.asciidoc +++ b/packetbeat/docs/packetbeat-options.asciidoc @@ -61,7 +61,7 @@ On Windows {beatname} requires an Npcap DLL installation. This is provided by {b for users of the Elastic Licenced version. In some cases users may wish to use their own installed version. In order to do this the `packetbeat.npcap.never_install` option can be used. Setting this option to `true` will not attempt to install the -bundled Npcap library on start-up. +bundled Npcap library on start-up unless no Npcap is already installed. [source,yaml] ------------------------------------------------------------------------------