diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 73245a03c97..298142ae9f4 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -140,7 +140,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif *Packetbeat* -- Add automated OEM Npcap installation handling. {pull}29112[29112] {pull}30438[30438] +- Add automated OEM Npcap installation handling. {pull}29112[29112] {pull}30438[30438] {pull}30493[30493] - Add support for capturing TLS random number and OCSP status request details. {issue}29962[29962] {pull}30102[30102] *Functionbeat* diff --git a/packetbeat/beater/install_npcap.go b/packetbeat/beater/install_npcap.go index e947bca5b01..d15ac21479a 100644 --- a/packetbeat/beater/install_npcap.go +++ b/packetbeat/beater/install_npcap.go @@ -51,6 +51,9 @@ func installNpcap(b *beat.Beat) error { log.Infof("npcap version: %s", npcapVersion) } }() + if !npcap.Upgradeable() { + return nil + } ctx, cancel := context.WithTimeout(context.Background(), installTimeout) defer cancel() diff --git a/packetbeat/npcap/npcap.go b/packetbeat/npcap/npcap.go index c81d1ce731d..d0cc42dce48 100644 --- a/packetbeat/npcap/npcap.go +++ b/packetbeat/npcap/npcap.go @@ -68,6 +68,18 @@ func Install(ctx context.Context, log *logp.Logger, path, dst string, compat boo } func install(ctx context.Context, log *logp.Logger, path, dst string, compat bool) error { + if pcap.Version() != "" { + // If we are here there is a runtime Npcap DLL loaded. We need to + // unload this to prevent the application being killed during the + // install. + // + // See https://npcap.com/guide/npcap-users-guide.html#npcap-installation-uninstall-options. + err := unloadWinPCAP() + if err != nil { + return fmt.Errorf("npcap: failed to unload Npcap DLL: %w", err) + } + } + args := []string{"/S", "/winpcap_mode=no"} if compat { args[1] = "/winpcap_mode=yes" @@ -96,7 +108,7 @@ func install(ctx context.Context, log *logp.Logger, path, dst string, compat boo return fmt.Errorf("npcap: failed to install Npcap: %w", err) } - return reloadWinPCAP() + return loadWinPCAP() } func Upgradeable() bool { diff --git a/packetbeat/npcap/npcap_other.go b/packetbeat/npcap/npcap_other.go index c813644d471..7f0d29c09e6 100644 --- a/packetbeat/npcap/npcap_other.go +++ b/packetbeat/npcap/npcap_other.go @@ -22,4 +22,4 @@ package npcap func loadWinPCAP() error { return nil } -func reloadWinPCAP() error { return nil } +func unloadWinPCAP() error { return nil } diff --git a/packetbeat/npcap/npcap_windows.go b/packetbeat/npcap/npcap_windows.go index 44d0053820f..3e08bf4a1ee 100644 --- a/packetbeat/npcap/npcap_windows.go +++ b/packetbeat/npcap/npcap_windows.go @@ -24,10 +24,4 @@ import "github.com/google/gopacket/pcap" func loadWinPCAP() error { return pcap.LoadWinPCAP() } -func reloadWinPCAP() error { - err := pcap.UnloadWinPCAP() - if err != nil { - return err - } - return pcap.LoadWinPCAP() -} +func unloadWinPCAP() error { return pcap.UnloadWinPCAP() }