Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packetbeat process monitor: Ignore missing /proc/net/tcp6 #19945

Merged
merged 2 commits into from
Jul 17, 2020
Merged

Packetbeat process monitor: Ignore missing /proc/net/tcp6 #19945

merged 2 commits into from
Jul 17, 2020

Conversation

adriansr
Copy link
Contributor

@adriansr adriansr commented Jul 15, 2020
edited
Loading

What does this PR do?

This makes Packetbeat's process monitor to continue execution when /proc/net/tcp6 is missing (ipv6 disabled in kernel).

Why is it important?

The process monitor feature was not working when ipv6 was disabled.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

  • Boot kernel with ipv6.disable=1
  • Run packetbeat with -E packetbeat.procs.enabled=true

Related issues

Closes #19941

Logs

Errors before this fix:

2020-07-15T10:01:30.006Z	ERROR	procs/procs_linux.go:73	GetLocalPortToPIDMapping: parsing '/proc/net/tcp6': open /proc/net/tcp6: no such file or directory
2020-07-15T10:01:30.006Z	ERROR	procs/procs.go:224	unable to list local ports: open /proc/net/tcp6: no such file or directory

Warning after this fix (shown only once):

2020-07-16T12:04:20.802Z	WARN	procs/procs_linux.go:80	No IPv6 socket info reported by the kernel. Process monitor won't enrich IPv6 events

@adriansr
Process monitor: Ignore missing /proc/net/tcp6
4d6596a 
This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941
@adriansr adriansr added bug Packetbeat needs_backport PR is waiting to be backported to other branches. Team:SIEM labels Jul 15, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 15, 2020
@marc-gr
Copy link
Contributor

marc-gr commented Jul 15, 2020

LGTM. Not sure if would be useful to drop a info or warn if this happens, though.

@adriansr adriansr requested a review from marc-gr July 16, 2020 12:12
@adriansr
Copy link
Contributor Author

@marc-gr makes sense. Added a one-time warning

@adriansr adriansr merged commit 4ce680c into elastic:master Jul 17, 2020
adriansr added a commit to adriansr/beats that referenced this pull request Jul 17, 2020
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945
b61ecdb 
)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941

(cherry picked from commit 4ce680c)
@adriansr adriansr mentioned this pull request Jul 17, 2020
Merged
6 tasks
@adriansr adriansr added v7.9.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jul 17, 2020
adriansr added a commit to adriansr/beats that referenced this pull request Jul 17, 2020
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945
7176929 
)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941

(cherry picked from commit 4ce680c)
@adriansr adriansr mentioned this pull request Jul 17, 2020
Merged
6 tasks
adriansr added a commit to adriansr/beats that referenced this pull request Jul 17, 2020
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945
12748f3 
)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941

(cherry picked from commit 4ce680c)
@adriansr adriansr mentioned this pull request Jul 17, 2020
Merged
6 tasks
adriansr added a commit that referenced this pull request Jul 20, 2020
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (#19945) (#…
1a802fb 
…20013)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes #19941

(cherry picked from commit 4ce680c)
adriansr added a commit that referenced this pull request Jul 20, 2020
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (#19945) (#…
a3bb99d 
…20014)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes #19941

(cherry picked from commit 4ce680c)
adriansr added a commit that referenced this pull request Jul 20, 2020
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (#19945) (#…
5877e19 
…20015)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes #19941

(cherry picked from commit 4ce680c)
v1v added a commit to v1v/beats that referenced this pull request Jul 20, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/fix-warni…
cf807c2 
…ngs-archive

* upstream/master: (274 commits)
  Test export commands in all Beats (elastic#20016)
  [Ingest Manager] Allow using drop path for agent build (elastic#20019)
  [DOCS] Remove include for deleted file in monitoring docs (elastic#20038)
  Removing xpack.monitoring.* settings (elastic#18608)
  [Heartbeat] Add service_name option for APM integration (elastic#19932)
  [Elastic Agent] Fix merging of fleet.yml. Add --staging to enroll cmd. (elastic#20026)
  Stricter stalebot configuration for PRs (elastic#20004)
  [ci] Favor direct mage invocation on CI (elastic#19960)
  Add cloudwatch input into Filebeat configure inputs documentation (elastic#19973)
  [Filebeat] remove delimiter \n from log line in s3 input (elastic#19972)
  [Metricbeat] Update MySQL dashboard (elastic#19913)
  Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945)
  [CI] fix MODULE variable cornercases (elastic#19985)
  Ignore timestamp in fortinet/clientendpoint and netscout/sightline (elastic#19998)
  add 7.9 to .backportrc.json (elastic#19952)
  Update internal links to external (elastic#19947)
  Remove Dynamic Script Compilations warning in Cisco module (elastic#19840)
  [Elastic Agent] Fix RPM and DEB packaging for Elastic Agent (elastic#19959)
  [Ingest Manager] Do not compare err with custom type (elastic#19980)
  Fix nanocore sum for non default intervals on Kubernetes Overview Dashboard (elastic#19675)
  ...
v1v added a commit to v1v/beats that referenced this pull request Jul 20, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-read-o…
a6c5555 
…nly-mod

* upstream/master: (75 commits)
  Test export commands in all Beats (elastic#20016)
  [Ingest Manager] Allow using drop path for agent build (elastic#20019)
  [DOCS] Remove include for deleted file in monitoring docs (elastic#20038)
  Removing xpack.monitoring.* settings (elastic#18608)
  [Heartbeat] Add service_name option for APM integration (elastic#19932)
  [Elastic Agent] Fix merging of fleet.yml. Add --staging to enroll cmd. (elastic#20026)
  Stricter stalebot configuration for PRs (elastic#20004)
  [ci] Favor direct mage invocation on CI (elastic#19960)
  Add cloudwatch input into Filebeat configure inputs documentation (elastic#19973)
  [Filebeat] remove delimiter \n from log line in s3 input (elastic#19972)
  [Metricbeat] Update MySQL dashboard (elastic#19913)
  Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945)
  [CI] fix MODULE variable cornercases (elastic#19985)
  Ignore timestamp in fortinet/clientendpoint and netscout/sightline (elastic#19998)
  add 7.9 to .backportrc.json (elastic#19952)
  Update internal links to external (elastic#19947)
  Remove Dynamic Script Compilations warning in Cisco module (elastic#19840)
  [Elastic Agent] Fix RPM and DEB packaging for Elastic Agent (elastic#19959)
  [Ingest Manager] Do not compare err with custom type (elastic#19980)
  Fix nanocore sum for non default intervals on Kubernetes Overview Dashboard (elastic#19675)
  ...
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@adriansr @melchiormoulin
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945
9486473 
)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945
7ade56b 
) (elastic#20014)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941

(cherry picked from commit 95166b9)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
@adriansr
Packetbeat process monitor: Ignore missing /proc/net/tcp6 (elastic#19945
3701c6e 
) (elastic#20015)

This makes Packetbeat's process monitor to continue execution when
/proc/net/tcp6 is missing (ipv6 disabled in kernel).

Closes elastic#19941

(cherry picked from commit 95166b9)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc-gr marc-gr marc-gr approved these changes

Assignees
No one assigned
Labels
bug Packetbeat review v7.8.1 v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Packetbeat process monitor doesn't work with IPv6 disabled
3 participants
@adriansr @elasticmachine @marc-gr