x-pack/packetbeat: add licensing notices and information for Npcap

CHANGELOG.next.asciidoc

@@ -285,6 +285,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Packetbeat*
 
+- Add automated OEM Npcap installation handling. {pull}29112[29112]
+
 *Functionbeat*
 
 

NOTICE.txt

@@ -16728,6 +16728,43 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
+--------------------------------------------------------------------------------
+Dependency : golang.org/x/mod
+Version: v0.5.1
+Licence type (autodetected): BSD-3-Clause
+--------------------------------------------------------------------------------
+
+Contents of probable licence file $GOMODCACHE/golang.org/x/[email protected]/LICENSE:
+
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
 --------------------------------------------------------------------------------
 Dependency : golang.org/x/net
 Version: v0.0.0-20211020060615-d418f374d309
@@ -34519,43 +34556,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
---------------------------------------------------------------------------------
-Dependency : golang.org/x/mod
-Version: v0.5.1
-Licence type (autodetected): BSD-3-Clause
---------------------------------------------------------------------------------
-
-Contents of probable licence file $GOMODCACHE/golang.org/x/[email protected]/LICENSE:
-
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
 --------------------------------------------------------------------------------
 Dependency : golang.org/x/term
 Version: v0.0.0-20210615171337-6886f2dfbf5b

dev-tools/mage/config.go

@@ -149,6 +149,7 @@ func makeConfigTemplate(destination string, mode os.FileMode, confParams ConfigF
 	params := map[string]interface{}{
 		"GOOS":                           EnvOr("DEV_OS", "linux"),
 		"GOARCH":                         EnvOr("DEV_ARCH", "amd64"),
+		"BeatLicense":                    BeatLicense,
 		"Reference":                      false,
 		"Docker":                         false,
 		"ExcludeConsole":                 false,

dev-tools/packaging/package_test.go

@@ -23,6 +23,7 @@ package dev_tools
 import (
 	"archive/tar"
 	"archive/zip"
+	"bufio"
 	"bytes"
 	"compress/gzip"
 	"encoding/json"
@@ -169,7 +170,7 @@ func checkTar(t *testing.T, file string) {
 }
 
 func checkZip(t *testing.T, file string) {
-	p, err := readZip(file)
+	p, err := readZip(t, file, checkNpcapNotices)
 	if err != nil {
 		t.Error(err)
 		return
@@ -183,6 +184,34 @@ func checkZip(t *testing.T, file string) {
 	checkLicensesPresent(t, "", p)
 }
 
+var npcapConfigPattern = regexp.MustCompile("Windows Npcap installation settings")
+
+func checkNpcapNotices(pkg, file string, contents io.Reader) error {
+	if !strings.Contains(pkg, "packetbeat") || !strings.Contains(pkg, "windows") {
+		return nil
+	}
+
+	wantNotices := strings.Contains(pkg, "windows")
+
+	// If the packetbeat README.md is made to be generated
+	// conditionally then it should also be checked here.
+	pkg = filepath.Base(pkg)
+	file, err := filepath.Rel(pkg[:len(pkg)-len(filepath.Ext(pkg))], file)
+	if err != nil {
+		return err
+	}
+	switch file {
+	case "packetbeat.yml", "packetbeat.reference.yml":
+		if npcapConfigPattern.MatchReader(bufio.NewReader(contents)) != wantNotices {
+			if wantNotices {
+				return fmt.Errorf("Npcap config section not found in config file %s in %s", file, pkg)
+			}
+			return fmt.Errorf("unexpected Npcap config section found in config file %s in %s", file, pkg)
+		}
+	}
+	return nil
+}
+
 func checkDocker(t *testing.T, file string) {
 	p, info, err := readDocker(file)
 	if err != nil {
@@ -623,7 +652,11 @@ func readTarContents(tarName string, data io.Reader) (*packageFile, error) {
 	return p, nil
 }
 
-func readZip(zipFile string) (*packageFile, error) {
+// inspector is a file contents inspector. It vets the contents of the file
+// within a package for a requirement and returns an error if it is not met.
+type inspector func(pkg, file string, contents io.Reader) error
+
+func readZip(t *testing.T, zipFile string, inspectors ...inspector) (*packageFile, error) {
 	r, err := zip.OpenReader(zipFile)
 	if err != nil {
 		return nil, err
@@ -636,6 +669,18 @@ func readZip(zipFile string) (*packageFile, error) {
 			File: f.Name,
 			Mode: f.Mode(),
 		}
+		for _, inspect := range inspectors {
+			r, err := f.Open()
+			if err != nil {
+				t.Errorf("failed to open %s in %s: %v", f.Name, zipFile, err)
+				break
+			}
+			err = inspect(zipFile, f.Name, r)
+			if err != nil {
+				t.Error(err)
+			}
+			r.Close()
+		}
 	}
 
 	return p, nil
@@ -740,7 +785,6 @@ func readDockerManifest(r io.Reader) (*dockerManifest, error) {
 	err = json.Unmarshal(data, &manifests)
 	if err != nil {
 		return nil, err
-
 	}
 
 	if len(manifests) != 1 {

go.mod

@@ -164,6 +164,7 @@ require (
 	go.uber.org/zap v1.14.1
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
+	golang.org/x/mod v0.5.1
 	golang.org/x/net v0.0.0-20211020060615-d418f374d309
 	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
@@ -268,7 +269,6 @@ require (
 	github.com/xdg/stringprep v1.0.3 // indirect
 	go.elastic.co/fastjson v1.1.0 // indirect
 	go.opencensus.io v0.23.0 // indirect
-	golang.org/x/mod v0.5.1 // indirect
 	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

packetbeat/_meta/config/beat.reference.yml.tmpl

@@ -57,6 +57,8 @@ packetbeat.interfaces.internal_networks:
 # can stay enabled even after beat is shut down.
 #packetbeat.interfaces.auto_promisc_mode: true
 
+{{- template "windows_npcap.yml.tmpl" .}}
+
 {{header "Flows"}}
 
 packetbeat.flows:

packetbeat/_meta/config/beat.yml.tmpl

@@ -23,6 +23,8 @@ packetbeat.interfaces.device: {{ call .device .GOOS }}
 packetbeat.interfaces.internal_networks:
   - private
 
+{{- template "windows_npcap.yml.tmpl" .}}
+
 {{header "Flows"}}
 
 # Set `enabled: false` or comment out all options to disable flows reporting.

packetbeat/_meta/config/windows_npcap.yml.tmpl

@@ -0,0 +1,23 @@
+{{if and (eq .BeatLicense "Elastic License") (eq .GOOS "windows")}}
+
+{{header "Windows Npcap installation settings"}}
+
+# Windows Npcap installation options. These options specify how the Npcap packet
+# capture library for Windows should be obtained and installed.
+# Windows Npcap installation is only available with x-pack.
+#npcap:
+#  # install_destination allows configuration of the location that the Npcap will
+#  # place the Npcap library and associated files. See https://nmap.org/npcap/guide/npcap-users-guide.html#npcap-installation-uninstall-options.
+#  install_destination: ""
+#  install_timeout: 120s
+#  # ignore_missing_registry specifies that failure to query the registry server
+#  # will be ignored with a logged warning.
+#  ignore_missing_registry: false
+#  # By default Npcap will be installed only when a newer version of Npcap is available.
+#  # force_reinstall forces a new installation of Npcap in all cases.
+#  force_reinstall: false
+#  # If a specific local version of Npcap is required installation by packetbeat
+#  # can be blocked by setting never_install to true. No action is taken if this
+#  # option is set to true.
+#  never_install: false
+{{- end -}}

packetbeat/beater/install_npcap.go

@@ -0,0 +1,92 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package beater
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"time"
+
+	"github.com/elastic/beats/v7/libbeat/beat"
+	"github.com/elastic/beats/v7/libbeat/logp"
+	"github.com/elastic/beats/v7/packetbeat/npcap"
+)
+
+type npcapConfig struct {
+	NeverInstall       bool          `config:"npcap.never_install"`
+	ForceReinstall     bool          `config:"npcap.force_reinstall"`
+	InstallTimeout     time.Duration `config:"npcap.install_timeout"`
+	InstallDestination string        `config:"npcal.install_destination"`
+}
+
+func (c *npcapConfig) Init() {
+	// Set defaults.
+	c.InstallTimeout = 120 * time.Second
+}
+
+func installNpcap(b *beat.Beat) error {
+	if !b.Info.ElasticLicensed {
+		return nil
+	}
+	if runtime.GOOS != "windows" {
+		return nil
+	}
+
+	var cfg npcapConfig
+	err := b.BeatConfig.Unpack(&cfg)
+	if err != nil {
+		return fmt.Errorf("failed to unpack npcap config: %w", err)
+	}
+	if cfg.NeverInstall {
+		return nil
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), cfg.InstallTimeout)
+	defer cancel()
+
+	log := logp.NewLogger("npcap_install")
+
+	if npcap.Installer == nil {
+		return nil
+	}
+	if !cfg.ForceReinstall && !npcap.Upgradeable() {
+		npcap.Installer = nil
+		return nil
+	}
+	tmp, err := os.MkdirTemp("", "")
+	if err != nil {
+		return fmt.Errorf("could not create installation temporary directory: %w", err)
+	}
+	defer func() {
+		// The init sequence duplicates the embedded binary.
+		// Get rid of the part we can. The remainder is in
+		// the packetbeat text section as a string.
+		npcap.Installer = nil
+		// Remove the installer from the file system.
+		os.RemoveAll(tmp)
+	}()
+	installerPath := filepath.Join(tmp, "npcap.exe")
+	err = os.WriteFile(installerPath, npcap.Installer, 0o700)
+	if err != nil {
+		return fmt.Errorf("could not create installation temporary file: %w", err)
+	}
+	return npcap.Install(ctx, log, installerPath, cfg.InstallDestination, false)
+}

packetbeat/beater/packetbeat.go

@@ -111,6 +111,12 @@ func (pb *packetbeat) Run(b *beat.Beat) error {
 		}
 	}()
 
+	// Install Npcap if needed.
+	err := installNpcap(b)
+	if err != nil {
+		return err
+	}
+
 	if !b.Manager.Enabled() {
 		return pb.runStatic(b, pb.factory)
 	}