From 8d52bdba6c42babfa6309b2e7da63c190fe0130b Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Tue, 22 Feb 2022 11:26:01 +1030 Subject: [PATCH] packetbeat/beater: don't attempt to install npcap when already installed (#30509) * don't attempt to install npcap when already installed * unload DLL during install operation (cherry picked from commit d74e7aae6da99145fffc550c25f1117041c56318) --- CHANGELOG.next.asciidoc | 2 +- packetbeat/beater/install_npcap.go | 3 +++ packetbeat/npcap/npcap.go | 14 +++++++++++++- packetbeat/npcap/npcap_other.go | 2 +- packetbeat/npcap/npcap_windows.go | 8 +------- 5 files changed, 19 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a31343a66a5..e2e110da2fd 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -136,7 +136,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Packetbeat* -- Add automated OEM Npcap installation handling. {pull}29112[29112] {pull}30438[30438] +- Add automated OEM Npcap installation handling. {pull}29112[29112] {pull}30438[30438] {pull}30493[30493] - Add support for capturing TLS random number and OCSP status request details. {issue}29962[29962] {pull}30102[30102] *Functionbeat* diff --git a/packetbeat/beater/install_npcap.go b/packetbeat/beater/install_npcap.go index e947bca5b01..d15ac21479a 100644 --- a/packetbeat/beater/install_npcap.go +++ b/packetbeat/beater/install_npcap.go @@ -51,6 +51,9 @@ func installNpcap(b *beat.Beat) error { log.Infof("npcap version: %s", npcapVersion) } }() + if !npcap.Upgradeable() { + return nil + } ctx, cancel := context.WithTimeout(context.Background(), installTimeout) defer cancel() diff --git a/packetbeat/npcap/npcap.go b/packetbeat/npcap/npcap.go index c81d1ce731d..d0cc42dce48 100644 --- a/packetbeat/npcap/npcap.go +++ b/packetbeat/npcap/npcap.go @@ -68,6 +68,18 @@ func Install(ctx context.Context, log *logp.Logger, path, dst string, compat boo } func install(ctx context.Context, log *logp.Logger, path, dst string, compat bool) error { + if pcap.Version() != "" { + // If we are here there is a runtime Npcap DLL loaded. We need to + // unload this to prevent the application being killed during the + // install. + // + // See https://npcap.com/guide/npcap-users-guide.html#npcap-installation-uninstall-options. + err := unloadWinPCAP() + if err != nil { + return fmt.Errorf("npcap: failed to unload Npcap DLL: %w", err) + } + } + args := []string{"/S", "/winpcap_mode=no"} if compat { args[1] = "/winpcap_mode=yes" @@ -96,7 +108,7 @@ func install(ctx context.Context, log *logp.Logger, path, dst string, compat boo return fmt.Errorf("npcap: failed to install Npcap: %w", err) } - return reloadWinPCAP() + return loadWinPCAP() } func Upgradeable() bool { diff --git a/packetbeat/npcap/npcap_other.go b/packetbeat/npcap/npcap_other.go index c813644d471..7f0d29c09e6 100644 --- a/packetbeat/npcap/npcap_other.go +++ b/packetbeat/npcap/npcap_other.go @@ -22,4 +22,4 @@ package npcap func loadWinPCAP() error { return nil } -func reloadWinPCAP() error { return nil } +func unloadWinPCAP() error { return nil } diff --git a/packetbeat/npcap/npcap_windows.go b/packetbeat/npcap/npcap_windows.go index 44d0053820f..3e08bf4a1ee 100644 --- a/packetbeat/npcap/npcap_windows.go +++ b/packetbeat/npcap/npcap_windows.go @@ -24,10 +24,4 @@ import "github.com/google/gopacket/pcap" func loadWinPCAP() error { return pcap.LoadWinPCAP() } -func reloadWinPCAP() error { - err := pcap.UnloadWinPCAP() - if err != nil { - return err - } - return pcap.LoadWinPCAP() -} +func unloadWinPCAP() error { return pcap.UnloadWinPCAP() }