From 378dab5bf0bb65283f81051add19b4114a0f24ee Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Tue, 22 Feb 2022 09:21:51 +1030 Subject: [PATCH 1/2] packetbeat/beater: don't attempt to install npcap when already installed --- CHANGELOG.next.asciidoc | 2 +- packetbeat/beater/install_npcap.go | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 73245a03c97a..298142ae9f41 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -140,7 +140,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif *Packetbeat* -- Add automated OEM Npcap installation handling. {pull}29112[29112] {pull}30438[30438] +- Add automated OEM Npcap installation handling. {pull}29112[29112] {pull}30438[30438] {pull}30493[30493] - Add support for capturing TLS random number and OCSP status request details. {issue}29962[29962] {pull}30102[30102] *Functionbeat* diff --git a/packetbeat/beater/install_npcap.go b/packetbeat/beater/install_npcap.go index e947bca5b012..d15ac21479a0 100644 --- a/packetbeat/beater/install_npcap.go +++ b/packetbeat/beater/install_npcap.go @@ -51,6 +51,9 @@ func installNpcap(b *beat.Beat) error { log.Infof("npcap version: %s", npcapVersion) } }() + if !npcap.Upgradeable() { + return nil + } ctx, cancel := context.WithTimeout(context.Background(), installTimeout) defer cancel() From 04a5d0d63a21a6a9896381d7d4e15b6f3aa5072f Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Tue, 22 Feb 2022 09:44:57 +1030 Subject: [PATCH 2/2] packetbeat/npcap: unload DLL during install operation --- packetbeat/npcap/npcap.go | 14 +++++++++++++- packetbeat/npcap/npcap_other.go | 2 +- packetbeat/npcap/npcap_windows.go | 8 +------- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/packetbeat/npcap/npcap.go b/packetbeat/npcap/npcap.go index c81d1ce731d2..d0cc42dce480 100644 --- a/packetbeat/npcap/npcap.go +++ b/packetbeat/npcap/npcap.go @@ -68,6 +68,18 @@ func Install(ctx context.Context, log *logp.Logger, path, dst string, compat boo } func install(ctx context.Context, log *logp.Logger, path, dst string, compat bool) error { + if pcap.Version() != "" { + // If we are here there is a runtime Npcap DLL loaded. We need to + // unload this to prevent the application being killed during the + // install. + // + // See https://npcap.com/guide/npcap-users-guide.html#npcap-installation-uninstall-options. + err := unloadWinPCAP() + if err != nil { + return fmt.Errorf("npcap: failed to unload Npcap DLL: %w", err) + } + } + args := []string{"/S", "/winpcap_mode=no"} if compat { args[1] = "/winpcap_mode=yes" @@ -96,7 +108,7 @@ func install(ctx context.Context, log *logp.Logger, path, dst string, compat boo return fmt.Errorf("npcap: failed to install Npcap: %w", err) } - return reloadWinPCAP() + return loadWinPCAP() } func Upgradeable() bool { diff --git a/packetbeat/npcap/npcap_other.go b/packetbeat/npcap/npcap_other.go index c813644d4717..7f0d29c09e61 100644 --- a/packetbeat/npcap/npcap_other.go +++ b/packetbeat/npcap/npcap_other.go @@ -22,4 +22,4 @@ package npcap func loadWinPCAP() error { return nil } -func reloadWinPCAP() error { return nil } +func unloadWinPCAP() error { return nil } diff --git a/packetbeat/npcap/npcap_windows.go b/packetbeat/npcap/npcap_windows.go index 44d0053820f5..3e08bf4a1ee1 100644 --- a/packetbeat/npcap/npcap_windows.go +++ b/packetbeat/npcap/npcap_windows.go @@ -24,10 +24,4 @@ import "github.com/google/gopacket/pcap" func loadWinPCAP() error { return pcap.LoadWinPCAP() } -func reloadWinPCAP() error { - err := pcap.UnloadWinPCAP() - if err != nil { - return err - } - return pcap.LoadWinPCAP() -} +func unloadWinPCAP() error { return pcap.UnloadWinPCAP() }