Fixes for tshark operation

removed the '-i' parameter which is: -i <interface>, --interface <interface> And triggers a live capture. If we're reading in a capture file, this won't work, especially if we are reading from stdin with the switch '-'.
sipcapture · Sep 20, 2024 · c49fc0a · c49fc0a
1 parent 60b96a6
commit c49fc0a
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 7 deletions.
diff --git a/config/config.go b/config/config.go
@@ -104,7 +104,7 @@ type HomerSettingServer struct {
 	}
 
 	DECODER_SHARK struct {
-		Bin        string   `default:"/usr/local/bin/tshark"`
+		Bin        string   `default:"/usr/bin/tshark"`
 		Param      string   `default:""`
 		Protocols  []string `default:""`
 		UID        uint32   `default:"0"`

diff --git a/data/service/search.go b/data/service/search.go
@@ -1637,14 +1637,14 @@ func (ss *SearchService) ImportPcapData(buf *bytes.Buffer, now bool) (int, int,
 		logger.Debug("Trying to debug using external decoder")
 		logger.Debug(fmt.Sprintf("Decoder to [%s, %s, %v]\n", config.Setting.DECODER_SHARK.Bin, config.Setting.DECODER_SHARK.Param, config.Setting.DECODER_SHARK.Protocols))
 		rootExecute := false
-		cmd := exec.Command(config.Setting.DECODER_SHARK.Bin, "-Q", "-T", "json", "-o", "rtp.heuristic_rtp:TRUE", "-l", "-i", "-", config.Setting.DECODER_SHARK.Param)
-		/*check if we root under root - changing to an user */
+		cmd := exec.Command(config.Setting.DECODER_SHARK.Bin, "-Q", "-T", "json", "-o", "rtp.heuristic_rtp:TRUE", "-l", "-", config.Setting.DECODER_SHARK.Param)
+		/* check if we are root under root - change to a configured user */
 		uid, gid := os.Getuid(), os.Getgid()
 
 		if uid == 0 || gid == 0 {
-			logger.Info(fmt.Sprintf("running under root/wheel: UID: [%d], GID: [%d] - [%d] - [%d]. Changing to user...", uid, gid, config.Setting.DECODER_SHARK.UID, config.Setting.DECODER_SHARK.GID))
+			logger.Info(fmt.Sprintf("running under root/wheel: UID: [%d], GID: [%d]. Configured: UID: [%d] GID: [%d].", uid, gid, config.Setting.DECODER_SHARK.UID, config.Setting.DECODER_SHARK.GID))
 			if config.Setting.DECODER_SHARK.UID != 0 && config.Setting.DECODER_SHARK.GID != 0 {
-				logger.Info(fmt.Sprintf("Changing to: UID: [%d], GID: [%d]", uid, gid))
+				logger.Info(fmt.Sprintf("Attempting to change user to: UID: [%d], GID: [%d]", config.Setting.DECODER_SHARK.UID, config.Setting.DECODER_SHARK.GID))
 				cmd.SysProcAttr = &syscall.SysProcAttr{
 					Credential: &syscall.Credential{
 						Uid: config.Setting.DECODER_SHARK.UID, Gid: config.Setting.DECODER_SHARK.GID,
@@ -1829,13 +1829,13 @@ func (ss *SearchService) ImportPcapData(buf *bytes.Buffer, now bool) (int, int,
 		}
 
 		if err != nil {
-			logger.Error(fmt.Sprintf("Error commmit transaction Error: %s", err.Error()))
+			logger.Error(fmt.Sprintf("Commit transaction Error: %s", err.Error()))
 			return goodCounter, badCounter, err
 		}
 
 		//logger.Debug("DDD:", sData)
 		return goodCounter, badCounter, err
 	}
 
-	return 0, 0, fmt.Errorf("tshark has been not enabled")
+	return 0, 0, fmt.Errorf("tshark has not been enabled")
 }
diff --git a/docker/docker-entrypoint.d/1 b/docker/docker-entrypoint.d/1
@@ -9,6 +9,10 @@ INFLUX_DB=${INFLUX_DB:-localhost}
 PROM_HOST=${PROM_HOST:-localhost}
 LOKI_HOST=${LOKI_HOST:-localhost}
 GRAFANA_HOST=${GRAFANA_HOST:-localhost}
+TSHARK_ACTIVE=${TSHARK_ACTIVE:-false}
+TSHARK_BIN=${TSHARK_BIN:-/usr/bin/tshark}
+TSHARK_UID=${TSHARK_UID:-0}
+TSHARK_GID=${TSHARK_GID:-0}
 
 if [ -f /usr/local/homer/etc/webapp_config.json ]; then
 
@@ -73,6 +77,11 @@ if [ -f /usr/local/homer/etc/webapp_config.json ]; then
    if [ -n "$LDAP_ANONYMOUS" ]; then sed -i "/anonymous/ s/false/${LDAP_ANONYMOUS}/g" /usr/local/homer/etc/webapp_config.json; fi
    if [ -n "$LDAP_USER_DN" ]; then sed -i "/userdn/ s/uid=%s,ou=People,dc=example,dc=com/${LDAP_USER_DN}/g" /usr/local/homer/etc/webapp_config.json; fi
 
+   if [ -n "$TSHARK_UID" ]; then sed -i "s/tshark_uid/${TSHARK_UID}/g" /usr/local/homer/etc/webapp_config.json; fi
+   if [ -n "$TSHARK_GID" ]; then sed -i "s/tshark_gid/${TSHARK_GID}/g" /usr/local/homer/etc/webapp_config.json; fi
+   if [ -n "$TSHARK_ACTIVE" ]; then sed -i "s/tshark_active/${TSHARK_ACTIVE}/g" /usr/local/homer/etc/webapp_config.json; fi
+   if [ -n "$TSHARK_BIN" ]; then sed -i "s/tshark_bin/${TSHARK_BIN}/g" /usr/local/homer/etc/webapp_config.json; fi
+
    echo "Pre-Flight provisioning completed!"
 
 else

diff --git a/docker/webapp_config.json b/docker/webapp_config.json
@@ -88,5 +88,17 @@
     "skipverify": true,
     "anonymous": false,
     "userdn": "uid=%s,ou=People,dc=example,dc=com"
+  },
+  "decoder_shark": {
+      "_comment": "Here you can do packet decoding using tshark application. Please define uid, gid if you run the app under root",
+      "active": tshark_active,
+      "uid": tshark_uid,
+      "gid": tshark_gid,
+      "bin": "tshark_bin",
+      "protocols": [
+          "1_call",
+          "1_registration",
+          "1_default"
+      ]
   }
 }