search

sipcapture / homer-app

HOMER 7.x Front-End and API Server
http://sipcapture.io
GNU Affero General Public License v3.0
207 stars 85 forks source link

bad pcap data for pcap upload #567

Closed systemcrash closed 1 month ago

systemcrash commented 2 months ago

Not sure whether it's meant to be this way, but the default homer-app has no tshark in it. So I added it. And still got bad pcap, even if I upload a single SIP frame uncompressed pcap.

One problem: how dumpcap is installed. By default, on alpine, it is root:wireshark, but no attempt except for root:root seemed to work. So:

apk add tshark
ln -s ./usr/bin/tshark /usr/local/bin/tshark
chown root:root /usr/bin/dumpcap

But, no matter what, I still get a 400 with JSON: {"data":{},"message":"bad pcap data"}.

I set up my webapp_config.json to include:

  "decoder_shark": {
   "bin": "/usr/bin/tshark",
   "active": "true",
   "enable": "true",
   "uid": 0,
   "gid": 0,
   "protocols": "sip,rtp,rtcp"
  }

Checked the logs and..

{"level":"error","msg":"Bad decoding: tshark has been not enabled","time":"2024-09-20T17:54:13Z"}
{"level":"error","msg":"Bad decoding: tshark has been not enabled","time":"2024-09-20T17:57:44Z"}

Changed the webapp_config.json to:

  "decoder_shark": {
   "bin": "/usr/bin/tshark",
   "enable": true,
   "uid": 0,
   "gid": 0,
   "protocols": "sip,rtp,rtcp"
  }

Restart. Check the logs and...

{"level":"error","msg":"Bad decoding: tshark has been not enabled","time":"2024-09-20T18:14:33Z"}

But apparently my external config doesn't propagate to the docker container. The startup scripts don't configure for tshark. So I manually edited the config in the image.

Then I got the following if I tried 65535 (nobody):

{"level":"info","msg":"running under root/wheel: UID: [0], GID: [0] - [65534] - [65534]. Changing to user...","time":"2024-09-20T18:29:36Z"}
{"level":"info","msg":"Changing to: UID: [0], GID: [0]","time":"2024-09-20T18:29:36Z"}
{"level":"error","msg":"Bad combined output: signal: segmentation fault (core dumped)","time":"2024-09-20T18:29:38Z"}
{"level":"error","msg":"Bad decoding: signal: segmentation fault (core dumped)","time":"2024-09-20T18:29:38Z"}

So at least a bug in that info line.

And the following if I use 0 (root):

{"level":"info","msg":"running under root/wheel: UID: [0], GID: [0] - [0] - [0]. Changing to user...","time":"2024-09-20T18:42:25Z"}
{"level":"error","msg":"You run external decoder under root! Please set UID/GID in the config","time":"2024-09-20T18:42:25Z"}

But.... no response. I got NS_ERROR_NET_RESET.

🤷

Maybe it's broken.

systemcrash commented 2 months ago

Some fixes included in #568

adubovikov commented 1 month ago

I will close the ticket. Please reopen if needed