我正在尝试在 docker 容器内运行 pyshark(使用 tshark),但目前还没有成功。我已经在容器中使用 centos 和 pyshark 时遇到了不同的问题(https://stackoverflow.com/questions/52155191/tshark-running-on-centos-inside-docker-operation-not-permitted-usr-sbin-dump),但由于缺乏回应,我决定尝试 Ubuntu。它似乎运行得更好一些,但我仍然遇到一些错误。希望有人能在这里帮助我。这是我写的代码:
我的docker-compose.yml:
version: '2'
services:
tshark:
build:
dockerfile: Dockerfile
context: .
container_name: tshark
Dockerfile:
FROM ubuntu
# add a non-root user
RUN useradd -ms /bin/bash shark
# tell environment we're not able to respond to quesitons
ENV DEBIAN_FRONTEND noninteractive
# install python and curl packages
RUN apt-get update && \
apt-get install -y python3.6 && \
apt-get install -y python3-distutils && \
apt-get install -y curl
# fix pip
RUN curl -O https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \
/usr/bin/python3.6 get-pip.py && \
rm get-pip.py
# install pyshark and wireshark
RUN apt-get install -y libcap2-bin wireshark && \
pip install pyshark
# add group wireshark, add shark user and give right permissions
RUN groupadd wireshark && \
usermod -aG wireshark shark && \
newgrp wireshark && \
chgrp wireshark /usr/bin/dumpcap && \
chmod 750 /usr/bin/dumpcap && \
setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
RUN dpkg-reconfigure wireshark-common
# Copy the current directory contents into the container at /app
ADD . /app
# Set the working directory to /app
WORKDIR /app
# switch to user shark
USER shark
CMD [ "python3", "process.py" ]
我的进程.py:
#!/usr/bin/env python3
import pyshark
capture = pyshark.LiveRingCapture(interface='eth0')
for packet in capture.sniff_continuously(packet_count=5):
print('Just arrived:', packet)
这是我运行后不断得到的结果docker-compose up --build:
tshark_1 | [2018-09-04 08:37:01.970432] DEBUG: LiveRingCapture: Creating Dumpcap subprocess with parameters: /usr/bin/dumpcap -q -P -i eth0 -w -
tshark_1 | [2018-09-04 08:37:01.973137] DEBUG: LiveRingCapture: %s subprocess created
tshark_1 | Traceback (most recent call last):
tshark_1 | File "process.py", line 7, in <module>
tshark_1 | for packet in capture.sniff_continuously(packet_count=5):
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 207, in _packets_from_tshark_sync
tshark_1 | tshark_process = existing_process or self.eventloop.run_until_complete(self._get_tshark_process())
tshark_1 | File "/usr/lib/python3.6/asyncio/base_events.py", line 468, in run_until_complete
tshark_1 | return future.result()
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/live_capture.py", line 92, in _get_tshark_process
tshark_1 | tshark = await super(LiveCapture, self)._get_tshark_process(packet_count=packet_count, stdin=read)
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 361, in _get_tshark_process
tshark_1 | parameters = [self._get_tshark_path(), '-l', '-n', '-T', output_type] + \
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 345, in _get_tshark_path
tshark_1 | return get_process_path(self.tshark_path)
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/tshark/tshark.py", line 98, in get_process_path
tshark_1 | 'Search these paths: {}'.format(possible_paths)
tshark_1 | pyshark.tshark.tshark.TSharkNotFoundException: TShark not found. Try adding its location to the configuration file. Search these paths: ['C:\\Program Files\\Wireshark\\tshark.exe', '/usr/local/sbin/tshark', '/usr/local/bin/tshark', '/usr/sbin/tshark', '/usr/bin/tshark', '/sbin/tshark', '/bin/tshark']
tshark_1 | Capturing on 'eth0'
tshark_1 | dumpcap: The capture session could not be initiated on interface 'eth0' (You don't have permission to capture on that device).
tshark_1 | Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
编辑:
看来 ubuntu 确实需要安装 tshark 而不是 wireshark,所以我稍微更新了 Dockerfile,结果出现了不同的错误:
Dockerfile:
FROM ubuntu
# add a non-root user
RUN useradd -ms /bin/bash shark
# tell environment we're not able to respond to quesitons
ENV DEBIAN_FRONTEND noninteractive
# install python and curl packages
RUN apt-get update && \
apt-get install -y python3.6 && \
apt-get install -y python3-distutils && \
apt-get install -y curl
# fix pip
RUN curl -O https://bootstrap.pypa.io/get-pip.py -o get-pip.py && \
/usr/bin/python3.6 get-pip.py && \
rm get-pip.py
# install pyshark and wireshark
RUN apt-get install -y libcap2-bin tshark && \
pip install pyshark
# add group wireshark, add shark user and give right permissions
RUN dpkg-reconfigure wireshark-common
# Copy the current directory contents into the container at /app
ADD . /app
# Set the working directory to /app
WORKDIR /app
# switch to user shark
USER shark
CMD [ "python3", "process.py" ]
错误:
tshark_1 | [2018-09-04 08:57:31.369160] DEBUG: LiveRingCapture: Creating Dumpcap subprocess with parameters: /usr/bin/dumpcap -q -P -i eth0 -w -
tshark_1 | [2018-09-04 08:57:31.371591] DEBUG: LiveRingCapture: %s subprocess created
tshark_1 | [2018-09-04 08:57:31.372154] DEBUG: LiveRingCapture: Creating TShark subprocess with parameters: /usr/bin/tshark -l -n -T pdml -r - -b filesize:1024 -b files:1 -w /tmp/pyshark.pcap -P
tshark_1 | [2018-09-04 08:57:31.374377] DEBUG: LiveRingCapture: %s subprocess created
tshark_1 | Capturing on 'eth0'
tshark_1 | dumpcap: The capture session could not be initiated on interface 'eth0' (You don't have permission to capture on that device).
tshark_1 | Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.
tshark_1 | tshark: Multiple capture files requested, but a capture isn't being done.
tshark_1 | [2018-09-04 08:57:31.595492] DEBUG: LiveRingCapture: EOF reached (sync)
tshark_1 | Traceback (most recent call last):
tshark_1 | File "process.py", line 7, in <module>
tshark_1 | for packet in capture.sniff_continuously(packet_count=5):
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 229, in _packets_from_tshark_sync
tshark_1 | self.eventloop.run_until_complete(self._cleanup_subprocess(tshark_process))
tshark_1 | File "/usr/lib/python3.6/asyncio/base_events.py", line 468, in run_until_complete
tshark_1 | return future.result()
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 399, in _cleanup_subprocess
tshark_1 | % process.returncode)
tshark_1 | pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.
tshark_1 | Exception ignored in: <bound method Capture.__del__ of <LiveRingCapture (0 packets)>>
tshark_1 | Traceback (most recent call last):
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 411, in __del__
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 402, in close
tshark_1 | File "/usr/lib/python3.6/asyncio/base_events.py", line 468, in run_until_complete
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 406, in _close_async
tshark_1 | File "/usr/local/lib/python3.6/dist-packages/pyshark/capture/capture.py", line 399, in _cleanup_subprocess
tshark_1 | pyshark.capture.capture.TSharkCrashException: TShark seems to have crashed (retcode: 1). Try rerunning in debug mode [ capture_obj.set_debug() ] or try updating tshark.