Merge branch 'master' of https://github.com/prometheus-net/tzsp_packe…

…tstream_exporter
prometheus-net · Jan 24, 2020 · 4d8ab19 · 4d8ab19
2 parents 8805b95 + ddab00d
commit 4d8ab19
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ System requirements:
 
 The `tshark` command must be available in a new terminal. You may need to [register the installation directory in the PATH environment variable](https://www.architectryan.com/2018/03/17/add-to-the-path-on-windows-10/).
 
-**This app only performs the analysis of the packet stream, not the initial capture.** You need to use router to capture the packet stream and provide it in TZSP format to this app.
+**This app only performs the analysis of the packet stream, not the initial capture.** You need to configure a router to capture the packet stream and provide it in TZSP format to this app.
 
 MikroTik RouterOS has [built-in support for TZSP packet capture](https://wiki.mikrotik.com/wiki/Manual:Tools/Packet_Sniffer). You can also define a [MikroTik firewall mangle rule](https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle) with the `sniff-tzsp` action, for detailed filtering of captured traffic.
 
@@ -48,8 +48,20 @@ You could simply direct them at the same analyzer but this will lead to the resu
 
 If you want the results separated in Prometheus, run a separate instance of the analyzer, accepting packets and publishing results on individual ports (`--listen-port` and `--publish-port`, respectively).
 
+# (Linux) On startup, I see "Failed to create directory ..." - what's wrong?
+
+This appears to be a .NET Core defect, where the startup loader attempts to extract files to `/var/tmp` directory that is not always writable: https://github.com/dotnet/core-setup/issues/8882.
+
+To work around this issue, set a custom runtime bundle extraction directory:
+
+```
+export DOTNET_BUNDLE_EXTRACT_BASE_DIR=$HOME/.net
+```
+
 # (Any OS) Why do I get a permissions-related error on startup?
 
+> tshark: Couldn't run /usr/bin/dumpcap in child process: Permission denied
+
 The user runnig the app must have the required permissions to use TShark. On Linux, you may need to add the user to the `wireshark` group, depending on system configuration.
 
 # (Windows) Why do I get a permissions-related error on startup?
@@ -58,4 +70,8 @@ The app may throw an access denied exception on Windows if your user does not ha
 
 > netsh http add urlacl url=http://+:9184/metrics user=DOMAIN\user
 
-The port number you need to specify here is the publishing port, 9184 by default.
+The port number you need to specify here is the publishing port, 9184 by default.
+
+# Why does this app need TShark, why not just open a socket and listen?!?
+
+Implementations of the TZSP protocol can truncate packets under some conditions, which might result in the operating system filtering them out and never handing them over to the listening app. Using TShark ensures that we can process even truncated packets.