[winswitch] Xpra running Wireshark in Docker container

Feldhaus, Florian Florian.Feldhaus at netapp.com
Tue Oct 10 09:33:09 BST 2017


I discovered Xpra several years ago, but never really used it until I was searching for a solution to make Wireshark available via a Webinterface. Using Docker and the Xpra HTML Client, I was able to create a Docker container with Xpra and Wireshark (see https://github.com/ffeldhaus/docker-wireshark). Based on the Docker image, I created a solution to proxy and analyze arbitrary TCP traffic with HAProxy and Wireshark - HAProxy acts as endpoint for e.g. NFS, SMB, HTTP or other services and forwards the traffic to the real service and Wireshark, accessed via Webbrowser, can analyze the traffic (see https://github.com/ffeldhaus/docker-network-traffic-analyzer for details).

I’m impressed by the features and abilities of Xpra and would like to thank everyone who helped to develop it.

During testing of the solution I discovered a few things were I would like to ask for your input:
- Installing Xpra requires a huge number of dependencies. It would be great to get some input how to reduce the number of dependencies to create a minimal docker image (currently it’s larger than 1GB.
- Running current stable Xpra version results in several error messages (see below). I’d appreciate input why these occur (check https://github.com/ffeldhaus/docker-wireshark/blob/master/xpra.conf for the config options). I’d be especially interested in
  - Why does renaming '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log' fail?
  - Why does Xpra try to create socket directory in '/run/xpra' even though socket dir was specified as /run/user/1000/xpra and xpra was run as non root user?
  - Why does Xpra show an ERROR related to X11 property 'PULSE_SERVER' even though pulseaudio=no is specified in config file?
- When I access Wireshark via Webinterface using Firefox 57 I have issues with special characters (y and z are working correct, but ! = # as well as öäü and others are not working). I’ve seen some fixed issues around this, but this seems to be a new one. With Chrome it works better, but not perfect (! = # work but öäü do not work). Should I report this as an issue?
- Is it possible to force SSL connections when accessing the HTML client? I successfully configured SSL, but ideally all HTTP connections should be upgraded to HTTPS (maybe using HSTS).

wireshark    | _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
wireshark    | Failed to rename log file "/run/user/1000/xpra/Xorg.S1.log" to "/run/user/1000/xpra/Xorg.S1.log": No such file or directory
wireshark    | 
wireshark    | X.Org X Server 1.19.2
wireshark    | Release Date: 2017-03-02
wireshark    | X Protocol Version 11, Revision 0
wireshark    | Build Operating System: Linux 4.9.0-3-amd64 x86_64 Debian
wireshark    | Current Operating System: Linux ec148b063ca0 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64
wireshark    | Kernel command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.26.2.el7.x86_64 root=/dev/mapper/centos_florianf--centos-root ro crashkernel=auto rd.lvm.lv=centos_florianf-centos/root rd.lvm.lv=centos_florianf-centos/swap rhgb quiet LANG=en_US.UTF-8
wireshark    | Build Date: 07 July 2017  06:14:06AM
wireshark    | xorg-server 2:1.19.2-1+deb9u1 (https://www.debian.org/support) 
wireshark    | Current version of pixman: 0.34.0
wireshark    |  Before reporting problems, check http://wiki.x.org
wireshark    |  to make sure that you have the latest version.
wireshark    | Markers: (--) probed, (**) from config file, (==) default setting,
wireshark    |  (++) from command line, (!!) notice, (II) informational,
wireshark    |  (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
wireshark    | (++) Log file: "/run/user/1000/xpra/Xorg.S1.log", Time: Mon Oct  9 17:52:39 2017
wireshark    | (++) Using config file: "/etc/xpra/xorg.conf"
wireshark    | (==) Using system config directory "/usr/share/X11/xorg.conf.d"
wireshark    | failed to rename Xorg log file from '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log'
wireshark    |  [Errno 2] No such file or directory
wireshark    | 2017-10-09 17:52:45,508 Warning: skipping duplicate bind path /run/user/1000/xpra/ec148b063ca0-0
wireshark    | 2017-10-09 17:52:45,509 Warning: failed to create socket directory '/run/xpra'
wireshark    | 2017-10-09 17:52:45,509  [Errno 13] Permission denied: '/run/xpra'
wireshark    | 2017-10-09 17:52:45,512 created unix domain socket: /run/user/1000/xpra/ec148b063ca0-0
wireshark    | 2017-10-09 17:52:45,513 created unix domain socket: /home/wireshark/.xpra/ec148b063ca0-0
wireshark    | 2017-10-09 17:52:45,513 Warning: cannot create socket '/run/xpra/ec148b063ca0-0'
wireshark    | 2017-10-09 17:52:45,513  [Errno 2] No such file or directory
wireshark    | 2017-10-09 17:52:45,513  /run/xpra does not exist
wireshark    | 2017-10-09 17:52:45,514  user 'wireshark' is a member of groups: xpra
wireshark    | 2017-10-09 17:52:45,514   failed to query path information for '/run/xpra': [Errno 2] No such file or directory: '/run/xpra'
wireshark    | 2017-10-09 17:52:50,970 serving html content from: /usr/share/xpra/www
wireshark    | Error: cannot get X11 property 'PULSE_SERVER'
wireshark    | Traceback (most recent call last):
wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/sound/pulseaudio/pulseaudio_common_util.py", line 24, in get_x11_property
wireshark    |     from xpra.x11.bindings.window_bindings import X11WindowBindings
wireshark    |   File "xpra/x11/bindings/window_bindings.pyx", line 12, in init xpra.x11.bindings.window_bindings (xpra/x11/bindings/window_bindings.c:15092)
wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/error.py", line 42, in <module>
wireshark    |     gdk = import_gdk()
wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 118, in import_gdk
wireshark    |     return  _try_import(import_gdk3, import_gdk2)
wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 38, in _try_import
wireshark    |     return  import_method_gtk3()
wireshark    |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 113, in import_gdk3
wireshark    |     gi.require_version('Gdk', '3.0')
wireshark    |   File "/usr/lib/python2.7/dist-packages/gi/__init__.py", line 118, in require_version
wireshark    |     raise ValueError('Namespace %s not available' % namespace)
wireshark    | ValueError: Namespace Gdk not available
wireshark    |  for python sys.version_info(major=2, minor=7, micro=13, releaselevel='final', serial=0)
wireshark    |  xpra command=['/usr/bin/xpra', '_sound_query']
wireshark    | 2017-10-09 17:52:51,997 GStreamer version 1.10.4 for Python 2.7.13 64-bit
wireshark    | 2017-10-09 17:52:52,114 2.8GB of system memory
wireshark    | 2017-10-09 17:52:52,160 started command 'wireshark' with pid 53
wireshark    | 2017-10-09 17:52:52,161 xpra X11 version 2.1.2-r16903 64-bit
wireshark    | 2017-10-09 17:52:52,161  uid=1000 (wireshark), gid=1000 (wireshark)
wireshark    | 2017-10-09 17:52:52,161  running with pid 1 on Linux Debian 9.1 stretch
wireshark    | 2017-10-09 17:52:52,162  connected to X11 display :0 with 24 bit colors
wireshark    | 2017-10-09 17:52:52,434 xpra is ready.
 
Thanks a lot
Florian Feldhaus
 
Principal Consultant, Professional Services
NetApp Deutschland GmbH, Gladbecker Str. 5, D-40472 Düsseldorf
+49 151 12055 711 Mobil
florian.feldhaus at netapp.com
 
NetApp Deutschland GmbH, Sonnenallee 1, 85551 Kirchheim bei München Handelsregister: AG München HRB113907, VAT#: DE 182 196 996Geschäftsführer: Jörg Heßke, Claudia Berchtold, Stephen Faulkner



More information about the shifter-users mailing list