forked from osmocom/wireshark
Rename Sysdig Bridge to Falco Bridge.
The Sysdig Bridge plugin loads Falco plugins, so rename it to Falco Bridge. Make it optional and dependent on libsinsp+libscap, similar to our codec plugins. Remove some unused code.
This commit is contained in:
parent
be03aa1a4d
commit
110dbffbe9
|
@ -1299,6 +1299,10 @@ ws_find_package(ILBC ENABLE_ILBC HAVE_ILBC)
|
|||
|
||||
ws_find_package(OPUS ENABLE_OPUS HAVE_OPUS)
|
||||
|
||||
# libsinsp+libscap, required for falco-bridge
|
||||
ws_find_package(Sinsp ENABLE_SINSP HAVE_SINSP)
|
||||
|
||||
|
||||
# CMake 3.9 and below used 'LIBXML2_LIBRARIES' as the name of the cache entry
|
||||
# storing the find_library result. Transfer it to the new cache variable such
|
||||
# that reset_find_package can detect and clear outdated cache variables.
|
||||
|
@ -1593,7 +1597,6 @@ if(ENABLE_PLUGINS)
|
|||
plugins/epan/opcua
|
||||
plugins/epan/profinet
|
||||
plugins/epan/stats_tree
|
||||
plugins/epan/sysdig_bridge
|
||||
plugins/epan/transum
|
||||
plugins/epan/unistim
|
||||
plugins/epan/wimax
|
||||
|
@ -1604,6 +1607,11 @@ if(ENABLE_PLUGINS)
|
|||
plugins/codecs/l16_mono
|
||||
${CUSTOM_PLUGIN_SRC_DIR}
|
||||
)
|
||||
if(SINSP_FOUND)
|
||||
list(APPEND PLUGIN_SRC_DIRS
|
||||
plugins/epan/falco_bridge
|
||||
)
|
||||
endif()
|
||||
if(SPANDSP_FOUND)
|
||||
list(APPEND PLUGIN_SRC_DIRS
|
||||
plugins/codecs/G722
|
||||
|
@ -1816,6 +1824,11 @@ set_package_properties(PCRE2 PROPERTIES
|
|||
DESCRIPTION "Regular expression pattern matching using the same syntax and semantics as Perl 5"
|
||||
PURPOSE "Support for regular expressions"
|
||||
)
|
||||
set_package_properties(Sinsp PROPERTIES
|
||||
DESCRIPTION "libsinsp and libscap"
|
||||
URL "https://github.com/falcosecurity/libs/"
|
||||
PURPOSE "Support for Falco plugins"
|
||||
)
|
||||
|
||||
string(TOUPPER "${CMAKE_BUILD_TYPE}" _build_type)
|
||||
message(STATUS "C-Flags: ${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_${_build_type}}")
|
||||
|
|
|
@ -117,6 +117,7 @@ option(ENABLE_BCG729 "Build with G.729 codec support in RTP Player" ON)
|
|||
option(ENABLE_ILBC "Build with iLBC codec support in RTP Player" ON)
|
||||
option(ENABLE_LIBXML2 "Build with libxml2 support" ON)
|
||||
option(ENABLE_OPUS "Build with opus support" ON)
|
||||
option(ENABLE_SINSP "Build with libsinsp+libscap support" ON)
|
||||
|
||||
# How to install
|
||||
set(DUMPCAP_INSTALL_OPTION "normal" CACHE STRING "Permissions to install")
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
GList *conv_filter_list = NULL;
|
||||
|
||||
|
||||
void do_register_conversation_filter(const char *proto_name, const char *display_name,
|
||||
static void do_register_conversation_filter(const char *proto_name, const char *display_name,
|
||||
is_filter_valid_func is_filter_valid, build_filter_string_func build_filter_string) {
|
||||
conversation_filter_t *entry;
|
||||
|
||||
|
@ -42,7 +42,7 @@ void register_conversation_filter(const char *proto_name, const char *display_na
|
|||
build_filter_string);
|
||||
}
|
||||
|
||||
void register_conversation_filter_logshark(const char *proto_name, const char *display_name,
|
||||
void register_log_conversation_filter(const char *proto_name, const char *display_name,
|
||||
is_filter_valid_func is_filter_valid, build_filter_string_func build_filter_string) {
|
||||
do_register_conversation_filter(proto_name,
|
||||
display_name,
|
||||
|
|
|
@ -28,12 +28,12 @@ typedef gboolean (*is_filter_valid_func)(struct _packet_info *pinfo);
|
|||
Filter needs to be freed after use */
|
||||
typedef gchar* (*build_filter_string_func)(struct _packet_info *pinfo);
|
||||
|
||||
/** register a dissector filter */
|
||||
/** register a dissector filter for packets */
|
||||
WS_DLL_PUBLIC void register_conversation_filter(const char *proto_name, const char *display_name,
|
||||
is_filter_valid_func is_filter_valid, build_filter_string_func build_filter_string);
|
||||
|
||||
/** register a dissector filter, tailshark version */
|
||||
WS_DLL_PUBLIC void register_conversation_filter_logshark(const char *proto_name, const char *display_name,
|
||||
/** register a dissector filter for logs */
|
||||
WS_DLL_PUBLIC void register_log_conversation_filter(const char *proto_name, const char *display_name,
|
||||
is_filter_valid_func is_filter_valid, build_filter_string_func build_filter_string);
|
||||
|
||||
WS_DLL_PUBLIC struct conversation_filter_s* find_conversation_filter(const char *proto_name);
|
||||
|
|
|
@ -2290,9 +2290,8 @@ dissect_event_params(tvbuff_t *tvb, wtap_syscall_header* syscall_header, int off
|
|||
|
||||
|
||||
static int
|
||||
dissect_plugin_event(tvbuff_t *tvb _U_, packet_info *pinfo, proto_tree *tree _U_, void *data _U_)
|
||||
dissect_plugin_event(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
{
|
||||
//json_dissector_handle = find_dissector("json");
|
||||
if (!plugin_dissector_handle) {
|
||||
return 0;
|
||||
}
|
||||
|
@ -2302,7 +2301,7 @@ dissect_plugin_event(tvbuff_t *tvb _U_, packet_info *pinfo, proto_tree *tree _U_
|
|||
|
||||
static int
|
||||
dissect_sysdig_event(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
||||
void *data _U_)
|
||||
void *data)
|
||||
{
|
||||
proto_item *ti;
|
||||
proto_tree *se_tree, *syscall_tree;
|
||||
|
@ -2651,7 +2650,7 @@ proto_reg_handoff_sysdig_event(void)
|
|||
dissector_add_uint("pcapng.block_type", BLOCK_TYPE_SYSDIG_EVENT_V2, sysdig_event_handle);
|
||||
dissector_add_uint("pcapng.block_type", BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE, sysdig_event_handle);
|
||||
|
||||
plugin_dissector_handle = find_dissector("sdplugin");
|
||||
plugin_dissector_handle = find_dissector("falcobridge");
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -10,10 +10,10 @@
|
|||
include(WiresharkPlugin)
|
||||
|
||||
# Plugin name and version info (major minor micro extra)
|
||||
set_module_info(sysdig-plugins 0 0 4 0)
|
||||
set_module_info(falco-bridge 0 0 4 0)
|
||||
|
||||
set(DISSECTOR_SRC
|
||||
packet-sysdig-bridge.c
|
||||
packet-falco-bridge.c
|
||||
sinsp-span.cpp
|
||||
)
|
||||
|
||||
|
@ -33,31 +33,29 @@ register_plugin_files(plugin.c
|
|||
${DISSECTOR_SRC}
|
||||
)
|
||||
|
||||
add_plugin_library(sysdig-plugins epan)
|
||||
|
||||
find_package(Sinsp REQUIRED)
|
||||
add_plugin_library(falco-bridge epan)
|
||||
|
||||
# XXX Hacks; need to fix in falcosecurity-libs.
|
||||
target_compile_definitions(sysdig-plugins PRIVATE
|
||||
target_compile_definitions(falco-bridge PRIVATE
|
||||
HAVE_STRLCPY=1
|
||||
)
|
||||
# target_compile_options(sysdig-plugins PRIVATE -Wno-address-of-packed-member)
|
||||
# target_compile_options(falco-bridge PRIVATE -Wno-address-of-packed-member)
|
||||
|
||||
target_include_directories(sysdig-plugins SYSTEM PRIVATE
|
||||
target_include_directories(falco-bridge SYSTEM PRIVATE
|
||||
${SINSP_INCLUDE_DIRS}
|
||||
)
|
||||
|
||||
target_link_libraries(sysdig-plugins
|
||||
target_link_libraries(falco-bridge
|
||||
epan
|
||||
${SINSP_LIBRARIES}
|
||||
)
|
||||
|
||||
install_plugin(sysdig-plugins epan)
|
||||
install_plugin(falco-bridge epan)
|
||||
|
||||
file(GLOB DISSECTOR_HEADERS RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" "*.h")
|
||||
CHECKAPI(
|
||||
NAME
|
||||
sysdig-plugins
|
||||
falco-bridge
|
||||
SWITCHES
|
||||
--group dissectors-prohibited
|
||||
--group dissectors-restricted
|
|
@ -0,0 +1,17 @@
|
|||
# Falco Bridge
|
||||
|
||||
This plugin is a bridge between [Falco plugins](https://github.com/falcosecurity/plugins/) and Wireshark, so that Falco plugins can be used as dissectors.
|
||||
It requires [libsinsp and libscap](https://github.com/falcosecurity/libs/).
|
||||
|
||||
## Building the Falco Bridge plugin
|
||||
|
||||
1. Download and compile [libsinsp and libscap](https://github.com/falcosecurity/libs/).
|
||||
|
||||
1. Configure Wireshark with `cmake ... -DSINSP_INCLUDE_DIR=/path/to/falcosecurity-libs -DSINSP_LIBDIR=/path/to/falcosecurity-libs/build ...`
|
||||
|
||||
## Quick Start
|
||||
|
||||
1. Create a directory named "falco" at the same level as the "epan" plugin folder.
|
||||
You can find the global and per-user plugin folder locations on your system in About → Folders or in the [User's Guide](https://www.wireshark.org/docs/wsug_html_chunked/ChPluginFolders.html).
|
||||
|
||||
1. Build your desired [Falco plugin](https://github.com/falcosecurity/plugins/) and place it in the "falco" plugin directory.
|
|
@ -20,7 +20,7 @@ build_filter_string_func bfs_func[MAX_N_CONV_FILTERS];
|
|||
if (is_right_proto == FALSE) { \
|
||||
return FALSE; \
|
||||
} \
|
||||
char* bi = p_get_proto_data(pinfo->pool, pinfo, proto_sdplugin, PROTO_DATA_CONVINFO_USER_##N); \
|
||||
char* bi = p_get_proto_data(pinfo->pool, pinfo, proto_falco_bridge, PROTO_DATA_CONVINFO_USER_##N); \
|
||||
if (bi == NULL) { \
|
||||
return FALSE; \
|
||||
} \
|
||||
|
@ -28,10 +28,10 @@ build_filter_string_func bfs_func[MAX_N_CONV_FILTERS];
|
|||
} \
|
||||
static gchar* \
|
||||
conv_filter_build_##N(packet_info *pinfo) { \
|
||||
char* bi = p_get_proto_data(pinfo->pool, pinfo, proto_sdplugin, PROTO_DATA_CONVINFO_USER_##N); \
|
||||
char* bi = p_get_proto_data(pinfo->pool, pinfo, proto_falco_bridge, PROTO_DATA_CONVINFO_USER_##N); \
|
||||
const char* fname = conv_fld_infos[N].field_info->hfinfo.abbrev; \
|
||||
return g_strdup_printf("%s eq \"%s\"", fname, bi); \
|
||||
}
|
||||
}
|
||||
|
||||
#define MAP_CONV_FLT_FUNCS(N) fv_func[N] = conv_filter_valid_##N; \
|
||||
bfs_func[N] = conv_filter_build_##N;
|
||||
|
@ -51,7 +51,7 @@ DECLARE_CONV_FLT_FUNCS(11) \
|
|||
DECLARE_CONV_FLT_FUNCS(12) \
|
||||
DECLARE_CONV_FLT_FUNCS(13) \
|
||||
DECLARE_CONV_FLT_FUNCS(14) \
|
||||
DECLARE_CONV_FLT_FUNCS(15)
|
||||
DECLARE_CONV_FLT_FUNCS(15)
|
||||
|
||||
#define MAP_CONV_FLTS() MAP_CONV_FLT_FUNCS(0) \
|
||||
MAP_CONV_FLT_FUNCS(1) \
|
||||
|
@ -68,4 +68,4 @@ MAP_CONV_FLT_FUNCS(11) \
|
|||
MAP_CONV_FLT_FUNCS(12) \
|
||||
MAP_CONV_FLT_FUNCS(13) \
|
||||
MAP_CONV_FLT_FUNCS(14) \
|
||||
MAP_CONV_FLT_FUNCS(15)
|
||||
MAP_CONV_FLT_FUNCS(15)
|
|
@ -1,4 +1,4 @@
|
|||
/* packet-sysdig-bridge.c
|
||||
/* packet-falco-bridge.c
|
||||
*
|
||||
* By Loris Degioanni
|
||||
* Copyright (C) 2021 Sysdig, Inc.
|
||||
|
@ -38,16 +38,16 @@
|
|||
#include <epan/conversation_filter.h>
|
||||
|
||||
#include "sinsp-span.h"
|
||||
#include "packet-sysdig-bridge.h"
|
||||
#include "packet-falco-bridge.h"
|
||||
#include "conversation-macros.h"
|
||||
|
||||
static int proto_sdplugin = -1;
|
||||
static gint ett_sdplugin = -1;
|
||||
static gint ett_bridge = -1;
|
||||
static int proto_falco_bridge = -1;
|
||||
static gint ett_falco_bridge = -1;
|
||||
static gint ett_sinsp_span = -1;
|
||||
static dissector_table_t ptype_dissector_table;
|
||||
|
||||
static int dissect_sdplugin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_);
|
||||
static int dissect_plg_bridge(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_);
|
||||
static int dissect_falco_bridge(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_);
|
||||
static int dissect_sinsp_span(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_);
|
||||
|
||||
void register_conversation_filters_mappings(void);
|
||||
|
||||
|
@ -72,19 +72,19 @@ static int hf_sdp_source_id = -1;
|
|||
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_sdp_source_id_size,
|
||||
{ "Plugin ID size", "sysdig_plugin.id.size",
|
||||
{ "Plugin ID size", "falco_plugin.id.size",
|
||||
FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_sdp_lengths,
|
||||
{ "Field Lengths", "sysdig_plugin.lens",
|
||||
{ "Field Lengths", "falco_plugin.lens",
|
||||
FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
},
|
||||
{ &hf_sdp_source_id,
|
||||
{ "Plugin ID", "sysdig_plugin.id",
|
||||
{ "Plugin ID", "falco_plugin.id",
|
||||
FT_UINT32, BASE_DEC,
|
||||
NULL, 0x0,
|
||||
NULL, HFILL }
|
||||
|
@ -202,12 +202,12 @@ configure_plugin(bridge_info* bi, char* config _U_)
|
|||
conv_fld_infos[conv_fld_cnt].field_info = ri;
|
||||
const char *source_name = get_sinsp_source_name(bi->ssi);
|
||||
conv_fld_infos[conv_fld_cnt].proto_name = source_name;
|
||||
register_conversation_filter_logshark(source_name, finfo.hfinfo.name, fv_func[conv_fld_cnt], bfs_func[conv_fld_cnt]);
|
||||
register_log_conversation_filter(source_name, finfo.hfinfo.name, fv_func[conv_fld_cnt], bfs_func[conv_fld_cnt]);
|
||||
conv_fld_cnt++;
|
||||
}
|
||||
fld_cnt++;
|
||||
}
|
||||
proto_register_field_array(proto_sdplugin, bi->hf, fld_cnt);
|
||||
proto_register_field_array(proto_falco_bridge, bi->hf, fld_cnt);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -235,8 +235,8 @@ import_plugin(char* fname)
|
|||
);
|
||||
|
||||
static dissector_handle_t ct_handle;
|
||||
ct_handle = create_dissector_handle(dissect_plg_bridge, bi->proto);
|
||||
dissector_add_uint("sysdig_plugin.id", bi->source_id, ct_handle);
|
||||
ct_handle = create_dissector_handle(dissect_sinsp_span, bi->proto);
|
||||
dissector_add_uint("falco_plugin.id", bi->source_id, ct_handle);
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -247,21 +247,21 @@ on_wireshark_exit(void)
|
|||
}
|
||||
|
||||
void
|
||||
proto_register_sdplugin(void)
|
||||
proto_register_falcoplugin(void)
|
||||
{
|
||||
proto_sdplugin = proto_register_protocol (
|
||||
"Sysdig Plugin", /* name */
|
||||
"SDPLUGIN", /* short name */
|
||||
"sdplugin" /* abbrev */
|
||||
proto_falco_bridge = proto_register_protocol (
|
||||
"Falco Bridge", /* name */
|
||||
"Falco Bridge", /* short name */
|
||||
"falcobridge" /* abbrev */
|
||||
);
|
||||
register_dissector("sdplugin", dissect_sdplugin, proto_sdplugin);
|
||||
register_dissector("falcobridge", dissect_falco_bridge, proto_falco_bridge);
|
||||
|
||||
/*
|
||||
* Create the dissector table that we will use to route the dissection to
|
||||
* the appropriate sysdig plugin.
|
||||
* the appropriate Falco plugin.
|
||||
*/
|
||||
ptype_dissector_table = register_dissector_table("sysdig_plugin.id",
|
||||
"Plugin ID", proto_sdplugin, FT_UINT32, BASE_DEC);
|
||||
ptype_dissector_table = register_dissector_table("falco_plugin.id",
|
||||
"Falco Plugin ID", proto_falco_bridge, FT_UINT32, BASE_DEC);
|
||||
|
||||
/*
|
||||
* Create the mapping infrastructure for conversation filtering
|
||||
|
@ -273,10 +273,8 @@ proto_register_sdplugin(void)
|
|||
*/
|
||||
WS_DIR *dir;
|
||||
WS_DIRENT *file;
|
||||
gchar *filename;
|
||||
char dname[2048];
|
||||
const char *wspgdname = get_plugins_dir();
|
||||
snprintf(dname, sizeof(dname), "%s/../sysdig", wspgdname);
|
||||
char *filename;
|
||||
char *dname = g_build_filename(get_plugins_dir_with_version(), "falco", NULL);
|
||||
|
||||
/*
|
||||
* We scan the plugins directory twice. The first time we count how many
|
||||
|
@ -302,17 +300,17 @@ proto_register_sdplugin(void)
|
|||
}
|
||||
ws_dir_close(dir);
|
||||
}
|
||||
|
||||
g_free(dname);
|
||||
|
||||
/*
|
||||
* Setup protocol subtree array
|
||||
*/
|
||||
static gint *ett[] = {
|
||||
&ett_sdplugin,
|
||||
&ett_bridge,
|
||||
&ett_falco_bridge,
|
||||
&ett_sinsp_span,
|
||||
};
|
||||
|
||||
proto_register_field_array(proto_sdplugin, hf, array_length(hf));
|
||||
proto_register_field_array(proto_falco_bridge, hf, array_length(hf));
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
|
||||
register_shutdown_routine(on_wireshark_exit);
|
||||
|
@ -333,20 +331,20 @@ get_bridge_info(guint32 source_id)
|
|||
}
|
||||
|
||||
static int
|
||||
dissect_sdplugin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
|
||||
dissect_falco_bridge(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
|
||||
{
|
||||
conv_vals_cnt = 0;
|
||||
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Sysdig Plugin");
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Falco Bridge");
|
||||
/* Clear out stuff in the info column */
|
||||
col_clear(pinfo->cinfo,COL_INFO);
|
||||
|
||||
// https://github.com/falcosecurity/libs/blob/9c942f27/userspace/libscap/scap.c#L1900
|
||||
proto_item *ti = proto_tree_add_item(tree, proto_sdplugin, tvb, 0, 12, ENC_NA);
|
||||
proto_tree *sdplugin_tree = proto_item_add_subtree(ti, ett_sdplugin);
|
||||
proto_tree_add_item(sdplugin_tree, hf_sdp_source_id_size, tvb, 0, 4, ENC_LITTLE_ENDIAN);
|
||||
proto_tree_add_item(sdplugin_tree, hf_sdp_lengths, tvb, 4, 4, ENC_LITTLE_ENDIAN);
|
||||
proto_item *idti = proto_tree_add_item(sdplugin_tree, hf_sdp_source_id, tvb, 8, 4, ENC_LITTLE_ENDIAN);
|
||||
proto_item *ti = proto_tree_add_item(tree, proto_falco_bridge, tvb, 0, 12, ENC_NA);
|
||||
proto_tree *fb_tree = proto_item_add_subtree(ti, ett_falco_bridge);
|
||||
proto_tree_add_item(fb_tree, hf_sdp_source_id_size, tvb, 0, 4, ENC_LITTLE_ENDIAN);
|
||||
proto_tree_add_item(fb_tree, hf_sdp_lengths, tvb, 4, 4, ENC_LITTLE_ENDIAN);
|
||||
proto_item *idti = proto_tree_add_item(fb_tree, hf_sdp_source_id, tvb, 8, 4, ENC_LITTLE_ENDIAN);
|
||||
|
||||
guint32 source_id = tvb_get_guint32(tvb, 8, ENC_LITTLE_ENDIAN);
|
||||
bridge_info* bi = get_bridge_info(source_id);
|
||||
|
@ -364,7 +362,7 @@ dissect_sdplugin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
|
|||
|
||||
dissector_handle_t dissector = dissector_get_uint_handle(ptype_dissector_table, source_id);
|
||||
if (dissector) {
|
||||
p_add_proto_data(pinfo->pool, pinfo, proto_sdplugin, PROTO_DATA_BRIDGE_HANDLE, bi);
|
||||
p_add_proto_data(pinfo->pool, pinfo, proto_falco_bridge, PROTO_DATA_BRIDGE_HANDLE, bi);
|
||||
tvbuff_t* next_tvb = tvb_new_subset_length(tvb, 12, tvb_captured_length(tvb) - 12);
|
||||
call_dissector_with_data(dissector, next_tvb, pinfo, tree, data);
|
||||
}
|
||||
|
@ -373,9 +371,9 @@ dissect_sdplugin(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
|
|||
}
|
||||
|
||||
static int
|
||||
dissect_plg_bridge(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data _U_)
|
||||
dissect_sinsp_span(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data _U_)
|
||||
{
|
||||
bridge_info* bi = p_get_proto_data(pinfo->pool, pinfo, proto_sdplugin, PROTO_DATA_BRIDGE_HANDLE);
|
||||
bridge_info* bi = p_get_proto_data(pinfo->pool, pinfo, proto_falco_bridge, PROTO_DATA_BRIDGE_HANDLE);
|
||||
guint plen = tvb_captured_length(tvb);
|
||||
const char *source_name = get_sinsp_source_name(bi->ssi);
|
||||
|
||||
|
@ -384,7 +382,7 @@ dissect_plg_bridge(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* da
|
|||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
|
||||
proto_item* ti = proto_tree_add_item(tree, bi->proto, tvb, 0, plen, ENC_NA);
|
||||
proto_tree* sdplugin_tree = proto_item_add_subtree(ti, ett_bridge);
|
||||
proto_tree* fb_tree = proto_item_add_subtree(ti, ett_sinsp_span);
|
||||
|
||||
guint8* payload = (guint8*)tvb_get_ptr(tvb, 0, plen);
|
||||
|
||||
|
@ -398,14 +396,14 @@ dissect_plg_bridge(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* da
|
|||
|
||||
bool rc = extract_sisnp_source_field(bi->ssi, pinfo->num, payload, plen, pinfo->pool, &sfe);
|
||||
if (!rc) {
|
||||
REPORT_DISSECTOR_BUG("sysdig plugin %s extract error", get_sinsp_source_name(bi->ssi));
|
||||
REPORT_DISSECTOR_BUG("Falco plugin %s extract error", get_sinsp_source_name(bi->ssi));
|
||||
}
|
||||
if (!sfe.is_present) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (sfe.type == SFT_STRINGZ && hfinfo->type == FT_STRINGZ) {
|
||||
proto_item *pi = proto_tree_add_string(sdplugin_tree, bi->hf_ids[fld_idx], tvb, 0, plen, sfe.res_str);
|
||||
proto_item *pi = proto_tree_add_string(fb_tree, bi->hf_ids[fld_idx], tvb, 0, plen, sfe.res_str);
|
||||
if (bi->field_flags[fld_idx] & BFF_INFO) {
|
||||
col_append_sep_fstr(pinfo->cinfo, COL_INFO, ", ", "%s", sfe.res_str);
|
||||
// Mark it hidden, otherwise we end up with a bunch of empty "Info" tree items.
|
||||
|
@ -417,7 +415,7 @@ dissect_plg_bridge(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* da
|
|||
sprintf(cvalptr, "%s", sfe.res_str);
|
||||
p_add_proto_data(pinfo->pool,
|
||||
pinfo,
|
||||
proto_sdplugin,
|
||||
proto_falco_bridge,
|
||||
PROTO_DATA_CONVINFO_USER_BASE + conv_vals_cnt, cvalptr);
|
||||
}
|
||||
|
||||
|
@ -426,7 +424,7 @@ dissect_plg_bridge(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* da
|
|||
}
|
||||
}
|
||||
else if (sfe.type == SFT_UINT64 && hfinfo->type == FT_UINT64) {
|
||||
proto_tree_add_uint64(sdplugin_tree, bi->hf_ids[fld_idx], tvb, 0, plen, sfe.res_u64);
|
||||
proto_tree_add_uint64(fb_tree, bi->hf_ids[fld_idx], tvb, 0, plen, sfe.res_u64);
|
||||
}
|
||||
else {
|
||||
REPORT_DISSECTOR_BUG("field %s has an unrecognized or mismatched type %u != %u",
|
|
@ -1,4 +1,4 @@
|
|||
/* packet-sysdig-bridge.h
|
||||
/* packet-falco-bridge.h
|
||||
*
|
||||
* By Loris Degioanni
|
||||
* Copyright (C) 2021 Sysdig, Inc.
|
||||
|
@ -10,8 +10,8 @@
|
|||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef __PACKET_SYSDIG_BRIDGE_H__
|
||||
#define __PACKET_SYSDIG_BRIDGE_H__
|
||||
#ifndef __PACKET_FALCO_BRIDGE_H__
|
||||
#define __PACKET_FALCO_BRIDGE_H__
|
||||
|
||||
/*
|
||||
* API versions of this plugin engine
|
||||
|
@ -228,4 +228,4 @@ typedef struct conv_fld_info {
|
|||
char field_val[4096];
|
||||
} conv_fld_info;
|
||||
|
||||
#endif // __PACKET_SYSDIG_BRIDGE_H__
|
||||
#endif // __PACKET_FALCO_BRIDGE_H__
|
|
@ -1,4 +1,4 @@
|
|||
/* sinsp-connector.c
|
||||
/* sinsp-span.cpp
|
||||
*
|
||||
* By Gerald Combs
|
||||
* Copyright (C) 2022 Sysdig, Inc.
|
|
@ -1,4 +1,4 @@
|
|||
/* sinsp-connector.c
|
||||
/* sinsp-span.h
|
||||
*
|
||||
* By Gerald Combs
|
||||
* Copyright (C) 2022 Sysdig, Inc.
|
||||
|
@ -46,14 +46,6 @@ typedef struct sinsp_field_info_t {
|
|||
bool is_info;
|
||||
} sinsp_field_info_t;
|
||||
|
||||
//typedef struct
|
||||
//{
|
||||
// uint64_t evtnum;
|
||||
// const uint8_t *data;
|
||||
// uint32_t datalen;
|
||||
// uint64_t ts;
|
||||
//} ss_plugin_event;
|
||||
|
||||
typedef struct sinsp_field_extract_t {
|
||||
uint32_t field_id; // in
|
||||
const char *field_name; // in
|
|
@ -1,2 +0,0 @@
|
|||
This plugin is a bridge between sysdig plugins and Wireshark, so that sysdig
|
||||
plugins can be used as dissectors.
|
Loading…
Reference in New Issue