initial skeleton for sysdig plugins experiments

2021-04-07 14:00:08 -07:00 · 2021-04-07 14:00:08 -07:00 · 625a042ff8
parent a3877af990
commit 625a042ff8
8 changed files with 154 additions and 3 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1593,6 +1593,7 @@ if(ENABLE_PLUGINS)
 		plugins/epan/opcua
 		plugins/epan/profinet
 		plugins/epan/stats_tree
+		plugins/epan/sysdig_bridge
 		plugins/epan/transum
 		plugins/epan/unistim
 		plugins/epan/wimax
--- a/epan/dissectors/packet-frame.c
+++ b/epan/dissectors/packet-frame.c
@ -619,7 +619,7 @@ dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
 			 * be preferred?
 			 */
 			ti = proto_tree_add_protocol_format(tree, proto_syscall, tvb, 0, tvb_captured_length(tvb),
-			    "System Call %u: %u byte%s",
+			    "Sysdig Event %u: %u byte%s",
 			    pinfo->num, frame_len, frame_plurality);
 			break;

--- a/epan/dissectors/packet-sysdig-event.c
+++ b/epan/dissectors/packet-sysdig-event.c
@ -2307,7 +2307,7 @@ dissect_sysdig_event(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
     * Sysdig uses the term "event" internally. So far every event has been
     * a syscall.
     */
-    col_set_str(pinfo->cinfo, COL_PROTOCOL, "System Call");
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "Sysdig Event");

    col_clear(pinfo->cinfo, COL_INFO);
    col_add_str(pinfo->cinfo, COL_INFO, val_to_str(event_type, event_type_vals, "Unknown syscall %u"));
@ -2604,7 +2604,7 @@ proto_register_sysdig_event(void)
    };

    /* Register the protocol name and description */
-    proto_sysdig_event = proto_register_protocol("Sysdig System Call",
+    proto_sysdig_event = proto_register_protocol("Sysdig Event",
            "Sysdig Event", "sysdig");

    /* Required function calls to register the header fields and subtrees */
--- a/plugins/epan/sysdig_bridge/AUTHORS
+++ b/plugins/epan/sysdig_bridge/AUTHORS
@ -0,0 +1,2 @@
+Author :
+Loris Degioanni
--- a/plugins/epan/sysdig_bridge/CMakeLists.txt
+++ b/plugins/epan/sysdig_bridge/CMakeLists.txt
@ -0,0 +1,64 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+include(WiresharkPlugin)
+
+# Plugin name and version info (major minor micro extra)
+set_module_info(sysdig-plugins 0 0 4 0)
+
+set(DISSECTOR_SRC
+	packet-sysdig-bridge.c
+)
+
+set(PLUGIN_FILES
+	plugin.c
+	${DISSECTOR_SRC}
+)
+
+set_source_files_properties(
+	${PLUGIN_FILES}
+	PROPERTIES
+	COMPILE_FLAGS "${WERROR_COMMON_FLAGS}"
+)
+
+register_plugin_files(plugin.c
+	plugin
+	${DISSECTOR_SRC}
+)
+
+add_plugin_library(sysdig-plugins epan)
+
+target_link_libraries(sysdig-plugins epan)
+
+install_plugin(sysdig-plugins epan)
+
+file(GLOB DISSECTOR_HEADERS RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" "*.h")
+CHECKAPI(
+	NAME
+	  sysdig-plugins
+	SWITCHES
+	  --group dissectors-prohibited
+	  --group dissectors-restricted
+	SOURCES
+	  ${DISSECTOR_SRC}
+	  ${DISSECTOR_HEADERS}
+)
+
+#
+# Editor modelines  -  https://www.wireshark.org/tools/modelines.html
+#
+# Local variables:
+# c-basic-offset: 8
+# tab-width: 8
+# indent-tabs-mode: t
+# End:
+#
+# vi: set shiftwidth=8 tabstop=8 noexpandtab:
+# :indentSize=8:tabSize=8:noTabs=false:
+#
--- a/plugins/epan/sysdig_bridge/README
+++ b/plugins/epan/sysdig_bridge/README
@ -0,0 +1,2 @@
+This plugin is a bridge between sysdig plugins and Wireshark, so that sysdig 
+plugins can be used as dissectors.
--- a/plugins/epan/sysdig_bridge/packet-sysdig-bridge.c
+++ b/plugins/epan/sysdig_bridge/packet-sysdig-bridge.c
@ -0,0 +1,70 @@
+/* packet-sysdig-bridge.c
+ *
+ * By Loris Degioanni
+ * Copyright (C) 2021 Sysdig, Inc.
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include "packet-sysdig-bridge.h"
+
+#define FOO_PORT 1234
+#define FOO_PORT1 1235
+
+static int proto_foo = -1;
+static int proto_foo1 = -1;
+
+void
+proto_register_foo(void)
+{
+    proto_foo = proto_register_protocol (
+        "FOO Protocol", /* name       */
+        "FOO",      /* short name */
+        "foo"       /* abbrev     */
+        );
+
+    proto_foo1 = proto_register_protocol (
+        "FOO1 Protocol", /* name       */
+        "FOO1",      /* short name */
+        "foo1"       /* abbrev     */
+        );
+}
+
+static int
+dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_)
+{
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
+    /* Clear out stuff in the info column */
+    col_clear(pinfo->cinfo,COL_INFO);
+
+    return tvb_captured_length(tvb);
+}
+
+static int
+dissect_foo1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_)
+{
+    col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO1");
+    /* Clear out stuff in the info column */
+    col_clear(pinfo->cinfo,COL_INFO);
+
+    return tvb_captured_length(tvb);
+}
+
+void
+proto_reg_handoff_foo(void)
+{
+    static dissector_handle_t foo_handle;
+    foo_handle = create_dissector_handle(dissect_foo, proto_foo);
+    dissector_add_uint("udp.port", FOO_PORT, foo_handle);
+
+    static dissector_handle_t foo_handle1;
+    foo_handle1 = create_dissector_handle(dissect_foo1, proto_foo1);
+    dissector_add_uint("udp.port", FOO_PORT1, foo_handle1);
+}
--- a/plugins/epan/sysdig_bridge/packet-sysdig-bridge.h
+++ b/plugins/epan/sysdig_bridge/packet-sysdig-bridge.h
@ -0,0 +1,12 @@
+/* packet-sysdig-bridge.h
+ *
+ * By Loris Degioanni
+ * Copyright (C) 2021 Sysdig, Inc.
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+