forked from osmocom/wireshark
initial skeleton for sysdig plugins experiments
This commit is contained in:
parent
a3877af990
commit
625a042ff8
|
@ -1593,6 +1593,7 @@ if(ENABLE_PLUGINS)
|
|||
plugins/epan/opcua
|
||||
plugins/epan/profinet
|
||||
plugins/epan/stats_tree
|
||||
plugins/epan/sysdig_bridge
|
||||
plugins/epan/transum
|
||||
plugins/epan/unistim
|
||||
plugins/epan/wimax
|
||||
|
|
|
@ -619,7 +619,7 @@ dissect_frame(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void*
|
|||
* be preferred?
|
||||
*/
|
||||
ti = proto_tree_add_protocol_format(tree, proto_syscall, tvb, 0, tvb_captured_length(tvb),
|
||||
"System Call %u: %u byte%s",
|
||||
"Sysdig Event %u: %u byte%s",
|
||||
pinfo->num, frame_len, frame_plurality);
|
||||
break;
|
||||
|
||||
|
|
|
@ -2307,7 +2307,7 @@ dissect_sysdig_event(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
|
|||
* Sysdig uses the term "event" internally. So far every event has been
|
||||
* a syscall.
|
||||
*/
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "System Call");
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "Sysdig Event");
|
||||
|
||||
col_clear(pinfo->cinfo, COL_INFO);
|
||||
col_add_str(pinfo->cinfo, COL_INFO, val_to_str(event_type, event_type_vals, "Unknown syscall %u"));
|
||||
|
@ -2604,7 +2604,7 @@ proto_register_sysdig_event(void)
|
|||
};
|
||||
|
||||
/* Register the protocol name and description */
|
||||
proto_sysdig_event = proto_register_protocol("Sysdig System Call",
|
||||
proto_sysdig_event = proto_register_protocol("Sysdig Event",
|
||||
"Sysdig Event", "sysdig");
|
||||
|
||||
/* Required function calls to register the header fields and subtrees */
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
Author :
|
||||
Loris Degioanni
|
|
@ -0,0 +1,64 @@
|
|||
# CMakeLists.txt
|
||||
#
|
||||
# Wireshark - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@wireshark.org>
|
||||
# Copyright 1998 Gerald Combs
|
||||
#
|
||||
# SPDX-License-Identifier: GPL-2.0-or-later
|
||||
#
|
||||
|
||||
include(WiresharkPlugin)
|
||||
|
||||
# Plugin name and version info (major minor micro extra)
|
||||
set_module_info(sysdig-plugins 0 0 4 0)
|
||||
|
||||
set(DISSECTOR_SRC
|
||||
packet-sysdig-bridge.c
|
||||
)
|
||||
|
||||
set(PLUGIN_FILES
|
||||
plugin.c
|
||||
${DISSECTOR_SRC}
|
||||
)
|
||||
|
||||
set_source_files_properties(
|
||||
${PLUGIN_FILES}
|
||||
PROPERTIES
|
||||
COMPILE_FLAGS "${WERROR_COMMON_FLAGS}"
|
||||
)
|
||||
|
||||
register_plugin_files(plugin.c
|
||||
plugin
|
||||
${DISSECTOR_SRC}
|
||||
)
|
||||
|
||||
add_plugin_library(sysdig-plugins epan)
|
||||
|
||||
target_link_libraries(sysdig-plugins epan)
|
||||
|
||||
install_plugin(sysdig-plugins epan)
|
||||
|
||||
file(GLOB DISSECTOR_HEADERS RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" "*.h")
|
||||
CHECKAPI(
|
||||
NAME
|
||||
sysdig-plugins
|
||||
SWITCHES
|
||||
--group dissectors-prohibited
|
||||
--group dissectors-restricted
|
||||
SOURCES
|
||||
${DISSECTOR_SRC}
|
||||
${DISSECTOR_HEADERS}
|
||||
)
|
||||
|
||||
#
|
||||
# Editor modelines - https://www.wireshark.org/tools/modelines.html
|
||||
#
|
||||
# Local variables:
|
||||
# c-basic-offset: 8
|
||||
# tab-width: 8
|
||||
# indent-tabs-mode: t
|
||||
# End:
|
||||
#
|
||||
# vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
||||
# :indentSize=8:tabSize=8:noTabs=false:
|
||||
#
|
|
@ -0,0 +1,2 @@
|
|||
This plugin is a bridge between sysdig plugins and Wireshark, so that sysdig
|
||||
plugins can be used as dissectors.
|
|
@ -0,0 +1,70 @@
|
|||
/* packet-sysdig-bridge.c
|
||||
*
|
||||
* By Loris Degioanni
|
||||
* Copyright (C) 2021 Sysdig, Inc.
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <epan/packet.h>
|
||||
#include "packet-sysdig-bridge.h"
|
||||
|
||||
#define FOO_PORT 1234
|
||||
#define FOO_PORT1 1235
|
||||
|
||||
static int proto_foo = -1;
|
||||
static int proto_foo1 = -1;
|
||||
|
||||
void
|
||||
proto_register_foo(void)
|
||||
{
|
||||
proto_foo = proto_register_protocol (
|
||||
"FOO Protocol", /* name */
|
||||
"FOO", /* short name */
|
||||
"foo" /* abbrev */
|
||||
);
|
||||
|
||||
proto_foo1 = proto_register_protocol (
|
||||
"FOO1 Protocol", /* name */
|
||||
"FOO1", /* short name */
|
||||
"foo1" /* abbrev */
|
||||
);
|
||||
}
|
||||
|
||||
static int
|
||||
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_)
|
||||
{
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");
|
||||
/* Clear out stuff in the info column */
|
||||
col_clear(pinfo->cinfo,COL_INFO);
|
||||
|
||||
return tvb_captured_length(tvb);
|
||||
}
|
||||
|
||||
static int
|
||||
dissect_foo1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_)
|
||||
{
|
||||
col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO1");
|
||||
/* Clear out stuff in the info column */
|
||||
col_clear(pinfo->cinfo,COL_INFO);
|
||||
|
||||
return tvb_captured_length(tvb);
|
||||
}
|
||||
|
||||
void
|
||||
proto_reg_handoff_foo(void)
|
||||
{
|
||||
static dissector_handle_t foo_handle;
|
||||
foo_handle = create_dissector_handle(dissect_foo, proto_foo);
|
||||
dissector_add_uint("udp.port", FOO_PORT, foo_handle);
|
||||
|
||||
static dissector_handle_t foo_handle1;
|
||||
foo_handle1 = create_dissector_handle(dissect_foo1, proto_foo1);
|
||||
dissector_add_uint("udp.port", FOO_PORT1, foo_handle1);
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
/* packet-sysdig-bridge.h
|
||||
*
|
||||
* By Loris Degioanni
|
||||
* Copyright (C) 2021 Sysdig, Inc.
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
Loading…
Reference in New Issue