osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

sysdig: a couple more fixes 

- parse the number of system call arguments in a way that works for both V1 and V2 event blocks
- returned the correct error string when unable to read the nparams entry from a sysdig event block V2

(cherry picked from commit 7894b1d0ea)
This commit is contained in:
Loris Degioanni 2021-04-07 16:54:26 -07:00 committed by Guy Harris
parent 4e7df5af01
commit 716dd09605
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
epan/dissectors/packet-sysdig-event.c
View File

@ -40,6 +40,9 @@
/* #include <epan/expert.h> */
/* #include <epan/prefs.h> */
#define BLOCK_TYPE_SYSDIG_EVENT 0x00000204
#define BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216
/* Prototypes */
void proto_reg_handoff_sysdig_event(void);
void proto_register_sysdig_event(void);
@ -2085,7 +2088,27 @@ static inline const gchar *format_param_str(tvbuff_t *tvb, int offset, int len)
/* Code to actually dissect the packets */
static int
dissect_header_lens(tvbuff_t *tvb, wtap_syscall_header* syscall_header, int offset, proto_tree *tree, int encoding)
dissect_header_lens_v1(tvbuff_t *tvb, int offset, proto_tree *tree, int encoding, int * const *hf_indexes)
{
int param_count;
proto_item *ti;
proto_tree *len_tree;
for (param_count = 0; hf_indexes[param_count]; param_count++);
ti = proto_tree_add_item(tree, hf_se_param_lens, tvb, offset, param_count * 2, ENC_NA);
len_tree = proto_item_add_subtree(ti, ett_sysdig_parm_lens);
for (param_count = 0; hf_indexes[param_count]; param_count++) {
proto_tree_add_item(len_tree, hf_se_param_len, tvb, offset + (param_count * 2), 2, encoding);
}
proto_item_set_len(ti, param_count * 2);
return param_count * 2;
}
static int
dissect_header_lens_v2(tvbuff_t *tvb, wtap_syscall_header* syscall_header, int offset, proto_tree *tree, int encoding)
{
guint32 param_count;
proto_item *ti;
@ -2111,7 +2134,11 @@ dissect_event_params(tvbuff_t *tvb, wtap_syscall_header* syscall_header, int off
int param_offset;
guint32 cur_param;
param_offset = offset + dissect_header_lens(tvb, syscall_header, offset, tree, encoding);
if (syscall_header->record_type == BLOCK_TYPE_SYSDIG_EVENT_V2) {
param_offset = offset + dissect_header_lens_v2(tvb, syscall_header, offset, tree, encoding);
} else {
param_offset = offset + dissect_header_lens_v1(tvb, offset, tree, encoding, hf_indexes);
}
for (cur_param = 0; cur_param < syscall_header->nparams; cur_param++) {
int param_len = tvb_get_guint16(tvb, len_offset, encoding);
@ -2450,8 +2477,6 @@ proto_register_sysdig_event(void)
register_dissector("sysdig", dissect_sysdig_event, proto_sysdig_event);
}
#define BLOCK_TYPE_SYSDIG_EVENT 0x00000204
#define BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216
void
proto_reg_handoff_sysdig_event(void)
{

4
wiretap/pcapng.c
View File

@ -2381,7 +2381,7 @@ pcapng_read_sysdig_event_block(FILE_T fh, pcapng_block_header_t *bh,
bh->block_total_length);
wblock->rec->rec_type = REC_TYPE_SYSCALL;
wblock->rec->rec_header.syscall_header.record_type = BLOCK_TYPE_SYSDIG_EVENT;
wblock->rec->rec_header.syscall_header.record_type = bh->block_type;
wblock->rec->presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN /*|WTAP_HAS_INTERFACE_ID */;
wblock->rec->tsprec = WTAP_TSPREC_NSEC;
@ -2407,7 +2407,7 @@ pcapng_read_sysdig_event_block(FILE_T fh, pcapng_block_header_t *bh,
}
if (bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2) {
if (!wtap_read_bytes(fh, &nparams, sizeof nparams, err, err_info)) {
pcapng_debug("pcapng_read_packet_block: failed to read sysdig event type");
pcapng_debug("pcapng_read_packet_block: failed to read sysdig number of parameters");
return FALSE;
}
}