Convert generate-sysdig-event.py to Python 3. Update it to fetch from
the current version of Sysdig (0.26.1). Add logic to work around
mismatched parameter counts and mismatched types and formats.
The following warnings were generated:
WARNING: Forcing semget INT32 format to DEC. Params: [('key', 'INT32', 'HEX'), ('nsems', 'INT32', 'DEC'), ('semflg', 'FLAGS32', 'HEX')]
WARNING: Forcing notification STRING format to NONE. Params: [('id', 'CHARBUF', 'DEC'), ('desc', 'CHARBUF', 'NA')]
WARNING: Forcing infra STRING format to NONE. Params: [('source', 'CHARBUF', 'DEC'), ('name', 'CHARBUF', 'NA'), ('description', 'CHARBUF', 'NA'), ('scope', 'CHARBUF', 'NA')]
WARNING: seccomp: found 2 parameters. Expected 1. Params: [('op', 'UINT64', 'DEC'), ('flags', 'UINT64', 'HEX')]
Bug: 15826
Change-Id: I5f8a7530f1003270cbbcb1f7dfd86f7b63066bba
Reviewed-on: https://code.wireshark.org/review/33513
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>