forked from osmocom/wireshark
110dbffbe9
The Sysdig Bridge plugin loads Falco plugins, so rename it to Falco Bridge. Make it optional and dependent on libsinsp+libscap, similar to our codec plugins. Remove some unused code. |
||
|---|---|---|
| .. | ||
| AUTHORS | ||
| CMakeLists.txt | ||
| README.md | ||
| conversation-macros.h | ||
| packet-falco-bridge.c | ||
| packet-falco-bridge.h | ||
| sinsp-span.cpp | ||
| sinsp-span.h | ||
README.md
Falco Bridge
This plugin is a bridge between Falco plugins and Wireshark, so that Falco plugins can be used as dissectors. It requires libsinsp and libscap.
Building the Falco Bridge plugin
-
Download and compile libsinsp and libscap.
-
Configure Wireshark with
cmake ... -DSINSP_INCLUDE_DIR=/path/to/falcosecurity-libs -DSINSP_LIBDIR=/path/to/falcosecurity-libs/build ...
Quick Start
-
Create a directory named "falco" at the same level as the "epan" plugin folder. You can find the global and per-user plugin folder locations on your system in About → Folders or in the User's Guide.
-
Build your desired Falco plugin and place it in the "falco" plugin directory.