From 41bfc9112480c3d83331ed93470c7f675a9d5b1a Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Mon, 13 Dec 2021 15:26:31 +0100 Subject: [PATCH] dissectors: re-generated sysdig events using provided tool. Signed-off-by: Federico Di Pierro --- epan/dissectors/packet-sysdig-event.c | 139 +++++++++++++++++++++----- 1 file changed, 114 insertions(+), 25 deletions(-) diff --git a/epan/dissectors/packet-sysdig-event.c b/epan/dissectors/packet-sysdig-event.c index 1ab74db27e..3259ab14ed 100644 --- a/epan/dissectors/packet-sysdig-event.c +++ b/epan/dissectors/packet-sysdig-event.c @@ -78,6 +78,7 @@ static int hf_param_clockid_uint8 = -1; static int hf_param_cmd_bytes = -1; static int hf_param_cmd_int64 = -1; static int hf_param_comm_string = -1; +static int hf_param_core_uint8 = -1; static int hf_param_cpu_sys_uint64 = -1; static int hf_param_cpu_uint32 = -1; static int hf_param_cpu_usr_uint64 = -1; @@ -106,6 +107,7 @@ static int hf_param_egid_bytes = -1; static int hf_param_env_string = -1; static int hf_param_error_bytes = -1; static int hf_param_euid_bytes = -1; +static int hf_param_event_data_bytes = -1; static int hf_param_event_data_uint64 = -1; static int hf_param_event_type_uint32 = -1; static int hf_param_exe_string = -1; @@ -117,6 +119,7 @@ static int hf_param_fd_out_int64 = -1; static int hf_param_fdlimit_int64 = -1; static int hf_param_fdlimit_uint64 = -1; static int hf_param_fds_bytes = -1; +static int hf_param_filename_bytes = -1; static int hf_param_filename_string = -1; static int hf_param_flags_bytes = -1; static int hf_param_flags_uint32 = -1; @@ -137,6 +140,7 @@ static int hf_param_key_int32 = -1; static int hf_param_length_uint64 = -1; static int hf_param_level_bytes = -1; static int hf_param_linkdirfd_int64 = -1; +static int hf_param_linkpath_bytes = -1; static int hf_param_linkpath_string = -1; static int hf_param_loginuid_int32 = -1; static int hf_param_mask_uint32 = -1; @@ -144,12 +148,14 @@ static int hf_param_max_int64 = -1; static int hf_param_maxevents_bytes = -1; static int hf_param_mode_bytes = -1; static int hf_param_mode_uint32 = -1; +static int hf_param_name_bytes = -1; static int hf_param_name_string = -1; static int hf_param_nativeID_uint16 = -1; static int hf_param_newcur_int64 = -1; static int hf_param_newdir_int64 = -1; static int hf_param_newdirfd_int64 = -1; static int hf_param_newmax_int64 = -1; +static int hf_param_newpath_bytes = -1; static int hf_param_newpath_string = -1; static int hf_param_next_bytes = -1; static int hf_param_nsems_int32 = -1; @@ -160,6 +166,7 @@ static int hf_param_oldcur_int64 = -1; static int hf_param_olddir_int64 = -1; static int hf_param_olddirfd_int64 = -1; static int hf_param_oldmax_int64 = -1; +static int hf_param_oldpath_bytes = -1; static int hf_param_oldpath_string = -1; static int hf_param_op_bytes = -1; static int hf_param_op_uint64 = -1; @@ -167,6 +174,7 @@ static int hf_param_operation_bytes = -1; static int hf_param_optlen_uint32 = -1; static int hf_param_optname_bytes = -1; static int hf_param_out_fd_int64 = -1; +static int hf_param_path_bytes = -1; static int hf_param_path_string = -1; static int hf_param_peer_uint64 = -1; static int hf_param_pgft_maj_uint64 = -1; @@ -174,6 +182,7 @@ static int hf_param_pgft_min_uint64 = -1; static int hf_param_pgid_bytes = -1; static int hf_param_pgoffset_uint64 = -1; static int hf_param_pid_bytes = -1; +static int hf_param_plugin_ID_uint32 = -1; static int hf_param_pos_uint64 = -1; static int hf_param_prot_bytes = -1; static int hf_param_proto_uint32 = -1; @@ -191,7 +200,9 @@ static int hf_param_res_bytes = -1; static int hf_param_res_int64 = -1; static int hf_param_res_or_fd_bytes = -1; static int hf_param_res_uint64 = -1; +static int hf_param_resolve_bytes = -1; static int hf_param_resource_bytes = -1; +static int hf_param_ret_bytes = -1; static int hf_param_rgid_bytes = -1; static int hf_param_ruid_bytes = -1; static int hf_param_scope_string = -1; @@ -214,8 +225,6 @@ static int hf_param_source_uint64 = -1; static int hf_param_special_string = -1; static int hf_param_spid_bytes = -1; static int hf_param_status_bytes = -1; -static int hf_param_ret_bytes = -1; -static int hf_param_core_uint8 = -1; static int hf_param_suid_bytes = -1; static int hf_param_tags_bytes = -1; static int hf_param_target_string = -1; @@ -258,6 +267,7 @@ static gint ett_sysdig_syscall = -1; #define EVT_STR_BPF "bpf" #define EVT_STR_BRK "brk" #define EVT_STR_CHDIR "chdir" +#define EVT_STR_CHMOD "chmod" #define EVT_STR_CHROOT "chroot" #define EVT_STR_CLONE "clone" #define EVT_STR_CLOSE "close" @@ -271,6 +281,8 @@ static gint ett_sysdig_syscall = -1; #define EVT_STR_EVENTFD "eventfd" #define EVT_STR_EXECVE "execve" #define EVT_STR_FCHDIR "fchdir" +#define EVT_STR_FCHMOD "fchmod" +#define EVT_STR_FCHMODAT "fchmodat" #define EVT_STR_FCNTL "fcntl" #define EVT_STR_FLOCK "flock" #define EVT_STR_FORK "fork" @@ -313,8 +325,10 @@ static gint ett_sysdig_syscall = -1; #define EVT_STR_NOTIFICATION "notification" #define EVT_STR_OPEN "open" #define EVT_STR_OPENAT "openat" +#define EVT_STR_OPENAT2 "openat2" #define EVT_STR_PAGE_FAULT "page_fault" #define EVT_STR_PIPE "pipe" +#define EVT_STR_PLUGINEVENT "pluginevent" #define EVT_STR_POLL "poll" #define EVT_STR_PPOLL "ppoll" #define EVT_STR_PREAD "pread" @@ -334,6 +348,7 @@ static gint ett_sysdig_syscall = -1; #define EVT_STR_RECVMSG "recvmsg" #define EVT_STR_RENAME "rename" #define EVT_STR_RENAMEAT "renameat" +#define EVT_STR_RENAMEAT2 "renameat2" #define EVT_STR_RMDIR "rmdir" #define EVT_STR_SECCOMP "seccomp" #define EVT_STR_SELECT "select" @@ -375,6 +390,7 @@ static gint ett_sysdig_syscall = -1; #define EVT_STR_UNLINK "unlink" #define EVT_STR_UNLINKAT "unlinkat" #define EVT_STR_UNSHARE "unshare" +#define EVT_STR_USERFAULTFD "userfaultfd" #define EVT_STR_VFORK "vfork" #define EVT_STR_WRITE "write" #define EVT_STR_WRITEV "writev" @@ -693,6 +709,22 @@ static gint ett_sysdig_syscall = -1; #define EVT_SYSCALL_LINK_2_X 309 #define EVT_SYSCALL_LINKAT_2_E 310 #define EVT_SYSCALL_LINKAT_2_X 311 +#define EVT_SYSCALL_FCHMODAT_E 312 +#define EVT_SYSCALL_FCHMODAT_X 313 +#define EVT_SYSCALL_CHMOD_E 314 +#define EVT_SYSCALL_CHMOD_X 315 +#define EVT_SYSCALL_FCHMOD_E 316 +#define EVT_SYSCALL_FCHMOD_X 317 +#define EVT_SYSCALL_RENAMEAT2_E 318 +#define EVT_SYSCALL_RENAMEAT2_X 319 +#define EVT_SYSCALL_USERFAULTFD_E 320 +#define EVT_SYSCALL_USERFAULTFD_X 321 +#define EVT_PLUGINEVENT_E 322 +#define EVT_PLUGINEVENT_X 323 +#define EVT_CONTAINER_JSON_2_E 324 +#define EVT_CONTAINER_JSON_2_X 325 +#define EVT_SYSCALL_OPENAT2_E 326 +#define EVT_SYSCALL_OPENAT2_X 327 static const value_string event_type_vals[] = { /* Value strings. Automatically generated by tools/generate-sysdig-event.py */ @@ -1008,6 +1040,22 @@ static const value_string event_type_vals[] = { { EVT_SYSCALL_LINK_2_X, EVT_STR_LINK }, { EVT_SYSCALL_LINKAT_2_E, EVT_STR_LINKAT }, { EVT_SYSCALL_LINKAT_2_X, EVT_STR_LINKAT }, + { EVT_SYSCALL_FCHMODAT_E, EVT_STR_FCHMODAT }, + { EVT_SYSCALL_FCHMODAT_X, EVT_STR_FCHMODAT }, + { EVT_SYSCALL_CHMOD_E, EVT_STR_CHMOD }, + { EVT_SYSCALL_CHMOD_X, EVT_STR_CHMOD }, + { EVT_SYSCALL_FCHMOD_E, EVT_STR_FCHMOD }, + { EVT_SYSCALL_FCHMOD_X, EVT_STR_FCHMOD }, + { EVT_SYSCALL_RENAMEAT2_E, EVT_STR_RENAMEAT2 }, + { EVT_SYSCALL_RENAMEAT2_X, EVT_STR_RENAMEAT2 }, + { EVT_SYSCALL_USERFAULTFD_E, EVT_STR_USERFAULTFD }, + { EVT_SYSCALL_USERFAULTFD_X, EVT_STR_USERFAULTFD }, + { EVT_PLUGINEVENT_E, EVT_STR_PLUGINEVENT }, + { EVT_PLUGINEVENT_X, EVT_STR_PLUGINEVENT }, + { EVT_CONTAINER_JSON_2_E, EVT_STR_CONTAINER }, + { EVT_CONTAINER_JSON_2_X, EVT_STR_CONTAINER }, + { EVT_SYSCALL_OPENAT2_E, EVT_STR_OPENAT2 }, + { EVT_SYSCALL_OPENAT2_X, EVT_STR_OPENAT2 }, {0, NULL } }; @@ -1251,16 +1299,16 @@ static int * const syscall_execve_14_x_indexes[] = { &hf_param_res_bytes, &hf_pa #define syscall_rename_e_indexes no_indexes static int * const syscall_rename_x_indexes[] = { &hf_param_res_bytes, &hf_param_oldpath_string, &hf_param_newpath_string, NULL }; #define syscall_renameat_e_indexes no_indexes -static int * const syscall_renameat_x_indexes[] = { &hf_param_res_bytes, &hf_param_olddirfd_int64, &hf_param_oldpath_string, &hf_param_newdirfd_int64, &hf_param_newpath_string, NULL }; +static int * const syscall_renameat_x_indexes[] = { &hf_param_res_bytes, &hf_param_olddirfd_int64, &hf_param_oldpath_bytes, &hf_param_newdirfd_int64, &hf_param_newpath_bytes, NULL }; #define syscall_symlink_e_indexes no_indexes static int * const syscall_symlink_x_indexes[] = { &hf_param_res_bytes, &hf_param_target_string, &hf_param_linkpath_string, NULL }; #define syscall_symlinkat_e_indexes no_indexes -static int * const syscall_symlinkat_x_indexes[] = { &hf_param_res_bytes, &hf_param_target_string, &hf_param_linkdirfd_int64, &hf_param_linkpath_string, NULL }; +static int * const syscall_symlinkat_x_indexes[] = { &hf_param_res_bytes, &hf_param_target_string, &hf_param_linkdirfd_int64, &hf_param_linkpath_bytes, NULL }; #define syscall_fork_e_indexes no_indexes #define syscall_fork_x_indexes syscall_clone_16_x_indexes #define syscall_vfork_e_indexes no_indexes #define syscall_vfork_x_indexes syscall_clone_16_x_indexes -static int * const procexit_1_e_indexes[] = { &hf_param_status_bytes, &hf_param_res_bytes, &hf_param_sig_bytes, &hf_param_core_uint8, NULL }; +static int * const procexit_1_e_indexes[] = { &hf_param_status_bytes, &hf_param_ret_bytes, &hf_param_sig_bytes, &hf_param_core_uint8, NULL }; #define procexit_1_x_indexes no_indexes static int * const syscall_sendfile_e_indexes[] = { &hf_param_out_fd_int64, &hf_param_in_fd_int64, &hf_param_offset_uint64, &hf_param_size_uint64, NULL }; static int * const syscall_sendfile_x_indexes[] = { &hf_param_res_bytes, &hf_param_offset_uint64, NULL }; @@ -1377,15 +1425,31 @@ static int * const syscall_seccomp_e_indexes[] = { &hf_param_op_uint64, NULL }; #define syscall_unlink_2_e_indexes no_indexes #define syscall_unlink_2_x_indexes syscall_stat_x_indexes #define syscall_unlinkat_2_e_indexes no_indexes -static int * const syscall_unlinkat_2_x_indexes[] = { &hf_param_res_bytes, &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_bytes, NULL }; +static int * const syscall_unlinkat_2_x_indexes[] = { &hf_param_res_bytes, &hf_param_dirfd_int64, &hf_param_name_bytes, &hf_param_flags_bytes, NULL }; #define syscall_mkdirat_e_indexes no_indexes -static int * const syscall_mkdirat_x_indexes[] = { &hf_param_res_bytes, &hf_param_dirfd_int64, &hf_param_path_string, &hf_param_mode_uint32, NULL }; +static int * const syscall_mkdirat_x_indexes[] = { &hf_param_res_bytes, &hf_param_dirfd_int64, &hf_param_path_bytes, &hf_param_mode_uint32, NULL }; #define syscall_openat_2_e_indexes no_indexes -static int * const syscall_openat_2_x_indexes[] = { &hf_param_fd_int64, &hf_param_dirfd_int64, &hf_param_name_string, &hf_param_flags_bytes, &hf_param_mode_uint32, &hf_param_dev_uint32, NULL }; +static int * const syscall_openat_2_x_indexes[] = { &hf_param_fd_int64, &hf_param_dirfd_int64, &hf_param_name_bytes, &hf_param_flags_bytes, &hf_param_mode_uint32, &hf_param_dev_uint32, NULL }; #define syscall_link_2_e_indexes no_indexes #define syscall_link_2_x_indexes syscall_rename_x_indexes #define syscall_linkat_2_e_indexes no_indexes -static int * const syscall_linkat_2_x_indexes[] = { &hf_param_res_bytes, &hf_param_olddir_int64, &hf_param_oldpath_string, &hf_param_newdir_int64, &hf_param_newpath_string, &hf_param_flags_bytes, NULL }; +static int * const syscall_linkat_2_x_indexes[] = { &hf_param_res_bytes, &hf_param_olddir_int64, &hf_param_oldpath_bytes, &hf_param_newdir_int64, &hf_param_newpath_bytes, &hf_param_flags_bytes, NULL }; +#define syscall_fchmodat_e_indexes no_indexes +static int * const syscall_fchmodat_x_indexes[] = { &hf_param_res_bytes, &hf_param_dirfd_int64, &hf_param_filename_bytes, &hf_param_mode_bytes, NULL }; +#define syscall_chmod_e_indexes no_indexes +static int * const syscall_chmod_x_indexes[] = { &hf_param_res_bytes, &hf_param_filename_string, &hf_param_mode_bytes, NULL }; +#define syscall_fchmod_e_indexes no_indexes +static int * const syscall_fchmod_x_indexes[] = { &hf_param_res_bytes, &hf_param_fd_int64, &hf_param_mode_bytes, NULL }; +#define syscall_renameat2_e_indexes no_indexes +static int * const syscall_renameat2_x_indexes[] = { &hf_param_res_bytes, &hf_param_olddirfd_int64, &hf_param_oldpath_bytes, &hf_param_newdirfd_int64, &hf_param_newpath_bytes, &hf_param_flags_bytes, NULL }; +#define syscall_userfaultfd_e_indexes no_indexes +static int * const syscall_userfaultfd_x_indexes[] = { &hf_param_res_bytes, &hf_param_flags_bytes, NULL }; +static int * const pluginevent_e_indexes[] = { &hf_param_plugin_ID_uint32, &hf_param_event_data_bytes, NULL }; +#define pluginevent_x_indexes no_indexes +#define container_json_2_e_indexes k8s_e_indexes +#define container_json_2_x_indexes no_indexes +#define syscall_openat2_e_indexes no_indexes +static int * const syscall_openat2_x_indexes[] = { &hf_param_fd_int64, &hf_param_dirfd_int64, &hf_param_name_bytes, &hf_param_flags_bytes, &hf_param_mode_uint32, &hf_param_resolve_bytes, NULL }; static const struct _event_tree_info event_tree_info[] = { /* Event tree. Automatically generated by tools/generate-sysdig-event.py */ @@ -1701,6 +1765,22 @@ static const struct _event_tree_info event_tree_info[] = { { EVT_SYSCALL_LINK_2_X, syscall_link_2_x_indexes }, { EVT_SYSCALL_LINKAT_2_E, syscall_linkat_2_e_indexes }, { EVT_SYSCALL_LINKAT_2_X, syscall_linkat_2_x_indexes }, + { EVT_SYSCALL_FCHMODAT_E, syscall_fchmodat_e_indexes }, + { EVT_SYSCALL_FCHMODAT_X, syscall_fchmodat_x_indexes }, + { EVT_SYSCALL_CHMOD_E, syscall_chmod_e_indexes }, + { EVT_SYSCALL_CHMOD_X, syscall_chmod_x_indexes }, + { EVT_SYSCALL_FCHMOD_E, syscall_fchmod_e_indexes }, + { EVT_SYSCALL_FCHMOD_X, syscall_fchmod_x_indexes }, + { EVT_SYSCALL_RENAMEAT2_E, syscall_renameat2_e_indexes }, + { EVT_SYSCALL_RENAMEAT2_X, syscall_renameat2_x_indexes }, + { EVT_SYSCALL_USERFAULTFD_E, syscall_userfaultfd_e_indexes }, + { EVT_SYSCALL_USERFAULTFD_X, syscall_userfaultfd_x_indexes }, + { EVT_PLUGINEVENT_E, pluginevent_e_indexes }, + { EVT_PLUGINEVENT_X, pluginevent_x_indexes }, + { EVT_CONTAINER_JSON_2_E, container_json_2_e_indexes }, + { EVT_CONTAINER_JSON_2_X, container_json_2_x_indexes }, + { EVT_SYSCALL_OPENAT2_E, syscall_openat2_e_indexes }, + { EVT_SYSCALL_OPENAT2_X, syscall_openat2_x_indexes }, { 0, NULL } }; @@ -2345,6 +2425,7 @@ proto_register_sysdig_event(void) { &hf_param_cmd_bytes, { "cmd", "sysdig.param.semctl.cmd", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_cmd_int64, { "cmd", "sysdig.param.bpf.cmd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_comm_string, { "Command", "sysdig.param.execve.comm", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_core_uint8, { "core", "sysdig.param.procexit.core", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_cpu_sys_uint64, { "cpu_sys", "sysdig.param.procinfo.cpu_sys", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_cpu_uint32, { "cpu", "sysdig.param.cpu_hotplug.cpu", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_cpu_usr_uint64, { "cpu_usr", "sysdig.param.procinfo.cpu_usr", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, @@ -2356,7 +2437,7 @@ proto_register_sysdig_event(void) { &hf_param_dev_string, { "dev", "sysdig.param.mount.dev", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_dev_uint32, { "dev", "sysdig.param.openat.dev", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_param_dir_string, { "dir", "sysdig.param.mount.dir", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_dirfd_int64, { "dirfd", "sysdig.param.openat.dirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, + { &hf_param_dirfd_int64, { "dirfd", "sysdig.param.openat2.dirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_domain_bytes, { "domain", "sysdig.param.socketpair.domain", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_dpid_bytes, { "dpid", "sysdig.param.signaldeliver.dpid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_dqb_bhardlimit_uint64, { "dqb_bhardlimit", "sysdig.param.quotactl.dqb_bhardlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, @@ -2373,19 +2454,21 @@ proto_register_sysdig_event(void) { &hf_param_env_string, { "env", "sysdig.param.execve.env", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_error_bytes, { "error", "sysdig.param.page_fault.error", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_euid_bytes, { "euid", "sysdig.param.getresuid.euid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_event_data_bytes, { "event_data", "sysdig.param.pluginevent.event_data", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_event_data_uint64, { "event_data", "sysdig.param.sysdigevent.event_data", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_event_type_uint32, { "event_type", "sysdig.param.sysdigevent.event_type", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_exe_string, { "exe", "sysdig.param.execve.exe", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_fd1_int64, { "fd1", "sysdig.param.pipe.fd1", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_fd2_int64, { "fd2", "sysdig.param.pipe.fd2", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_fd_in_int64, { "fd_in", "sysdig.param.splice.fd_in", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_fd_int64, { "fd", "sysdig.param.openat.fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, + { &hf_param_fd_int64, { "fd", "sysdig.param.openat2.fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_fd_out_int64, { "fd_out", "sysdig.param.splice.fd_out", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_fdlimit_int64, { "fdlimit", "sysdig.param.vfork.fdlimit", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_fdlimit_uint64, { "fdlimit", "sysdig.param.execve.fdlimit", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_fds_bytes, { "fds", "sysdig.param.ppoll.fds", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_filename_string, { "filename", "sysdig.param.execve.filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_flags_bytes, { "flags", "sysdig.param.linkat.flags", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_filename_bytes, { "filename", "sysdig.param.fchmodat.filename", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_filename_string, { "filename", "sysdig.param.chmod.filename", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_flags_bytes, { "flags", "sysdig.param.openat2.flags", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_flags_uint32, { "flags", "sysdig.param.accept.flags", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_param_gid_bytes, { "gid", "sysdig.param.getgid.gid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_gid_uint32, { "gid", "sysdig.param.vfork.gid", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, @@ -2404,20 +2487,23 @@ proto_register_sysdig_event(void) { &hf_param_length_uint64, { "length", "sysdig.param.munmap.length", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_level_bytes, { "level", "sysdig.param.getsockopt.level", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_linkdirfd_int64, { "linkdirfd", "sysdig.param.symlinkat.linkdirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_linkpath_string, { "linkpath", "sysdig.param.symlinkat.linkpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_linkpath_bytes, { "linkpath", "sysdig.param.symlinkat.linkpath", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_linkpath_string, { "linkpath", "sysdig.param.symlink.linkpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_loginuid_int32, { "loginuid", "sysdig.param.execve.loginuid", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_mask_uint32, { "mask", "sysdig.param.signalfd.mask", FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_param_max_int64, { "max", "sysdig.param.setrlimit.max", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_maxevents_bytes, { "maxevents", "sysdig.param.epoll_wait.maxevents", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_mode_bytes, { "mode", "sysdig.param.access.mode", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_mode_uint32, { "mode", "sysdig.param.openat.mode", FT_UINT32, BASE_OCT, NULL, 0, NULL, HFILL } }, - { &hf_param_name_string, { "name", "sysdig.param.openat.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_mode_bytes, { "mode", "sysdig.param.fchmod.mode", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_mode_uint32, { "mode", "sysdig.param.openat2.mode", FT_UINT32, BASE_OCT, NULL, 0, NULL, HFILL } }, + { &hf_param_name_bytes, { "name", "sysdig.param.openat2.name", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_name_string, { "name", "sysdig.param.infra.name", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_nativeID_uint16, { "nativeID", "sysdig.param.syscall.nativeID", FT_UINT16, BASE_DEC, VALS(nativeID_uint16_vals), 0, NULL, HFILL } }, { &hf_param_newcur_int64, { "newcur", "sysdig.param.prlimit.newcur", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_newdir_int64, { "newdir", "sysdig.param.linkat.newdir", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_newdirfd_int64, { "newdirfd", "sysdig.param.renameat.newdirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, + { &hf_param_newdirfd_int64, { "newdirfd", "sysdig.param.renameat2.newdirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_newmax_int64, { "newmax", "sysdig.param.prlimit.newmax", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_newpath_string, { "newpath", "sysdig.param.linkat.newpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_newpath_bytes, { "newpath", "sysdig.param.renameat2.newpath", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_newpath_string, { "newpath", "sysdig.param.link.newpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_next_bytes, { "next", "sysdig.param.switch.next", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_nsems_int32, { "nsems", "sysdig.param.semget.nsems", FT_INT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_nsops_uint32, { "nsops", "sysdig.param.semop.nsops", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, @@ -2425,22 +2511,25 @@ proto_register_sysdig_event(void) { &hf_param_offset_uint64, { "offset", "sysdig.param.sendfile.offset", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_oldcur_int64, { "oldcur", "sysdig.param.prlimit.oldcur", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_olddir_int64, { "olddir", "sysdig.param.linkat.olddir", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_olddirfd_int64, { "olddirfd", "sysdig.param.renameat.olddirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, + { &hf_param_olddirfd_int64, { "olddirfd", "sysdig.param.renameat2.olddirfd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_oldmax_int64, { "oldmax", "sysdig.param.prlimit.oldmax", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_oldpath_string, { "oldpath", "sysdig.param.linkat.oldpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_oldpath_bytes, { "oldpath", "sysdig.param.renameat2.oldpath", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_oldpath_string, { "oldpath", "sysdig.param.link.oldpath", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_op_bytes, { "op", "sysdig.param.futex.op", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_op_uint64, { "op", "sysdig.param.seccomp.op", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_operation_bytes, { "operation", "sysdig.param.flock.operation", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_optlen_uint32, { "optlen", "sysdig.param.getsockopt.optlen", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_optname_bytes, { "optname", "sysdig.param.getsockopt.optname", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_out_fd_int64, { "out_fd", "sysdig.param.sendfile.out_fd", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, - { &hf_param_path_string, { "path", "sysdig.param.mkdirat.path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_path_bytes, { "path", "sysdig.param.mkdirat.path", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_path_string, { "path", "sysdig.param.unlink.path", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_peer_uint64, { "peer", "sysdig.param.socketpair.peer", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, { &hf_param_pgft_maj_uint64, { "pgft_maj", "sysdig.param.execve.pgft_maj", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_pgft_min_uint64, { "pgft_min", "sysdig.param.execve.pgft_min", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_pgid_bytes, { "pgid", "sysdig.param.setpgid.pgid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_pgoffset_uint64, { "pgoffset", "sysdig.param.mmap2.pgoffset", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_pid_bytes, { "pid", "sysdig.param.setpgid.pid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_plugin_ID_uint32, { "plugin_ID", "sysdig.param.pluginevent.plugin_ID", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_pos_uint64, { "pos", "sysdig.param.pwritev.pos", FT_UINT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_prot_bytes, { "prot", "sysdig.param.mmap2.prot", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_proto_uint32, { "proto", "sysdig.param.socketpair.proto", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, @@ -2454,11 +2543,13 @@ proto_register_sysdig_event(void) { &hf_param_ratio_uint32, { "ratio", "sysdig.param.drop.ratio", FT_UINT32, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_request_bytes, { "request", "sysdig.param.ptrace.request", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_request_uint64, { "I/O control: request", "sysdig.param.ioctl.request", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, - { &hf_param_res_bytes, { "res", "sysdig.param.linkat.res", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_res_bytes, { "res", "sysdig.param.userfaultfd.res", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_res_int64, { "res", "sysdig.param.fcntl.res", FT_INT64, BASE_DEC, NULL, 0, NULL, HFILL } }, { &hf_param_res_or_fd_bytes, { "res_or_fd", "sysdig.param.bpf.res_or_fd", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_res_uint64, { "res", "sysdig.param.mmap2.res", FT_UINT64, BASE_HEX, NULL, 0, NULL, HFILL } }, + { &hf_param_resolve_bytes, { "resolve", "sysdig.param.openat2.resolve", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_resource_bytes, { "resource", "sysdig.param.prlimit.resource", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, + { &hf_param_ret_bytes, { "ret", "sysdig.param.procexit.ret", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_rgid_bytes, { "rgid", "sysdig.param.getresgid.rgid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_ruid_bytes, { "ruid", "sysdig.param.getresuid.ruid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_scope_string, { "scope", "sysdig.param.infra.scope", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL } }, @@ -2503,8 +2594,6 @@ proto_register_sysdig_event(void) { &hf_param_vpid_bytes, { "vpid", "sysdig.param.vfork.vpid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_vtid_bytes, { "vtid", "sysdig.param.vfork.vtid", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, { &hf_param_whence_bytes, { "whence", "sysdig.param.llseek.whence", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_ret_bytes, { "ret", "sysdig.param.procexit.ret", FT_BYTES, BASE_NONE, NULL, 0, NULL, HFILL } }, - { &hf_param_core_uint8, { "core", "sysdig.param.procexit.core", FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } }, }; /* Setup protocol subtree array */