Remove unused header definitions in packet-falco-bridge.h and move the
remaining content to packet-falco-bridge.c and conversation-macros.h.
Explicitly set our header files in CMakeLists.txt.
Fix
../plugins/epan/falco_bridge/packet-falco-bridge.c: In function ‘register_conversation_filters_mappings’:
../plugins/epan/falco_bridge/packet-falco-bridge.c:105:1: error: old-style function definition [-Werror=old-style-definition]
register_conversation_filters_mappings()
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Sysdig Bridge plugin loads Falco plugins, so rename it to Falco
Bridge.
Make it optional and dependent on libsinsp+libscap, similar to our codec
plugins.
Remove some unused code.
Add a FindSinsp CMake module, and use it in the Sysdig Bridge plugin
CMakeLists.txt. It still needs work, but should at least be usable on
more machines.
Conflicts:
plugins/epan/sysdig_bridge/CMakeLists.txt
Switch from loading the cloudtrail plugin directly to doing so
indirectly via libsinsp. This should let us start leveraging the rich
functionality offered by libsinsp.
Fix
logshark/plugins/epan/sysdig_bridge/packet-sysdig-bridge.c:86:39: error: this old-style function definition is not preceded by a prototype [-Werror,-Wstrict-prototypes]
register_conversation_filters_mappings()
^
1 error generated.
Prior versions had a dedicated plugin API function for this, but we
removed it from the plugin API, so just use the plugin name.
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
avoid moving plugin states around the address space by mallocing all of the memory at the beginning instead of using realloc every time a plugin is detected. This prevents crashes and other types of bad behavior that were caused by plugins accessing garbage memory.
register_cleanup_routine is called after reading a single capture
file. Since the async extraction is set up per plugin instead of
per-instance, we want register_shutdown_routine().
Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
Update to reflect newest API changes (single extract_fields
func). This simplifies dissect_plg_bridge a bit, as the setup/calling
plugin function can mostly be unified based on the field type, with
just looking at the res_str/res_u64 part of the field struct
afterward.
Although not used by wireshark directly, update
plugin_next/plugin_next_batch to note they return structs for events
instead of pointers + lens + timestamps.
Extract functions now use field names, so no need to extract or keep
track of field ids. The a "abbrev" property of header_field_info
contains the field name e.g. ct.xxx.
This commit introduces a new wireshark plugin which is able to act as proxy to sysdig plugins, loading them into Wireshark and transforming their output into dissectors that Wireshark can use to display the data.
Fix two calls of proto_tree_add_item() when proto_tree_add_uint()
was meant. Passing the actual value of a field instead of an encoding
into proto_tree_add_item() has unexpected results. Fix#17909.
(The whole area of this dissector would probably be cleaner with
more calls to add_item(), but this is a smaller change consistent
with the rest.)
Repeated words were found with:
egrep "(\b[a-zA-Z]+) +\1\b" . -Ir
and then manually reviewed.
Non-displayed strings (e.g., in comments)
were also corrected, to ease future review.