Because we already have the length of the output string after
calling vsnprintf(), we should avoid calling wmem_strdup(), which
will ignore that and recompute the length.
Increase the buffer size to a value that seems reasonable to
minimize the chance of a second call to vsnprintf().
For historical reasons our logging inherited from GLib the logging of
some levels to stdout. Namely levels "info" and "debug" (to which we
added "noisy").
However this practice is discouraged because it mixes debug output
with application output for CLI tools and breaks many common usage
scenarios, like using tshark in pipes.
This change flips the logic on wslog to make logging to stderr the
default behavior.
Extcap subprocess have a hidden dependency on stdout so add that.
Some GUI users may also have a dependency on stdout. Because
GUI tools are unlikely to depend on stdout for programatic output
add another exception for wireshark GUI, to preserve backward
compatibility.
The type ssize_t is not available on Windows. Because this is
used in the public API we must provide a definition for it.
To avoid having to add a header to fix this use a size_t in
the API instead, and assign SIZE_MAX to represent a null
terminated string.
At least on Monterey, with Xcode 13.1, the linker whines that we weren't
granted the Sacred and Holy Right to link with the Python 2.7 framework.
As far as I know, we have no need to use that framework, so configure it
out.
Point it to fetch files from falcosecurity/libs repo.
Moreover, add support for blank spaces in param names.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Mainly:
* added 3 new procexit event params
* avoid sigsegv when sysdig event has
a number of params that is
greater of the wireshark one.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
epan/dissectors/packet-netlink-netfilter.c: FT_UINT32: proto_tree_add_item(tree, hf_nfq_hwaddr_addr, tvb, offset, addrlen, [[ENC_BIG_ENDIAN]-->[ENC_NA]]);
(These messages are wrong, this field is FT_ETHER, not FT_UINT32).
epan/dissectors/packet-netlink-psample.c (15 (of 15) fields)
netlink.psample.cmd doesn't match PROTOABBREV of netlink-psample
netlink.psample.attr_type doesn't match PROTOABBREV of netlink-psample
netlink.psample.iifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.oifindex doesn't match PROTOABBREV of netlink-psample
netlink.psample.origsize doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_group doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_seq_num doesn't match PROTOABBREV of netlink-psample
netlink.psample.sample_rate doesn't match PROTOABBREV of netlink-psample
netlink.psample.tunnel doesn't match PROTOABBREV of netlink-psample
netlink.psample.group_refcount doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc doesn't match PROTOABBREV of netlink-psample
netlink.psample.out_tc_occ doesn't match PROTOABBREV of netlink-psample
netlink.psample.latency doesn't match PROTOABBREV of netlink-psample
netlink.psample.timestamp doesn't match PROTOABBREV of netlink-psample
netlink.psample.proto doesn't match PROTOABBREV of netlink-psample
Exif does not define the order of elements in the Exif data, so if there's
empty space in front of IFD #0, it might be used for other IFDs or standalone
values.
As such, don't create a dummy tree item covering that space.
Instead of passing a pointer to a header_field_info structure,
pass an integer index to the registry.
This allows each dissector to be converted to a more conventional
structure.
This adds some custom logic to check if we were given
the obsolete 'console.log.level' setting from the CLI
arguments, that specified the log level using a bitmask
copied from GLib. If we find that map the bitmask to a
wslog log level.
In any case the option is not removed from the argv (unlike
other wslog arguments like --log-level, etc.).
Adds deprecation warning for 'console.log.level' printed to
the console.
Related to #17763.