diff options
| author | Gerald Combs <gerald@wireshark.org> | 2022-03-10 14:03:01 -0800 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2022-03-22 17:51:32 +0000 |
| commit | e06864e7770c205a11c32dbf342f3fc5b3ce1386 (patch) | |
| tree | 5f4d01b3105aa27d5518553d66b058ad49a0523b /plugins | |
| parent | 34cb45c74332f7772d330fa58d6af5f27f86bd85 (diff) | |
Falco Bridge: Miscellaneous fixes.
Fix some issues found by the pre-commit script. Add a missing Debian
symbol. Update the README.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/epan/falco_bridge/README.md | 23 | ||||
| -rw-r--r-- | plugins/epan/falco_bridge/packet-falco-bridge.c | 21 |
2 files changed, 33 insertions, 11 deletions
diff --git a/plugins/epan/falco_bridge/README.md b/plugins/epan/falco_bridge/README.md index 2b2e4daf9e..16e35d63ea 100644 --- a/plugins/epan/falco_bridge/README.md +++ b/plugins/epan/falco_bridge/README.md @@ -6,8 +6,9 @@ It requires [libsinsp and libscap](https://github.com/falcosecurity/libs/). ## Building the Falco Bridge plugin 1. Download and compile [libsinsp and libscap](https://github.com/falcosecurity/libs/). + You will probably want to pass `-DMINIMAL_BUILD=ON -DCREATE_TEST_TARGETS=OFF` to cmake. -1. Configure Wireshark with `cmake ... -DSINSP_INCLUDE_DIR=/path/to/falcosecurity-libs -DSINSP_LIBDIR=/path/to/falcosecurity-libs/build ...` +1. Configure Wireshark with `cmake ... -DSINSP_INCLUDEDIR=/path/to/falcosecurity-libs -DSINSP_LIBDIR=/path/to/falcosecurity-libs/build ...` ## Quick Start @@ -15,3 +16,23 @@ It requires [libsinsp and libscap](https://github.com/falcosecurity/libs/). You can find the global and per-user plugin folder locations on your system in About → Folders or in the [User's Guide](https://www.wireshark.org/docs/wsug_html_chunked/ChPluginFolders.html). 1. Build your desired [Falco plugin](https://github.com/falcosecurity/plugins/) and place it in the "falco" plugin directory. + +## Licensing + +libsinsp and libscap are released under the Apache 2.0 license. + +- b64: MIT +- c-ares: MIT +- curl: MIT +- GRPC: Apache 2.0 +- jq: MIT +- JsonCpp: MIT +- LuaJIT: MIT +- OpenSSL < 3.0: SSLeay +- OpenSSL >= 3.0 : Apache 2.0 +- Protobuf: BSD-3-Clause +- oneTBB: Apache 2.0 +- zlib: zlib + +Wireshark is released under the GPL version 2 (GPL-2.0-or-later). It and the Apache-2.0 license are compatible via the "any later version" provision in the GPL version 2. +No version of the GPL is compatible with the SSLeay license; you must ensure that libsinsp+libscap is linked with OpenSSL 3.0 or later. diff --git a/plugins/epan/falco_bridge/packet-falco-bridge.c b/plugins/epan/falco_bridge/packet-falco-bridge.c index 632a86ecd6..5b1b65b09a 100644 --- a/plugins/epan/falco_bridge/packet-falco-bridge.c +++ b/plugins/epan/falco_bridge/packet-falco-bridge.c @@ -46,7 +46,7 @@ static gint ett_falco_bridge = -1; static gint ett_sinsp_span = -1; static dissector_table_t ptype_dissector_table; -static int dissect_falco_bridge(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_); +static int dissect_falco_bridge(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); static int dissect_sinsp_span(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_); void register_conversation_filters_mappings(void); @@ -72,19 +72,19 @@ static int hf_sdp_source_id = -1; static hf_register_info hf[] = { { &hf_sdp_source_id_size, - { "Plugin ID size", "falco_plugin.id.size", + { "Plugin ID size", "falcobridge.id.size", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_sdp_lengths, - { "Field Lengths", "falco_plugin.lens", + { "Field Lengths", "falcobridge.lens", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } }, { &hf_sdp_source_id, - { "Plugin ID", "falco_plugin.id", + { "Plugin ID", "falcobridge.id", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } @@ -94,9 +94,10 @@ static hf_register_info hf[] = { /* * Conversation filters mappers setup */ +#define MAX_CONV_FILTER_STR_LEN 1024 conv_fld_info conv_fld_infos[MAX_N_CONV_FILTERS]; DECLARE_CONV_FLTS() -char conv_flt_vals[MAX_N_CONV_FILTERS][1024]; +char conv_flt_vals[MAX_N_CONV_FILTERS][MAX_CONV_FILTER_STR_LEN]; guint conv_vals_cnt = 0; guint conv_fld_cnt = 0; @@ -236,7 +237,7 @@ import_plugin(char* fname) static dissector_handle_t ct_handle; ct_handle = create_dissector_handle(dissect_sinsp_span, bi->proto); - dissector_add_uint("falco_plugin.id", bi->source_id, ct_handle); + dissector_add_uint("falcobridge.id", bi->source_id, ct_handle); } static void @@ -260,8 +261,8 @@ proto_register_falcoplugin(void) * Create the dissector table that we will use to route the dissection to * the appropriate Falco plugin. */ - ptype_dissector_table = register_dissector_table("falco_plugin.id", - "Falco Plugin ID", proto_falco_bridge, FT_UINT32, BASE_DEC); + ptype_dissector_table = register_dissector_table("falcobridge.id", + "Falco Bridge Plugin ID", proto_falco_bridge, FT_UINT32, BASE_DEC); /* * Create the mapping infrastructure for conversation filtering @@ -289,7 +290,7 @@ proto_register_falcoplugin(void) ws_dir_close(dir); } - bridges = (bridge_info*)g_malloc(nbridges * sizeof(bridge_info)); + bridges = g_new(bridge_info, nbridges); nbridges = 0; if ((dir = ws_dir_open(dname, 0, NULL)) != NULL) { @@ -412,7 +413,7 @@ dissect_sinsp_span(tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* da if ((bi->field_flags[fld_idx] & BFF_CONVERSATION) != 0) { char* cvalptr = conv_flt_vals[conv_vals_cnt]; - sprintf(cvalptr, "%s", sfe.res_str); + snprintf(cvalptr, MAX_CONV_FILTER_STR_LEN, "%s", sfe.res_str); p_add_proto_data(pinfo->pool, pinfo, proto_falco_bridge, |