diff options
author | Federico Di Pierro <nierro92@gmail.com> | 2021-10-28 14:24:13 +0200 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2021-10-29 08:04:21 +0000 |
commit | d95935d969e693fbc3e2c8cf70ac12a4f32eac44 (patch) | |
tree | ab5c7c6249bb3a7c9e1bd84d195c79e30458e059 /wiretap | |
parent | c777213c63c64db90dd671f04bbe844df67262f1 (diff) |
dissectors: support sysdig new block type BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE
The new block type enlarge payload lens up to 4B,
to support larger payload sizes.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/pcapng.c | 21 | ||||
-rw-r--r-- | wiretap/pcapng_module.h | 2 |
2 files changed, 17 insertions, 6 deletions
diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c index ca499387d4..e751366b9f 100644 --- a/wiretap/pcapng.c +++ b/wiretap/pcapng.c @@ -289,10 +289,11 @@ register_pcapng_block_type_handler(guint block_type, block_reader reader, case BLOCK_TYPE_CB_NO_COPY: case BLOCK_TYPE_SYSDIG_EVENT: case BLOCK_TYPE_SYSDIG_EVENT_V2: + case BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE: case BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT: /* * Yes; we already handle it, and don't allow a replacement to - * be registeted (if there's a bug in our code, or there's + * be registered (if there's a bug in our code, or there's * something we don't handle in that block, submit a change * to the main Wireshark source). */ @@ -303,6 +304,8 @@ register_pcapng_block_type_handler(guint block_type, block_reader reader, case BLOCK_TYPE_IRIG_TS: case BLOCK_TYPE_ARINC_429: case BLOCK_TYPE_SYSDIG_EVF: + case BLOCK_TYPE_SYSDIG_EVF_V2: + case BLOCK_TYPE_SYSDIG_EVF_V2_LARGE: /* * Yes, and we don't already handle it. Allow a plugin to * handle it. @@ -447,6 +450,7 @@ get_block_type_index(guint block_type, guint *bt_index) case BLOCK_TYPE_SYSDIG_EVENT: case BLOCK_TYPE_SYSDIG_EVENT_V2: + case BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE: /* case BLOCK_TYPE_SYSDIG_EVF: */ *bt_index = BT_INDEX_EVT; break; @@ -2825,10 +2829,14 @@ pcapng_read_sysdig_event_block(FILE_T fh, pcapng_block_header_t *bh, guint32 nparams = 0; guint min_event_size; - if (bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2) { - min_event_size = MIN_SYSDIG_EVENT_V2_SIZE; - } else { - min_event_size = MIN_SYSDIG_EVENT_SIZE; + switch (bh->block_type) { + case BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE: + case BLOCK_TYPE_SYSDIG_EVENT_V2: + min_event_size = MIN_SYSDIG_EVENT_V2_SIZE; + break; + default: + min_event_size = MIN_SYSDIG_EVENT_SIZE; + break; } if (bh->block_total_length < min_event_size) { @@ -2863,7 +2871,7 @@ pcapng_read_sysdig_event_block(FILE_T fh, pcapng_block_header_t *bh, ws_debug("failed to read sysdig event type"); return FALSE; } - if (bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2) { + if (bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2 || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE) { if (!wtap_read_bytes(fh, &nparams, sizeof nparams, err, err_info)) { ws_debug("failed to read sysdig number of parameters"); return FALSE; @@ -3256,6 +3264,7 @@ pcapng_read_block(wtap *wth, FILE_T fh, pcapng_t *pn, break; case(BLOCK_TYPE_SYSDIG_EVENT): case(BLOCK_TYPE_SYSDIG_EVENT_V2): + case(BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE): /* case(BLOCK_TYPE_SYSDIG_EVF): */ if (!pcapng_read_sysdig_event_block(fh, &bh, section_info, wblock, err, err_info)) return FALSE; diff --git a/wiretap/pcapng_module.h b/wiretap/pcapng_module.h index 4f367f5076..656de39174 100644 --- a/wiretap/pcapng_module.h +++ b/wiretap/pcapng_module.h @@ -30,6 +30,8 @@ #define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */ #define BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216 /* Sysdig Event Block version 2 */ #define BLOCK_TYPE_SYSDIG_EVF_V2 0x00000217 /* Sysdig Event Block with flags version 2 */ +#define BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE 0x00000221 /* Sysdig Event Block version 2 with large payload */ +#define BLOCK_TYPE_SYSDIG_EVF_V2_LARGE 0x00000222 /* Sysdig Event Block with flags version 2 with large payload */ #define BLOCK_TYPE_CB_COPY 0x00000BAD /* Custom Block which can be copied */ #define BLOCK_TYPE_CB_NO_COPY 0x40000BAD /* Custom Block which should not be copied */ |