aboutsummaryrefslogtreecommitdiffstats
path: root/epan/dissectors/packet-sysdig-event.c
AgeCommit message (Collapse)AuthorFilesLines
2019-06-09Sysdig event updates.Gerald Combs1-16/+292
Convert generate-sysdig-event.py to Python 3. Update it to fetch from the current version of Sysdig (0.26.1). Add logic to work around mismatched parameter counts and mismatched types and formats. The following warnings were generated: WARNING: Forcing semget INT32 format to DEC. Params: [('key', 'INT32', 'HEX'), ('nsems', 'INT32', 'DEC'), ('semflg', 'FLAGS32', 'HEX')] WARNING: Forcing notification STRING format to NONE. Params: [('id', 'CHARBUF', 'DEC'), ('desc', 'CHARBUF', 'NA')] WARNING: Forcing infra STRING format to NONE. Params: [('source', 'CHARBUF', 'DEC'), ('name', 'CHARBUF', 'NA'), ('description', 'CHARBUF', 'NA'), ('scope', 'CHARBUF', 'NA')] WARNING: seccomp: found 2 parameters. Expected 1. Params: [('op', 'UINT64', 'DEC'), ('flags', 'UINT64', 'HEX')] Bug: 15826 Change-Id: I5f8a7530f1003270cbbcb1f7dfd86f7b63066bba Reviewed-on: https://code.wireshark.org/review/33513 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-12dissectors: use SPDX identifiers.Dario Lombardo1-13/+1
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a Reviewed-on: https://code.wireshark.org/review/25756 Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-09Generalize wtap_pkthdr into a structure for packet and non-packet records.Guy Harris1-6/+6
Separate the stuff that any record could have from the stuff that only particular record types have; put the latter into a union, and put all that into a wtap_rec structure. Add some record-type checks as necessary. Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2 Reviewed-on: https://code.wireshark.org/review/25696 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-01-09Use pcapng as the name of the file format.Guy Harris1-1/+1
At one point, I remember a discussion resulting in the official name of the next-generation replacement for pcap format being changed to "pcapng", with no hyphen. Make Wireshark reflect that. Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a Reviewed-on: https://code.wireshark.org/review/25214 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-01-30Have format_text_chr use wmem allocated memory.Michael Mann1-1/+1
Change-Id: Idcea59f6fc84238f04d9ffc11a0088ef97beec0c Reviewed-on: https://code.wireshark.org/review/19844 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-06-15More Sysdig / system event support.Gerald Combs1-0/+2
Add REC_TYPE_SYSCALL to wiretap and use it for Sysdig events. Call the Sysdig event dissector from the frame dissector. Create a "syscall" protocol for system calls, but add "frame" items to it for now. Add the ability to write Sysdig events. This lets us merge packet capture and syscall capture files. Change-Id: I12774ec69c89d8e329b6130c67f29aade4e3d778 Reviewed-on: https://code.wireshark.org/review/15078 Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-12-09new_create_dissector_handle -> create_dissector_handle for dissector directory.Michael Mann1-2/+2
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now. Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f Reviewed-on: https://code.wireshark.org/review/12484 Petri-Dish: Anders Broman <a.broman58@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-11-10Initial Sysdig syscall (event) support.Gerald Combs1-0/+2207
Add a dissector for reading Sysdig event blocks. It only handles plain events but it's usable for reading trace files on hand here. Use a script to generate various parts of the dissector. As an experiment, update parts in-place instead of using a template. Ultimately there should probably be a top-level "Syscall" or "Event" dissector alongside the "Frame" dissector, which could then call this. You could then directly compare an executable's system calls alongside its network traffic. For now leverage the pcapng_block dissector and keep everything under "Frame". Next steps: - Items listed at the top of packet-sysdig-event.c. Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37 Reviewed-on: https://code.wireshark.org/review/11103 Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Gerald Combs <gerald@wireshark.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 19:08:20 +0000