| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Update sinsp-span to use the current Falco libs APIs. Update the
FindSinsp CMake module to use pkg-config.
|
|
|
|
|
|
Remove the redundant BASE_FLOAT field display type. The name
BASE_FLOAT is meaningless and the value aliased to BASE_NONE.
Require BASE_NONE instead of BASE_FLOAT (corresponding to
the printf() %g format).
Add new float display types using BASE_DEC, BASE_HEX and BASE_EXP
corresponfing to %f, %a and %e respectively.
Add support for BASE_CUSTOM with floats.
|
|
Fixes #18220
|
|
Switch to the name "Logray" for the log analyzer. Rays are biological
cousins of sharks and more people like the name "Logray" in a completely
unscientific survey here. Apologies for any inconvenience this might
cause.
|
|
|
|
When the field width was corrected by commit
b240d5baa062a475ff0943b91205eb2aee2a0471, the masks got messed
up. There's 4 reserved bits that don't have fields and the bits
are in Little Endian order. Fix #18132.
|
|
This allows flags to be passed by the registering listener
to the collection of information
|
|
Fix conversation_new() options after they was changed/improved
in commit 709593ee.
|
|
|
|
according to PN Protocol 2.4MU3 April 2022
|
|
Add conversation_new_full and find_conversation_full, which take
arbitrary element lists instead of fixed addresses and ports.
Update the comments in conversation.h to be more Doxygen-conformant.
Update README.dissector.
Use the new functionality to add initial conversation support to the
Falco Bridge dissector.
|
|
|
|
|
|
|
|
|
|
Update to the current (c02ae4b6) API.
|
|
|
|
Make sure a pointer is valid and only initialize our sinsp span once.
|
|
libsinsp currently only supports string and unsigned 64-bit integer
field types. For string fields that might contain a parseable address,
add ".v4" and ".v6" subtree items with a corresponding field type.
For example, the ct.srcip field now dissects as
Sysdig Event 1: 880 bytes
Falco Bridge
cloudtrail Plugin
[ ... ]
Source IP: 3.92.225.50
[Source IP (IPv4): 3.92.225.50]
|
|
Fix Falco plugin installation in multi-config environments. Fix FindSinsp
on Windows. Ignore a couple of warnings for now.
|
|
falcosecurity/libs 448c380e switched from a plugin type to a more
generic capabilities enum.
|
|
|
|
The extract_fields struct and calling convention changed, so update to
match. Extract all of our fields at once, which noticeably speeds up
dissection here.
|
|
Create plugins/<version>/falco and copy over the Cloudtrail plugin.
|
|
TSN Records for pn_io and
pn_dcp TSN Suboption dissected
|
|
Convert our conversation protocols to a dynamic list and add
add_conversation_filter_protocol(). Use it in the Falco Bridge plugin to
add protocols with conversation filters.
|
|
Split the counts of IO data objects and IOCS between
input and output. Remove increment of IO data objects
in station information, sometimes leading to extremely
high and invalid number of IO data objects.
|
|
Currently a single counter is used, but the number of
IOCS is not necessarily the same for input and output
CRs.
|
|
Remove unused header definitions in packet-falco-bridge.h and move the
remaining content to packet-falco-bridge.c and conversation-macros.h.
Explicitly set our header files in CMakeLists.txt.
|
|
Rename add_plugin_library to add_wireshark_plugin_library and add a
backward compatibility wrapper. Make Falco Bridge a Logwolf plugin.
|
|
Fix
../plugins/epan/falco_bridge/packet-falco-bridge.c: In function ‘register_conversation_filters_mappings’:
../plugins/epan/falco_bridge/packet-falco-bridge.c:105:1: error: old-style function definition [-Werror=old-style-definition]
register_conversation_filters_mappings()
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Calculate the safety IO data length based on the
safety trailer length, which is given by the
F-Parameter F_CRC_Seed.
|
|
TimeAware bit dissected for ARProperties
and cyclic frames updated accordingly.
Also small length problem fixed in RSI FREQ block dissection.
|
|
Update the Licensing section of the README.
|
|
Fix some issues found by the pre-commit script. Add a missing Debian
symbol. Update the README.
|
|
|
|
The Sysdig Bridge plugin loads Falco plugins, so rename it to Falco
Bridge.
Make it optional and dependent on libsinsp+libscap, similar to our codec
plugins.
Remove some unused code.
|
|
Add a FindSinsp CMake module, and use it in the Sysdig Bridge plugin
CMakeLists.txt. It still needs work, but should at least be usable on
more machines.
Conflicts:
plugins/epan/sysdig_bridge/CMakeLists.txt
|
|
Fetch the current field number's type and format instead of the first
field's.
|
|
Remove commented & ifdef0'd code that loaded plugins directly. Destroy
our libsinsp instance on exit.
|
|
Fix our field length display as well.
|
|
Switch from loading the cloudtrail plugin directly to doing so
indirectly via libsinsp. This should let us start leveraging the rich
functionality offered by libsinsp.
|
|
Update the Sysdig Plugin fields to match falcosecurity/libs scap.c.
|
|
Update ss_plugin_extract_field to match
https://github.com/falcosecurity/plugin-sdk-go/blob/main/pkg/sdk/plugin_info.h
|
|
It looks like the source ID and event data are 4 bytes further into each
block. Quick fix pending more details about the block format.
|
|
|
|
Fix
logshark/plugins/epan/sysdig_bridge/packet-sysdig-bridge.c:86:39: error: this old-style function definition is not preceded by a prototype [-Werror,-Wstrict-prototypes]
register_conversation_filters_mappings()
^
1 error generated.
|
