From 10be4d1611da4911cbdd12f119a74aa965fdb537 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Sat, 28 Aug 2021 16:00:41 -0700
Subject: pcapng: fix handling of byte-swapped sysdig event blocks.

We weren't setting wblock->rec->rec_header.syscall_header.nparams for
byte-swapped event blocks.
---
 wiretap/pcapng.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'wiretap')

diff --git a/wiretap/pcapng.c b/wiretap/pcapng.c
index 6e5bffce00..f6d32344bf 100644
--- a/wiretap/pcapng.c
+++ b/wiretap/pcapng.c
@@ -2853,6 +2853,7 @@ pcapng_read_sysdig_event_block(FILE_T fh, pcapng_block_header_t *bh,
         wblock->rec->rec_header.syscall_header.thread_id = GUINT64_SWAP_LE_BE(thread_id);
         wblock->rec->rec_header.syscall_header.event_len = GUINT32_SWAP_LE_BE(event_len);
         wblock->rec->rec_header.syscall_header.event_type = GUINT16_SWAP_LE_BE(event_type);
+        wblock->rec->rec_header.syscall_header.nparams = GUINT32_SWAP_LE_BE(nparams);
     } else {
         wblock->rec->rec_header.syscall_header.cpu_id = cpu_id;
         ts = wire_ts;
-- 
cgit v1.2.3