URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e9d1d003eaea57f2a94fd24b920a7c462b7ff4e0
Submitter: Gerald Combs (gerald@xxxxxxxxxxxxx)
Changed: branch: master-2.0
Repository: wireshark
Commits:
e9d1d00 by Gerald Combs (gerald@xxxxxxxx):
Initial Sysdig syscall (event) support.
Add a dissector for reading Sysdig event blocks. It only handles plain
events but it's usable for reading trace files on hand here.
Use a script to generate various parts of the dissector. As an experiment,
update parts in-place instead of using a template.
Ultimately there should probably be a top-level "Syscall" or "Event"
dissector alongside the "Frame" dissector, which could then call this.
You could then directly compare an executable's system calls alongside
its network traffic.
For now leverage the pcapng_block dissector and keep everything under
"Frame".
Next steps:
- Items listed at the top of packet-sysdig-event.c.
Change-Id: I17077e8d7f40d10a946d61189ebc077d81c4da37
Reviewed-on: https://code.wireshark.org/review/11103
Petri-Dish: Gerald Combs <gerald@xxxxxxxxxxxxx>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
Reviewed-by: Gerald Combs <gerald@xxxxxxxxxxxxx>
(cherry picked from commit 0d497e812508b3d71716618e39647a107c206b1d)
Reviewed-on: https://code.wireshark.org/review/11702
Actions performed:
from 0b5f601 Apple just calls it "OS X" these days.
adds e9d1d00 Initial Sysdig syscall (event) support.
Summary of changes:
docbook/release-notes.asciidoc | 1 +
epan/CMakeLists.txt | 1 +
epan/dissectors/Makefile.common | 1 +
epan/dissectors/packet-sysdig-event.c | 2207 +++++++++++++++++++++++++++++++++
tools/Makefile.am | 1 +
tools/generate-sysdig-event.py | 345 ++++++
wiretap/pcapng.c | 118 +-
wiretap/pcapng_module.h | 2 +
wiretap/wtap.h | 15 +
9 files changed, 2686 insertions(+), 5 deletions(-)
create mode 100644 epan/dissectors/packet-sysdig-event.c
create mode 100755 tools/generate-sysdig-event.py