Add a Falco Bridge plugin (!6406) · Merge requests · Wireshark Foundation / Wireshark

Gerald Combs requested to merge geraldcombs/wireshark:falco-bridge into master Mar 10, 2022

Add a Falco Bridge plugin, a dissector plugin that can load Falco plugins and dissect log events.

This MR has a lot of commits. While we normally prefer to squash them, I left them intact in order to keep the original work of each author and the evolution of the code intact.

This adds code which links with https://github.com/falcosecurity/libs/, which is Apache 2.0. As far as I can tell, this should be OK, but it means that license compatibility is attained via the GPLv2's "any later version" provision:

https://www.wireshark.org/lists/wireshark-dev/202203/msg00020.html

This also appears to be "good enough for Debian":

https://lists.debian.org/debian-legal/2014/08/msg00102.html

Libsinsp/libscap also have a C++ API, so this is a hybrid C/C++ plugin.

Edited Mar 22, 2022 by Gerald Combs

Add a Falco Bridge plugin

Merge request reports