sinsp_field_extract_t Struct Reference

Holds a single extracted field value from a sinsp syscall event. More...

#include <sinsp-span.h>

Public Attributes
union {
uint8_t *   bytes
const char *   str
int32_t   i32
int64_t   i64
uint32_t   u32
uint64_t   u64
double   dbl
bool   boolean
char   small_str [8]
uint8_t   small_bytes [8]
}	res
	Extracted value; the active member depends on the field type.
int	res_len
uint16_t	field_idx

Detailed Description

Holds a single extracted field value from a sinsp syscall event.

The active union member is determined by the field's ftenum type. res_len and field_idx are output parameters populated by the extraction routine.

Member Data Documentation

boolean

bool sinsp_field_extract_t::boolean

Boolean value.

bytes

uint8_t* sinsp_field_extract_t::bytes

Raw byte buffer (FT_BYTES / FT_UINT_BYTES).

dbl

double sinsp_field_extract_t::dbl

Double-precision float.

field_idx

uint16_t sinsp_field_extract_t::field_idx

[out] Index of the matched field, populated for syscall events.

i32

int32_t sinsp_field_extract_t::i32

Signed 32-bit integer.

i64

int64_t sinsp_field_extract_t::i64

Signed 64-bit integer.

res_len

int sinsp_field_extract_t::res_len

[out] Byte length of the extracted value (meaningful for bytes/string types).

small_bytes

uint8_t sinsp_field_extract_t::small_bytes[8]

Inline byte array for short values (≤ SFE_SMALL_BUF_SIZE bytes).

small_str

char sinsp_field_extract_t::small_str[8]

Inline string for short values (≤ SFE_SMALL_BUF_SIZE bytes).

str

const char* sinsp_field_extract_t::str

NUL-terminated string pointer (FT_STRING).

u32

uint32_t sinsp_field_extract_t::u32

Unsigned 32-bit integer.

u64

uint64_t sinsp_field_extract_t::u64

Unsigned 64-bit integer.

---

The documentation for this struct was generated from the following file:

• /builds/wireshark/wireshark/plugins/epan/falco_events/sinsp-span.h