Add Network Monitor Event Tracing event

Assigned a WTAP_ENCAP value (WTAP_ENCAP_NETMON_NET_NETEVENT) for the
dissection of Event Tracing records inside a NetworkMonitor file.

Ping-Bug: 6520
Ping-Bug: 6694
Change-Id: Ib100f3779095842e78f9b7741e80258aa866d818
Reviewed-on: https://code.wireshark.org/review/23278
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>

3 files changed, 8 insertions, 3 deletions

diff --git a/wiretap/netmon.c b/wiretap/netmon.c
index 84da71f7c0..3f46b49ffb 100644
--- a/wiretap/netmon.c
+++ b/wiretap/netmon.c
@@ -689,7 +689,8 @@ netmon_process_record(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr,
 				 *
 				 * http://msdn.microsoft.com/en-us/library/aa363759(VS.85).aspx
 				 */
-				return RETRY;
+				pkt_encap = WTAP_ENCAP_NETMON_NET_NETEVENT;
+				break;
 
 			case NETMON_NET_NETWORK_INFO_EX:
 				/*
diff --git a/wiretap/wtap.c b/wiretap/wtap.c
index d0447b921e..d606cb57d5 100644
--- a/wiretap/wtap.c
+++ b/wiretap/wtap.c
@@ -927,11 +927,14 @@ static struct encap_type_info encap_table_base[] = {
 	/* WTAP_ENCAP_3MB_ETHERNET */
 	{ "Xerox 3MB Ethernet", "xeth"},
 
-	/* Linux vsock */
+	/* WTAP_ENCAP_VSOCK */
 	{ "Linux vsock", "vsock" },
 
-	/* Nordic BLE Sniffer */
+	/* WTAP_ENCAP_NORDIC_BLE */
 	{ "Nordic BLE Sniffer", "nordic_ble" },
+
+	/* WTAP_ENCAP_NETMON_NET_NETEVENT */
+	{ "Network Monitor Network Event", "netmon_event" },
 };
 
 WS_DLL_LOCAL
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 19bf22b5bf..7959b0bfc6 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -274,6 +274,7 @@ extern "C" {
 #define WTAP_ENCAP_3MB_ETHERNET                 184
 #define WTAP_ENCAP_VSOCK                        185
 #define WTAP_ENCAP_NORDIC_BLE                   186
+#define WTAP_ENCAP_NETMON_NET_NETEVENT          187
 /* After adding new item here, please also add new item to encap_table_base array */
 
 #define WTAP_NUM_ENCAP_TYPES                    wtap_get_num_encap_types()