Make systemd journal entries events.

Treat systemd journal entries filetype-specific events instead of
packets.

Add support for reading and writing systemd journal entries to pcapng.
Note that pcapng IDBs should be optional.

Add support for REC_TYPE_FT_SPECIFIC_EVENT where needed.

Change-Id: Ided999b1732108f480c6c75323a0769a9d9ef09f
Reviewed-on: https://code.wireshark.org/review/29611
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

1 files changed, 6 insertions, 0 deletions

diff --git a/editcap.c b/editcap.c
index 7dbb52a47a..99985a636d 100644
--- a/editcap.c
+++ b/editcap.c
@@ -1781,6 +1781,12 @@ main(int argc, char *argv[])
                         do_mutation = TRUE;
                         break;
 
+                    case REC_TYPE_FT_SPECIFIC_EVENT:
+                    case REC_TYPE_FT_SPECIFIC_REPORT:
+                        caplen = rec->rec_header.ft_specific_header.record_len;
+                        do_mutation = TRUE;
+                        break;
+
                     case REC_TYPE_SYSCALL:
                         caplen = rec->rec_header.syscall_header.event_filelen;
                         do_mutation = TRUE;