diff options
author | Gerald Combs <gerald@wireshark.org> | 2018-09-10 16:49:36 -0700 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2018-09-26 21:31:13 +0000 |
commit | 123bcb0362a21ee1b498328e0be7fcad2a14f133 (patch) | |
tree | 761846e3f76363fa57f57edd158d04cbc42fd06d /editcap.c | |
parent | 56086e20b0c7de7eddb8db7901ad760a9139900b (diff) |
Make systemd journal entries events.
Treat systemd journal entries filetype-specific events instead of
packets.
Add support for reading and writing systemd journal entries to pcapng.
Note that pcapng IDBs should be optional.
Add support for REC_TYPE_FT_SPECIFIC_EVENT where needed.
Change-Id: Ided999b1732108f480c6c75323a0769a9d9ef09f
Reviewed-on: https://code.wireshark.org/review/29611
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'editcap.c')
-rw-r--r-- | editcap.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1781,6 +1781,12 @@ main(int argc, char *argv[]) do_mutation = TRUE; break; + case REC_TYPE_FT_SPECIFIC_EVENT: + case REC_TYPE_FT_SPECIFIC_REPORT: + caplen = rec->rec_header.ft_specific_header.record_len; + do_mutation = TRUE; + break; + case REC_TYPE_SYSCALL: caplen = rec->rec_header.syscall_header.event_filelen; do_mutation = TRUE; |