diff options
| author | Gerald Combs <gerald@wireshark.org> | 2018-08-27 08:17:32 -0700 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2018-08-31 05:20:27 +0000 |
| commit | 50b9da7bc2d43f83a57fdd1ff3a8c9186461d834 (patch) | |
| tree | 0c6f820b6acef2f25ed4630d75f8a0995d57c6c8 /wiretap/README.developer | |
| parent | 94735eb2bc02f7d683e50cfda1e5d0735cf5f97f (diff) | |
Add a systemd Journal Export Format parser and dissector.
Add a file parser and dissector that can handle the output of
`journalctl -o export`. From here we can add a systemd journal extcap
and possibly support for the JSON and binary formats.
Change-Id: I01576959b2c347ce7ac9aa57cdb5c119c81d61e9
Reviewed-on: https://code.wireshark.org/review/29311
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap/README.developer')
| -rw-r--r-- | wiretap/README.developer | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/wiretap/README.developer b/wiretap/README.developer index 9b5211fa22..e887227321 100644 --- a/wiretap/README.developer +++ b/wiretap/README.developer @@ -32,22 +32,22 @@ To add the ability to read a new capture file format, you have to: otherwise leave it set to NULL; add a pointer to the "open" routine to the "open_routines_base[]" - table in "wiretap/file_access.c" - if it uses a magic number, put - it in the first section of that list, and, if it uses a heuristic, + table in "wiretap/file_access.c" - if it uses a magic number, put + it in the first section of that list, and, if it uses a heuristic, put it in the second section, preferably putting the heuristic routines for binary files before the heuristic routines for text files; add an entry for that file type in the "dump_open_table_base[]" in - "wiretap/file_access.c", giving a descriptive name, a short name + "wiretap/file_access.c", giving a descriptive name, a short name that's convenient to type on a command line (no blanks or capital - letters, please), common file extensions to open and save, a flag - if it can be compressed with gzip (currently unused) and pointers - to the "can_write_encap" and "dump_open" routines if writing that + letters, please), common file extensions to open and save, a flag + if it can be compressed with gzip (currently unused) and pointers + to the "can_write_encap" and "dump_open" routines if writing that file is supported (see below), otherwise just null pointers. Wiretap applications typically first perform sequential reads through -the capture file and may later do "seek and read" for individual frames. +the capture file and may later do "seek and read" for individual frames. The "read" routine should set the variable data_offset to the byte offset within the capture file from which the "seek and read" routine will read. If the capture records consist of: @@ -58,9 +58,9 @@ will read. If the capture records consist of: then data_offset should point to the pseudo-header. The first sequential read pass will process and store the capture record header -data, but it will not store the pseudo-header. Note that the +data, but it will not store the pseudo-header. Note that the seek_and_read routine should work with the "random_fh" file handle -of the passed in wtap struct, instead of the "fh" file habndle used +of the passed in wtap struct, instead of the "fh" file handle used in the normal read routine. To add the ability to write a new capture file format, you have to: |