diff options
| author | Gerald Combs <gerald@wireshark.org> | 2018-09-10 16:49:36 -0700 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2018-09-26 21:31:13 +0000 |
| commit | 123bcb0362a21ee1b498328e0be7fcad2a14f133 (patch) | |
| tree | 761846e3f76363fa57f57edd158d04cbc42fd06d /wiretap/pcapng_module.h | |
| parent | 56086e20b0c7de7eddb8db7901ad760a9139900b (diff) | |
Make systemd journal entries events.
Treat systemd journal entries filetype-specific events instead of
packets.
Add support for reading and writing systemd journal entries to pcapng.
Note that pcapng IDBs should be optional.
Add support for REC_TYPE_FT_SPECIFIC_EVENT where needed.
Change-Id: Ided999b1732108f480c6c75323a0769a9d9ef09f
Reviewed-on: https://code.wireshark.org/review/29611
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Diffstat (limited to 'wiretap/pcapng_module.h')
| -rw-r--r-- | wiretap/pcapng_module.h | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/wiretap/pcapng_module.h b/wiretap/pcapng_module.h index cf914ceeab..01abd39f49 100644 --- a/wiretap/pcapng_module.h +++ b/wiretap/pcapng_module.h @@ -15,17 +15,18 @@ * * XXX - Dear Sysdig People: please add your blocks to the spec! */ -#define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */ -#define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */ -#define BLOCK_TYPE_PB 0x00000002 /* Packet Block (obsolete) */ -#define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */ -#define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */ -#define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */ -#define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */ -#define BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */ -#define BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */ -#define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */ -#define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */ +#define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */ +#define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */ +#define BLOCK_TYPE_PB 0x00000002 /* Packet Block (obsolete) */ +#define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */ +#define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */ +#define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */ +#define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */ +#define BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */ +#define BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */ +#define BLOCK_TYPE_SYSTEMD_JOURNAL 0x00000009 /* systemd journal entry */ +#define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */ +#define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */ /* TODO: the following are not yet well defined in the draft spec, * and do not yet have block type values assigned to them: |