| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Have a ws_init_version_info() routine that, given an application name
string:
constructs the app-name-and-version-information string, and
saves it;
adds the initial crash information on platforms that support it,
and saves it.
Have show_version() use the saved information and take no arguments.
Add a show_help_header() routine to print the header for --help
command-line options, given a description of the application; it prints
the application name and version information, the description, and the
"See {wireshark.org URL}" line.
Use those routines in various places, including providing the
"application name" string in pcapng SHBs.
Change-Id: I0042a8fcc91aa919ad5c381a8b8674a007ce66df
Reviewed-on: https://code.wireshark.org/review/31029
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: If6fc3aab7ad4fc634567121f7b9541bc6f6c5766
Reviewed-on: https://code.wireshark.org/review/30926
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
libwireshark and libwiretap have their INTERFACE link dependencies
changed to the required set.
libwsutil keeps a default public visibility. Further work may
show some unneeded link requirements.
The executable dependencies are adjusted accordingly.
Change-Id: I3a534f72403819cac136ae47a3d80acee76e0fb3
Reviewed-on: https://code.wireshark.org/review/30815
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Pass the correct buffer size to find_signature so that we don't read
past it.
Bug: 15279
Change-Id: I822ed0fe8b48196dadd9c0062ed53fa1c4f6f404
Reviewed-on: https://code.wireshark.org/review/30809
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Ping-Bug: 15301
Change-Id: I7d461c696ce096b7687f71277a33295eb43ff8fc
Reviewed-on: https://code.wireshark.org/review/30792
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Install headers to support plugins development on Windows.
Change-Id: I3161bd2f730edf62ab44fee6ce4fedbb9aee0d31
Reviewed-on: https://code.wireshark.org/review/30776
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
|
|
Change-Id: Ia223585986c6c8ad51fba36aa16c5780fc372f70
Reviewed-on: https://code.wireshark.org/review/30714
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Idd4d5143a75b7f2282460408b2f61d0d8aa3e66a
Reviewed-on: https://code.wireshark.org/review/30736
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
table.
As the comment says, this is a table of "File types that can be
identified by file extensions."; a file type that doesn't have an
extension that's used for files with that format obviously *can't* be
identified by a file extension and thus *doesn't* belong in this table.
Change-Id: Ic14dc55e6d9dbad4651e535cdf44293f8b449659
Reviewed-on: https://code.wireshark.org/review/30735
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Rename wsjson_unescape_json_string to json_decode_string_inplace
(inspired by the g_base64_decode_inplace name). Rename
wsjson_is_valid_json to json_validate (inspired by g_unichar_validate).
Ideally json_parse is inlined with its user (sharkd_session.c), but that
requires exporting the jsmn_init and jsmn_parse functions... Hence the
dependency on jsmn.h remains in wsjson.h.
Change-Id: I7ecfe3565f15516e9115cbd7e025362df2da5416
Reviewed-on: https://code.wireshark.org/review/30731
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Move all the compressed-file type stuff to wiretap/file_wrappers.c.
Rename wtap_compressed_file_extension() to
wtap_compression_type_extension() for consistency with the other
compression-type-extension routine names.
Move the declarations of the compression-type-extension routines in the
header file.
wtap_compression_type_extension() now returns NULL for
WTAP_UNCOMPRESSED; there's no need to special-case it.
Get rid of the now-unused wtap_compression_type_supported() and
WTAP_NUM_COMPRESSION_TYPES.
Change-Id: Ib93874079bea669a0c87104513dba0d21390455a
Reviewed-on: https://code.wireshark.org/review/30729
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Using an enum type with the increment operator causes the following
error to be emitted by newer compilers:
"increment of enumeration value is invalid in C++ [-Werror=c++-compat]"
Numerical operations seem only allowed when taking their integer value.
Convert the loops involved to use integer and cast back to
wtap_compression_type when needed.
Change-Id: Ic96a6350c7d4db9ba2ba99df8b922649924c0e7a
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30722
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ib0b5ae47047d3f574bd35cab045cefb8fcb8778d
Reviewed-on: https://code.wireshark.org/review/30710
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Add wtap_compressed_file_extension(), which returns NULL for
WTAP_UNCOMPRESSED and the appropriate file extension for other
compression types.
Add wtap_compression_type_supported(), which returns TRUE for
WTAP_UNCOMPRESSED and all supported compression types and FALSE
otherwise. ("Supported" means "the code can decompmress files in that
compression format and can write files in that compression format", so
WTAP_GAIP_COMPRESSED is supported iff libwiretap is built with zlib.)
In MainWindow::fileAddExtension, instead of checking for
WTAP_GZIP_COMPRESSED and using ".gz" as the extension, use the extension
returned by wtap_compressed_file_extension() for the compression type.
Change-Id: I47cb0eca8c887ada3562df30b54e76509008180f
Reviewed-on: https://code.wireshark.org/review/30707
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The three merge_files routines (filename, tempfile, stdout) have exactly
the same code except for a single wtap_dump_open routine. Reduce code
duplication to ease further improvements to this file.
Change-Id: I4fa890730d54c11b3614e56cf4d3d3da1ae9f5fd
Reviewed-on: https://code.wireshark.org/review/30678
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Reading of Address needs refacoring.
Change-Id: Icca094a50bda4314bda72005bfc0d722e3d185d2
Reviewed-on: https://code.wireshark.org/review/30672
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add wtap_compression_type_description(), which returns NULL for
WTAP_UNCOMPRESSED and a descriptive string for other compression types.
Instead of checking for WTAP_GZIP_COMPRESSED and appending "(gzip
compressed)", just pass the compression type to
wtap_compression_type_description() and, if the result is non-null,
append its result, wrapped in parentheses, with a space before the left
parenthesis.
Change-Id: I79a999c7838a883953795d5cbab009966e14b65e
Reviewed-on: https://code.wireshark.org/review/30666
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Error:
../wiretap/nettrace_3gpp_32_423.c:745:47: error: missing field 'src_ip' initializer [-Werror,-Wmissing-field-initializers]
exported_pdu_info_t exported_pdu_info = { 0 };
^
1 error generated.
ninja: build stopped: subcommand failed.
Change-Id: I6c083b474854ea062f0a1c9f94e83af83574fc91
Reviewed-on: https://code.wireshark.org/review/30661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This:
1) means that we don't have to flag the compression argument with a
comment to indicate what it means (FALSE doesn't obviously say "not
compressed", WTAP_UNCOMPRESSED does);
2) leaves space in the interfaces in question for additional compression
types.
(No, this is not part 1 of an implementation of additional compression
types, it's just an API cleanup. Implementing additional compression
types involves significant work in libwiretap, as well as UI changes to
replace "compress the file" checkboxes with something to indicate *how*
to compress the file, or to always use some other form of compression).
Change-Id: I1d23dc720be10158e6b34f97baa247ba8a537abf
Reviewed-on: https://code.wireshark.org/review/30660
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use it for all the per-file information, including the per-file
link-layer type and the per-file snapshot length.
Change-Id: Id75687c7faa6418a2bfcf7f8198206a9f95db629
Reviewed-on: https://code.wireshark.org/review/30616
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Change-Id: I8b6f5b46cc578a65eec3e255d468d3841f9b0197
Reviewed-on: https://code.wireshark.org/review/30652
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Iad583c39605ed2dd7a1c64f3729500c6b8a31fd3
Reviewed-on: https://code.wireshark.org/review/30650
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Just directly set wth->file_encap.
Change-Id: I9fb3d34d3d46d9bef6b7206e25ba72049d9b12f1
Reviewed-on: https://code.wireshark.org/review/30648
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The information given by the person who provided the change to do so for
V7 files seems to indicate that 1) V5 and V6 files have the same file
header and 2) the protoNum field shouldn't be used for this purpose.
It also provided information about the bits in the flags and status
field, so add that.
The first three of those bits appear to match the first three bits of
the flags field in Peek tagged files, so note that in the Peek tagged
reader, in case the other bits also match.
Change-Id: I492afd594676efc14b487b3030c861bf5feb2d23
Reviewed-on: https://code.wireshark.org/review/30647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4ea7ccf51321d6ce316456bde24aa37880ea52ed
Reviewed-on: https://code.wireshark.org/review/30627
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We set the file encapsulation to WTAP_ENCAP_IXVERIWAVE when we open the
file; we don't need to update it when we read packets. and we don't need
to set the per-packet encapsulation because it's set to the file
encapsulation for us by wtap_read() and wtap_seek_read().
Change-Id: I2f123e3fb0d505334f3451685290bdbae77a598b
Reviewed-on: https://code.wireshark.org/review/30622
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I4e1ca2bcefbaf8bb04e26bed0c668c43b1a6f788
Reviewed-on: https://code.wireshark.org/review/30621
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If we have no records, we can't determine the link-layer type.
Also:
Use more signed values, and do more sanity checks on the file header and
TLVs to make sure we don't run into the first packet.
When writing the file header, accumulate the header length/first packet
offset in a 32-bit variable, and stuff it into the
offset-to-first-packet fields (plural) once we're done.
Change-Id: I3aeb5258bc16ddd8cf0ec86ef379287d0c4b351a
Reviewed-on: https://code.wireshark.org/review/30620
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
If, in the process of opening the input file, we determine that it has
packets of more than one link-layer type, we can catch attempts to write
that file to a file of a format that doesn't support more than one
link-layer type at the time we try to open the output file.
If, however, we don't discover that the file has more than one
link-layer type until we've already created the output file - for
example, if we have a pcapng file with a new IDB, with a different
link-layer type from previous IDBs, after packet blocks for the earlier
interfces - we can't catch that until we try to write the packet.
Currently, that causes the packet's data to be written out as is, so the
output file claims it's of the file's link-layer type, causing programs
reading the file to misdissect the packet.
Report WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on the write attempt
instead, and have a nicer error message for
WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED on a write.
Change-Id: Ic41f2e4367cfe5667eb30c88cc6d3bfe422462f6
Reviewed-on: https://code.wireshark.org/review/30617
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ice41094e6cc91df7e1f8286f35d49e1a20a89cc7
Reviewed-on: https://code.wireshark.org/review/30598
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have the routines always take a parameters pointer; pass either null or
a pointer to an initialized-to-nothing structure in cases where we were
calling the non-_ng versions.
Change-Id: I23b779d87f3fbd29306ebe1df568852be113d3b2
Reviewed-on: https://code.wireshark.org/review/30590
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It loads, but displays nothing (either in Safari 12, or a presumably
recent Chrome, on my Mac).
Change-Id: I4a5530007ddf3c14a5fd349998318d5868da5d5c
Reviewed-on: https://code.wireshark.org/review/30588
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Four variants of wtap_dump_open_ng exists, each of them take the same
three parameters for the SHB, IDB and NRB blocks that has to be written
before packets are even written. Similarly, a lot of tools always create
these arguments based on an existing capture file session (wth).
Address the former duplication by creating a new data structure to hold
the arguments. Address the second issue by creating new helper functions
to initialize the parameters based on a wth. This refactoring should
make it easier to add the new Decryption Secrets Block (DSB).
No functional change intended.
Change-Id: I42c019dc1d48a476773459212ca213de91a55684
Reviewed-on: https://code.wireshark.org/review/30578
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
A lot of file dissectors (pcapng, json, etc.) assumed that the packet
size is equal to the file size. This is not true if the file was
compressed and could result in silently truncating reads or failing to
open a file (if the compressed file is larger than the actual data).
Observe that a lot of file dissectors are simply copies of each other.
Move the fixed implementation to wtap.c and reuse the methods everywhere
else. While at it, avoid an unnecessary large allocation/read in
ruby_marshal.
Change-Id: I8e9cd0af9c4d1bd37789a3b509146ae2182a5379
Reviewed-on: https://code.wireshark.org/review/30570
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The radiotap spec says "dB antenna signal" and "dB antenna noise" are
unsigned. Make it universally so.
Change-Id: Iea2c5360d7352ca5e84862ea338d1fc689272191
Reviewed-on: https://code.wireshark.org/review/30410
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While we're at it, only set the RSSI column once - no need to do it at
the beginning and later when we're setting fields.
Change-Id: Ia729019e5e6dfbe1cdad61f1f8397b0a3a171996
Reviewed-on: https://code.wireshark.org/review/30405
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Rename ascend_seek() to ascend_find_next_packet(), to indicate what it
does; it doesn't seek to an arbitrary place, it tries to find the
starting offset of the next packet when reading sequentially.
Don't have it set the header type - that's the job of the parser.
Don't set the "next packet seek start" when doing random access I/O -
that field is only for sequential I/O, and we don't want random I/O
happening at the same time (which can happen in Wireshark) interfering.
Clean up comments.
Change-Id: I2808479eeec074afa16945ffb577b91d8cb356f7
Reviewed-on: https://code.wireshark.org/review/29975
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Read and seek-read routines shouldn't do that; it causes TShark to
report an error when there was no error.
Change-Id: If564348fa01dce83c6a2317ac56ac8716d514bf7
Reviewed-on: https://code.wireshark.org/review/29972
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There's no guarantee that there will be two digits after PRI-XMIT or
PRI-RCV; the capture file in bug 3535, for exmaple, has "PRI-XMIT-0/1"
and "PRI-RCV-0".
Require a minimum of 1, not 2, non-{/(:} characters. Leave the maximum
of 20 in place.
Change-Id: Ie8f8f4ff5eb04baf0ee61bf28015e59a1fa43948
Reviewed-on: https://code.wireshark.org/review/29947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
In pcapng_read_systemd_journal_export_block, increase our buffer length
before appending to it.
Change-Id: I7e0f695c9bf1a6f80bc7e65661bfd5c70cda7d31
Reviewed-on: https://code.wireshark.org/review/29964
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
The "first_free" pointer is currently only increaseed by
ws_buffer_increase_length (unused) and ws_buffer_append (for writes).
Reading into the buffer should not reduce the available space. Otherwise
the next wtap_read_packet_bytes call will reallocate the buffer.
This reallocation is unexpected by some users of cf_read_record and
results in a use-after-free crash following these steps:
1. Open packet capture.
2. Ignore packet.
3. Open context menu, twice.
This crashes because the ByteViewText class points to the buffer which
is reallocated after calling PacketList::getFilterFromRowAndColumn.
Change-Id: I4f1264a406a28c79491dcd77c552193bf3cdf62d
Fixes: v2.9.0rc0-2001-g123bcb0362 ("Make systemd journal entries events.")
Reviewed-on: https://code.wireshark.org/review/29915
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add an sdjournal extcap, which reads journal entries using the
sd-journal API and dumps them as journal Export Format records.
Change-Id: I17ccfa88ab5d053c16c869cd26e580d84022502e
Reviewed-on: https://code.wireshark.org/review/29479
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
That puts the two arguments to fill in - the wtap_rec and the Buffer -
together.
Change-Id: I8850a7aaccc98e5acd292e3cebc1f37cee8a6ce7
Reviewed-on: https://code.wireshark.org/review/29946
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
wtap_read() clears it for you.
Change-Id: I736509d54ff385e5b80e9393aeb91c6473b02824
Reviewed-on: https://code.wireshark.org/review/29939
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
There's no need to set *err to 0; it's set by stanag4607_read_file().
There's no need for an intermediate variable to hold the current file
offset; just assign it directly to *data_offset.
Change-Id: I24bd1c349dd48576a65cc36228a680134427bba5
Reviewed-on: https://code.wireshark.org/review/29938
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
wtap_read_packet_bytes already calls ws_buffer_assure_space.
Change-Id: Ib5c9f7d05ee9f7ba5faa716e941e4c999aa9704f
Reviewed-on: https://code.wireshark.org/review/29916
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
We shouldn't set any rec_header.syscall_header fields in
pcapng_read_systemd_journal_export_block.
Change-Id: I920accdbcdcdbf6d71324c8d9d6d562511f6a9d1
Reviewed-on: https://code.wireshark.org/review/29895
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Treat systemd journal entries filetype-specific events instead of
packets.
Add support for reading and writing systemd journal entries to pcapng.
Note that pcapng IDBs should be optional.
Add support for REC_TYPE_FT_SPECIFIC_EVENT where needed.
Change-Id: Ided999b1732108f480c6c75323a0769a9d9ef09f
Reviewed-on: https://code.wireshark.org/review/29611
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
