From 123bcb0362a21ee1b498328e0be7fcad2a14f133 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Mon, 10 Sep 2018 16:49:36 -0700
Subject: Make systemd journal entries events.

Treat systemd journal entries filetype-specific events instead of
packets.

Add support for reading and writing systemd journal entries to pcapng.
Note that pcapng IDBs should be optional.

Add support for REC_TYPE_FT_SPECIFIC_EVENT where needed.

Change-Id: Ided999b1732108f480c6c75323a0769a9d9ef09f
Reviewed-on: https://code.wireshark.org/review/29611
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
---
 editcap.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'editcap.c')

diff --git a/editcap.c b/editcap.c
index 7dbb52a47a..99985a636d 100644
--- a/editcap.c
+++ b/editcap.c
@@ -1781,6 +1781,12 @@ main(int argc, char *argv[])
                         do_mutation = TRUE;
                         break;
 
+                    case REC_TYPE_FT_SPECIFIC_EVENT:
+                    case REC_TYPE_FT_SPECIFIC_REPORT:
+                        caplen = rec->rec_header.ft_specific_header.record_len;
+                        do_mutation = TRUE;
+                        break;
+
                     case REC_TYPE_SYSCALL:
                         caplen = rec->rec_header.syscall_header.event_filelen;
                         do_mutation = TRUE;
-- 
cgit v1.2.3