More Sysdig / system event support.

Add REC_TYPE_SYSCALL to wiretap and use it for Sysdig events. Call the
Sysdig event dissector from the frame dissector. Create a "syscall"
protocol for system calls, but add "frame" items to it for now.

Add the ability to write Sysdig events. This lets us merge packet
capture and syscall capture files.

Change-Id: I12774ec69c89d8e329b6130c67f29aade4e3d778
Reviewed-on: https://code.wireshark.org/review/15078
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/wiretap/merge.c b/wiretap/merge.c
index c0c26e2852..eced520ac7 100644
--- a/wiretap/merge.c
+++ b/wiretap/merge.c
@@ -699,11 +699,14 @@ map_phdr_interface_id(struct wtap_pkthdr *phdr, const merge_in_file_t *in_file)
 
     if (phdr->presence_flags & WTAP_HAS_INTERFACE_ID) {
         current_interface_id = phdr->interface_id;
+    } else {
+        return TRUE;
     }
 
     if (current_interface_id >= in_file->idb_index_map->len) {
         /* this shouldn't happen, but in a malformed input file it could */
-        merge_debug("merge::map_phdr_interface_id: current_interface_id >= in_file->idb_index_map->len (ERROR?)");
+        merge_debug("merge::map_phdr_interface_id: current_interface_id (%u) >= in_file->idb_index_map->len (%u) (ERROR?)",
+            current_interface_id, in_file->idb_index_map->len);
         return FALSE;
     }