More Sysdig / system event support.

Add REC_TYPE_SYSCALL to wiretap and use it for Sysdig events. Call the Sysdig event dissector from the frame dissector. Create a "syscall" protocol for system calls, but add "frame" items to it for now. Add the ability to write Sysdig events. This lets us merge packet capture and syscall capture files. Change-Id: I12774ec69c89d8e329b6130c67f29aade4e3d778 Reviewed-on: https://code.wireshark.org/review/15078 Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
author: Gerald Combs <gerald@zing.org> 2016-04-24 11:21:50 -0700
committer: Anders Broman <a.broman58@gmail.com> 2016-06-15 13:39:29 +0000
commit: d25a60c1c1db0d81e332272fe00ec4ef4fb03e65 (patch)
tree: 0a90169d7ffa2fcff67c95328328998bb654f580 /wiretap/wtap.h
parent: b26e757b310180bd2ab867dd5ad0cc0261993135 (diff)
download: wireshark-d25a60c1c1db0d81e332272fe00ec4ef4fb03e65.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 6d257ea002..acffcb3d0a 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1203,6 +1203,7 @@ union wtap_pseudo_header {
 #define REC_TYPE_PACKET               0    /**< packet */
 #define REC_TYPE_FT_SPECIFIC_EVENT    1    /**< file-type-specific event */
 #define REC_TYPE_FT_SPECIFIC_REPORT   2    /**< file-type-specific report */
+#define REC_TYPE_SYSCALL              3    /**< system call */
 
 struct wtap_pkthdr {
     guint     rec_type;         /* what type of record is this? */
author	Gerald Combs <gerald@zing.org>	2016-04-24 11:21:50 -0700
committer	Anders Broman <a.broman58@gmail.com>	2016-06-15 13:39:29 +0000
commit	d25a60c1c1db0d81e332272fe00ec4ef4fb03e65 (patch)
tree	0a90169d7ffa2fcff67c95328328998bb654f580 /wiretap/wtap.h
parent	b26e757b310180bd2ab867dd5ad0cc0261993135 (diff)
download	wireshark-d25a60c1c1db0d81e332272fe00ec4ef4fb03e65.tar.gz