From d25a60c1c1db0d81e332272fe00ec4ef4fb03e65 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@zing.org>
Date: Sun, 24 Apr 2016 11:21:50 -0700
Subject: More Sysdig / system event support.

Add REC_TYPE_SYSCALL to wiretap and use it for Sysdig events. Call the
Sysdig event dissector from the frame dissector. Create a "syscall"
protocol for system calls, but add "frame" items to it for now.

Add the ability to write Sysdig events. This lets us merge packet
capture and syscall capture files.

Change-Id: I12774ec69c89d8e329b6130c67f29aade4e3d778
Reviewed-on: https://code.wireshark.org/review/15078
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 wiretap/wtap.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'wiretap/wtap.h')

diff --git a/wiretap/wtap.h b/wiretap/wtap.h
index 6d257ea002..acffcb3d0a 100644
--- a/wiretap/wtap.h
+++ b/wiretap/wtap.h
@@ -1203,6 +1203,7 @@ union wtap_pseudo_header {
 #define REC_TYPE_PACKET               0    /**< packet */
 #define REC_TYPE_FT_SPECIFIC_EVENT    1    /**< file-type-specific event */
 #define REC_TYPE_FT_SPECIFIC_REPORT   2    /**< file-type-specific report */
+#define REC_TYPE_SYSCALL              3    /**< system call */
 
 struct wtap_pkthdr {
     guint     rec_type;         /* what type of record is this? */
-- 
cgit v1.2.1