Header metadata for a system call record (e.g. from Sysdig/Falco captures). More...

#include <wtap.h>

Public Attributes
const char *	pathname

unsigned	record_type

int	byte_order

uint64_t	timestamp

uint64_t	thread_id

uint32_t	event_len

uint32_t	event_data_len

uint32_t	nparams

uint32_t	flags

uint16_t	event_type

uint16_t	cpu_id

Detailed Description

Header metadata for a system call record (e.g. from Sysdig/Falco captures).

Member Data Documentation

◆ byte_order

int wtap_syscall_header::byte_order

Byte order of the record data (G_BIG_ENDIAN or G_LITTLE_ENDIAN).

◆ cpu_id

uint16_t wtap_syscall_header::cpu_id

ID of the CPU on which the event was captured.

◆ event_data_len

uint32_t wtap_syscall_header::event_data_len

Length of the event payload (event_len minus the ppm event header length).

◆ event_len

uint32_t wtap_syscall_header::event_len

Total length of the ppm event in bytes.

◆ event_type

uint16_t wtap_syscall_header::event_type

ppm event type identifier.

◆ flags

uint32_t wtap_syscall_header::flags

Event flags (ppm event flags).

◆ nparams

uint32_t wtap_syscall_header::nparams

Number of parameters carried by this event.

◆ pathname

const char* wtap_syscall_header::pathname

Path name of the source capture file.

◆ record_type

unsigned wtap_syscall_header::record_type

Record type; mirrors ft_specific_record_phdr for pcapng block chaining.

◆ thread_id

uint64_t wtap_syscall_header::thread_id

ID of the thread that generated the system call.

◆ timestamp

uint64_t wtap_syscall_header::timestamp

Event timestamp in nanoseconds since the Unix epoch.

The documentation for this struct was generated from the following file:

/builds/wireshark/wireshark/wiretap/wtap.h

Public Attributes