osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

ERF: Add support for new extension header and Provenance tags 

Add support for Entropy Extension header, currently with one field. Uses
a conversion function to convert representation to bits.
Add various entropy and tap mode Provenance (ERF_TYPE_META) tags.

The only complex tag is ext_hdrs_added/removed. This tag consist of up
to 4 big endian uint32 bitfields, with each bit representing an
extension header number. ehdr_type_vals and a new ehdr_type_vals_short
are used to generate the tags. Custom printing is used for the header
line to display unknown values as integer and support the special case
of <All>: all supplied bits 1 meaning all extension headers removed.
Storage for the up to 4 subtree header_field id entries is in the first
4 extra hf_values[] for now, the ett value is reused.

Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better
solution is needed sooner rather than later but the structure is only
allocated for tags that need it.

Change-Id: I9e359f044131bce2afc189bebc21239eed429b21
Reviewed-on: https://code.wireshark.org/review/26111
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
Anthony Coddington 2018-02-26 11:21:25 +13:00 committed by Anders Broman
parent 21b4d6ecf1
commit 15c261e94b
2 changed files with 320 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

298
epan/dissectors/packet-erf.c
View File

@ -136,6 +136,11 @@ static int hf_erf_source_current = -1;
static int hf_erf_source_next = -1;
static int hf_erf_source_prev = -1;
/* Entropy extension header */
static int hf_erf_ehdr_entropy_entropy = -1;
static int hf_erf_ehdr_entropy_entropy_raw = -1;
static int hf_erf_ehdr_entropy_reserved = -1;
/* Unknown extension header */
static int hf_erf_ehdr_unk = -1;
@ -247,6 +252,7 @@ static gint ett_erf_meta_tag = -1;
static gint ett_erf_source = -1;
static gint ett_erf_anchor = -1;
static gint ett_erf_anchor_flags = -1;
static gint ett_erf_entropy_value = -1;
static expert_field ei_erf_extension_headers_not_shown = EI_INIT;
static expert_field ei_erf_packet_loss = EI_INIT;
@ -434,12 +440,32 @@ static const value_string ehdr_type_vals[] = {
{ ERF_EXT_HDR_TYPE_BFS , "BFS Filter/Hash"},
{ ERF_EXT_HDR_TYPE_CHANNELISED , "Channelised"},
{ ERF_EXT_HDR_TYPE_SIGNATURE , "Signature"},
{ ERF_EXT_HDR_TYPE_PKT_ID , "Packet ID"},
{ ERF_EXT_HDR_TYPE_FLOW_ID , "Flow ID"},
{ ERF_EXT_HDR_TYPE_HOST_ID , "Host ID"},
{ ERF_EXT_HDR_TYPE_ANCHOR_ID , "Anchor ID"},
{ ERF_EXT_HDR_TYPE_ENTROPY , "Entropy"},
{ 0, NULL }
};
/* Used for Provenance ext_hdrs_added/remvoed, should match the field abbreviation */
static const value_string ehdr_type_vals_short[] = {
{ ERF_EXT_HDR_TYPE_CLASSIFICATION , "class"},
{ ERF_EXT_HDR_TYPE_INTERCEPTID , "int"},
{ ERF_EXT_HDR_TYPE_RAW_LINK , "raw"},
{ ERF_EXT_HDR_TYPE_BFS , "bfs"},
{ ERF_EXT_HDR_TYPE_CHANNELISED , "chan"},
{ ERF_EXT_HDR_TYPE_SIGNATURE , "signature"},
{ ERF_EXT_HDR_TYPE_PKT_ID , "packetid"},
{ ERF_EXT_HDR_TYPE_FLOW_ID , "flowid"},
{ ERF_EXT_HDR_TYPE_HOST_ID , "hostid"},
{ ERF_EXT_HDR_TYPE_ANCHOR_ID , "anchorid"},
{ ERF_EXT_HDR_TYPE_ENTROPY , "entropy"},
{ 0, NULL }
};
/* XXX: Must be at least array_length(ehdr_type_vals). */
#define ERF_HF_VALUES_PER_TAG 32
static const value_string raw_link_types[] = {
{ 0x00, "raw SONET"},
@ -576,6 +602,39 @@ static const value_string erf_clk_port_proto[] = {
{ 0, NULL }
};
static const value_string erf_tap_mode[] = {
{ 0x00, "Invalid" },
{ 0x01, "Off" },
{ 0x02, "Active" },
{ 0x03, "Monitor" },
{ 0x04, "Bypass" },
{ 0x05, "Blocking" },
{ 0, NULL }
};
static const value_string erf_tap_fail_mode[] = {
{ 0x00, "Invalid" },
{ 0x01, "Off" },
{ 0x02, "Open" },
{ 0x03, "Closed" },
{ 0, NULL }
};
static const value_string erf_dpi_state[] = {
{ 0x00, "Terminated"},
{ 0x01, "Inspecting"},
{ 0x02, "Monitoring"},
{ 0x03, "Classified"},
{ 0, NULL}
};
static const value_string erf_flow_state[] = {
{ 0x00, "Active"},
{ 0x01, "Terminated"},
{ 0x02, "Expired"},
{ 0, NULL}
};
/* Used as templates for ERF_META_TAG_tunneling_mode */
static const header_field_info erf_tunneling_modes[] = {
{ "IP-in-IP", "ip_in_ip", FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL },
@ -619,8 +678,24 @@ static const header_field_info erf_parent_section[] = {
{ "Section ID", "section_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
};
/* XXX: Must be at least array_length(erf_tunneling_modes). */
#define ERF_HF_VALUES_PER_TAG 8
/* Used as templates for ERF_META_TAG_stream_flags */
static const header_field_info erf_stream_flags[] = {
{ "Relative Snapping", "relative_snap", FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL },
{ "Entropy Snapping", "entropy_snap", FT_BOOLEAN, 32, NULL, 0x2, NULL, HFILL }
};
/* Used as templates for ERF_META_TAG_ext_hdrs_added/removed subtrees */
static const header_field_info erf_ext_hdr_items[] = {
{ "Extension Headers 0 to 31", "0_31", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
{ "Extension Headers 32 to 63", "32_63", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
{ "Extension Headers 64 to 95", "64_95", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
{ "Extension Headers 96 to 127", "96_127", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }
};
/* Used as templates for ERF_META_TAG_smart_trunc_default */
static const header_field_info erf_smart_trunc_default_flags[] = {
{ "Truncation Candidate", "trunc_candidate", FT_BOOLEAN, 32, &tfs_yes_no, 0x1, NULL, HFILL }
};
typedef struct {
guint16 code;
@ -630,9 +705,12 @@ typedef struct {
typedef struct {
gint ett_value;
/*
* XXX: Must be at least array_length(erf_tunneling_modes). Should change to
* XXX: Must be at least array_length(ehdr_type_vals). Should change to
* dynamic (possibly using new proto tree API) if many more fields defined.
* Non-trivial as bitmask functions take an array of pointers not values.
* Either that or add a value-string-like automatic bitmask flags proto_item.
*
* Note that this struct is only added for tags that need it.
*/
int hf_values[ERF_HF_VALUES_PER_TAG];
} erf_meta_tag_info_ex_t;
@ -749,6 +827,12 @@ static const erf_meta_hf_template_t erf_meta_tags[] = {
{ ERF_META_TAG_cpu_numa_nodes, { "CPU NUMA Nodes", "cpu_numa_nodes", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dag_attribute, { "DAG Attribute", "dag_attribute", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dag_version, { "DAG Software Version", "dag_version", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stream_flags, { "Stream Flags", "stream_flags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_entropy_threshold, { "Entropy Threshold", "entropy_threshold", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_smart_trunc_default, { "Smart Truncation Default", "smart_trunc_default",FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ext_hdrs_added, { "Extension Headers Added", "ext_hdrs_added", FT_BYTES, BASE_NO_DISPLAY_VALUE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ext_hdrs_removed, { "Extension Headers Removed", "ext_hdrs_removed", FT_BYTES, BASE_NO_DISPLAY_VALUE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_relative_snaplen, { "Relative Snap Length", "relative_snaplen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_num, { "Interface Number", "if_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_vc, { "Interface Virtual Circuit", "if_vc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
@ -771,6 +855,10 @@ static const erf_meta_hf_template_t erf_meta_tags[] = {
{ ERF_META_TAG_if_phy_mode, { "Interface Endace PHY Mode", "if_phy_mode", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_port_type, { "Interface Port Type", "if_port_type", FT_UINT32, BASE_DEC, VALS(erf_port_type), 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_rx_latency, { "Interface Uncorrected RX Latency", "if_rx_latency", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_tap_mode, { "Tap Mode", "tap_mode", FT_UINT32, BASE_DEC, VALS(erf_tap_mode), 0x0, NULL, HFILL } },
{ ERF_META_TAG_tap_fail_mode, { "Tap Failover Mode", "tap_fail_mode", FT_UINT32, BASE_DEC, VALS(erf_tap_fail_mode), 0x0, NULL, HFILL } },
{ ERF_META_TAG_watchdog_expired, { "Watchdog Expired", "watchdog_expired", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_watchdog_interval, { "Watchdog Interval (ms)", "watchdog_interval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_ipv4, { "Source IPv4 address", "src_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_ipv4, { "Destination IPv4 address", "dest_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
@ -791,10 +879,25 @@ static const erf_meta_hf_template_t erf_meta_tags[] = {
{ ERF_META_TAG_src_port, { "Source Port", "src_port", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_port, { "Destination Port", "dest_port", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ip_proto, { "IP Protocol", "ip_proto", FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0, NULL, HFILL } },
{ ERF_META_TAG_flow_hash, { "Flow Hash", "flow_hash", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_flow_hash, { "Flow Hash", "flow_hash", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_filter_match, { "Filter Match", "filter_match", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_filter_match_name, { "Filter Match Name", "filter_match_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_error_flags, { "Error Flags", "error_flags", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_pkts, { "Initiator Packets", "initiator_pkts", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_pkts, { "Responder Packets", "responder_pkts", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_bytes, { "Initiator Bytes", "initiator_bytes", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_bytes, { "Responder Bytes", "responder_bytes", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_min_entropy, { "Initiator Minimum Entropy", "initiator_min_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_min_entropy, { "Responder Minimum Entropy", "responder_min_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_avg_entropy, { "Initiator Average Entropy", "initiator_avg_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_avg_entropy, { "Responder Average Entropy", "responder_avg_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_max_entropy, { "Initiator Maximum Entropy", "initiator_max_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_max_entropy, { "Responder Maximum Entropy", "responder_max_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_application, { "DPI Application", "dpi_application", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_confidence, { "DPI Confidence", "dpi_confidence", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_state, { "DPI State", "dpi_state", FT_UINT32, BASE_NONE, VALS(erf_dpi_state), 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_protocol_stack, { "DPI Protocol Stack", "dpi_protocol_stack", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_flow_state, { "Flow State", "flow_state", FT_UINT32, BASE_NONE, VALS(erf_flow_state), 0x0, NULL, HFILL } },
{ ERF_META_TAG_start_time, { "Start Time", "start_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_end_time, { "End Time", "end_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, NULL, HFILL } },
@ -1009,6 +1112,34 @@ init_tag_value_subfields(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info
return tag_info;
}
static erf_meta_tag_info_t*
init_ext_hdrs_tag_value_subfields(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info)
{
gsize i = 0;
gsize num_known_ext_hdrs = array_length(ehdr_type_vals) -1 /*null terminated*/;
hf_register_info hfri_tmp = { NULL, { NULL, NULL, FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL } }; /* Value, will be filled from template */
DISSECTOR_ASSERT(array_length(ehdr_type_vals_short) > num_known_ext_hdrs);
/* XXX: this currently supports only up to 27 known extension headers */
DISSECTOR_ASSERT(ERF_HF_VALUES_PER_TAG > num_known_ext_hdrs - 4); /* -1 sentinel terminated */
/* Use the first 4 hf_values for 32-bit subtree */
init_tag_value_subfields(hfri_table, tag_info, erf_ext_hdr_items, array_length(erf_ext_hdr_items));
DISSECTOR_ASSERT(tag_info->extra);
/*Fill in the rest of the remaining 27 entries with any known tag entries values */
for (i = 0; i < num_known_ext_hdrs; i++) {
/* Add value subfield */
hfri_tmp.p_id = &tag_info->extra->hf_values[4+i];
hfri_tmp.hfinfo.bitmask = (guint64)1 << ehdr_type_vals[i].value;
hfri_tmp.hfinfo.name = ehdr_type_vals[i].strptr;
hfri_tmp.hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(),
"erf.meta.", tag_info->section_template->hfinfo.abbrev, ".", tag_info->tag_template->hfinfo.abbrev, ".", ehdr_type_vals_short[i].strptr, NULL);
wmem_array_append_one(hfri_table, hfri_tmp);
}
return tag_info;
}
static erf_meta_tag_info_t*
init_ns_addr_tag_value_fields(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info)
{
@ -1085,6 +1216,17 @@ init_tag_fields(wmem_array_t *hfri_table, wmem_array_t *ett_table, const erf_met
break;
case ERF_META_TAG_ptp_gm_clock_quality:
init_tag_value_subfields(hfri_table, tag_info, erf_ptp_clock_quality, array_length(erf_ptp_clock_quality));
break;
case ERF_META_TAG_stream_flags:
init_tag_value_subfields(hfri_table, tag_info, erf_stream_flags, array_length(erf_stream_flags));
break;
case ERF_META_TAG_smart_trunc_default:
init_tag_value_subfields(hfri_table, tag_info, erf_smart_trunc_default_flags, array_length(erf_smart_trunc_default_flags));
break;
case ERF_META_TAG_ext_hdrs_added:
case ERF_META_TAG_ext_hdrs_removed:
init_ext_hdrs_tag_value_subfields(hfri_table, tag_info);
break;
}
/* Add ett entries */
@ -1632,6 +1774,36 @@ dissect_flow_id_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i
}
}
float entropy_from_entropy_header_value(guint8 entropy_hdr_value)
{
/* mapping 1-255 to 0.0-8.0 */
/* 255 is 8.0 */
/* 1 represent any value less than 2/32 */
/* 0 represents not calculated */
return (float)((entropy_hdr_value == 0)?0.0: (((float)entropy_hdr_value+1) / 32.0));
}
static void
dissect_entropy_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
{
if(tree) {
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
guint8 entropy_hdr_value = (guint8)((hdr >> 48) & 0xFF);
float entropy;
proto_item *pi;
proto_tree *entropy_value_tree;
entropy = entropy_from_entropy_header_value(entropy_hdr_value);
pi = proto_tree_add_float_format_value(tree, hf_erf_ehdr_entropy_entropy, tvb, 0, 0, entropy,
"%.2f %s", entropy, entropy == 0.0 ? "(not calculated)":"bits");
entropy_value_tree = proto_item_add_subtree(pi, ett_erf_entropy_value);
proto_tree_add_uint(entropy_value_tree, hf_erf_ehdr_entropy_entropy_raw, tvb, 0, 0, entropy_hdr_value);
proto_tree_add_uint64(tree, hf_erf_ehdr_entropy_reserved, tvb, 0, 0, (hdr & 0xFFFFFFFFFFFF));
}
}
static guint64
find_host_id(packet_info *pinfo, gboolean *has_anchor_definition) {
guint64 hdr;
@ -2153,6 +2325,9 @@ dissect_erf_pseudo_extension_header(tvbuff_t *tvb, packet_info *pinfo, proto_tre
}
dissect_host_anchor_id(tvb, pinfo, tree, host_id, hdr & ERF_EHDR_ANCHOR_ID_MASK, (guint8)(hdr >> 48));
break;
case ERF_EXT_HDR_TYPE_ENTROPY:
dissect_entropy_ex_header(tvb, pinfo, ehdr_tree, i);
break;
default:
dissect_unknown_ex_header(tvb, pinfo, ehdr_tree, i);
break;
@ -2250,6 +2425,77 @@ dissect_meta_tag_bitfield(proto_item *section_tree, tvbuff_t *tvb, int offset, e
return tag_pi;
}
static proto_item*
dissect_meta_tag_ext_hdrs(proto_item *section_tree, tvbuff_t *tvb, int offset, gint taglength, erf_meta_tag_info_t *tag_info, proto_item **out_tag_tree, expert_field **out_truncated_expert)
{
proto_item *tag_pi = NULL;
proto_tree *subtree = NULL;
proto_item *subtree_pi = NULL;
int i;
guint32 ext_hdrs[4] = {0, 0, 0, 0};
int int_offset = 0;
int int_avail = MIN(taglength / 4, 4);;
int bit_offset = 0;
int ext_hdr_num = 0;
gboolean first = TRUE;
gboolean all_set = TRUE;
DISSECTOR_ASSERT(tag_info->extra);
tag_pi = proto_tree_add_item(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, ENC_BIG_ENDIAN);
*out_tag_tree = proto_item_add_subtree(tag_pi, tag_info->ett);
for (int_offset = 0; int_offset < int_avail; int_offset++) {
ext_hdrs[int_offset] = tvb_get_guint32(tvb, offset + 4 + int_offset*4, ENC_BIG_ENDIAN);
if (ext_hdrs[int_offset] != G_MAXUINT32)
all_set = FALSE;
}
/* Special case: all specified bits are 1 means all extension headers */
if (all_set)
proto_item_append_text(tag_pi, ": <All>");
/* Add 4 subtrees, one for each uint32 representing 32 extension header numbers */
for (int_offset = 0; int_offset < int_avail; int_offset++) {
/* TODO: Put subtree hf values somewhere better than first 4 hf_values */
subtree_pi = proto_tree_add_item(*out_tag_tree, tag_info->extra->hf_values[int_offset], tvb, offset + 4 + int_offset*4, 4, ENC_BIG_ENDIAN);
/* Add the individual bit dissections */
/* XXX: This currently assumes we only know up to the first 32 */
if (int_offset == 0) {
subtree = proto_item_add_subtree(subtree_pi, tag_info->ett);
for (i = 4; tag_info->extra->hf_values[i] != -1; i++) {
proto_tree_add_boolean(subtree, tag_info->extra->hf_values[i], tvb, offset + 4 + int_offset*4, 4, ext_hdrs[int_offset]);
}
}
/* Add all set bits to the header, including the ones we don't understand */
for (bit_offset = 0; bit_offset < 32; bit_offset++) {
if (ext_hdrs[int_offset] & (1 << bit_offset)) {
proto_item_append_text(subtree_pi, ", %s", val_to_str(ext_hdr_num, ehdr_type_vals, "%d"));
/* Also add to the top level */
if (!all_set)
proto_item_append_text(tag_pi, "%s %s", first ? ":" : ",", val_to_str(ext_hdr_num, ehdr_type_vals, "%d"));
first = FALSE;
}
ext_hdr_num++;
}
}
if (first)
proto_item_append_text(tag_pi, ": <None>");
/* Check for truncated tag (i.e. last uint32 is partial) */
if (int_avail < 4 && taglength % 4 != 0) {
*out_truncated_expert = &ei_erf_meta_truncated_tag;
}
return tag_pi;
}
static void erf_ts_to_nstime(guint64 timestamp, nstime_t* t, gboolean is_relative) {
guint64 ts = timestamp;
@ -2355,6 +2601,12 @@ meta_tag_expected_length(erf_meta_tag_info_t *tag_info) {
/* 16-byte WWNs */
expected_length = 16;
break;
case ERF_META_TAG_ext_hdrs_added:
case ERF_META_TAG_ext_hdrs_removed:
/* 1 to 4 uint32 fields */
expected_length = 4;
break;
}
return expected_length;
@ -2572,6 +2824,8 @@ dissect_meta_record_tags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
case ERF_META_TAG_tunneling_mode:
case ERF_META_TAG_ptp_time_properties:
case ERF_META_TAG_ptp_gm_clock_quality:
case ERF_META_TAG_stream_flags:
case ERF_META_TAG_smart_trunc_default:
tag_pi = dissect_meta_tag_bitfield(section_tree, tvb, offset, tag_info, &tag_tree);
break;
@ -2626,6 +2880,28 @@ dissect_meta_record_tags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
break;
}
case ERF_META_TAG_entropy_threshold:
case ERF_META_TAG_initiator_min_entropy:
case ERF_META_TAG_responder_min_entropy:
case ERF_META_TAG_initiator_avg_entropy:
case ERF_META_TAG_responder_avg_entropy:
case ERF_META_TAG_initiator_max_entropy:
case ERF_META_TAG_responder_max_entropy:
{
float entropy;
value32 = tvb_get_ntohl(tvb, offset + 4);
entropy = entropy_from_entropy_header_value(value32);
tag_pi = proto_tree_add_float_format_value(section_tree, tag_info->hf_value, tvb, 0, 0, entropy,
"%.2f %s", entropy, entropy == 0.0 ? "(not calculated)":"bits");
break;
}
case ERF_META_TAG_ext_hdrs_added:
case ERF_META_TAG_ext_hdrs_removed:
tag_pi = dissect_meta_tag_ext_hdrs(section_tree, tvb, offset, taglength, tag_info, &tag_tree, &truncated_expert);
break;
default:
dissected = FALSE;
break;
@ -3228,6 +3504,17 @@ proto_register_erf(void)
{ "Previous Metadata in Source", "erf.source_meta_frame_prev",
FT_FRAMENUM, BASE_NONE, NULL, 0, NULL, HFILL } },
/* Entropy Extension Header */
{ &hf_erf_ehdr_entropy_entropy,
{ "Entropy", "erf.ehdr.entropy.entropy",
FT_FLOAT, BASE_NONE, NULL, 0, NULL, HFILL} },
{ &hf_erf_ehdr_entropy_entropy_raw,
{ "Raw Entropy", "erf.ehdr.entropy.entropy.raw",
FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL} },
{ &hf_erf_ehdr_entropy_reserved,
{ "Reserved", "erf.ehdr.entropy.rsvd",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL} },
/* Unknown Extension Header */
{ &hf_erf_ehdr_unk,
{ "Data", "erf.ehdr.unknown.data",
@ -3485,7 +3772,8 @@ proto_register_erf(void)
&ett_erf_meta_tag,
&ett_erf_source,
&ett_erf_anchor,
&ett_erf_anchor_flags
&ett_erf_anchor_flags,
&ett_erf_entropy_value
};
static const enum_val_t erf_hdlc_options[] = {

27
wiretap/erf.h
View File

@ -101,9 +101,11 @@
#define ERF_EXT_HDR_TYPE_BFS 6
#define ERF_EXT_HDR_TYPE_CHANNELISED 12
#define ERF_EXT_HDR_TYPE_SIGNATURE 14
#define ERF_EXT_HDR_TYPE_PKT_ID 15
#define ERF_EXT_HDR_TYPE_FLOW_ID 16
#define ERF_EXT_HDR_TYPE_HOST_ID 17
#define ERF_EXT_HDR_TYPE_ANCHOR_ID 18
#define ERF_EXT_HDR_TYPE_ENTROPY 19
/* Host ID and Anchor ID*/
#define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff)
@ -188,6 +190,12 @@
#define ERF_META_TAG_cpu_numa_nodes 51
#define ERF_META_TAG_dag_attribute 52
#define ERF_META_TAG_dag_version 53
#define ERF_META_TAG_stream_flags 54
#define ERF_META_TAG_entropy_threshold 55
#define ERF_META_TAG_smart_trunc_default 56
#define ERF_META_TAG_ext_hdrs_added 57
#define ERF_META_TAG_ext_hdrs_removed 58
#define ERF_META_TAG_relative_snaplen 59
#define ERF_META_TAG_if_num 64
#define ERF_META_TAG_if_vc 65
@ -210,6 +218,10 @@
#define ERF_META_TAG_if_phy_mode 82
#define ERF_META_TAG_if_port_type 83
#define ERF_META_TAG_if_rx_latency 84
#define ERF_META_TAG_tap_mode 85
#define ERF_META_TAG_tap_fail_mode 86
#define ERF_META_TAG_watchdog_expired 87
#define ERF_META_TAG_watchdog_interval 88
#define ERF_META_TAG_src_ipv4 128
#define ERF_META_TAG_dest_ipv4 129
@ -234,6 +246,21 @@
#define ERF_META_TAG_filter_match 148
#define ERF_META_TAG_filter_match_name 149
#define ERF_META_TAG_error_flags 150
#define ERF_META_TAG_initiator_pkts 151
#define ERF_META_TAG_responder_pkts 152
#define ERF_META_TAG_initiator_bytes 153
#define ERF_META_TAG_responder_bytes 154
#define ERF_META_TAG_initiator_min_entropy 155
#define ERF_META_TAG_responder_min_entropy 156
#define ERF_META_TAG_initiator_avg_entropy 157
#define ERF_META_TAG_responder_avg_entropy 158
#define ERF_META_TAG_initiator_max_entropy 159
#define ERF_META_TAG_responder_max_entropy 160
#define ERF_META_TAG_dpi_application 161
#define ERF_META_TAG_dpi_confidence 162
#define ERF_META_TAG_dpi_state 163
#define ERF_META_TAG_dpi_protocol_stack 164
#define ERF_META_TAG_flow_state 165
#define ERF_META_TAG_start_time 193
#define ERF_META_TAG_end_time 194