osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/dissectors/packet-erf.c

3899 lines
168 KiB
C
Raw Normal View History

From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* packet-erf.c
* Routines for ERF encapsulation dissection
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
dissectors: use SPDX identifiers. Change-Id: I92c94448e6641716d03158a5f332c8b53709423a Reviewed-on: https://code.wireshark.org/review/25756 Petri-Dish: Dario Lombardo <lomato@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-12 11:23:27 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
*/
We always HAVE_CONFIG_H so don't bother checking whether we have it or not. svn path=/trunk/; revision=45017
2012-09-20 02:03:38 +00:00
#include "config.h"
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
#include <epan/packet.h>
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
#include <epan/expert.h>
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
#include <epan/prefs.h>
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
#include <epan/ipproto.h>
#include <epan/to_str.h>
#include <wsutil/str_util.h>
From Anthony Coddington: SDH dissector calculation fixes. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8767 svn path=/trunk/; revision=49750
2013-06-04 04:19:52 +00:00
#include "packet-erf.h"
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
#include "packet-ptp.h"
From Anthony Coddington: SDH dissector calculation fixes. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8767 svn path=/trunk/; revision=49750
2013-06-04 04:19:52 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/*
*/
ERF: split wiretap/erf.h into three files. wiretap/erf_record.h has declarations for records in ERF files and in LINKTYPE_ERF packets in pcap and pcapng files. wiretap/erf-common.h has declarations of routines to be called by pcap/pcapng reader code when processing LINKTYPE_ERF packets. wiretap/erf.h is what's left, for use by wiretap/erf.c and the code with the tables of file readers and writers. Change-Id: Ia982e79b14a025a80dcbc7c812fb3b2cdb9c6aaa Reviewed-on: https://code.wireshark.org/review/37021 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
2020-05-02 04:02:00 +00:00
#include "wiretap/erf_record.h"
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
Fix [-Wmissing-prototypes] svn path=/trunk/; revision=54135
2013-12-15 23:44:12 +00:00
void proto_register_erf(void);
void proto_reg_handoff_erf(void);
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
#define DECHAN_MAX_LINE_RATE 5
#define DECHAN_MAX_VC_SIZE 5
Fix fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Don't overflow in_fmt->m_vc_index_array: verify that speed is less than or equal to DECHAN_MAX_AUG_INDEX before using it. Also add a comment: there are comments here that indicate that this array should have 5 entries but there are only 4. svn path=/trunk/; revision=44306
2012-08-07 18:17:29 +00:00
#define DECHAN_MAX_AUG_INDEX 4
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
typedef struct sdh_g707_format_s
{
guint8 m_sdh_line_rate;
guint8 m_vc_size ;
Fix fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Don't overflow in_fmt->m_vc_index_array: verify that speed is less than or equal to DECHAN_MAX_AUG_INDEX before using it. Also add a comment: there are comments here that indicate that this array should have 5 entries but there are only 4. svn path=/trunk/; revision=44306
2012-08-07 18:17:29 +00:00
gint8 m_vc_index_array[DECHAN_MAX_AUG_INDEX];
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
/* i = 3 --> ITU-T letter #D - index of AUG-16
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
* i = 2 --> ITU-T letter #C - index of AUG-4,
Fix fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Don't overflow in_fmt->m_vc_index_array: verify that speed is less than or equal to DECHAN_MAX_AUG_INDEX before using it. Also add a comment: there are comments here that indicate that this array should have 5 entries but there are only 4. svn path=/trunk/; revision=44306
2012-08-07 18:17:29 +00:00
* i = 1 --> ITU-T letter #B - index of AUG-1
* i = 0 --> ITU-T letter #A - index of AU3*/
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
} sdh_g707_format_t;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Avoid calling find_dissector(), cache result of [new_]register_dissector() svn path=/trunk/; revision=53353
2013-11-16 01:10:05 +00:00
static dissector_handle_t erf_handle;
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
static dissector_table_t erf_dissector_table;
Avoid calling find_dissector(), cache result of [new_]register_dissector() svn path=/trunk/; revision=53353
2013-11-16 01:10:05 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Initialize the protocol and registered fields */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int proto_erf = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ts = -1;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_rectype = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_type = -1;
static int hf_erf_ehdr = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static int hf_erf_ehdr_t = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_flags = -1;
static int hf_erf_flags_cap = -1;
static int hf_erf_flags_vlen = -1;
static int hf_erf_flags_trunc = -1;
static int hf_erf_flags_rxe = -1;
static int hf_erf_flags_dse = -1;
static int hf_erf_flags_res = -1;
static int hf_erf_rlen = -1;
static int hf_erf_lctr = -1;
Some ERF pseudo-headers have color instead of lctr value Don't report expert-info warnings for lctr when it is actually color. Change-Id: I689ec84dd8f1cafa1ec7e8740f9bc4091339929a Reviewed-on: https://code.wireshark.org/review/20306 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-27 21:13:42 +00:00
static int hf_erf_color = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_wlen = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Classification extension header */
/* InterceptID extension header */
static int hf_erf_ehdr_int_res1 = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_int_id = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static int hf_erf_ehdr_int_res2 = -1;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Raw Link extension header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_raw_link_res = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static int hf_erf_ehdr_raw_link_seqnum = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_raw_link_rate = -1;
static int hf_erf_ehdr_raw_link_type = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Classification extension header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_class_flags = -1;
static int hf_erf_ehdr_class_flags_sh = -1;
static int hf_erf_ehdr_class_flags_shm = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static int hf_erf_ehdr_class_flags_res1 = -1;
static int hf_erf_ehdr_class_flags_user = -1;
static int hf_erf_ehdr_class_flags_res2 = -1;
static int hf_erf_ehdr_class_flags_drop = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_class_flags_str = -1;
static int hf_erf_ehdr_class_seqnum = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
/* BFS extension header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_bfs_hash = -1;
static int hf_erf_ehdr_bfs_color = -1;
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
static int hf_erf_ehdr_bfs_raw_hash = -1;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
/* Channelised extension header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_chan_morebits = -1;
static int hf_erf_ehdr_chan_morefrag = -1;
static int hf_erf_ehdr_chan_seqnum = -1;
static int hf_erf_ehdr_chan_res = -1;
static int hf_erf_ehdr_chan_virt_container_id = -1;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
static int hf_erf_ehdr_chan_assoc_virt_container_size = -1;
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
static int hf_erf_ehdr_chan_rate = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_ehdr_chan_type = -1;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6943 : The ERF extension header 'New BFS' is poorly named, it is not descriptive. Rename the ERF 'New BFS' extension header to 'Signature' which is more descriptive, more easily distinguished, and consistent with the internal naming. svn path=/trunk/; revision=41515
2012-03-13 01:22:36 +00:00
/* Filter Hash extension header */
static int hf_erf_ehdr_signature_payload_hash = -1;
static int hf_erf_ehdr_signature_color = -1;
static int hf_erf_ehdr_signature_flow_hash = -1;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Flow ID extension header */
static int hf_erf_ehdr_flow_id_source_id = -1;
static int hf_erf_ehdr_flow_id_hash_type = -1;
static int hf_erf_ehdr_flow_id_stack_type = -1;
static int hf_erf_ehdr_flow_id_flow_hash = -1;
/* Host ID extension header */
static int hf_erf_ehdr_host_id_sourceid = -1;
static int hf_erf_ehdr_host_id_hostid = -1;
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Anchor ID extension header */
static int hf_erf_ehdr_anchor_id_definition = -1;
static int hf_erf_ehdr_anchor_id_reserved = -1;
static int hf_erf_ehdr_anchor_id_anchorid = -1;
static int hf_erf_ehdr_anchor_id_flags = -1;
static int hf_erf_anchor_linked = -1;
static int hf_erf_anchor_anchorid = -1;
static int hf_erf_anchor_hostid = -1;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Generated Host ID/Source ID */
static int hf_erf_sourceid = -1;
static int hf_erf_hostid = -1;
static int hf_erf_source_current = -1;
static int hf_erf_source_next = -1;
static int hf_erf_source_prev = -1;
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
/* Entropy extension header */
static int hf_erf_ehdr_entropy_entropy = -1;
static int hf_erf_ehdr_entropy_entropy_raw = -1;
static int hf_erf_ehdr_entropy_reserved = -1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Unknown extension header */
static int hf_erf_ehdr_unk = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC HDLC Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_hdlc = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_hdlc_cn = -1;
static int hf_erf_mc_hdlc_res1 = -1;
static int hf_erf_mc_hdlc_res2 = -1;
static int hf_erf_mc_hdlc_fcse = -1;
static int hf_erf_mc_hdlc_sre = -1;
static int hf_erf_mc_hdlc_lre = -1;
static int hf_erf_mc_hdlc_afe = -1;
static int hf_erf_mc_hdlc_oe = -1;
static int hf_erf_mc_hdlc_lbe = -1;
static int hf_erf_mc_hdlc_first = -1;
static int hf_erf_mc_hdlc_res3 = -1;
/* MC RAW Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_raw = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_raw_int = -1;
static int hf_erf_mc_raw_res1 = -1;
static int hf_erf_mc_raw_sre = -1;
static int hf_erf_mc_raw_lre = -1;
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
static int hf_erf_mc_raw_res2 = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_raw_lbe = -1;
static int hf_erf_mc_raw_first = -1;
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
static int hf_erf_mc_raw_res3 = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC ATM Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_atm = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_atm_cn = -1;
static int hf_erf_mc_atm_res1 = -1;
static int hf_erf_mc_atm_mul = -1;
static int hf_erf_mc_atm_port = -1;
static int hf_erf_mc_atm_res2 = -1;
static int hf_erf_mc_atm_lbe = -1;
static int hf_erf_mc_atm_hec = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_atm_crc10 = -1;
static int hf_erf_mc_atm_oamcell = -1;
static int hf_erf_mc_atm_first = -1;
static int hf_erf_mc_atm_res3 = -1;
/* MC Raw link Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_rawl = -1;
static int hf_erf_mc_rawl_cn = -1;
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
static int hf_erf_mc_rawl_res1 = -1;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_rawl_lbe = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_rawl_first = -1;
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
static int hf_erf_mc_rawl_res2 = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC AAL5 Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_aal5 = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_aal5_cn = -1;
static int hf_erf_mc_aal5_res1 = -1;
static int hf_erf_mc_aal5_port = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_aal5_crcck = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_aal5_crce = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_aal5_lenck = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_aal5_lene = -1;
static int hf_erf_mc_aal5_res2 = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_aal5_first = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_aal5_res3 = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC AAL2 Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_mc_aal2 = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_aal2_cn = -1;
static int hf_erf_mc_aal2_res1 = -1;
static int hf_erf_mc_aal2_res2 = -1;
static int hf_erf_mc_aal2_port = -1;
static int hf_erf_mc_aal2_res3 = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static int hf_erf_mc_aal2_first = -1;
static int hf_erf_mc_aal2_maale = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_mc_aal2_lene = -1;
static int hf_erf_mc_aal2_cid = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
/* AAL2 Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_aal2 = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_aal2_cid = -1;
static int hf_erf_aal2_maale = -1;
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
static int hf_erf_aal2_maalei = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_aal2_first = -1;
static int hf_erf_aal2_res1 = -1;
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* ERF Ethernet header/pad */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static int hf_erf_eth = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static int hf_erf_eth_off = -1;
Clean up handling of the data before the Ethernet packet in ERF files. The data before the Ethernet packet isn't a 16-bit little-endian integer, it's two bytes, one byte of offset and one byte of padding. Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1 Reviewed-on: https://code.wireshark.org/review/13254 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 08:10:48 +00:00
static int hf_erf_eth_pad = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* ERF Meta record tag */
static int hf_erf_meta_tag_type = -1;
static int hf_erf_meta_tag_len = -1;
static int hf_erf_meta_tag_unknown = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Initialize the subtree pointers */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static gint ett_erf = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static gint ett_erf_pseudo_hdr = -1;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
static gint ett_erf_rectype = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static gint ett_erf_flags = -1;
static gint ett_erf_mc_hdlc = -1;
static gint ett_erf_mc_raw = -1;
static gint ett_erf_mc_atm = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static gint ett_erf_mc_rawlink = -1;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
static gint ett_erf_mc_aal5 = -1;
static gint ett_erf_mc_aal2 = -1;
static gint ett_erf_aal2 = -1;
static gint ett_erf_eth = -1;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static gint ett_erf_meta = -1;
static gint ett_erf_meta_tag = -1;
static gint ett_erf_source = -1;
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
static gint ett_erf_anchor = -1;
static gint ett_erf_anchor_flags = -1;
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
static gint ett_erf_entropy_value = -1;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
static expert_field ei_erf_extension_headers_not_shown = EI_INIT;
static expert_field ei_erf_packet_loss = EI_INIT;
static expert_field ei_erf_checksum_error = EI_INIT;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static expert_field ei_erf_meta_section_len_error = EI_INIT;
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
static expert_field ei_erf_meta_truncated_record = EI_INIT;
static expert_field ei_erf_meta_truncated_tag = EI_INIT;
static expert_field ei_erf_meta_zero_len_tag = EI_INIT;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static expert_field ei_erf_meta_reset = EI_INIT;
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
typedef enum {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
ERF_HDLC_CHDLC = 0,
ERF_HDLC_PPP = 1,
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
ERF_HDLC_FRELAY = 2,
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
ERF_HDLC_MTP2 = 3,
ERF_HDLC_GUESS = 4,
ERF_HDLC_MAX = 5
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
} erf_hdlc_type_vals;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
static gint erf_hdlc_type = ERF_HDLC_GUESS;
static dissector_handle_t chdlc_handle, ppp_handle, frelay_handle, mtp2_handle;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
static gboolean erf_rawcell_first = FALSE;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
typedef enum {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
ERF_AAL5_GUESS = 0,
ERF_AAL5_LLC = 1,
From Yair via bug 5779: Add option to leave AAL5 in unspecified format. (... with whitepsace changes by me.) svn path=/trunk/; revision=36416
2011-03-31 14:23:07 +00:00
ERF_AAL5_UNSPEC = 2
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
} erf_aal5_type_val;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
static gint erf_aal5_type = ERF_AAL5_GUESS;
Just have a scalar handle_t for the Infiniband handle, for now. (The old code had the type value past the end of the array.) Rename the handle variables. svn path=/trunk/; revision=25739
2008-07-14 20:26:58 +00:00
static dissector_handle_t atm_untruncated_handle;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Andrew Kampjes: SDH support for wireshark. - Added GPL license. - Removed not needed includes. - Skipped th .h file as it wasn't used. svn path=/trunk/; revision=43106
2012-06-05 10:42:38 +00:00
static dissector_handle_t sdh_handle;
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
/* ERF Header */
#define ERF_HDR_TYPE_MASK 0x7f
#define ERF_HDR_EHDR_MASK 0x80
#define ERF_HDR_FLAGS_MASK 0xff
#define ERF_HDR_CAP_MASK 0x03
#define ERF_HDR_VLEN_MASK 0x04
#define ERF_HDR_TRUNC_MASK 0x08
#define ERF_HDR_RXE_MASK 0x10
#define ERF_HDR_DSE_MASK 0x20
#define ERF_HDR_RES_MASK 0xC0
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Classification */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
#define EHDR_CLASS_FLAGS_MASK 0x00ffffff
#define EHDR_CLASS_SH_MASK 0x00800000
#define EHDR_CLASS_SHM_MASK 0x00400000
#define EHDR_CLASS_RES1_MASK 0x00300000
#define EHDR_CLASS_USER_MASK 0x000FFFF0
#define EHDR_CLASS_RES2_MASK 0x00000008
#define EHDR_CLASS_DROP_MASK 0x00000004
#define EHDR_CLASS_STER_MASK 0x00000003
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
Fix various typos and spelling errors (mostly in text strings) svn path=/trunk/; revision=27050
2008-12-18 19:08:49 +00:00
/* Header for ATM traffic identification */
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
#define ATM_HDR_LENGTH 4
/* Multi Channel HDLC */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define MC_HDLC_CN_MASK 0x000003ff
#define MC_HDLC_RES1_MASK 0x0000fc00
#define MC_HDLC_RES2_MASK 0x00ff0000
#define MC_HDLC_FCSE_MASK 0x01000000
#define MC_HDLC_SRE_MASK 0x02000000
#define MC_HDLC_LRE_MASK 0x04000000
#define MC_HDLC_AFE_MASK 0x08000000
#define MC_HDLC_OE_MASK 0x10000000
#define MC_HDLC_LBE_MASK 0x20000000
#define MC_HDLC_FIRST_MASK 0x40000000
#define MC_HDLC_RES3_MASK 0x80000000
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Multi Channel RAW */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define MC_RAW_INT_MASK 0x0000000f
#define MC_RAW_RES1_MASK 0x01fffff0
#define MC_RAW_SRE_MASK 0x02000000
#define MC_RAW_LRE_MASK 0x04000000
#define MC_RAW_RES2_MASK 0x18000000
#define MC_RAW_LBE_MASK 0x20000000
#define MC_RAW_FIRST_MASK 0x40000000
#define MC_RAW_RES3_MASK 0x80000000
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Multi Channel ATM */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define MC_ATM_CN_MASK 0x000003ff
#define MC_ATM_RES1_MASK 0x00007c00
#define MC_ATM_MUL_MASK 0x00008000
#define MC_ATM_PORT_MASK 0x000f0000
#define MC_ATM_RES2_MASK 0x00f00000
#define MC_ATM_LBE_MASK 0x01000000
#define MC_ATM_HEC_MASK 0x02000000
#define MC_ATM_CRC10_MASK 0x04000000
#define MC_ATM_OAMCELL_MASK 0x08000000
#define MC_ATM_FIRST_MASK 0x10000000
#define MC_ATM_RES3_MASK 0xe0000000
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Multi Channel RAW Link */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define MC_RAWL_CN_MASK 0x000003ff
#define MC_RAWL_RES1_MASK 0x1ffffc00
#define MC_RAWL_LBE_MASK 0x20000000
#define MC_RAWL_FIRST_MASK 0x40000000
#define MC_RAWL_RES2_MASK 0x80000000
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Multi Channel AAL5 */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define MC_AAL5_CN_MASK 0x000003ff
#define MC_AAL5_RES1_MASK 0x0000fc00
#define MC_AAL5_PORT_MASK 0x000f0000
#define MC_AAL5_CRCCK_MASK 0x00100000
#define MC_AAL5_CRCE_MASK 0x00200000
#define MC_AAL5_LENCK_MASK 0x00400000
#define MC_AAL5_LENE_MASK 0x00800000
#define MC_AAL5_RES2_MASK 0x0f000000
#define MC_AAL5_FIRST_MASK 0x10000000
#define MC_AAL5_RES3_MASK 0xe0000000
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Multi Channel AAL2 */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define MC_AAL2_CN_MASK 0x000003ff
#define MC_AAL2_RES1_MASK 0x00001c00
#define MC_AAL2_RES2_MASK 0x0000e000
#define MC_AAL2_PORT_MASK 0x000f0000
#define MC_AAL2_RES3_MASK 0x00100000
#define MC_AAL2_FIRST_MASK 0x00200000
#define MC_AAL2_MAALE_MASK 0x00400000
#define MC_AAL2_LENE_MASK 0x00800000
#define MC_AAL2_CID_MASK 0xff000000
#define MC_AAL2_CID_SHIFT 24
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
/* AAL2 */
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define AAL2_CID_MASK 0x000000ff
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
#define AAL2_CID_SHIFT 0
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
#define AAL2_MAALE_MASK 0x0000ff00
#define AAL2_MAALEI_MASK 0x00010000
#define AAL2_FIRST_MASK 0x00020000
#define AAL2_RES1_MASK 0xfffc0000
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* ETH */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
#define ETH_OFF_MASK 0x00
#define ETH_RES1_MASK 0x00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Invalid Provenance sections used for special lookup */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
#define ERF_META_SECTION_NONE 0
#define ERF_META_SECTION_UNKNOWN 1
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
#define NS_PER_S 1000000000
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Record type defines */
static const value_string erf_type_vals[] = {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ ERF_TYPE_LEGACY ,"LEGACY"},
{ ERF_TYPE_HDLC_POS ,"HDLC_POS"},
{ ERF_TYPE_ETH ,"ETH"},
{ ERF_TYPE_ATM ,"ATM"},
{ ERF_TYPE_AAL5 ,"AAL5"},
{ ERF_TYPE_MC_HDLC ,"MC_HDLC"},
{ ERF_TYPE_MC_RAW ,"MC_RAW"},
{ ERF_TYPE_MC_ATM ,"MC_ATM"},
{ ERF_TYPE_MC_RAW_CHANNEL ,"MC_RAW_CHANNEL"},
{ ERF_TYPE_MC_AAL5 ,"MC_AAL5"},
{ ERF_TYPE_COLOR_HDLC_POS ,"COLOR_HDLC_POS"},
{ ERF_TYPE_COLOR_ETH ,"COLOR_ETH"},
ERF: Add dissection of missing ERF types Wiretap support had already been added for old type variants COLOR_HASH_ETH and COLOR_HASH_POS, dissect them like the other variants. Change-Id: I60b83c50a258a27c31a498382c276bc4f4a34cbb Reviewed-on: https://code.wireshark.org/review/15397 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-12 06:54:01 +00:00
{ ERF_TYPE_COLOR_HASH_POS ,"COLOR_HASH_POS"},
{ ERF_TYPE_COLOR_HASH_ETH ,"COLOR_HASH_ETH"},
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ ERF_TYPE_MC_AAL2 ,"MC_AAL2 "},
{ ERF_TYPE_IP_COUNTER ,"IP_COUNTER"},
{ ERF_TYPE_TCP_FLOW_COUNTER ,"TCP_FLOW_COUNTER"},
{ ERF_TYPE_DSM_COLOR_HDLC_POS ,"DSM_COLOR_HDLC_POS"},
{ ERF_TYPE_DSM_COLOR_ETH ,"DSM_COLOR_ETH "},
{ ERF_TYPE_COLOR_MC_HDLC_POS ,"COLOR_MC_HDLC_POS"},
{ ERF_TYPE_AAL2 ,"AAL2"},
{ ERF_TYPE_PAD ,"PAD"},
{ ERF_TYPE_INFINIBAND , "INFINIBAND"},
{ ERF_TYPE_IPV4 , "IPV4"},
{ ERF_TYPE_IPV6 , "IPV6"},
{ ERF_TYPE_RAW_LINK , "RAW_LINK"},
{ ERF_TYPE_INFINIBAND_LINK , "INFINIBAND_LINK"},
ERF: Add basic no-break support for ERF_TYPE_META. Update erf_open heuristic to not break when ERF_TYPE_META records are present. Remove check for maximum non-pad ERF type and add defines for reserved types. No dissection in this commit beyond record type name, this will come later. Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85 Reviewed-on: https://code.wireshark.org/review/12708 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-19 03:23:53 +00:00
{ ERF_TYPE_META , "META"},
opa: Add dissectors for Intel’s Omni-Path Architecture (OPA) Added dissectors for OPA Fabric Executive (FE) Header, OPA Snoop and Capture (SnC) MetaData Header, OPA 9B Packets, and OPA MAD Packets. Bug: 12114 Change-Id: I6acd3c9e266e4b638167abbdd275ec7c1d472b4f Reviewed-on: https://code.wireshark.org/review/13473 Reviewed-by: Adam Goldman <adam.goldman@intel.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-02-04 15:10:28 +00:00
{ ERF_TYPE_OPA_SNC , "OMNI-PATH_SNC"},
{ ERF_TYPE_OPA_9B , "OMNI-PATH"},
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
{0, NULL}
};
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Extended headers type defines */
static const value_string ehdr_type_vals[] = {
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_EXT_HDR_TYPE_CLASSIFICATION , "Classification"},
{ ERF_EXT_HDR_TYPE_INTERCEPTID , "InterceptID"},
{ ERF_EXT_HDR_TYPE_RAW_LINK , "Raw Link"},
{ ERF_EXT_HDR_TYPE_BFS , "BFS Filter/Hash"},
{ ERF_EXT_HDR_TYPE_CHANNELISED , "Channelised"},
{ ERF_EXT_HDR_TYPE_SIGNATURE , "Signature"},
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{ ERF_EXT_HDR_TYPE_PKT_ID , "Packet ID"},
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_EXT_HDR_TYPE_FLOW_ID , "Flow ID"},
{ ERF_EXT_HDR_TYPE_HOST_ID , "Host ID"},
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
{ ERF_EXT_HDR_TYPE_ANCHOR_ID , "Anchor ID"},
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{ ERF_EXT_HDR_TYPE_ENTROPY , "Entropy"},
{ 0, NULL }
};
/* Used for Provenance ext_hdrs_added/remvoed, should match the field abbreviation */
static const value_string ehdr_type_vals_short[] = {
{ ERF_EXT_HDR_TYPE_CLASSIFICATION , "class"},
{ ERF_EXT_HDR_TYPE_INTERCEPTID , "int"},
{ ERF_EXT_HDR_TYPE_RAW_LINK , "raw"},
{ ERF_EXT_HDR_TYPE_BFS , "bfs"},
{ ERF_EXT_HDR_TYPE_CHANNELISED , "chan"},
{ ERF_EXT_HDR_TYPE_SIGNATURE , "signature"},
{ ERF_EXT_HDR_TYPE_PKT_ID , "packetid"},
{ ERF_EXT_HDR_TYPE_FLOW_ID , "flowid"},
{ ERF_EXT_HDR_TYPE_HOST_ID , "hostid"},
{ ERF_EXT_HDR_TYPE_ANCHOR_ID , "anchorid"},
{ ERF_EXT_HDR_TYPE_ENTROPY , "entropy"},
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
{ 0, NULL }
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
};
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
/* XXX: Must be at least array_length(ehdr_type_vals). */
#define ERF_HF_VALUES_PER_TAG 32
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static const value_string raw_link_types[] = {
Add a few more raw link types to be up to date with the current ERF format spec. Patch provided by Andrew Kampjes via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6410. svn path=/trunk/; revision=39203
2011-09-30 20:51:10 +00:00
{ 0x00, "raw SONET"},
{ 0x01, "raw SDH"},
{ 0x02, "SONET spe"},
{ 0x03, "SDH spe"},
{ 0x04, "ds3"},
{ 0x05, "SONET spe w/o POH"},
{ 0x06, "SDH spe w/o POH"},
{ 0x07, "SONET line mode 2"},
{ 0x08, "SHD line mode 2"},
{ 0x09, "raw bit-level"},
{ 0x0A, "raw 10Gbe 66b"},
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
{ 0, NULL },
};
static const value_string raw_link_rates[] = {
{ 0x00, "reserved"},
{ 0x01, "oc3/stm1"},
{ 0x02, "oc12/stm4"},
{ 0x03, "oc48/stm16"},
{ 0x04, "oc192/stm64"},
{ 0, NULL },
};
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
static const value_string channelised_assoc_virt_container_size[] = {
{ 0x00, "unused field"},
{ 0x01, "VC-3 / STS-1"},
{ 0x02, "VC-4 / STS-3"},
{ 0x03, "VC-4-4c / STS-12"},
{ 0x04, "VC-4-16c / STS-48"},
{ 0x05, "VC-4-64c / STS-192"},
{ 0, NULL }
};
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
static const value_string channelised_rate[] = {
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{ 0x00, "Reserved"},
{ 0x01, "STM-0 / STS-1"},
{ 0x02, "STM-1 / STS-3"},
{ 0x03, "STM-4 / STS-12"},
{ 0x04, "STM-16 / STS-48"},
{ 0x05, "STM-64 / STS-192"},
{ 0, NULL}
};
static const value_string channelised_type[] = {
{ 0x00, "SOH / TOH"},
{ 0x01, "POH"},
{ 0x02, "Container"},
{ 0x03, "POS Packet"},
{ 0x04, "ATM Cell"},
{ 0x05, "Positive justification bytes"},
{ 0x06, "Raw demultiplexed channel"},
{ 0, NULL}
};
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static const value_string erf_hash_type[] = {
{ 0x00, "Not set"},
{ 0x01, "Non-IP (Src/Dst MACs, EtherType)"},
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ 0x02, "2-tuple (Src/Dst IPs)"},
{ 0x03, "3-tuple (Src/Dst IPs, IP Protocol)"},
{ 0x04, "4-tuple (Src/Dst IPs, IP Protocol, Interface ID)"},
{ 0x05, "5-tuple (Src/Dst IPs, IP Protocol, Src/Dst L4 Ports)"},
{ 0x06, "6-tuple (Src/Dst IPs, IP Protocol, Src/Dst L4 Ports, Interface ID)"},
{ 0, NULL}
};
static const value_string erf_hash_mode[] = {
{ 0x00, "Reserved"},
{ 0x01, "Reserved"},
{ 0x02, "2-tuple (Src/Dst IPs)"},
{ 0x03, "3-tuple (Src/Dst IPs, IP Protocol)"},
{ 0x04, "4-tuple (Src/Dst IPs, IP Protocol, Interface ID)"},
{ 0x05, "5-tuple (Src/Dst IPs, IP Protocol, Src/Dst L4 Ports)"},
{ 0x06, "6-tuple (Src/Dst IPs, IP Protocol, Src/Dst L4 Ports, Interface ID)"},
{ 0x07, "2-tuple (Inner Src/Dst IPs)"},
{ 0x08, "4-tuple (Inner Src/Dst IPs, Outer Src/Dst IPs)"},
{ 0x09, "4-tuple (Inner Src/Dst IPs, Inner Src/Dst L4 Ports)"},
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
{ 0x0A, "6-tuple (Inner Src/Dst IPs, Outer Src/Dst IPs, Inner Src/Dst L4 Ports)"},
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ 0, NULL}
};
static const value_string erf_stack_type[] = {
{ 0x00, "Not set"},
{ 0x01, "Non-IP"},
{ 0x02, "No VLAN, IPv4"},
{ 0x03, "No VLAN, IPv6"},
{ 0x04, "One VLAN, IPv4"},
{ 0x05, "One VLAN, IPv6"},
{ 0x06, "Two VLANs, IPv4"},
{ 0x07, "Two VLANs, IPv6"},
{ 0, NULL}
};
static const value_string erf_port_type[] = {
{ 0x00, "Reserved"},
{ 0x01, "Capture Port"},
{ 0x02, "Timing Port"},
{ 0, NULL}
};
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
static const value_string erf_clk_source[] = {
{ 0x00, "Invalid"},
{ 0x01, "None" },
{ 0x02, "External"},
{ 0x03, "Host"},
{ 0x04, "Link Cable"},
{ 0x05, "PTP"},
{ 0x06, "Internal"},
{ 0, NULL}
};
static const value_string erf_clk_state[] = {
{ 0x00, "Invalid" },
{ 0x01, "Unsynchronized"},
{ 0x02, "Synchronized"},
{ 0, NULL}
};
static const value_string erf_clk_link_mode[] = {
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
{ 0x00, "Invalid"},
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ 0x01, "Not Connected"},
{ 0x02, "Master"},
{ 0x03, "Disabled Master"},
{ 0x04, "Slave"},
{ 0, NULL}
};
static const value_string erf_clk_port_proto[] = {
{ 0x00, "Invalid" },
{ 0x01, "None" },
{ 0x02, "1PPS" },
{ 0x03, "IRIG-B" },
{ 0x04, "Ethernet" },
{ 0, NULL }
};
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
static const value_string erf_tap_mode[] = {
{ 0x00, "Invalid" },
{ 0x01, "Off" },
{ 0x02, "Active" },
{ 0x03, "Monitor" },
{ 0x04, "Bypass" },
{ 0x05, "Blocking" },
{ 0, NULL }
};
static const value_string erf_tap_fail_mode[] = {
{ 0x00, "Invalid" },
{ 0x01, "Off" },
{ 0x02, "Open" },
{ 0x03, "Closed" },
{ 0, NULL }
};
static const value_string erf_dpi_state[] = {
{ 0x00, "Terminated"},
{ 0x01, "Inspecting"},
{ 0x02, "Monitoring"},
{ 0x03, "Classified"},
{ 0, NULL}
};
static const value_string erf_flow_state[] = {
{ 0x00, "Active"},
{ 0x01, "Terminated"},
{ 0x02, "Expired"},
{ 0, NULL}
};
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Used as templates for ERF_META_TAG_tunneling_mode */
static const header_field_info erf_tunneling_modes[] = {
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ "IP-in-IP", "ip_in_ip", FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* 0x02 is currently unused and reserved */
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ "VXLAN", "vxlan", FT_BOOLEAN, 32, NULL, 0x4, NULL, HFILL },
{ "GRE", "gre", FT_BOOLEAN, 32, NULL, 0x8, NULL, HFILL },
{ "GTP", "gtp", FT_BOOLEAN, 32, NULL, 0x10, NULL, HFILL },
{ "MPLS over VLAN", "mpls_vlan", FT_BOOLEAN, 32, NULL, 0x20, NULL, HFILL }
};
static const true_false_string erf_link_status_tfs = {
"Up",
"Down"
};
/* Used as templates for ERF_META_TAG_if_link_status */
static const header_field_info erf_link_status[] = {
{ "Link", "link", FT_BOOLEAN, 32, TFS(&erf_link_status_tfs), 0x1, NULL, HFILL }
};
/* Used as templates for ERF_META_TAG_ptp_time_properties */
static const header_field_info erf_ptp_time_properties_flags[] = {
{ "Leap61", "leap61", FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL },
{ "Leap59", "leap59", FT_BOOLEAN, 32, NULL, 0x2, NULL, HFILL },
{ "Current UTC Offset Valid", "currentUtcOffsetValid", FT_BOOLEAN, 32, NULL, 0x4, NULL, HFILL },
{ "PTP Timescale", "ptpTimescale", FT_BOOLEAN, 32, NULL, 0x8, NULL, HFILL },
{ "Time Traceable", "timeTraceable", FT_BOOLEAN, 32, NULL, 0x10, NULL, HFILL },
{ "Frequency Traceable", "frequencyTraceable", FT_BOOLEAN, 32, NULL, 0x20, NULL, HFILL }
};
/* Used as templates for ERF_META_TAG_ptp_gm_clock_quality */
static const header_field_info erf_ptp_clock_quality[] = {
{ "Clock Class", "clockClass", FT_UINT32, BASE_DEC, NULL, 0xFF000000, NULL, HFILL },
{ "Clock Accuracy", "clockAccuracy", FT_UINT32, BASE_DEC | BASE_EXT_STRING, &ptp_v2_clockAccuracy_vals_ext, 0x00FF0000, NULL, HFILL },
{ "Offset Scaled Log Variance","offsetScaledLogVariance", FT_UINT32, BASE_DEC, NULL, 0x0000FFFF, NULL, HFILL },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
};
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
/* Used as templates for ERF_META_TAG_parent_section */
static const header_field_info erf_parent_section[] = {
{ "Section Type", "section_type", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL },
{ "Section ID", "section_id", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }
};
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
/* Used as templates for ERF_META_TAG_stream_flags */
static const header_field_info erf_stream_flags[] = {
{ "Relative Snapping", "relative_snap", FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL },
{ "Entropy Snapping", "entropy_snap", FT_BOOLEAN, 32, NULL, 0x2, NULL, HFILL }
};
/* Used as templates for ERF_META_TAG_ext_hdrs_added/removed subtrees */
static const header_field_info erf_ext_hdr_items[] = {
{ "Extension Headers 0 to 31", "0_31", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
{ "Extension Headers 32 to 63", "32_63", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
{ "Extension Headers 64 to 95", "64_95", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL },
{ "Extension Headers 96 to 127", "96_127", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL }
};
/* Used as templates for ERF_META_TAG_smart_trunc_default */
static const header_field_info erf_smart_trunc_default_flags[] = {
{ "Truncation Candidate", "trunc_candidate", FT_BOOLEAN, 32, &tfs_yes_no, 0x1, NULL, HFILL }
};
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
typedef struct {
guint16 code;
header_field_info hfinfo;
} erf_meta_hf_template_t;
typedef struct {
gint ett_value;
/*
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
* XXX: Must be at least array_length(ehdr_type_vals). Should change to
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
* dynamic (possibly using new proto tree API) if many more fields defined.
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
* Non-trivial as bitmask functions take an array of pointers not values.
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
* Either that or add a value-string-like automatic bitmask flags proto_item.
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
*
* Note that this struct is only added for tags that need it.
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
*/
int hf_values[ERF_HF_VALUES_PER_TAG];
} erf_meta_tag_info_ex_t;
typedef struct {
guint16 code;
guint16 section;
const erf_meta_hf_template_t* tag_template;
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
const erf_meta_hf_template_t* section_template;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
gint ett;
int hf_value;
erf_meta_tag_info_ex_t *extra;
/* TODO: could add a type_value and callback here for greater flexibility */
} erf_meta_tag_info_t;
typedef struct {
wmem_map_t* tag_table;
wmem_array_t* hfri;
wmem_array_t* ett;
wmem_array_t* vs_list;
wmem_array_t* vs_abbrev_list;
erf_meta_tag_info_t* unknown_section_info;
} erf_meta_index_t;
typedef struct {
wmem_map_t* source_map;
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
wmem_map_t* host_anchor_map;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
guint64 implicit_host_id;
} erf_state_t;
typedef struct {
wmem_tree_t* meta_tree;
wmem_list_t* meta_list;
} erf_source_info_t;
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
typedef struct {
guint frame_num;
} erf_anchored_info_t;
typedef struct {
wmem_tree_t* anchored_tree;
wmem_list_t* anchored_list;
} erf_host_anchor_info_t;
typedef struct {
guint64 host_id;
guint64 anchor_id;
} erf_anchor_key_t;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
#define ERF_SOURCE_KEY(host_id, source_id) (((guint64) host_id << 16) | source_id)
#define ERF_TAG_INFO_KEY(tag_info) (((guint32) (tag_info)->section << 16) | (tag_info)->code)
static erf_meta_index_t erf_meta_index;
static erf_state_t erf_state;
/*
* XXX: These header_field_info are used as templates for dynamically building
* per-section fields for each tag, as well as appropiate value_string arrays.
* We abuse the abbrev field to store the short name of the tags.
*/
static const erf_meta_hf_template_t erf_meta_tags[] = {
{ ERF_META_TAG_padding, { "Padding", "padding", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_comment, { "Comment", "comment", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_gen_time, { "Metadata Generation Time", "gen_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_parent_section, { "Parent Section", "parent_section", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_reset, { "Metadata Reset", "reset", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_event_time, { "Event Time", "event_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_host_id, { "Host ID", "host_id", FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL } },
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
{ ERF_META_TAG_attribute, { "Attribute", "attribute", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_fcs_len, { "FCS Length (bits)", "fcs_len", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_mask_ipv4, { "Subnet Mask (IPv4)", "mask_ipv4", FT_IPv4, BASE_NETMASK, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_mask_cidr, { "Subnet Mask (CIDR)", "mask_cidr", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_org_name, { "Organisation", "org_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_name, { "Name", "name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_descr, { "Description", "descr", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_config, { "Configuration", "config", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_datapipe, { "Datapipe Name", "datapipe", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_app_name, { "Application Name", "app_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_os, { "Operating System", "os", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_hostname, { "Hostname", "hostname", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_user, { "User", "user", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_model, { "Model", "model", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_fw_version, { "Firmware Version", "fw_version", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_serial_no, { "Serial Number", "serial_no", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ts_offset, { "Timestamp Offset", "ts_offset", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ts_clock_freq, { "Timestamp Clock Frequency (Hz)", "ts_clock_freq", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_tzone, { "Timezone Offset", "tzone", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_tzone_name, { "Timezone Name", "tzone_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_loc_lat, { "Location Latitude", "loc_lat", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_loc_long, { "Location Longitude", "loc_long", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_snaplen, { "Snap Length", "snaplen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_card_num, { "Card Number", "card_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_module_num, { "Module Number", "module_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_access_num, { "Access Number", "access_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stream_num, { "Stream Number", "stream_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_loc_name, { "Location Name", "loc_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_parent_file, { "Parent Filename", "parent_file", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_filter, { "Filter", "filter", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ ERF_META_TAG_flow_hash_mode, { "Flow Hash Mode", "flow_hash_mode", FT_UINT32, BASE_DEC, VALS(erf_hash_mode), 0x0, NULL, HFILL } },
{ ERF_META_TAG_tunneling_mode, { "Tunneling Mode", "tunneling_mode", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_npb_format, { "NPB Format", "npb_format", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_mem, { "Memory", "mem", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_datamine_id, { "Datamine ID", "datamine_id", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_rotfile_id, { "Rotfile ID", "rotfile_id", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_rotfile_name, { "Rotfile Name", "rotfile_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dev_name, { "Device Name", "dev_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dev_path, { "Device Canonical Path", "dev_path", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_loc_descr, { "Location Description", "loc_descr", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_app_version, { "Application Version", "app_version", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_cpu_affinity, { "CPU Affinity Mask", "cpu_affinity", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_cpu, { "CPU Model", "cpu", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_cpu_phys_cores, { "CPU Physical Cores", "cpu_phys_cores", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_cpu_numa_nodes, { "CPU NUMA Nodes", "cpu_numa_nodes", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dag_attribute, { "DAG Attribute", "dag_attribute", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
{ ERF_META_TAG_dag_version, { "DAG Software Version", "dag_version", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{ ERF_META_TAG_stream_flags, { "Stream Flags", "stream_flags", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_entropy_threshold, { "Entropy Threshold", "entropy_threshold", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_smart_trunc_default, { "Smart Truncation Default", "smart_trunc_default",FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ext_hdrs_added, { "Extension Headers Added", "ext_hdrs_added", FT_BYTES, BASE_NO_DISPLAY_VALUE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ext_hdrs_removed, { "Extension Headers Removed", "ext_hdrs_removed", FT_BYTES, BASE_NO_DISPLAY_VALUE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_relative_snaplen, { "Relative Snap Length", "relative_snaplen", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
{ ERF_META_TAG_temperature, { "Temperature", "temperature", FT_FLOAT, BASE_NONE|BASE_UNIT_STRING, &units_degree_celsius, 0x0, NULL, HFILL } },
{ ERF_META_TAG_power, { "Power Consumption", "power", FT_FLOAT, BASE_NONE|BASE_UNIT_STRING, &units_watt, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_if_num, { "Interface Number", "if_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_vc, { "Interface Virtual Circuit", "if_vc", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_speed, { "Interface Line Rate", "if_speed", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_ipv4, { "Interface IPv4 address", "if_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_ipv6, { "Interface IPv6 address", "if_ipv6", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_mac, { "Interface MAC address", "if_mac", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_eui, { "Interface EUI-64 address", "if_eui", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_ib_gid, { "Interface InfiniBand GID", "if_ib_gid", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_ib_lid, { "Interface InfiniBand LID", "if_ib_lid", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
{ ERF_META_TAG_if_wwn, { "Interface WWN", "if_wwn", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_if_fc_id, { "Interface FCID address", "if_fc_id", FT_BYTES, SEP_DOT, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_tx_speed, { "Interface TX Line Rate", "if_tx_speed", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_erf_type, { "Interface ERF type", "if_erf_type", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_link_type, { "Interface link type", "if_link_type", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_sfp_type, { "Interface Transceiver type", "if_sfp_type", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_rx_power, { "Interface RX Optical Power", "if_rx_power", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_tx_power, { "Interface TX Optical Power", "if_tx_power", FT_INT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_link_status, { "Interface Link Status", "if_link_status", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_phy_mode, { "Interface Endace PHY Mode", "if_phy_mode", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_if_port_type, { "Interface Port Type", "if_port_type", FT_UINT32, BASE_DEC, VALS(erf_port_type), 0x0, NULL, HFILL } },
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ ERF_META_TAG_if_rx_latency, { "Interface Uncorrected RX Latency", "if_rx_latency", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{ ERF_META_TAG_tap_mode, { "Tap Mode", "tap_mode", FT_UINT32, BASE_DEC, VALS(erf_tap_mode), 0x0, NULL, HFILL } },
{ ERF_META_TAG_tap_fail_mode, { "Tap Failover Mode", "tap_fail_mode", FT_UINT32, BASE_DEC, VALS(erf_tap_fail_mode), 0x0, NULL, HFILL } },
{ ERF_META_TAG_watchdog_expired, { "Watchdog Expired", "watchdog_expired", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_watchdog_interval, { "Watchdog Interval (ms)", "watchdog_interval", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_src_ipv4, { "Source IPv4 address", "src_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_ipv4, { "Destination IPv4 address", "dest_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_ipv6, { "Source IPv6 address", "src_ipv6", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_ipv6, { "Destination IPv6 address", "dest_ipv6", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_mac, { "Source MAC address", "src_mac", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_mac, { "Destination MAC address", "dest_mac", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_eui, { "Source EUI-64 address", "src_eui", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_eui, { "Destination EUI-64 address", "dest_eui", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_ib_gid, { "Source InfiniBand GID address", "src_ib_gid", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_ib_gid, { "Destination InfiniBand GID address", "dest_ib_gid", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_ib_lid, { "Source InfiniBand LID address", "src_ib_lid", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_ib_lid, { "Destination InfiniBand LID address", "dest_ib_lid", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
{ ERF_META_TAG_src_wwn, { "Source WWN address", "src_wwn", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_wwn, { "Destination WWN address", "dest_wwn", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_src_fc_id, { "Source FCID address", "src_fc_id", FT_BYTES, SEP_DOT, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_fc_id, { "Destination FCID address", "dest_fc_id", FT_BYTES, SEP_DOT, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_src_port, { "Source Port", "src_port", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dest_port, { "Destination Port", "dest_port", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
ERF: fix crash when displaying erf.ip_proto field Change-Id: Ib1d0c3d44d404dba2edca0d330693cde55beff25 Reviewed-on: https://code.wireshark.org/review/14781 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2016-04-02 11:56:43 +00:00
{ ERF_META_TAG_ip_proto, { "IP Protocol", "ip_proto", FT_UINT32, BASE_DEC|BASE_EXT_STRING, &ipproto_val_ext, 0x0, NULL, HFILL } },
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{ ERF_META_TAG_flow_hash, { "Flow Hash", "flow_hash", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_filter_match, { "Filter Match", "filter_match", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_filter_match_name, { "Filter Match Name", "filter_match_name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_error_flags, { "Error Flags", "error_flags", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{ ERF_META_TAG_initiator_pkts, { "Initiator Packets", "initiator_pkts", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_pkts, { "Responder Packets", "responder_pkts", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_bytes, { "Initiator Bytes", "initiator_bytes", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_bytes, { "Responder Bytes", "responder_bytes", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_min_entropy, { "Initiator Minimum Entropy", "initiator_min_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_min_entropy, { "Responder Minimum Entropy", "responder_min_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_avg_entropy, { "Initiator Average Entropy", "initiator_avg_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_avg_entropy, { "Responder Average Entropy", "responder_avg_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_initiator_max_entropy, { "Initiator Maximum Entropy", "initiator_max_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_responder_max_entropy, { "Responder Maximum Entropy", "responder_max_entropy", FT_FLOAT, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_application, { "DPI Application", "dpi_application", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_confidence, { "DPI Confidence", "dpi_confidence", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_state, { "DPI State", "dpi_state", FT_UINT32, BASE_NONE, VALS(erf_dpi_state), 0x0, NULL, HFILL } },
{ ERF_META_TAG_dpi_protocol_stack, { "DPI Protocol Stack", "dpi_protocol_stack", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_flow_state, { "Flow State", "flow_state", FT_UINT32, BASE_NONE, VALS(erf_flow_state), 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_start_time, { "Start Time", "start_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_end_time, { "End Time", "end_time", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_if_drop, { "Interface Drop", "stat_if_drop", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_frames, { "Packets Received", "stat_frames", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_bytes, { "Bytes Received", "stat_bytes", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_cap, { "Packets Captured", "stat_cap", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_cap_bytes, { "Bytes Captured", "stat_cap_bytes", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_os_drop, { "OS Drop", "stat_os_drop", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_ds_lctr, { "Internal Error Drop", "stat_ds_lctr", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_filter_match, { "Filter Match", "stat_filter_match", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_filter_drop, { "Filter Drop", "stat_filter_drop", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_too_short, { "Packets Too Short", "stat_too_short", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_too_long, { "Packets Too Long", "stat_too_long", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_rx_error, { "Packets RX Error", "stat_rx_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_fcs_error, { "Packets FCS Error", "stat_fcs_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_aborted, { "Packets Aborted", "stat_aborted", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_proto_error, { "Packets Protocol Error", "stat_proto_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_b1_error, { "SDH B1 Errors", "stat_b1_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_b2_error, { "SDH B2 Errors", "stat_b2_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_b3_error, { "SDH B3 Errors", "stat_b3_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_rei_error, { "SDH REI Errors", "stat_rei_error", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_drop, { "Packets Dropped", "stat_drop", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stat_buf_drop, { "Buffer Drop", "stat_buf_drop", FT_UINT64, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stream_drop, { "Stream Drop", "stream_drop", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_stream_buf_drop, { "Stream Buffer Drop", "stream_buf_drop", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_host_ipv4, { "IPv4 Name", "ns_host_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_host_ipv6, { "IPv6 Name", "ns_host_ipv6", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_host_mac, { "MAC Name", "ns_host_mac", FT_ETHER, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_host_eui, { "EUI Name", "ns_host_eui", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_host_ib_gid, { "InfiniBand GID Name", "ns_host_ib_gid", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_host_ib_lid, { "InfiniBand LID Name", "ns_host_ib_lid", FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
{ ERF_META_TAG_ns_host_wwn, { "WWN Name", "ns_host_wwn", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ ERF_META_TAG_ns_host_fc_id, { "FCID Name", "ns_host_fc_id", FT_BYTES, SEP_DOT, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_dns_ipv4, { "Nameserver IPv4 address", "ns_dns_ipv4", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ns_dns_ipv6, { "Nameserver IPv6 address", "ns_dns_ipv6", FT_IPv6, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_exthdr, { "ERF Extension Header", "exthdr", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
Use pcapng as the name of the file format. At one point, I remember a discussion resulting in the official name of the next-generation replacement for pcap format being changed to "pcapng", with no hyphen. Make Wireshark reflect that. Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a Reviewed-on: https://code.wireshark.org/review/25214 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-01-09 00:38:10 +00:00
{ ERF_META_TAG_pcap_ng_block, { "Pcapng Block", "pcap_ng_block", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
{ ERF_META_TAG_asn1, { "ASN.1", "asn1", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_source, { "Clock Source", "clk_source", FT_UINT32, BASE_DEC, VALS(erf_clk_source), 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_state, { "Clock State", "clk_state", FT_UINT32, BASE_DEC, VALS(erf_clk_state), 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_threshold, { "Clock Threshold", "clk_threshold", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_correction, { "Clock Correction", "clk_correction", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_failures, { "Clock Failures", "clk_failures", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_resyncs, { "Clock Resyncs", "clk_resyncs", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_phase_error, { "Clock Phase Error", "clk_phase_error", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_input_pulses, { "Clock Input Pulses", "clk_input_pulses", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_rejected_pulses, { "Clock Rejected Pulses", "clk_rejected_pulses", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_phc_index, { "Clock PHC Index", "clk_phc_index", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_phc_offset, { "Clock PHC Offset", "clk_phc_offset", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_timebase, { "Clock Timebase", "clk_timebase", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_descr, { "Clock Description", "clk_descr", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_out_source, { "Clock Output Source", "clk_out_source", FT_UINT32, BASE_DEC, VALS(erf_clk_source), 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_link_mode, { "Clock Link Cable Mode", "clk_link_mode", FT_UINT32, BASE_DEC, VALS(erf_clk_link_mode), 0x0, NULL, HFILL } },
/*
* PTP tags use the native PTPv2 format to preserve precision
* (except expanding integers to 32-bit).
*/
{ ERF_META_TAG_ptp_domain_num, { "PTP Domain Number", "ptp_domain_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_steps_removed, { "PTP Steps Removed", "ptp_steps_removed", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
/* PTP TimeInterval scaled nanoseconds, using FT_RELATIVE_TIME so can compare with clk_threshold */
{ ERF_META_TAG_ptp_offset_from_master, { "PTP Offset From Master", "ptp_offset_from_master", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_mean_path_delay, { "PTP Mean Path Delay", "ptp_mean_path_delay", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_parent_identity, { "PTP Parent Clock Identity", "ptp_parent_identity", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_parent_port_num, { "PTP Parent Port Number", "ptp_parent_port_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_gm_identity, { "PTP Grandmaster Identity", "ptp_gm_identity", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
/* PTP ClockQuality combined field, see erf_ptp_clock_quality */
{ ERF_META_TAG_ptp_gm_clock_quality, { "PTP Grandmaster Clock Quality", "ptp_gm_clock_quality", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
/* Integer seconds, using FT_RELATIVE_TIME so can compare with clk_phc_offset */
{ ERF_META_TAG_ptp_current_utc_offset, { "PTP Current UTC Offset", "ptp_current_utc_offset", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, NULL, HFILL } },
/* PTP TIME_PROPERTIES_DATA_SET flags, see erf_ptp_time_properties_flags */
{ ERF_META_TAG_ptp_time_properties, { "PTP Time Properties", "ptp_time_properties", FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_time_source, { "PTP Time Source", "ptp_time_source", FT_UINT32, BASE_DEC | BASE_EXT_STRING, &ptp_v2_timeSource_vals_ext, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_clock_identity, { "PTP Clock Identity", "ptp_clock_identity", FT_EUI64, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_port_num, { "PTP Port Number", "ptp_port_num", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_port_state, { "PTP Port State", "ptp_port_state", FT_UINT32, BASE_DEC | BASE_EXT_STRING, &ptp_v2_portState_vals_ext, 0x0, NULL, HFILL } },
{ ERF_META_TAG_ptp_delay_mechanism, { "PTP Delay Mechanism", "ptp_delay_mechanism", FT_UINT32, BASE_DEC, VALS(ptp_v2_delayMechanism_vals), 0x0, NULL, HFILL } },
{ ERF_META_TAG_clk_port_proto, { "Clock Input Port Protocol", "clk_port_proto", FT_UINT32, BASE_DEC, VALS(erf_clk_port_proto), 0x0, NULL, HFILL } }
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
};
/* Sections are also tags, but enumerate them seperately to make logic simpler */
static const erf_meta_hf_template_t erf_meta_sections[] = {
/*
* Some tags (such as generation time) can appear before the first section,
* we group these together into a fake section for consistency.
*/
{ ERF_META_SECTION_NONE, { "No Section", "section_none", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_UNKNOWN, { "Unknown Section", "section_unknown", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_CAPTURE, { "Capture Section", "section_capture", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_HOST, { "Host Section", "section_host", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_MODULE, { "Module Section", "section_module", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_INTERFACE, { "Interface Section", "section_interface", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_FLOW, { "Flow Section", "section_flow", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_STATS, { "Statistics Section", "section_stats", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_INFO, { "Information Section", "section_info", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_CONTEXT, { "Context Section", "section_context", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_STREAM, { "Stream Section", "section_stream", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_TRANSFORM, { "Transform Section", "section_transform", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_DNS, { "DNS Section", "section_dns", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
{ ERF_META_SECTION_SOURCE, { "Source Section", "section_source", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } }
};
Some ERF pseudo-headers have color instead of lctr value Don't report expert-info warnings for lctr when it is actually color. Change-Id: I689ec84dd8f1cafa1ec7e8740f9bc4091339929a Reviewed-on: https://code.wireshark.org/review/20306 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-27 21:13:42 +00:00
static int erf_type_has_color(unsigned int type) {
switch (type & ERF_HDR_TYPE_MASK) {
case ERF_TYPE_COLOR_HDLC_POS:
case ERF_TYPE_COLOR_ETH:
case ERF_TYPE_COLOR_HASH_POS:
case ERF_TYPE_COLOR_HASH_ETH:
case ERF_TYPE_DSM_COLOR_HDLC_POS:
case ERF_TYPE_DSM_COLOR_ETH:
case ERF_TYPE_COLOR_MC_HDLC_POS:
return 1;
}
return 0;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static erf_meta_tag_info_ex_t* erf_meta_tag_info_ex_new(wmem_allocator_t *allocator) {
gsize i = 0;
erf_meta_tag_info_ex_t *extra = wmem_new0(allocator, erf_meta_tag_info_ex_t);
extra->ett_value = -1;
for (i = 0; i < array_length(extra->hf_values); i++) {
extra->hf_values[i] = -1;
}
return extra;
}
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
static erf_meta_tag_info_t* erf_meta_tag_info_new(wmem_allocator_t *allocator, const erf_meta_hf_template_t *section, const erf_meta_hf_template_t *tag) {
erf_meta_tag_info_t *tag_info = wmem_new0(allocator, erf_meta_tag_info_t);
tag_info->code = tag->code;
tag_info->section = section->code;
tag_info->ett = -1;
tag_info->hf_value = -1;
tag_info->tag_template = tag;
tag_info->section_template = section;
tag_info->extra = NULL;
return tag_info;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static erf_meta_tag_info_t*
init_section_fields(wmem_array_t *hfri_table, wmem_array_t *ett_table, const erf_meta_hf_template_t *section)
{
erf_meta_tag_info_t *section_info;
gint *ett_tmp; /* wmem_array_append needs actual memory to copy from */
hf_register_info hfri_tmp[] = {
{ NULL, { "Section ID", NULL, FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, /* Section ID */
{ NULL, { "Section Length", NULL, FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL }}, /* Section Length */
{ NULL, { "Reserved", NULL, FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }} /* Reserved extra bytes */
};
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
section_info = erf_meta_tag_info_new(wmem_epan_scope(), section, section /*Needed for lookup commonality*/);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
section_info->extra = erf_meta_tag_info_ex_new(wmem_epan_scope());
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
/*Can't use the generic functions here because directly at section level*/
Use faster wmem_str* functions in a few places. Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf. This shaves a small amount of time off of register_all_protocols on Windows according to the Visual Studio profiler. Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4 Reviewed-on: https://code.wireshark.org/review/14770 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-01 19:48:22 +00:00
hfri_tmp[0].hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(), "erf.meta.", section->hfinfo.abbrev, ".section_id", NULL);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
hfri_tmp[0].p_id = &section_info->hf_value;
Use faster wmem_str* functions in a few places. Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf. This shaves a small amount of time off of register_all_protocols on Windows according to the Visual Studio profiler. Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4 Reviewed-on: https://code.wireshark.org/review/14770 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-01 19:48:22 +00:00
hfri_tmp[1].hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(), "erf.meta.", section->hfinfo.abbrev, ".section_len", NULL);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
hfri_tmp[1].p_id = &section_info->extra->hf_values[0];
Use faster wmem_str* functions in a few places. Use wmem_strdup and wmem_strconcat instead of wmem_strdup_printf. This shaves a small amount of time off of register_all_protocols on Windows according to the Visual Studio profiler. Change-Id: Ib6991e8de5b4fc30e960c513a3028c09dfe6a0a4 Reviewed-on: https://code.wireshark.org/review/14770 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-01 19:48:22 +00:00
hfri_tmp[2].hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(), "erf.meta.", section->hfinfo.abbrev, ".section_hdr_rsvd", NULL);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
hfri_tmp[2].p_id = &section_info->extra->hf_values[1];
/* Add hf_register_info, ett entries */
wmem_array_append(hfri_table, hfri_tmp, array_length(hfri_tmp));
ett_tmp = &section_info->ett;
wmem_array_append(ett_table, &ett_tmp, 1);
ett_tmp = &section_info->extra->ett_value;
wmem_array_append(ett_table, &ett_tmp, 1);
return section_info;
}
static erf_meta_tag_info_t*
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
init_tag_value_field(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info)
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
hf_register_info hfri_tmp = { NULL, { NULL, NULL, FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}; /* Value, will be filled from template */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
/* Add value field */
hfri_tmp.p_id = &tag_info->hf_value;
hfri_tmp.hfinfo = tag_info->tag_template->hfinfo;
hfri_tmp.hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(), "erf.meta.", tag_info->section_template->hfinfo.abbrev, ".", tag_info->tag_template->hfinfo.abbrev, NULL);
wmem_array_append_one(hfri_table, hfri_tmp);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
return tag_info;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
static erf_meta_tag_info_t*
init_tag_value_subfields(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info, const header_field_info *extra_fields, int extra_fields_len)
{
int i = 0;
hf_register_info hfri_tmp = { NULL, { NULL, NULL, FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }}; /* Value, will be filled from template */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
if (extra_fields) {
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
tag_info->extra = erf_meta_tag_info_ex_new(wmem_epan_scope());
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
for (i = 0; i < extra_fields_len; i++) {
/* Add value subfield */
hfri_tmp.p_id = &tag_info->extra->hf_values[i];
hfri_tmp.hfinfo = extra_fields[i];
hfri_tmp.hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(), "erf.meta.", tag_info->section_template->hfinfo.abbrev, ".", tag_info->tag_template->hfinfo.abbrev, ".", extra_fields[i].abbrev, NULL);
wmem_array_append_one(hfri_table, hfri_tmp);
}
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
return tag_info;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
static erf_meta_tag_info_t*
init_ext_hdrs_tag_value_subfields(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info)
{
gsize i = 0;
gsize num_known_ext_hdrs = array_length(ehdr_type_vals) -1 /*null terminated*/;
hf_register_info hfri_tmp = { NULL, { NULL, NULL, FT_BOOLEAN, 32, NULL, 0x1, NULL, HFILL } }; /* Value, will be filled from template */
DISSECTOR_ASSERT(array_length(ehdr_type_vals_short) > num_known_ext_hdrs);
/* XXX: this currently supports only up to 27 known extension headers */
DISSECTOR_ASSERT(ERF_HF_VALUES_PER_TAG > num_known_ext_hdrs - 4); /* -1 sentinel terminated */
/* Use the first 4 hf_values for 32-bit subtree */
init_tag_value_subfields(hfri_table, tag_info, erf_ext_hdr_items, array_length(erf_ext_hdr_items));
DISSECTOR_ASSERT(tag_info->extra);
/*Fill in the rest of the remaining 27 entries with any known tag entries values */
for (i = 0; i < num_known_ext_hdrs; i++) {
/* Add value subfield */
hfri_tmp.p_id = &tag_info->extra->hf_values[4+i];
hfri_tmp.hfinfo.bitmask = (guint64)1 << ehdr_type_vals[i].value;
hfri_tmp.hfinfo.name = ehdr_type_vals[i].strptr;
hfri_tmp.hfinfo.abbrev = wmem_strconcat(wmem_epan_scope(),
"erf.meta.", tag_info->section_template->hfinfo.abbrev, ".", tag_info->tag_template->hfinfo.abbrev, ".", ehdr_type_vals_short[i].strptr, NULL);
wmem_array_append_one(hfri_table, hfri_tmp);
}
return tag_info;
}
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
static erf_meta_tag_info_t*
init_ns_addr_tag_value_fields(wmem_array_t *hfri_table, erf_meta_tag_info_t *tag_info)
{
header_field_info ns_addr_extra_fields[] = {
{ NULL, NULL, FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }, /* Address value, will be filled from template */
{ "Name", "name", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL } /* Name value */
};
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
tag_info->extra = erf_meta_tag_info_ex_new(wmem_epan_scope());
/* Set address subfield type, etc. from template based on address type */
ns_addr_extra_fields[0] = tag_info->tag_template->hfinfo;
ns_addr_extra_fields[0].name = "Address";
ns_addr_extra_fields[0].abbrev = "addr";
/* Don't need a main value as we just use a text subtree */
/* Init subfields */
init_tag_value_subfields(hfri_table, tag_info, ns_addr_extra_fields, array_length(ns_addr_extra_fields));
return tag_info;
}
static erf_meta_tag_info_t*
init_tag_fields(wmem_array_t *hfri_table, wmem_array_t *ett_table, const erf_meta_hf_template_t *section, const erf_meta_hf_template_t *tag)
{
erf_meta_tag_info_t *tag_info;
gint *ett_tmp; /* wmem_array_append needs actual memory to copy from */
tag_info = erf_meta_tag_info_new(wmem_epan_scope(), section, tag);
/*Tags with subfields (only)*/
/*XXX: Can't currently easily be described in the template because
* there is curently no dissect bitfield equivalent that supports arbitrary
* types/offsets*/
switch (tag->code) {
/*Special case: parent_section*/
case ERF_META_TAG_parent_section:
/*Don't need a main value*/
/*Init subfields*/
init_tag_value_subfields(hfri_table, tag_info, erf_parent_section, array_length(erf_parent_section));
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
break;
/* Special case: name entry */
case ERF_META_TAG_ns_dns_ipv4:
case ERF_META_TAG_ns_dns_ipv6:
case ERF_META_TAG_ns_host_ipv4:
case ERF_META_TAG_ns_host_ipv6:
case ERF_META_TAG_ns_host_mac:
case ERF_META_TAG_ns_host_eui:
case ERF_META_TAG_ns_host_wwn:
case ERF_META_TAG_ns_host_ib_gid:
case ERF_META_TAG_ns_host_ib_lid:
case ERF_META_TAG_ns_host_fc_id:
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
init_ns_addr_tag_value_fields(hfri_table, tag_info);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
break;
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
/* Usual case: init single field template */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
default:
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
init_tag_value_field(hfri_table, tag_info);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
break;
}
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
/*Tags that need additional subfields*/
switch (tag->code) {
/*Special case: bitfields*/
/*TODO: Maybe put extra_fields in template with dissect callback?*/
case ERF_META_TAG_tunneling_mode:
init_tag_value_subfields(hfri_table, tag_info, erf_tunneling_modes, array_length(erf_tunneling_modes));
break;
case ERF_META_TAG_if_link_status:
init_tag_value_subfields(hfri_table, tag_info, erf_link_status, array_length(erf_link_status));
break;
case ERF_META_TAG_ptp_time_properties:
init_tag_value_subfields(hfri_table, tag_info, erf_ptp_time_properties_flags, array_length(erf_ptp_time_properties_flags));
break;
case ERF_META_TAG_ptp_gm_clock_quality:
init_tag_value_subfields(hfri_table, tag_info, erf_ptp_clock_quality, array_length(erf_ptp_clock_quality));
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
break;
case ERF_META_TAG_stream_flags:
init_tag_value_subfields(hfri_table, tag_info, erf_stream_flags, array_length(erf_stream_flags));
break;
case ERF_META_TAG_smart_trunc_default:
init_tag_value_subfields(hfri_table, tag_info, erf_smart_trunc_default_flags, array_length(erf_smart_trunc_default_flags));
break;
case ERF_META_TAG_ext_hdrs_added:
case ERF_META_TAG_ext_hdrs_removed:
init_ext_hdrs_tag_value_subfields(hfri_table, tag_info);
break;
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
}
/* Add ett entries */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ett_tmp = &tag_info->ett;
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
wmem_array_append_one(ett_table, ett_tmp);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
return tag_info;
}
static void
init_meta_tags(void)
{
unsigned int i, j = 0;
const erf_meta_hf_template_t *section = NULL;
const erf_meta_hf_template_t *tag = NULL;
erf_meta_tag_info_t *tag_info;
value_string vs_tmp = {0, NULL};
erf_meta_index.tag_table = wmem_map_new(wmem_epan_scope(), g_direct_hash, g_direct_equal);
erf_meta_index.vs_list = wmem_array_new(wmem_epan_scope(), sizeof(value_string));
erf_meta_index.vs_abbrev_list = wmem_array_new(wmem_epan_scope(), sizeof(value_string));
erf_meta_index.hfri = wmem_array_new(wmem_epan_scope(), sizeof(hf_register_info));
erf_meta_index.ett = wmem_array_new(wmem_epan_scope(), sizeof(gint*));
/* Generate tag fields */
for (j = 0; j < array_length(erf_meta_tags); j++) {
tag = &erf_meta_tags[j];
/* Generate copy of the tag for each section */
for (i = 0; i < array_length(erf_meta_sections); i++) {
section = &erf_meta_sections[i];
tag_info = init_tag_fields(erf_meta_index.hfri, erf_meta_index.ett, section, tag);
/* Add to hash table */
wmem_map_insert(erf_meta_index.tag_table, GUINT_TO_POINTER(ERF_TAG_INFO_KEY(tag_info)), tag_info);
}
/* Add value string entries */
vs_tmp.value = tag->code;
vs_tmp.strptr = tag->hfinfo.name;
wmem_array_append_one(erf_meta_index.vs_list, vs_tmp);
vs_tmp.value = tag->code;
vs_tmp.strptr = tag->hfinfo.abbrev;
wmem_array_append_one(erf_meta_index.vs_abbrev_list, vs_tmp);
}
/* Generate section fields (skipping section_none and parts of section_unknown) */
for (i = 1; i < array_length(erf_meta_sections); i++) {
section = &erf_meta_sections[i];
tag_info = init_section_fields(erf_meta_index.hfri, erf_meta_index.ett, section);
if (i != 1) { /* don't add value string for unknown section as it doesn't correspond to one section type code */
/* Add to hash table */
wmem_map_insert(erf_meta_index.tag_table, GUINT_TO_POINTER(ERF_TAG_INFO_KEY(tag_info)), tag_info);
/* Add value string entries */
vs_tmp.value = section->code;
vs_tmp.strptr = section->hfinfo.name;
wmem_array_append_one(erf_meta_index.vs_list, vs_tmp);
vs_tmp.value = section->code;
vs_tmp.strptr = section->hfinfo.abbrev;
wmem_array_append_one(erf_meta_index.vs_abbrev_list, vs_tmp);
} else {
/* Store section_unknown separately to simplify logic later */
erf_meta_index.unknown_section_info = tag_info;
}
}
/* Terminate value string lists with {0, NULL} */
vs_tmp.value = 0;
vs_tmp.strptr = NULL;
wmem_array_append_one(erf_meta_index.vs_list, vs_tmp);
wmem_array_append_one(erf_meta_index.vs_abbrev_list, vs_tmp);
/* TODO: try value_string_ext, requires sorting first */
}
erf: do not use VALS to cast a void pointer No functional change, but makes gcc -Wc++-compat happy. Change-Id: I3e90b6b1fdc6d558dfd410dffff3abc7cc3df10e Reviewed-on: https://code.wireshark.org/review/29759 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-20 09:25:03 +00:00
static inline value_string *erf_to_value_string(wmem_array_t *array) {
return (value_string *)wmem_array_get_raw(array);
}
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
static guint erf_anchor_key_hash(gconstpointer key) {
const erf_anchor_key_t *anchor_key = (const erf_anchor_key_t*) key;
return ((guint32)anchor_key->host_id ^ (guint32)anchor_key->anchor_id);
}
static gboolean erf_anchor_key_equal(gconstpointer a, gconstpointer b) {
const erf_anchor_key_t *anchor_key_a = (const erf_anchor_key_t*) a ;
const erf_anchor_key_t *anchor_key_b = (const erf_anchor_key_t*) b ;
return (anchor_key_a->host_id) == (anchor_key_b->host_id) &&
(anchor_key_a->anchor_id & ERF_EXT_HDR_TYPE_ANCHOR_ID) == (anchor_key_b->anchor_id & ERF_EXT_HDR_TYPE_ANCHOR_ID);
}
static void erf_host_anchor_info_insert(packet_info *pinfo, guint64 host_id, guint64 anchor_id, guint8 flags _U_) {
erf_host_anchor_info_t *anchor_info;
erf_anchor_key_t key = {host_id, anchor_id};
erf_anchored_info_t *anchored_info;
anchor_info = (erf_host_anchor_info_t*)wmem_map_lookup(erf_state.host_anchor_map, &key);
if(!anchor_info) {
erf_anchor_key_t *key_ptr = wmem_new(wmem_file_scope(), erf_anchor_key_t);
*key_ptr = key;
anchor_info = (erf_host_anchor_info_t*) wmem_new(wmem_file_scope(), erf_host_anchor_info_t);
anchor_info->anchored_tree = wmem_tree_new(wmem_file_scope());
anchor_info->anchored_list = wmem_list_new(wmem_file_scope());
wmem_map_insert(erf_state.host_anchor_map, key_ptr, anchor_info);
}
/* Information about this frame associated with the Anchor ID */
anchored_info = (erf_anchored_info_t*)wmem_tree_lookup32(anchor_info->anchored_tree, pinfo->num);
if(!anchored_info) {
/* anchored_info not found */
anchored_info = (erf_anchored_info_t*)wmem_new(wmem_file_scope(), erf_anchored_info_t);
anchored_info->frame_num = pinfo->num;
wmem_list_append(anchor_info->anchored_list, anchored_info);
wmem_tree_insert32(anchor_info->anchored_tree, pinfo->num, anchored_info);
}
else {
return;
}
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static int
erf_source_append(guint64 host_id, guint8 source_id, guint32 num)
{
erf_source_info_t *source_info;
guint64 source_key = ERF_SOURCE_KEY(host_id, source_id);
source_info = (erf_source_info_t*) wmem_map_lookup(erf_state.source_map, &source_key);
if (!source_info) {
guint64 *source_key_ptr = wmem_new(wmem_file_scope(), guint64);
*source_key_ptr = source_key;
source_info = (erf_source_info_t*) wmem_new(wmem_file_scope(), erf_source_info_t);
source_info->meta_tree = wmem_tree_new(wmem_file_scope());
source_info->meta_list = wmem_list_new(wmem_file_scope());
wmem_map_insert(erf_state.source_map, source_key_ptr, source_info);
}
/* Add the frame to the list for that source */
wmem_list_append(source_info->meta_list, GUINT_TO_POINTER(num));
/*
* XXX: This assumes we are inserting fd_num in order, which we are as we use
* PINFO_FD_VISITED in caller.
*/
wmem_tree_insert32(source_info->meta_tree, num, wmem_list_tail(source_info->meta_list));
return 0;
}
static guint32
erf_source_find_closest(guint64 host_id, guint8 source_id, guint32 fnum, guint32 *fnum_next_ptr) {
wmem_list_frame_t *list_frame = NULL;
wmem_list_frame_t *list_frame_prev = NULL;
erf_source_info_t *source_info = NULL;
guint64 source_key = ERF_SOURCE_KEY(host_id, source_id);
guint32 fnum_prev = G_MAXUINT32;
guint32 fnum_next = G_MAXUINT32;
source_info = (erf_source_info_t*) wmem_map_lookup(erf_state.source_map, &source_key);
if (source_info) {
list_frame = (wmem_list_frame_t*) wmem_tree_lookup32_le(source_info->meta_tree, fnum);
if (list_frame) {
fnum_prev = GPOINTER_TO_UINT(wmem_list_frame_data(list_frame));
/* If looking at a metadata record, get the real previous meta frame */
if (fnum_prev == fnum) {
list_frame_prev = wmem_list_frame_prev(list_frame);
fnum_prev = list_frame_prev ? GPOINTER_TO_UINT(wmem_list_frame_data(list_frame_prev)) : G_MAXUINT32;
}
list_frame = wmem_list_frame_next(list_frame);
fnum_next = list_frame ? GPOINTER_TO_UINT(wmem_list_frame_data(list_frame)) : G_MAXUINT32;
} else {
/*
* XXX: Edge case: still need the first meta record to find the next one at the
* beginning of the file.
*/
list_frame = wmem_list_head(source_info->meta_list);
fnum_next = list_frame ? GPOINTER_TO_UINT(wmem_list_frame_data(list_frame)) : G_MAXUINT32;
fnum_prev = G_MAXUINT32;
}
}
if (fnum_next_ptr)
*fnum_next_ptr = fnum_next;
return fnum_prev;
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* Copy of atm_guess_traffic_type from atm.c in /wiretap */
static void
Replace tvb_get_ptr calls with a better API choice. Just reduces the overall tvb_get_ptr usage count in the dissector directory. Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812 Reviewed-on: https://code.wireshark.org/review/7491 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-03-02 04:03:27 +00:00
erf_atm_guess_lane_type(tvbuff_t *tvb, int offset, guint len,
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
struct atm_phdr *atm_info)
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
{
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
if (len >= 2) {
Replace tvb_get_ptr calls with a better API choice. Just reduces the overall tvb_get_ptr usage count in the dissector directory. Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812 Reviewed-on: https://code.wireshark.org/review/7491 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-03-02 04:03:27 +00:00
if (tvb_get_ntohs(tvb, offset) == 0xFF00) {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/*
* Looks like LE Control traffic.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->subtype = TRAF_ST_LANE_LE_CTRL;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
} else {
/*
* XXX - Ethernet, or Token Ring?
* Assume Ethernet for now; if we see earlier
* LANE traffic, we may be able to figure out
* the traffic type from that, but there may
* still be situations where the user has to
* tell us.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->subtype = TRAF_ST_LANE_802_3;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
}
}
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static void
Replace tvb_get_ptr calls with a better API choice. Just reduces the overall tvb_get_ptr usage count in the dissector directory. Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812 Reviewed-on: https://code.wireshark.org/review/7491 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-03-02 04:03:27 +00:00
erf_atm_guess_traffic_type(tvbuff_t *tvb, int offset, guint len,
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
struct atm_phdr *atm_info)
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
{
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/*
* Start out assuming nothing other than that it's AAL5.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->aal = AAL_5;
atm_info->type = TRAF_UNKNOWN;
atm_info->subtype = TRAF_ST_UNKNOWN;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
if (atm_info->vpi == 0) {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/*
* Traffic on some PVCs with a VPI of 0 and certain
* VCIs is of particular types.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
switch (atm_info->vci) {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
case 5:
/*
* Signalling AAL.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->aal = AAL_SIGNALLING;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
return;
case 16:
/*
* ILMI.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->type = TRAF_ILMI;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
return;
}
}
/*
* OK, we can't tell what it is based on the VPI/VCI; try
* guessing based on the contents, if we have enough data
* to guess.
*/
if (len >= 3) {
Replace tvb_get_ptr calls with a better API choice. Just reduces the overall tvb_get_ptr usage count in the dissector directory. Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812 Reviewed-on: https://code.wireshark.org/review/7491 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-03-02 04:03:27 +00:00
guint8 mtp3b;
if (tvb_get_ntoh24(tvb, offset) == 0xAAAA03) {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/*
* Looks like a SNAP header; assume it's LLC
* multiplexed RFC 1483 traffic.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->type = TRAF_LLCMX;
} else if ((atm_info->aal5t_len &&
atm_info->aal5t_len < 16) || len<16) {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/*
* As this cannot be a LANE Ethernet frame (less
* than 2 bytes of LANE header + 14 bytes of
* Ethernet header) we can try it as a SSCOP frame.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->aal = AAL_SIGNALLING;
Replace tvb_get_ptr calls with a better API choice. Just reduces the overall tvb_get_ptr usage count in the dissector directory. Change-Id: I455dc4cc9b082ecccdd254a2e5121f3353b5a812 Reviewed-on: https://code.wireshark.org/review/7491 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-03-02 04:03:27 +00:00
} else if (((mtp3b = tvb_get_guint8(tvb, offset)) == 0x83) || (mtp3b == 0x81)) {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/*
* MTP3b headers often encapsulate
* a SCCP or MTN in the 3G network.
* This should cause 0x83 or 0x81
* in the first byte.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->aal = AAL_SIGNALLING;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
} else {
/*
* Assume it's LANE.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->type = TRAF_LANE;
erf_atm_guess_lane_type(tvb, offset, len, atm_info);
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
}
} else {
/*
* Not only VCI 5 is used for signaling. It might be
* one of these VCIs.
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info->aal = AAL_SIGNALLING;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
}
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_classification_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
{
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (tree) {
proto_item *flags_item;
proto_tree *flags_tree;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
guint32 value = ((guint32)(hdr >> 32)) & EHDR_CLASS_FLAGS_MASK;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
flags_item = proto_tree_add_uint(tree, hf_erf_ehdr_class_flags, tvb, 0, 0, value);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
flags_tree = proto_item_add_subtree(flags_item, ett_erf_flags);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_sh, tvb, 0, 0, value);
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_shm, tvb, 0, 0, value);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_res1, tvb, 0, 0, value);
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_user, tvb, 0, 0, value);
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_res2, tvb, 0, 0, value);
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_drop, tvb, 0, 0, value);
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
proto_tree_add_uint(flags_tree, hf_erf_ehdr_class_flags_str, tvb, 0, 0, value);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_class_seqnum, tvb, 0, 0, (guint32)hdr);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
}
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_intercept_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
{
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (tree) {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_int_res1, tvb, 0, 0, (guint8)((hdr >> 48) & 0xFF));
proto_tree_add_uint(tree, hf_erf_ehdr_int_id, tvb, 0, 0, (guint16)((hdr >> 32 ) & 0xFFFF));
proto_tree_add_uint(tree, hf_erf_ehdr_int_res2, tvb, 0, 0, (guint32)hdr);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
}
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_raw_link_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
{
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (tree) {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_raw_link_res , tvb, 0, 0, (guint32)((hdr >> 32) & 0xFFFFFF));
proto_tree_add_uint(tree, hf_erf_ehdr_raw_link_seqnum , tvb, 0, 0, (guint32)((hdr >> 16) & 0xffff));
proto_tree_add_uint(tree, hf_erf_ehdr_raw_link_rate, tvb, 0, 0, (guint32)((hdr >> 8) & 0x00ff));
proto_tree_add_uint(tree, hf_erf_ehdr_raw_link_type, tvb, 0, 0, (guint32)(hdr & 0x00ff));
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
}
}
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_bfs_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
{
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (tree) {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_bfs_hash, tvb, 0, 0, (guint32)((hdr >> 48) & 0xFF));
proto_tree_add_uint(tree, hf_erf_ehdr_bfs_color, tvb, 0, 0, (guint32)((hdr >> 32) & 0xFFFF));
proto_tree_add_uint(tree, hf_erf_ehdr_bfs_raw_hash, tvb, 0, 0, (guint32)(hdr & 0xFFFFFFFF));
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
}
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
static int
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
int i = 0; /* i = 3 --> ITU-T letter #D - index of AUG-16
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
* i = 2 --> ITU-T letter #C - index of AUG-4,
Fix fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Don't overflow in_fmt->m_vc_index_array: verify that speed is less than or equal to DECHAN_MAX_AUG_INDEX before using it. Also add a comment: there are comments here that indicate that this array should have 5 entries but there are only 4. svn path=/trunk/; revision=44306
2012-08-07 18:17:29 +00:00
* i = 1 --> ITU-T letter #B - index of AUG-1
* i = 0 --> ITU-T letter #A - index of AU3*/
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
if ( (0 == vc_size) || (vc_size > DECHAN_MAX_VC_SIZE) || (rate > DECHAN_MAX_LINE_RATE) )
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
/* unknown / unused / invalid container size or invalid line rate */
in_fmt->m_vc_size = 0;
in_fmt->m_sdh_line_rate = 0;
memset(&(in_fmt->m_vc_index_array[0]), 0x00, DECHAN_MAX_AUG_INDEX);
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
return -1;
}
Fix fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Don't overflow in_fmt->m_vc_index_array: verify that speed is less than or equal to DECHAN_MAX_AUG_INDEX before using it. Also add a comment: there are comments here that indicate that this array should have 5 entries but there are only 4. svn path=/trunk/; revision=44306
2012-08-07 18:17:29 +00:00
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
in_fmt->m_vc_size = vc_size;
in_fmt->m_sdh_line_rate = rate;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX);
/* for STM64 traffic,from #D and so on .. */
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
for (i = (rate - 2); i >= 0; i--)
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
guint8 aug_n_index = 0;
/*if AUG-n is bigger than vc-size*/
if ( i >= (vc_size - 1))
{
/* check the value in bit flds */
aug_n_index = ((bit_flds >> (2 *i))& 0x3) +1;
}
For proto_tree_add_item(..., proto_xxx, ...)use ENC_NA as the encoding arg. Also: remove trailing whitespace for a number of files. svn path=/trunk/; revision=39503
2011-10-21 02:10:19 +00:00
else
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
aug_n_index = 0;
}
in_fmt->m_vc_index_array[i] = aug_n_index;
}
return 0;
}
static void
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
channelised_fill_vc_id_string(wmem_strbuf_t* out_string, sdh_g707_format_t* in_fmt)
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
Fix bugs in buffer overflow checking used with calls to g_snprintf(); svn path=/trunk/; revision=41344
2012-03-04 23:34:58 +00:00
int i;
gboolean is_printed = FALSE;
Fix a bunch of warnings. Cast away some implicit 64-bit-to-32-bit conversion errors due to use of sizeof. Cast away some implicit 64-bit-to-32-bit conversion errors due to use of strtol() and strtoul(). Change some data types to avoid those implicit conversion warnings. When assigning a constant to a float, make sure the constant isn't a double, by appending "f" to the constant. Constify a bunch of variables, parameters, and return values to eliminate warnings due to strings being given const qualifiers. Cast away those warnings in some cases where an API we don't control forces us to do so. Enable a bunch of additional warnings by default. Note why at least some of the other warnings aren't enabled. randpkt.c and text2pcap.c are used to build programs, so they don't need to be in EXTRA_DIST. If the user specifies --enable-warnings-as-errors, add -Werror *even if the user specified --enable-extra-gcc-flags; assume they know what they're doing and are willing to have the compile fail due to the extra GCC warnings being treated as errors. svn path=/trunk/; revision=46748
2012-12-26 05:57:06 +00:00
static const char* g_vc_size_strings[] = {
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
"unknown", /*0x0*/
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
"VC3", /*0x1*/
"VC4", /*0x2*/
"VC4-4c", /*0x3*/
"VC4-16c", /*0x4*/
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
"VC4-64c", /*0x5*/};
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_truncate(out_string, 0);
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
if ( (in_fmt->m_vc_size > DECHAN_MAX_VC_SIZE) || (in_fmt->m_sdh_line_rate > DECHAN_MAX_LINE_RATE) )
{
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_append_printf(out_string, "Malformed");
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
return;
}
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_append_printf(out_string, "%s(",
(in_fmt->m_vc_size < array_length(g_vc_size_strings)) ?
g_vc_size_strings[in_fmt->m_vc_size] : g_vc_size_strings[0] );
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
if (in_fmt->m_sdh_line_rate <= 0 )
{
/* line rate is not given */
for (i = (DECHAN_MAX_AUG_INDEX -1); i >= 0; i--)
{
Fix bugs in buffer overflow checking used with calls to g_snprintf(); svn path=/trunk/; revision=41344
2012-03-04 23:34:58 +00:00
if ((in_fmt->m_vc_index_array[i] > 0) || (is_printed) )
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_append_printf(out_string, "%s%d",
((is_printed)?", ":""),
in_fmt->m_vc_index_array[i]);
Fix bugs in buffer overflow checking used with calls to g_snprintf(); svn path=/trunk/; revision=41344
2012-03-04 23:34:58 +00:00
is_printed = TRUE;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
}
}
}
else
{
for (i = in_fmt->m_sdh_line_rate - 2; i >= 0; i--)
{
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_append_printf(out_string, "%s%d",
Fix bugs in buffer overflow checking used with calls to g_snprintf(); svn path=/trunk/; revision=41344
2012-03-04 23:34:58 +00:00
((is_printed)?", ":""),
in_fmt->m_vc_index_array[i]);
is_printed = TRUE;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
}
}
if ( ! is_printed )
{
it's ==> its & its ==> it's as needed. svn path=/trunk/; revision=47891
2013-02-26 01:06:19 +00:00
/* Not printed . possibly it's a ocXc packet with (0,0,0...) */
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
for ( i =0; i < in_fmt->m_vc_size - 2; i++)
{
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_append_printf(out_string, "%s0",
Fix bugs in buffer overflow checking used with calls to g_snprintf(); svn path=/trunk/; revision=41344
2012-03-04 23:34:58 +00:00
((is_printed)?", ":""));
is_printed = TRUE;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
}
}
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_append_c(out_string, ')');
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
return;
For proto_tree_add_item(..., proto_xxx, ...)use ENC_NA as the encoding arg. Also: remove trailing whitespace for a number of files. svn path=/trunk/; revision=39503
2011-10-21 02:10:19 +00:00
}
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
guint8 vc_id = (guint8)((hdr >> 24) & 0xFF);
guint8 vc_size = (guint8)((hdr >> 16) & 0xFF);
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
guint8 line_rate = (guint8)((hdr >> 8) & 0xFF);
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
sdh_g707_format_t g707_format;
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
wmem_strbuf_t *vc_id_string = wmem_strbuf_new_label(wmem_packet_scope());
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_rate);
g_snprintf → ep_strbuf. I can't find an ERF file with a virtual container but the conversion seemed be straightforward enough. svn path=/trunk/; revision=42951
2012-05-31 21:30:40 +00:00
channelised_fill_vc_id_string(vc_id_string, &g707_format);
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (tree) {
proto_tree_add_boolean(tree, hf_erf_ehdr_chan_morebits, tvb, 0, 0, (guint8)((hdr >> 63) & 0x1));
proto_tree_add_boolean(tree, hf_erf_ehdr_chan_morefrag, tvb, 0, 0, (guint8)((hdr >> 55) & 0x1));
proto_tree_add_uint(tree, hf_erf_ehdr_chan_seqnum, tvb, 0, 0, (guint16)((hdr >> 40) & 0x7FFF));
proto_tree_add_uint(tree, hf_erf_ehdr_chan_res, tvb, 0, 0, (guint8)((hdr >> 32) & 0xFF));
Convert a few more dissectors to wmem API svn path=/trunk/; revision=52052
2013-09-15 09:12:01 +00:00
proto_tree_add_uint_format_value(tree, hf_erf_ehdr_chan_virt_container_id, tvb, 0, 0, vc_id,
"0x%.2x (g.707: %s)", vc_id, wmem_strbuf_get_str(vc_id_string));
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_chan_assoc_virt_container_size, tvb, 0, 0, vc_size);
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_chan_rate, tvb, 0, 0, line_rate);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_chan_type, tvb, 0, 0, (guint8)((hdr >> 0) & 0xFF));
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
}
}
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_signature_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
{
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if(tree) {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_ehdr_signature_payload_hash, tvb, 0, 0, (guint32)((hdr >> 32) & 0xFFFFFF));
proto_tree_add_uint(tree, hf_erf_ehdr_signature_color, tvb, 0, 0, (guint8)((hdr >> 24) & 0xFF));
proto_tree_add_uint(tree, hf_erf_ehdr_signature_flow_hash, tvb, 0, 0, (guint32)(hdr & 0xFFFFFF));
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
}
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static void
dissect_host_id_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
{
if(tree) {
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
proto_tree_add_uint(tree, hf_erf_ehdr_host_id_sourceid, tvb, 0, 0, (guint8)((hdr >> 48) & 0xFF));
proto_tree_add_uint64(tree, hf_erf_ehdr_host_id_hostid, tvb, 0, 0, (hdr & ERF_EHDR_HOST_ID_MASK));
}
}
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
static void
dissect_anchor_id_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
{
static const int *anchor_flags[] =
{
&hf_erf_ehdr_anchor_id_definition,
&hf_erf_ehdr_anchor_id_reserved,
NULL
};
if(tree) {
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
proto_tree_add_bitmask_value(tree, tvb, 0, hf_erf_ehdr_anchor_id_flags, ett_erf_anchor_flags, anchor_flags, (guint8)(hdr >> 48) & 0xff);
proto_tree_add_uint64(tree, hf_erf_ehdr_anchor_id_anchorid, tvb, 0, 0, (hdr & ERF_EHDR_ANCHOR_ID_MASK));
}
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static void
dissect_flow_id_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
{
if(tree) {
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
proto_tree_add_uint(tree, hf_erf_ehdr_flow_id_source_id, tvb, 0, 0, (guint8)((hdr >> 48) & 0xFF));
proto_tree_add_uint(tree, hf_erf_ehdr_flow_id_hash_type, tvb, 0, 0, (guint8)((hdr >> 40) & 0xFF));
proto_tree_add_uint(tree, hf_erf_ehdr_flow_id_stack_type, tvb, 0, 0, (guint8)((hdr >> 32) & 0xFF));
proto_tree_add_uint(tree, hf_erf_ehdr_flow_id_flow_hash, tvb, 0, 0, (guint32)(hdr & 0xFFFFFFFF));
}
}
Make a function not used outside this file static. Change-Id: I8e1a2b0655083403ee0e7efccc976a1a27db8fa4 Reviewed-on: https://code.wireshark.org/review/26540 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-03-18 20:55:07 +00:00
static float
entropy_from_entropy_header_value(guint8 entropy_hdr_value)
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
{
/* mapping 1-255 to 0.0-8.0 */
/* 255 is 8.0 */
/* 1 represent any value less than 2/32 */
/* 0 represents not calculated */
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
return (float)((entropy_hdr_value == 0)?0.0f: (((float)entropy_hdr_value+1) / 32.0f));
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
}
static void
dissect_entropy_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
{
if(tree) {
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
guint8 entropy_hdr_value = (guint8)((hdr >> 48) & 0xFF);
float entropy;
proto_item *pi;
proto_tree *entropy_value_tree;
entropy = entropy_from_entropy_header_value(entropy_hdr_value);
pi = proto_tree_add_float_format_value(tree, hf_erf_ehdr_entropy_entropy, tvb, 0, 0, entropy,
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
"%.2f %s", (double) entropy, entropy == 0.0f ? "(not calculated)":"bits");
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
entropy_value_tree = proto_item_add_subtree(pi, ett_erf_entropy_value);
proto_tree_add_uint(entropy_value_tree, hf_erf_ehdr_entropy_entropy_raw, tvb, 0, 0, entropy_hdr_value);
proto_tree_add_uint64(tree, hf_erf_ehdr_entropy_reserved, tvb, 0, 0, (hdr & 0xFFFFFFFFFFFF));
}
}
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
static guint64
find_host_id(packet_info *pinfo, gboolean *has_anchor_definition) {
guint64 hdr;
guint8 type;
guint8 has_more = pinfo->pseudo_header->erf.phdr.type & 0x80;
int i = 0;
guint64 host_id = ERF_META_HOST_ID_IMPLICIT;
gboolean anchor_definition = FALSE;
while(has_more && (i < MAX_ERF_EHDR)) {
hdr = pinfo->pseudo_header->erf.ehdr_list[i].ehdr;
type = (guint8) (hdr >> 56);
switch (type & 0x7f) {
case ERF_EXT_HDR_TYPE_HOST_ID:
if (host_id == ERF_META_HOST_ID_IMPLICIT)
host_id = hdr & ERF_EHDR_HOST_ID_MASK;
break;
case ERF_EXT_HDR_TYPE_ANCHOR_ID:
if ((hdr & ERF_EHDR_ANCHOR_ID_DEFINITION_MASK))
anchor_definition = TRUE;
break;
}
has_more = type & 0x80;
i += 1;
}
if (has_anchor_definition)
*has_anchor_definition = anchor_definition;
return host_id;
}
static void dissect_host_anchor_id(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint64 host_id, guint64 anchor_id, guint8 anchor _U_) {
if(tree) {
erf_anchor_key_t key = {host_id, anchor_id};
erf_host_anchor_info_t *anchor_info;
erf_anchored_info_t *anchored_info;
wmem_list_frame_t *frame;
wmem_list_t *frame_list;
proto_item *pi = NULL;
proto_tree *subtree;
/* TODO: top level linking to most recent frame like we have for Host ID? */
subtree = proto_tree_add_subtree_format(tree, tvb, 0, 0, ett_erf_anchor, &pi, "Host ID: 0x%012" G_GINT64_MODIFIER "x, Anchor ID: 0x%012" G_GINT64_MODIFIER "x", host_id & ERF_EHDR_HOST_ID_MASK, anchor_id & ERF_EHDR_ANCHOR_ID_MASK);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
pi = proto_tree_add_uint64(subtree, hf_erf_anchor_hostid, tvb, 0, 0, host_id & ERF_EHDR_HOST_ID_MASK);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
pi = proto_tree_add_uint64(subtree, hf_erf_anchor_anchorid, tvb, 0, 0, anchor_id & ERF_EHDR_ANCHOR_ID_MASK);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
anchor_info = (erf_host_anchor_info_t*)wmem_map_lookup(erf_state.host_anchor_map, &key);
if(!anchor_info) {
return;
}
frame_list = anchor_info->anchored_list;
/* Try to link frames */
frame = wmem_list_head(frame_list);
while(frame != NULL) {
anchored_info = (erf_anchored_info_t*)wmem_list_frame_data(frame);
if(pinfo->num != anchored_info->frame_num) {
/* Don't list the frame itself */
pi = proto_tree_add_uint(subtree, hf_erf_anchor_linked, tvb, 0, 0, anchored_info->frame_num);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* XXX: Need to do this each time because pinfo is discarded. Filtering does not reset visited as it does not do a full redissect.
We also might not catch all frames in the first pass (e.g. comment after record). */
mark_frame_as_depended_upon(pinfo, anchored_info->frame_num);
}
frame = wmem_list_frame_next(frame);
}
}
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static void
dissect_host_id_source_id(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint64 host_id, guint8 source_id)
{
if (tree) {
proto_tree *hostid_tree;
proto_item *pi = NULL;
guint32 fnum_current = G_MAXUINT32;
guint32 fnum = G_MAXUINT32;
guint32 fnum_next = G_MAXUINT32;
fnum = erf_source_find_closest(host_id, source_id, pinfo->num, &fnum_next);
if (fnum != G_MAXUINT32) {
fnum_current = fnum;
} else {
/* XXX: Possibly undesireable side effect: first metadata record links to next */
fnum_current = fnum_next;
}
if (fnum_current != G_MAXUINT32) {
pi = proto_tree_add_uint_format(tree, hf_erf_source_current, tvb, 0, 0, fnum_current,
"Host ID: 0x%012" G_GINT64_MODIFIER "x, Source ID: %u", host_id, source_id&0xFF);
hostid_tree = proto_item_add_subtree(pi, ett_erf_source);
} else {
/* If we have no frame number to link against, just add a static subtree */
hostid_tree = proto_tree_add_subtree_format(tree, tvb, 0, 0, ett_erf_source, &pi,
"Host ID: 0x%012" G_GINT64_MODIFIER "x, Source ID: %u", host_id, source_id&0xFF);
}
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
pi = proto_tree_add_uint64(hostid_tree, hf_erf_hostid, tvb, 0, 0, host_id);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
pi = proto_tree_add_uint(hostid_tree, hf_erf_sourceid, tvb, 0, 0, source_id);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
if (fnum_next != G_MAXUINT32) {
pi = proto_tree_add_uint(hostid_tree, hf_erf_source_next, tvb, 0, 0, fnum_next);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* XXX: Save the surrounding nearest periodic records when we do a filtered save so we keep native ERF metadata */
mark_frame_as_depended_upon(pinfo, fnum_next);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
if (fnum != G_MAXUINT32) {
pi = proto_tree_add_uint(hostid_tree, hf_erf_source_prev, tvb, 0, 0, fnum);
epan: Convert our PROTO_ITEM_ macros to inline functions. Convert our various PROTO_ITEM_ macros to inline functions and document them. Change-Id: I070b15d4f70d2189217a177ee8ba2740be36327c Reviewed-on: https://code.wireshark.org/review/32706 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-04-03 21:32:30 +00:00
proto_item_set_generated(pi);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
mark_frame_as_depended_upon(pinfo, fnum);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
}
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static void
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_unknown_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int idx)
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
{
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (tree) {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint64(tree, hf_erf_ehdr_unk, tvb, 0, 0, hdr);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
}
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static void
dissect_mc_hdlc_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *mc_hdlc_item;
proto_tree *mc_hdlc_tree;
guint32 mc_hdlc;
proto_item *pi;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/* Multi Channel HDLC Header */
mc_hdlc_item = proto_tree_add_uint(tree, hf_erf_mc_hdlc, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
mc_hdlc_tree = proto_item_add_subtree(mc_hdlc_item, ett_erf_mc_hdlc);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
mc_hdlc = pinfo->pseudo_header->erf.subhdr.mc_hdr;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_cn, tvb, 0, 0, mc_hdlc);
proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_res1, tvb, 0, 0, mc_hdlc);
proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_res2, tvb, 0, 0, mc_hdlc);
pi=proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_fcse, tvb, 0, 0, mc_hdlc);
if (mc_hdlc & MC_HDLC_FCSE_MASK)
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF MC FCS Error");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
pi=proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_sre, tvb, 0, 0, mc_hdlc);
if (mc_hdlc & MC_HDLC_SRE_MASK)
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF MC Short Record Error, <5 bytes");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
pi=proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_lre, tvb, 0, 0, mc_hdlc);
if (mc_hdlc & MC_HDLC_LRE_MASK)
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF MC Long Record Error, >2047 bytes");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
pi=proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_afe, tvb, 0, 0, mc_hdlc);
if (mc_hdlc & MC_HDLC_AFE_MASK)
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF MC Aborted Frame Error");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
pi=proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_oe, tvb, 0, 0, mc_hdlc);
if (mc_hdlc & MC_HDLC_OE_MASK)
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF MC Octet Error, the closing flag was not octet aligned after bit unstuffing");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
pi=proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_lbe, tvb, 0, 0, mc_hdlc);
if (mc_hdlc & MC_HDLC_LBE_MASK)
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF MC Lost Byte Error");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_first, tvb, 0, 0, mc_hdlc);
proto_tree_add_uint(mc_hdlc_tree, hf_erf_mc_hdlc_res3, tvb, 0, 0, mc_hdlc);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
static void
dissect_mc_raw_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *mc_raw_item;
proto_tree *mc_raw_tree;
guint32 mc_raw;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/* Multi Channel RAW Header */
mc_raw_item = proto_tree_add_uint(tree, hf_erf_mc_raw, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
mc_raw_tree = proto_item_add_subtree(mc_raw_item, ett_erf_mc_raw);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
mc_raw = pinfo->pseudo_header->erf.subhdr.mc_hdr;
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_int, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_res1, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_sre, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_lre, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_res2, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_lbe, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_first, tvb, 0, 0, mc_raw);
proto_tree_add_uint(mc_raw_tree, hf_erf_mc_raw_res3, tvb, 0, 0, mc_raw);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
static void
dissect_mc_atm_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *mc_atm_item;
proto_tree *mc_atm_tree;
guint32 mc_atm;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/*"Multi Channel ATM Header"*/
mc_atm_item = proto_tree_add_uint(tree, hf_erf_mc_atm, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
mc_atm_tree = proto_item_add_subtree(mc_atm_item, ett_erf_mc_atm);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
mc_atm = pinfo->pseudo_header->erf.subhdr.mc_hdr;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_cn, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_res1, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_mul, tvb, 0, 0, mc_atm);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_port, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_res2, tvb, 0, 0, mc_atm);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_lbe, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_hec, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_crc10, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_oamcell, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_first, tvb, 0, 0, mc_atm);
proto_tree_add_uint(mc_atm_tree, hf_erf_mc_atm_res3, tvb, 0, 0, mc_atm);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
static void
dissect_mc_rawlink_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *mc_rawl_item;
proto_tree *mc_rawl_tree;
guint32 mc_rawl;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/* Multi Channel RAW Link Header */
Don't add FT_UINTn values with proto_tree_add_int(). (The fields in question are 4-byte header fields containing bitfields, so "unsigned" is appropriate here.) svn path=/trunk/; revision=45521
2012-10-13 17:57:13 +00:00
mc_rawl_item = proto_tree_add_uint(tree, hf_erf_mc_rawl, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
mc_rawl_tree = proto_item_add_subtree(mc_rawl_item, ett_erf_mc_rawlink);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
mc_rawl = pinfo->pseudo_header->erf.subhdr.mc_hdr;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_rawl_tree, hf_erf_mc_rawl_cn, tvb, 0, 0, mc_rawl);
proto_tree_add_uint(mc_rawl_tree, hf_erf_mc_rawl_res1, tvb, 0, 0, mc_rawl);
proto_tree_add_uint(mc_rawl_tree, hf_erf_mc_rawl_lbe, tvb, 0, 0, mc_rawl);
proto_tree_add_uint(mc_rawl_tree, hf_erf_mc_rawl_first, tvb, 0, 0, mc_rawl);
proto_tree_add_uint(mc_rawl_tree, hf_erf_mc_rawl_res2, tvb, 0, 0, mc_rawl);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
static void
dissect_mc_aal5_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *mc_aal5_item;
proto_tree *mc_aal5_tree;
guint32 mc_aal5;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/* Multi Channel AAL5 Header */
Don't add FT_UINTn values with proto_tree_add_int(). (The fields in question are 4-byte header fields containing bitfields, so "unsigned" is appropriate here.) svn path=/trunk/; revision=45521
2012-10-13 17:57:13 +00:00
mc_aal5_item = proto_tree_add_uint(tree, hf_erf_mc_aal5, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
mc_aal5_tree = proto_item_add_subtree(mc_aal5_item, ett_erf_mc_aal5);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
mc_aal5 = pinfo->pseudo_header->erf.subhdr.mc_hdr;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_cn, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_res1, tvb, 0, 0, mc_aal5);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_port, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_crcck, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_crce, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_lenck, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_lene, tvb, 0, 0, mc_aal5);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_res2, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_first, tvb, 0, 0, mc_aal5);
proto_tree_add_uint(mc_aal5_tree, hf_erf_mc_aal5_res3, tvb, 0, 0, mc_aal5);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
static void
dissect_mc_aal2_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *mc_aal2_item;
proto_tree *mc_aal2_tree;
guint32 mc_aal2;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/* Multi Channel AAL2 Header */
Don't add FT_UINTn values with proto_tree_add_int(). (The fields in question are 4-byte header fields containing bitfields, so "unsigned" is appropriate here.) svn path=/trunk/; revision=45521
2012-10-13 17:57:13 +00:00
mc_aal2_item = proto_tree_add_uint(tree, hf_erf_mc_aal2, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
mc_aal2_tree = proto_item_add_subtree(mc_aal2_item, ett_erf_mc_aal2);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
mc_aal2 = pinfo->pseudo_header->erf.subhdr.mc_hdr;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_cn, tvb, 0, 0, mc_aal2);
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_res1, tvb, 0, 0, mc_aal2);
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_res2, tvb, 0, 0, mc_aal2);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_port, tvb, 0, 0, mc_aal2);
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_res3, tvb, 0, 0, mc_aal2);
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_first, tvb, 0, 0, mc_aal2);
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_maale, tvb, 0, 0, mc_aal2);
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_lene, tvb, 0, 0, mc_aal2);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(mc_aal2_tree, hf_erf_mc_aal2_cid, tvb, 0, 0, mc_aal2);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
static void
dissect_aal2_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_item *aal2_item;
proto_tree *aal2_tree;
guint32 aal2;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
/* AAL2 Header */
Don't add FT_UINTn values with proto_tree_add_int(). (The fields in question are 4-byte header fields containing bitfields, so "unsigned" is appropriate here.) svn path=/trunk/; revision=45521
2012-10-13 17:57:13 +00:00
aal2_item = proto_tree_add_uint(tree, hf_erf_aal2, tvb, 0, 0, pinfo->pseudo_header->erf.subhdr.mc_hdr);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
aal2_tree = proto_item_add_subtree(aal2_item, ett_erf_aal2);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
aal2 = pinfo->pseudo_header->erf.subhdr.aal2_hdr;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(aal2_tree, hf_erf_aal2_cid, tvb, 0, 0, aal2);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(aal2_tree, hf_erf_aal2_maale, tvb, 0, 0, aal2);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
proto_tree_add_uint(aal2_tree, hf_erf_aal2_maalei, tvb, 0, 0, aal2);
proto_tree_add_uint(aal2_tree, hf_erf_aal2_first, tvb, 0, 0, aal2);
proto_tree_add_uint(aal2_tree, hf_erf_aal2_res1, tvb, 0, 0, aal2);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
}
}
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
static void
dissect_eth_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
if (tree) {
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
proto_item *eth_item;
proto_tree *eth_tree;
Clean up handling of the data before the Ethernet packet in ERF files. The data before the Ethernet packet isn't a 16-bit little-endian integer, it's two bytes, one byte of offset and one byte of padding. Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1 Reviewed-on: https://code.wireshark.org/review/13254 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 08:10:48 +00:00
guint8 eth_offset, eth_pad;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
eth_item = proto_tree_add_item(tree, hf_erf_eth, tvb, 0, 0, ENC_NA);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
eth_tree = proto_item_add_subtree(eth_item, ett_erf_eth);
Clean up handling of the data before the Ethernet packet in ERF files. The data before the Ethernet packet isn't a 16-bit little-endian integer, it's two bytes, one byte of offset and one byte of padding. Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1 Reviewed-on: https://code.wireshark.org/review/13254 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 08:10:48 +00:00
eth_offset = pinfo->pseudo_header->erf.subhdr.eth_hdr.offset;
eth_pad = pinfo->pseudo_header->erf.subhdr.eth_hdr.pad;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Clean up handling of the data before the Ethernet packet in ERF files. The data before the Ethernet packet isn't a 16-bit little-endian integer, it's two bytes, one byte of offset and one byte of padding. Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1 Reviewed-on: https://code.wireshark.org/review/13254 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 08:10:48 +00:00
proto_tree_add_uint(eth_tree, hf_erf_eth_off, tvb, 0, 0, eth_offset);
proto_tree_add_uint(eth_tree, hf_erf_eth_pad, tvb, 0, 0, eth_pad);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
}
static void
dissect_erf_pseudo_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
proto_item *pi;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_item *flags_item, *rectype_item;
proto_tree *flags_tree, *rectype_tree;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint64(tree, hf_erf_ts, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.ts);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
Convert proto_tree_add_uint_format to proto_tree_add_uint_format_value if hf_ field name is the first part of the formatted string. This was all manual inspection and most cases were either: 1. Case sensitivity differences between hf_ field name and formatted string. 2. Unnecessary whitespace between hf_ field name and colon in formatted string There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed. svn path=/trunk/; revision=52098
2013-09-16 10:39:06 +00:00
rectype_item = proto_tree_add_uint_format_value(tree, hf_erf_rectype, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.type,
Add editor modelines; Adjust whitespace as needed. Change-Id: I434da226c842298f4fb2a4335d06d51e164af2af Reviewed-on: https://code.wireshark.org/review/4394 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-09-30 23:12:26 +00:00
"0x%02x (Type %d: %s)",
pinfo->pseudo_header->erf.phdr.type,
pinfo->pseudo_header->erf.phdr.type & ERF_HDR_TYPE_MASK,
val_to_str_const(
pinfo->pseudo_header->erf.phdr.type & ERF_HDR_TYPE_MASK,
erf_type_vals,
"Unknown Type"));
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
rectype_tree = proto_item_add_subtree(rectype_item, ett_erf_rectype);
proto_tree_add_uint(rectype_tree, hf_erf_type, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.type);
proto_tree_add_uint(rectype_tree, hf_erf_ehdr, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.type);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
flags_item=proto_tree_add_uint(tree, hf_erf_flags, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
flags_tree = proto_item_add_subtree(flags_item, ett_erf_flags);
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Don't assign to a proto_item* if the value won't be used: Coverity 895-897 Also: Fix some indentation & whitespace. svn path=/trunk/; revision=36355
2011-03-26 16:39:30 +00:00
proto_tree_add_uint(flags_tree, hf_erf_flags_cap, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_item_append_text(flags_item, " (Capture Interface: %d", pinfo->pseudo_header->erf.phdr.flags & ERF_HDR_CAP_MASK);
Don't assign to a proto_item* if the value won't be used: Coverity 895-897 Also: Fix some indentation & whitespace. svn path=/trunk/; revision=36355
2011-03-26 16:39:30 +00:00
proto_tree_add_uint(flags_tree, hf_erf_flags_vlen, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
pi=proto_tree_add_uint(flags_tree, hf_erf_flags_trunc, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (pinfo->pseudo_header->erf.phdr.flags & ERF_HDR_TRUNC_MASK) {
proto_item_append_text(flags_item, "; ERF Truncation Error");
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF Truncation Error");
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
}
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
pi=proto_tree_add_uint(flags_tree, hf_erf_flags_rxe, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (pinfo->pseudo_header->erf.phdr.flags & ERF_HDR_RXE_MASK) {
proto_item_append_text(flags_item, "; ERF Rx Error");
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF Rx Error");
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
}
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
pi=proto_tree_add_uint(flags_tree, hf_erf_flags_dse, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
if (pinfo->pseudo_header->erf.phdr.flags & ERF_HDR_DSE_MASK) {
proto_item_append_text(flags_item, "; ERF DS Error");
expert_add_info_format_text -> expert_add_info_format svn path=/trunk/; revision=51852
2013-09-09 00:44:09 +00:00
expert_add_info_format(pinfo, pi, &ei_erf_checksum_error, "ERF DS Error");
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
}
proto_item_append_text(flags_item, ")");
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5708 : The ERF record format defines several error flags. This patch exposes ERF error flags using 'Expert Infos' for highlighting and counting. svn path=/trunk/; revision=36035
2011-02-23 17:54:00 +00:00
Don't assign to a proto_item* if the value won't be used: Coverity 895-897 Also: Fix some indentation & whitespace. svn path=/trunk/; revision=36355
2011-03-26 16:39:30 +00:00
proto_tree_add_uint(flags_tree, hf_erf_flags_res, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.flags);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_rlen, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.rlen);
Some ERF pseudo-headers have color instead of lctr value Don't report expert-info warnings for lctr when it is actually color. Change-Id: I689ec84dd8f1cafa1ec7e8740f9bc4091339929a Reviewed-on: https://code.wireshark.org/review/20306 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-27 21:13:42 +00:00
if (erf_type_has_color(pinfo->pseudo_header->erf.phdr.type)) {
erf: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang Change-Id: I7214adc58362902790c006e1e22f77104be5df2e Reviewed-on: https://code.wireshark.org/review/20341 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-02 21:37:48 +00:00
proto_tree_add_uint(tree, hf_erf_color, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.lctr);
Some ERF pseudo-headers have color instead of lctr value Don't report expert-info warnings for lctr when it is actually color. Change-Id: I689ec84dd8f1cafa1ec7e8740f9bc4091339929a Reviewed-on: https://code.wireshark.org/review/20306 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-27 21:13:42 +00:00
} else {
pi=proto_tree_add_uint(tree, hf_erf_lctr, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.lctr);
if (pinfo->pseudo_header->erf.phdr.lctr > 0)
expert_add_info(pinfo, pi, &ei_erf_packet_loss);
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_tree_add_uint(tree, hf_erf_wlen, tvb, 0, 0, pinfo->pseudo_header->erf.phdr.wlen);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
static void
dissect_erf_pseudo_extension_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
{
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
proto_item *pi;
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
proto_item *ehdr_tree;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
guint64 hdr;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint8 type;
guint8 has_more = pinfo->pseudo_header->erf.phdr.type & 0x80;
int i = 0;
int max = sizeof(pinfo->pseudo_header->erf.ehdr_list)/sizeof(struct erf_ehdr);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
guint64 host_id = ERF_META_HOST_ID_IMPLICIT;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
guint8 source_id = 0;
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
gboolean found_host_id = FALSE;
gboolean has_anchor_definition = FALSE;
/*
* Get the first Host ID of the record (which may not be the first extension
* header).
*/
host_id = find_host_id(pinfo, &has_anchor_definition);
if (host_id == ERF_META_HOST_ID_IMPLICIT) {
/*
* XXX: We are relying here on the Wireshark doing a second parse any
* time it does anything with tree items (including filtering) to associate
* the records before the first ERF_TYPE_META record. This does not work
* with TShark in one-pass mode, in which case the first few records get
* Host ID 0 (unset).
*/
host_id = erf_state.implicit_host_id;
found_host_id = FALSE;
} else {
found_host_id = TRUE;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
while(has_more && (i < max)) {
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
hdr = pinfo->pseudo_header->erf.ehdr_list[i].ehdr;
type = (guint8) (hdr >> 56);
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
Add editor modelines; Adjust whitespace as needed. Change-Id: I434da226c842298f4fb2a4335d06d51e164af2af Reviewed-on: https://code.wireshark.org/review/4394 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-09-30 23:12:26 +00:00
pi = proto_tree_add_uint(tree, hf_erf_ehdr_t, tvb, 0, 0, (type & 0x7f));
ehdr_tree = proto_item_add_subtree(pi, ett_erf_pseudo_hdr);
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
switch (type & 0x7f) {
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_CLASSIFICATION:
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_classification_ex_header(tvb, pinfo, ehdr_tree, i);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_INTERCEPTID:
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_intercept_ex_header(tvb, pinfo, ehdr_tree, i);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_RAW_LINK:
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_raw_link_ex_header(tvb, pinfo, ehdr_tree, i);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_BFS:
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_bfs_ex_header(tvb, pinfo, ehdr_tree, i);
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_CHANNELISED:
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_channelised_ex_header(tvb, pinfo, ehdr_tree, i);
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_SIGNATURE:
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
dissect_signature_ex_header(tvb, pinfo, ehdr_tree, i);
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_EXT_HDR_TYPE_FLOW_ID:
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
if (source_id == 0) {
source_id = (guint8)((hdr >> 48) & 0xFF);
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
dissect_flow_id_ex_header(tvb, pinfo, ehdr_tree, i);
break;
case ERF_EXT_HDR_TYPE_HOST_ID:
host_id = hdr & ERF_EHDR_HOST_ID_MASK;
source_id = (guint8)((hdr >> 48) & 0xFF);
dissect_host_id_ex_header(tvb, pinfo, ehdr_tree, i);
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
/* Track and dissect combined Host ID and Source ID(s) */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
if (!PINFO_FD_VISITED(pinfo)) {
if ((pinfo->pseudo_header->erf.phdr.type & 0x7f) == ERF_TYPE_META) {
/* Update the implicit Host ID when ERF_TYPE_META */
/* XXX: We currently assume there is only one in the whole file */
if (erf_state.implicit_host_id == 0 && source_id > 0) {
erf_state.implicit_host_id = host_id;
}
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Add to the sequence of ERF_TYPE_META records if periodic record */
/*
* Adding metadata from comment records makes for unhelpful linking
* and means we miss out on the correct frame when marking surrounding
* metadata as depended upon (e.g. could end up with a comment from
* another frame). We mark the anchor linked records separately.
*/
if (!has_anchor_definition) {
/* XXX: this is a heuristic, technically we could have non-local sections
in the metadata even as an anchor definition record. */
erf_source_append(host_id, source_id, pinfo->num);
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
}
dissect_host_id_source_id(tvb, pinfo, tree, host_id, source_id);
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
break;
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
case ERF_EXT_HDR_TYPE_ANCHOR_ID:
dissect_anchor_id_ex_header(tvb, pinfo, ehdr_tree, i);
if (!PINFO_FD_VISITED(pinfo)) {
erf_host_anchor_info_insert(pinfo, host_id, hdr & ERF_EHDR_ANCHOR_ID_MASK, (guint8)(hdr >> 48));
}
dissect_host_anchor_id(tvb, pinfo, tree, host_id, hdr & ERF_EHDR_ANCHOR_ID_MASK, (guint8)(hdr >> 48));
break;
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
case ERF_EXT_HDR_TYPE_ENTROPY:
dissect_entropy_ex_header(tvb, pinfo, ehdr_tree, i);
break;
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
default:
dissect_unknown_ex_header(tvb, pinfo, ehdr_tree, i);
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
has_more = type & 0x80;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
i += 1;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
if (has_more) {
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
proto_tree_add_expert(tree, pinfo, &ei_erf_extension_headers_not_shown, tvb, 0, 0);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
/* If we have no explicit Host ID association, associate with the first Source ID (or 0) and implicit Host ID */
/* XXX: We are allowed to assume there is only one Source ID unless we have
* a Host ID extension header */
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
if (!found_host_id) {
ERF: Fix issues with Host ID mapping packet-erf: Fix Host ID/Source ID showing for all extension header types. Only show generated Host ID/Source ID when there is a Host ID extension header or there was not one on the record. Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely) and that it matches the one in the Host ID header. This is consistent with other tools. Does support multiple Host ID extension headers though. Fix dag_version tag short name. Was clashing with another tag due to typo. ERF wiretap: Don't conflate Host ID 0 with implicit Host ID. While the implicit Host ID defaults to 0, it is not the same thing as seeing a packet with Host ID explicitly 0 in the extension header which means explicitly unknown source. Store the initial (unknown) implicit Host ID interface mapping in it's own special mapping table entry rather than 0. Noticed we can currently get duplicate interfaces in the unusual event of mixed implicit and explicit Host ID packet extension headers for the same ID before we discover that mapping. Consistently abandon the implicit version for consistency with the dissector linking behaviour and mark the interface as unmatched in the description. In 2 pass mode (including normal Wireshark file open) the abandoned interface ends up with no packets. In the common cases (all Host ID or no Host ID on packet records) this duplicate interface will not be created in the first place. Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/18704 Reviewed-by: Stephen Donnelly Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-10-13 23:46:29 +00:00
/*
* TODO: Do we also want to track Host ID 0 Source ID 0 records?
* Don't for now to preserve feel of legacy files.
*/
if (host_id != 0 || source_id != 0) {
if (!PINFO_FD_VISITED(pinfo)) {
if ((pinfo->pseudo_header->erf.phdr.type & 0x7f) == ERF_TYPE_META) {
/* Add to the sequence of ERF_TYPE_META records */
erf_source_append(host_id, source_id, pinfo->num);
}
}
dissect_host_id_source_id(tvb, pinfo, tree, host_id, source_id);
}
}
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
From Anthony Coddington: SDH dissector calculation fixes. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8767 svn path=/trunk/; revision=49750
2013-06-04 04:19:52 +00:00
guint64* erf_get_ehdr(packet_info *pinfo, guint8 hdrtype, gint* afterindex) {
guint8 type;
guint8 has_more;
int max;
int i = afterindex ? *afterindex + 1 : 0; /*allow specifying instance to start after for use in loop*/
if (!pinfo) /*XXX: how to determine if erf pseudo_header is valid?*/
return NULL;
has_more = pinfo->pseudo_header->erf.phdr.type & 0x80;
max = sizeof(pinfo->pseudo_header->erf.ehdr_list)/sizeof(struct erf_ehdr);
while(has_more && (i < max)) {
type = (guint8) (pinfo->pseudo_header->erf.ehdr_list[i].ehdr >> 56);
if ((type & 0x7f) == (hdrtype & 0x7f)) {
if (afterindex)
*afterindex = i;
return &pinfo->pseudo_header->erf.ehdr_list[i].ehdr;
}
has_more = type & 0x80;
i += 1;
}
return NULL;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static void
check_section_length(packet_info *pinfo, proto_item *sectionlen_pi, int offset, int sectionoffset, int sectionlen) {
if (sectionlen_pi) {
if (offset - sectionoffset == sectionlen) {
proto_item_append_text(sectionlen_pi, " [correct]");
} else if (sectionlen != 0) {
proto_item_append_text(sectionlen_pi, " [incorrect, should be %u]", offset - sectionoffset);
expert_add_info(pinfo, sectionlen_pi, &ei_erf_meta_section_len_error);
}
}
}
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
static proto_item*
dissect_meta_tag_bitfield(proto_item *section_tree, tvbuff_t *tvb, int offset, erf_meta_tag_info_t *tag_info, proto_item **out_tag_tree)
{
proto_item *tag_pi = NULL;
const int* hf_flags[ERF_HF_VALUES_PER_TAG];
int i;
DISSECTOR_ASSERT(tag_info->extra);
/* This is allowed as the array itself is not constant (not const int* const) */
for (i = 0; tag_info->extra->hf_values[i] != -1; i++) {
hf_flags[i] = &tag_info->extra->hf_values[i];
}
hf_flags[i] = NULL;
/* use flags variant so we print integers without value_strings */
tag_pi = proto_tree_add_bitmask_with_flags(section_tree, tvb, offset + 4, tag_info->hf_value, tag_info->ett, hf_flags, ENC_BIG_ENDIAN, BMT_NO_FLAGS);
if (out_tag_tree) {
*out_tag_tree = proto_item_get_subtree(tag_pi);
}
return tag_pi;
}
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
static proto_item*
dissect_meta_tag_ext_hdrs(proto_item *section_tree, tvbuff_t *tvb, int offset, gint taglength, erf_meta_tag_info_t *tag_info, proto_item **out_tag_tree, expert_field **out_truncated_expert)
{
proto_item *tag_pi = NULL;
proto_tree *subtree = NULL;
proto_item *subtree_pi = NULL;
int i;
guint32 ext_hdrs[4] = {0, 0, 0, 0};
int int_offset = 0;
int int_avail = MIN(taglength / 4, 4);;
int bit_offset = 0;
int ext_hdr_num = 0;
gboolean first = TRUE;
gboolean all_set = TRUE;
DISSECTOR_ASSERT(tag_info->extra);
tag_pi = proto_tree_add_item(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, ENC_BIG_ENDIAN);
*out_tag_tree = proto_item_add_subtree(tag_pi, tag_info->ett);
for (int_offset = 0; int_offset < int_avail; int_offset++) {
ext_hdrs[int_offset] = tvb_get_guint32(tvb, offset + 4 + int_offset*4, ENC_BIG_ENDIAN);
if (ext_hdrs[int_offset] != G_MAXUINT32)
all_set = FALSE;
}
/* Special case: all specified bits are 1 means all extension headers */
if (all_set)
proto_item_append_text(tag_pi, ": <All>");
/* Add 4 subtrees, one for each uint32 representing 32 extension header numbers */
for (int_offset = 0; int_offset < int_avail; int_offset++) {
/* TODO: Put subtree hf values somewhere better than first 4 hf_values */
subtree_pi = proto_tree_add_item(*out_tag_tree, tag_info->extra->hf_values[int_offset], tvb, offset + 4 + int_offset*4, 4, ENC_BIG_ENDIAN);
/* Add the individual bit dissections */
/* XXX: This currently assumes we only know up to the first 32 */
if (int_offset == 0) {
subtree = proto_item_add_subtree(subtree_pi, tag_info->ett);
for (i = 4; tag_info->extra->hf_values[i] != -1; i++) {
proto_tree_add_boolean(subtree, tag_info->extra->hf_values[i], tvb, offset + 4 + int_offset*4, 4, ext_hdrs[int_offset]);
}
}
/* Add all set bits to the header, including the ones we don't understand */
for (bit_offset = 0; bit_offset < 32; bit_offset++) {
Fix cppcheck 1.83 warnings [packet-ber.c:2687]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour [packet-erf.c:2475]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour [packet-fmp.c:378]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour [packet-http2.c:2050]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour [packet-obd-ii.c:643]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour [packet-yami.c:244]: (error) Shifting signed 32-bit value by 31 bits is undefined behaviour Change-Id: Ie71f9f7c8f863d1e9c693bd56444f00bdad48042 Reviewed-on: https://code.wireshark.org/review/27019 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot
2018-04-19 15:48:19 +00:00
if (ext_hdrs[int_offset] & (1U << bit_offset)) {
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
proto_item_append_text(subtree_pi, ", %s", val_to_str(ext_hdr_num, ehdr_type_vals, "%d"));
/* Also add to the top level */
if (!all_set)
proto_item_append_text(tag_pi, "%s %s", first ? ":" : ",", val_to_str(ext_hdr_num, ehdr_type_vals, "%d"));
first = FALSE;
}
ext_hdr_num++;
}
}
if (first)
proto_item_append_text(tag_pi, ": <None>");
/* Check for truncated tag (i.e. last uint32 is partial) */
if (int_avail < 4 && taglength % 4 != 0) {
*out_truncated_expert = &ei_erf_meta_truncated_tag;
}
return tag_pi;
}
ERF: fix no previous prototype for 'erf_ts_to_nstime/dissect_relative_time/dissect_ptp_timeinterval' [-Wmissing-prototypes] Change-Id: I21ee4f8850f63de3a7fa91ed9e8a426c82a9d62e Reviewed-on: https://code.wireshark.org/review/17143 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-08-18 11:23:11 +00:00
static void erf_ts_to_nstime(guint64 timestamp, nstime_t* t, gboolean is_relative) {
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
guint64 ts = timestamp;
/* relative ERF timestamps are signed, convert as if unsigned then flip back */
if (is_relative) {
ts = (guint64) ABS((gint64)timestamp);
}
t->secs = (long) (ts >> 32);
ts = ((ts & 0xffffffff) * 1000 * 1000 * 1000);
ts += (ts & 0x80000000) << 1; /* rounding */
t->nsecs = ((int) (ts >> 32));
if (t->nsecs >= NS_PER_S) {
t->nsecs -= NS_PER_S;
t->secs += 1;
}
if (is_relative && (gint64)timestamp < 0) {
/*
* Set both signs to negative for consistency with other nstime code
* and so -0.123 works.
*/
t->secs = -(t->secs);
t->nsecs = -(t->nsecs);
}
}
/* TODO: Would be nice if default FT_RELATIVE_TIME formatter was prettier */
ERF: fix no previous prototype for 'erf_ts_to_nstime/dissect_relative_time/dissect_ptp_timeinterval' [-Wmissing-prototypes] Change-Id: I21ee4f8850f63de3a7fa91ed9e8a426c82a9d62e Reviewed-on: https://code.wireshark.org/review/17143 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-08-18 11:23:11 +00:00
static proto_item *dissect_relative_time(proto_tree *tree, const int hfindex, tvbuff_t *tvb, gint offset, gint length, nstime_t* t) {
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
proto_item *pi = NULL;
DISSECTOR_ASSERT(t);
/*Print in nanoseconds if <1ms for small values*/
if (t->secs == 0 && t->nsecs < 1000000 && t->nsecs > -1000000) {
pi = proto_tree_add_time_format_value(tree, hfindex, tvb, offset, length, t, "%d nanoseconds", t->nsecs);
} else {
pi = proto_tree_add_time(tree, hfindex, tvb, offset, length, t);
}
return pi;
}
ERF: fix no previous prototype for 'erf_ts_to_nstime/dissect_relative_time/dissect_ptp_timeinterval' [-Wmissing-prototypes] Change-Id: I21ee4f8850f63de3a7fa91ed9e8a426c82a9d62e Reviewed-on: https://code.wireshark.org/review/17143 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-08-18 11:23:11 +00:00
static proto_item *dissect_ptp_timeinterval(proto_tree *tree, const int hfindex, tvbuff_t *tvb, gint offset, gint length, gint64 timeinterval) {
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
nstime_t t;
guint64 ti, ti_ns;
ti = (guint64) ABS(timeinterval);
ti += (ti & 0x8000) << 1; /* rounding */
ti_ns = ti >> 16;
Cast larger types to time_t Resolves truncation warnings on the x86 clang build Change-Id: I14ebbe39b8235bd1b909c488c0402b77deb6dde1 Reviewed-on: https://code.wireshark.org/review/19354 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-12-20 03:05:36 +00:00
t.secs = (time_t) (ti_ns / NS_PER_S);
packet-erf.c: Pacify OS X buildbot. Change-Id: I6ec30e77eac91d1b02eaddada75741b2063426f2 Reviewed-on: https://code.wireshark.org/review/16812 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-31 16:25:29 +00:00
t.nsecs = (guint32)(ti_ns % NS_PER_S);
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
if (t.nsecs >= NS_PER_S) {
t.nsecs -= NS_PER_S;
t.secs += 1;
}
if (timeinterval < 0) {
/*
* Set both signs to negative for consistency with other nstime code
* and so -0.123 works.
*/
t.secs = -(t.secs);
t.nsecs = -(t.nsecs);
}
return dissect_relative_time(tree, hfindex, tvb, offset, length, &t);
}
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
static int
meta_tag_expected_length(erf_meta_tag_info_t *tag_info) {
ftenum_t ftype = tag_info->tag_template->hfinfo.type;
int expected_length = 0;
switch (ftype) {
case FT_ABSOLUTE_TIME:
case FT_RELATIVE_TIME:
/* Timestamps are in ERF timestamp except as below */
expected_length = 8;
break;
default:
expected_length = ftype_length(ftype); /* Returns 0 if unknown */
break;
}
/* Special case overrides */
switch (tag_info->code) {
case ERF_META_TAG_ptp_current_utc_offset:
/*
* PTP tags are in native PTP format, but only current_utc_offset is
* a different length to the ERF timestamp.
*/
expected_length = 4;
break;
case ERF_META_TAG_if_wwn:
case ERF_META_TAG_src_wwn:
case ERF_META_TAG_dest_wwn:
case ERF_META_TAG_ns_host_wwn:
/* 16-byte WWNs */
expected_length = 16;
break;
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
case ERF_META_TAG_ext_hdrs_added:
case ERF_META_TAG_ext_hdrs_removed:
/* 1 to 4 uint32 fields */
expected_length = 4;
break;
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
}
return expected_length;
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static void
dissect_meta_record_tags(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
proto_item *pi = NULL;
proto_item *tag_pi = NULL;
proto_item *tag_tree;
proto_item *section_pi = NULL;
proto_item *section_tree = tree;
proto_item *sectionlen_pi = NULL;
guint16 sectiontype = ERF_META_SECTION_NONE;
guint16 tagtype = 0;
guint16 taglength = 0;
const gchar *tagvalstring = NULL;
erf_meta_tag_info_t *tag_info;
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
int expected_length = 0;
expert_field *truncated_expert = NULL;
gboolean skip_truncated = FALSE;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Used for search entry and unknown tags */
erf_meta_hf_template_t tag_template_unknown = { 0, { "Unknown", "unknown",
FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } };
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
erf_meta_tag_info_t tag_info_local = { 0, 0, &tag_template_unknown, &tag_template_unknown,
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ett_erf_meta_tag, hf_erf_meta_tag_unknown, NULL };
int offset = 0;
int sectionoffset = 0;
guint16 sectionid = 0;
guint16 sectionlen = 0;
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
int remaining_len = 0;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
int captured_length = (int) tvb_captured_length(tvb);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Set column heading title*/
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
col_set_str(pinfo->cinfo, COL_INFO, "Provenance Metadata Record");
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Go through the sections and their tags */
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
/* Not using tvb_captured_length because want to check for overrun */
while ((remaining_len = captured_length - offset) >= 4) {
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
tagtype = tvb_get_ntohs(tvb, offset);
taglength = tvb_get_ntohs(tvb, offset + 2);
tag_tree = NULL;
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
tag_pi = NULL;
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
truncated_expert = NULL;
skip_truncated = FALSE;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
if (ERF_META_IS_SECTION(tagtype))
sectiontype = tagtype;
/* Look up per-section tag hf */
tag_info_local.code = tagtype;
tag_info_local.section = sectiontype;
tag_info = (erf_meta_tag_info_t*) wmem_map_lookup(erf_meta_index.tag_table, GUINT_TO_POINTER(ERF_TAG_INFO_KEY(&tag_info_local)));
/* Fall back to unknown tag */
if (tag_info == NULL)
tag_info = &tag_info_local;
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
/* Get expected length (minimum length in the case of ns_host_*) */
expected_length = meta_tag_expected_length(tag_info);
if (remaining_len < (gint32)taglength + 4 || taglength < expected_length) {
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
/*
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
* Malformed tag, just dissect type and length. Top level tag
* dissection means can't add the subtree and type/length first.
*
* Allow too-long tags for now (and proto_tree generally generates
* a warning for these anyway).
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
*/
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
skip_truncated = TRUE;
truncated_expert = &ei_erf_meta_truncated_tag;
}
if (taglength == 0) {
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
/*
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
* We highlight zero length differently as a special case to indicate
* a deliberately invalid tag.
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
*/
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
if (!ERF_META_IS_SECTION(tagtype) && tagtype != ERF_META_TAG_padding) {
truncated_expert = &ei_erf_meta_zero_len_tag;
/* XXX: Still dissect normally too if string/unknown or section header */
if (expected_length != 0) {
skip_truncated = TRUE;
}
}
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Dissect value, length and type */
if (ERF_META_IS_SECTION(tagtype)) { /* Section header tag */
if (section_pi) {
/* Update section item length of last section */
proto_item_set_len(section_pi, offset - sectionoffset);
if (sectionlen_pi) {
check_section_length(pinfo, sectionlen_pi, offset, sectionoffset, sectionlen);
}
}
sectionoffset = offset;
if (tag_info->tag_template == &tag_template_unknown) {
/* Unknown section */
sectiontype = ERF_META_SECTION_UNKNOWN;
tag_info = erf_meta_index.unknown_section_info;
}
DISSECTOR_ASSERT(tag_info->extra);
erf: do not use VALS to cast a void pointer No functional change, but makes gcc -Wc++-compat happy. Change-Id: I3e90b6b1fdc6d558dfd410dffff3abc7cc3df10e Reviewed-on: https://code.wireshark.org/review/29759 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-20 09:25:03 +00:00
tagvalstring = val_to_str(tagtype, erf_to_value_string(erf_meta_index.vs_list), "Unknown Section (0x%x)");
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
section_tree = proto_tree_add_subtree(tree, tvb, offset, 0, tag_info->extra->ett_value, &section_pi, tagvalstring);
tag_tree = proto_tree_add_subtree_format(section_tree, tvb, offset, MIN(taglength + 4, remaining_len), tag_info->ett, &tag_pi, "Provenance %s Header", tagvalstring);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
/* XXX: Value may have been truncated (avoiding exception so get custom expertinfos) */
if (taglength >= 4 && !skip_truncated) {
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
sectionid = tvb_get_ntohs(tvb, offset + 4);
sectionlen = tvb_get_ntohs(tvb, offset + 6);
/* Add section_id */
proto_tree_add_uint(tag_tree, tag_info->hf_value, tvb, offset + 4, 2, sectionid);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
if (sectionid != 0) {
if(sectionid & 0x8000U) {
/* Local section */
proto_item_append_text(section_pi, " (Local) %u", sectionid & 0x7FFFU);
}
else {
proto_item_append_text(section_pi, " %u", sectionid);
}
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Add section_len */
sectionlen_pi = proto_tree_add_uint(tag_tree, tag_info->extra->hf_values[0], tvb, offset + 6, 2, sectionlen);
/* Reserved extra section header information */
if (taglength > 4) {
proto_tree_add_item(tag_tree, tag_info->extra->hf_values[1], tvb, offset + 8, taglength - 4, ENC_NA);
}
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
} else if (taglength != 0) {
/* Section Header value is too short */
truncated_expert = &ei_erf_meta_truncated_tag;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
} else if (!skip_truncated) { /* Not section header tag (and not truncated) */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
enum ftenum tag_ft;
char pi_label[ITEM_LABEL_LENGTH+1];
gboolean dissected = TRUE;
guint32 value32;
guint64 value64;
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
float float_value;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
gchar *tmp = NULL;
tag_ft = tag_info->tag_template->hfinfo.type;
pi_label[0] = '\0';
/* Group tags before first section header into a fake section */
if (offset == 0) {
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
section_tree = proto_tree_add_subtree(tree, tvb, offset, 0, ett_erf_meta, &section_pi, "No Section");
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
/* Handle special cases */
/* TODO: might want to do this dynamically via tag_info callback */
switch (tagtype) {
/* TODO: use get_tcp_port in epan/addr_resolv.h etc */
case ERF_META_TAG_if_speed:
case ERF_META_TAG_if_tx_speed:
value64 = tvb_get_ntoh64(tvb, offset + 4);
tmp = format_size((gint64) value64, (format_size_flags_e)(format_size_unit_bits_s|format_size_prefix_si));
tag_pi = proto_tree_add_uint64_format_value(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, value64, "%s (%" G_GINT64_MODIFIER "u bps)", tmp, value64);
g_free(tmp);
break;
case ERF_META_TAG_if_rx_power:
case ERF_META_TAG_if_tx_power:
value32 = tvb_get_ntohl(tvb, offset + 4);
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
tag_pi = proto_tree_add_int_format_value(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, (gint32) value32, "%.2fdBm", (double)((gint32) value32)/100.0);
break;
case ERF_META_TAG_temperature:
case ERF_META_TAG_power:
value32 = tvb_get_ntohl(tvb, offset + 4);
float_value = (float)((gint32) value32)/1000.0f;
tag_pi = proto_tree_add_float(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, float_value);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
break;
case ERF_META_TAG_loc_lat:
case ERF_META_TAG_loc_long:
value32 = tvb_get_ntohl(tvb, offset + 4);
tag_pi = proto_tree_add_int_format_value(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, (gint32) value32, "%.2f", (double)((gint32) value32)*1000000.0);
break;
case ERF_META_TAG_mask_cidr:
value32 = tvb_get_ntohl(tvb, offset + 4);
tag_pi = proto_tree_add_uint_format_value(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, value32, "/%u", value32);
break;
case ERF_META_TAG_mem:
value64 = tvb_get_ntoh64(tvb, offset + 4);
tmp = format_size((gint64) value64, (format_size_flags_e)(format_size_unit_bytes|format_size_prefix_iec));
tag_pi = proto_tree_add_uint64_format_value(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, value64, "%s (%" G_GINT64_MODIFIER"u bytes)", tmp, value64);
g_free(tmp);
break;
case ERF_META_TAG_parent_section:
DISSECTOR_ASSERT(tag_info->extra);
value32 = tvb_get_ntohs(tvb, offset + 4);
/*
* XXX: Formatting value manually because don't have erf_meta_vs_list
* populated at registration time.
*/
tag_tree = proto_tree_add_subtree_format(section_tree, tvb, offset + 4, taglength, tag_info->ett, &tag_pi, "%s: %s %u", tag_info->tag_template->hfinfo.name,
erf: do not use VALS to cast a void pointer No functional change, but makes gcc -Wc++-compat happy. Change-Id: I3e90b6b1fdc6d558dfd410dffff3abc7cc3df10e Reviewed-on: https://code.wireshark.org/review/29759 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-20 09:25:03 +00:00
val_to_str(value32, erf_to_value_string(erf_meta_index.vs_list), "Unknown Section (%u)"), tvb_get_ntohs(tvb, offset + 4 + 2));
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
proto_tree_add_uint_format_value(tag_tree, tag_info->extra->hf_values[0], tvb, offset + 4, MIN(2, taglength), value32, "%s (%u)",
erf: do not use VALS to cast a void pointer No functional change, but makes gcc -Wc++-compat happy. Change-Id: I3e90b6b1fdc6d558dfd410dffff3abc7cc3df10e Reviewed-on: https://code.wireshark.org/review/29759 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-20 09:25:03 +00:00
val_to_str(value32, erf_to_value_string(erf_meta_index.vs_abbrev_list), "Unknown"), value32);
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
proto_tree_add_item(tag_tree, tag_info->extra->hf_values[1], tvb, offset + 6, MIN(2, taglength - 2), ENC_BIG_ENDIAN);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
break;
case ERF_META_TAG_reset:
tag_pi = proto_tree_add_item(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, ENC_NA);
expert_add_info(pinfo, tag_pi, &ei_erf_meta_reset);
break;
case ERF_META_TAG_if_link_status:
case ERF_META_TAG_tunneling_mode:
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
case ERF_META_TAG_ptp_time_properties:
case ERF_META_TAG_ptp_gm_clock_quality:
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
case ERF_META_TAG_stream_flags:
case ERF_META_TAG_smart_trunc_default:
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
tag_pi = dissect_meta_tag_bitfield(section_tree, tvb, offset, tag_info, &tag_tree);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
break;
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
case ERF_META_TAG_ns_dns_ipv4:
case ERF_META_TAG_ns_dns_ipv6:
case ERF_META_TAG_ns_host_ipv4:
case ERF_META_TAG_ns_host_ipv6:
case ERF_META_TAG_ns_host_mac:
case ERF_META_TAG_ns_host_eui:
case ERF_META_TAG_ns_host_wwn:
case ERF_META_TAG_ns_host_ib_gid:
case ERF_META_TAG_ns_host_ib_lid:
case ERF_META_TAG_ns_host_fc_id:
{
int addr_len = ftype_length(tag_ft);
DISSECTOR_ASSERT(tag_info->extra);
tag_tree = proto_tree_add_subtree(section_tree, tvb, offset + 4, taglength, tag_info->ett, &tag_pi, tag_info->tag_template->hfinfo.name);
/* Address */
erf: fix this condition has identical branches [-Werror=duplicated-branches] found by gcc7 Change-Id: I1634b0a7b0fa35ea59ef2fc7fbe0b81f77aad978 Reviewed-on: https://code.wireshark.org/review/20508 Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2017-03-11 14:19:16 +00:00
pi = proto_tree_add_item(tag_tree, tag_info->extra->hf_values[0], tvb, offset + 4, MIN(addr_len, taglength), ENC_BIG_ENDIAN);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Name */
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
proto_tree_add_item(tag_tree, tag_info->extra->hf_values[1], tvb, offset + 4 + addr_len, taglength - addr_len, ENC_UTF_8);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
if (pi) {
proto_item_fill_label(PITEM_FINFO(pi), pi_label);
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
/* Set top level label e.g IPv4 Name: hostname Address: 1.2.3.4 */
/* TODO: Name is unescaped here but escaped in actual field */
proto_item_append_text(tag_pi, ": %s, %s",
tvb_get_stringzpad(wmem_packet_scope(), tvb, offset + 4 + addr_len, taglength - addr_len, ENC_UTF_8), pi_label /* Includes ": " */);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
break;
}
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
case ERF_META_TAG_ptp_offset_from_master:
case ERF_META_TAG_ptp_mean_path_delay:
value64 = tvb_get_ntoh64(tvb, offset + 4);
tag_pi = dissect_ptp_timeinterval(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, (gint64) value64);
break;
case ERF_META_TAG_ptp_current_utc_offset:
{
nstime_t t;
value32 = tvb_get_ntohl(tvb, offset + 4);
/* PTP value is signed */
t.secs = (gint32) value32;
t.nsecs = 0;
tag_pi = dissect_relative_time(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, &t);
break;
}
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
case ERF_META_TAG_entropy_threshold:
case ERF_META_TAG_initiator_min_entropy:
case ERF_META_TAG_responder_min_entropy:
case ERF_META_TAG_initiator_avg_entropy:
case ERF_META_TAG_responder_avg_entropy:
case ERF_META_TAG_initiator_max_entropy:
case ERF_META_TAG_responder_max_entropy:
{
float entropy;
value32 = tvb_get_ntohl(tvb, offset + 4);
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
entropy = entropy_from_entropy_header_value((guint8) value32);
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
tag_pi = proto_tree_add_float_format_value(section_tree, tag_info->hf_value, tvb, 0, 0, entropy,
erf: Add support for attribute and sensor Provenance tags Add temperature and power tags, represented using millidegrees/milliwatts. Add attribute tag, allows generic reprsentation of dynamic path like key-value pairs in the format namespace.path.to.name=value where value can be a JSON-escaped string or an integer/float number. Also fix a few implicit floating point conversions (confirmed values are the same). Change-Id: Id8a858abfa8a56b44e9e7200b11adc562e67fb3b Reviewed-on: https://code.wireshark.org/review/31136 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-12-14 04:51:38 +00:00
"%.2f %s", (double) entropy, entropy == 0.0f ? "(not calculated)":"bits");
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
break;
}
case ERF_META_TAG_ext_hdrs_added:
case ERF_META_TAG_ext_hdrs_removed:
tag_pi = dissect_meta_tag_ext_hdrs(section_tree, tvb, offset, taglength, tag_info, &tag_tree, &truncated_expert);
break;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
default:
dissected = FALSE;
break;
}
/* If not special case, dissect generically from template */
if (!dissected) {
if (IS_FT_INT(tag_ft) || IS_FT_UINT(tag_ft)) {
tag_pi = proto_tree_add_item(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, ENC_BIG_ENDIAN);
} else if (IS_FT_STRING(tag_ft)) {
tag_pi = proto_tree_add_item(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, ENC_UTF_8);
} else if (IS_FT_TIME(tag_ft)) {
/*
* ERF timestamps are conveniently the same as NTP/PTP timestamps but
* little endian.
*/
/*
Fix up time encodings. Add some new encodings for absolute time stamps, and use them as appropriate; this fixes some cases where the time stamps in question were being dissected incorrectly. For the encodings with seconds and 1/2^32s of a second, don't arbitrarily give only microsecond resolution; 2^32 is greater than 1 million, and, in fact, at least some NTP RFCs explicitly talk about time resolution greater than 1 microsecond. Update references in the RELOAD dissector to reflect the documents in question having been updated and published as RFCs. Change-Id: Icbe0b696d65eb622978eb71e99ddf699b84e4fca Reviewed-on: https://code.wireshark.org/review/20759 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-03-28 10:17:48 +00:00
* FIXME: ENC_TIME_NTP | ENC_LITTLE_ENDIAN only swaps the
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
* upper and lower 32 bits. Is that a bug or by design? Should add
* a 'PTP" variant that doesn't round to microseconds and use that
* here. For now do by hand.
*/
nstime_t t;
guint64 ts;
ts = tvb_get_letoh64(tvb, offset + 4);
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
erf_ts_to_nstime(ts, &t, tag_ft == FT_RELATIVE_TIME);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
tag_pi = dissect_relative_time(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, &t);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
} else {
tag_pi = proto_tree_add_item(section_tree, tag_info->hf_value, tvb, offset + 4, taglength, ENC_NA);
}
}
}
/* Create subtree for tag if we haven't already */
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
if (!tag_tree) {
/* Make sure we actually put the subtree in the right place */
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
if (tag_pi || !tree) {
tag_tree = proto_item_add_subtree(tag_pi, tag_info->ett);
} else {
/* Truncated or error (avoiding exception so get custom expertinfos) */
tag_tree = proto_tree_add_subtree_format(section_tree, tvb, offset, MIN(taglength + 4, remaining_len), tag_info->ett, &tag_pi, "%s: [Invalid]", tag_info->tag_template->hfinfo.name);
}
ERF: Add ERF_TYPE_META clock tags Adds various clock configuration related tags. Uses ptp_v2 value strings exported from packet-ptp. Refactor out common ERF_TYPE_META bitfield code. Also clean up field registration a bit. Add flow_hash_mode enum, other minor wording cleanup. Manually display relative timestamps as nanoseconds for <1ms. Fix ns_host_* tag subtree summary field name duplication. Ping-Bug: 12303 Change-Id: I76264d141f1c4a3590627637daa5dcd4fdfd2e93 Reviewed-on: https://code.wireshark.org/review/16782 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-07-25 05:55:13 +00:00
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Add tag type field to subtree */
/*
* XXX: Formatting value manually because don't have erf_meta_vs_list
* populated at registration time.
*/
erf: do not use VALS to cast a void pointer No functional change, but makes gcc -Wc++-compat happy. Change-Id: I3e90b6b1fdc6d558dfd410dffff3abc7cc3df10e Reviewed-on: https://code.wireshark.org/review/29759 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-09-20 09:25:03 +00:00
proto_tree_add_uint_format_value(tag_tree, hf_erf_meta_tag_type, tvb, offset, 2, tagtype, "%s (%u)", val_to_str(tagtype, erf_to_value_string(erf_meta_index.vs_abbrev_list), "Unknown"), tagtype);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
proto_tree_add_uint(tag_tree, hf_erf_meta_tag_len, tvb, offset + 2, 2, taglength);
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
/* Add truncated expertinfo if needed */
if (truncated_expert) {
expert_add_info(pinfo, tag_pi, truncated_expert);
}
ERF: Fix and improve ERF_TYPE_META sanity checks Fix sanity checking overflow in wiretap ERF_TYPE_META parsing segfault. Fix final tag of exactly 4 bytes not being dissected. Fix not setting bitfield tag subtree (was working due to proto.c internal behaviour). Add dissector expertinfo for truncated tags. Dissect type and length on error. Bug: 12352 Change-Id: I3fe6644f369e4d6f1f64270cb83c8d0f8a1f1a94 Reviewed-on: https://code.wireshark.org/review/15357 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-05 07:40:57 +00:00
offset += (((guint32)taglength + 4) + 0x3U) & ~0x3U;
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
}
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
if (remaining_len != 0) {
/* Record itself is truncated */
expert_add_info(pinfo, proto_tree_get_parent(tree), &ei_erf_meta_truncated_record);
/* Continue to setting sectionlen error */
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Check final section length */
proto_item_set_len(section_pi, offset - sectionoffset);
check_section_length(pinfo, sectionlen_pi, offset, sectionoffset, sectionlen);
}
register_dissector -> new_register_dissector Picking off "easy" dissectors that only have one or two exit points at most. Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8 Reviewed-on: https://code.wireshark.org/review/11805 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-11-10 04:01:28 +00:00
static int
dissect_erf(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
Make the preference settings for the dissector to use for various ERF link-layer types static. If the preference is set to "raw data" for any of those types, display the raw data with an indication that the preference in question has been set to "raw data", so people don't just wonder why ERF files aren't working right any more. (See bug 2641; I had the same surprise when I tried it on some ERF captures I have.) Pull the dissect_erf_header() code into dissect_erf() - it's dissecting the *payload*, not the *header*. Fill in the Info column with the record type. When using tvb_new_subset() to chop a header off of a tvbuff, just specify lengths of -1, so we go all the way to the end. Clean up the Infiniband dissector call. svn path=/trunk/; revision=25608
2008-06-26 01:38:38 +00:00
{
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
guint8 flags;
guint8 erf_type;
guint32 atm_hdr = 0;
convert to proto_tree_add_subtree[_format] Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66 Reviewed-on: https://code.wireshark.org/review/2667 Tested-by: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-06-26 02:59:50 +00:00
proto_tree *erf_tree;
proto_item *erf_item;
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
erf_hdlc_type_vals hdlc_type;
guint8 first_byte;
tvbuff_t *new_tvb;
guint8 aal2_cid;
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
struct atm_phdr atm_info;
Make the preference settings for the dissector to use for various ERF link-layer types static. If the preference is set to "raw data" for any of those types, display the raw data with an indication that the preference in question has been set to "raw data", so people don't just wonder why ERF files aren't working right any more. (See bug 2641; I had the same surprise when I tried it on some ERF captures I have.) Pull the dissect_erf_header() code into dissect_erf() - it's dissecting the *payload*, not the *header*. Fill in the Info column with the record type. When using tvb_new_subset() to chop a header off of a tvbuff, just specify lengths of -1, so we go all the way to the end. Clean up the Infiniband dissector call. svn path=/trunk/; revision=25608
2008-06-26 01:38:38 +00:00
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
erf_type=pinfo->pseudo_header->erf.phdr.type & 0x7F;
Make the preference settings for the dissector to use for various ERF link-layer types static. If the preference is set to "raw data" for any of those types, display the raw data with an indication that the preference in question has been set to "raw data", so people don't just wonder why ERF files aren't working right any more. (See bug 2641; I had the same surprise when I tried it on some ERF captures I have.) Pull the dissect_erf_header() code into dissect_erf() - it's dissecting the *payload*, not the *header*. Fill in the Info column with the record type. When using tvb_new_subset() to chop a header off of a tvbuff, just specify lengths of -1, so we go all the way to the end. Clean up the Infiniband dissector call. svn path=/trunk/; revision=25608
2008-06-26 01:38:38 +00:00
Don't guard col_set_str (COL_PROTOCOL) with col_check svn path=/trunk/; revision=29340
2009-08-09 06:26:46 +00:00
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ERF");
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Remove check_col() and the occasional tree. svn path=/trunk/; revision=49920
2013-06-14 01:02:11 +00:00
col_add_fstr(pinfo->cinfo, COL_INFO, "%s",
Make the preference settings for the dissector to use for various ERF link-layer types static. If the preference is set to "raw data" for any of those types, display the raw data with an indication that the preference in question has been set to "raw data", so people don't just wonder why ERF files aren't working right any more. (See bug 2641; I had the same surprise when I tried it on some ERF captures I have.) Pull the dissect_erf_header() code into dissect_erf() - it's dissecting the *payload*, not the *header*. Fill in the Info column with the record type. When using tvb_new_subset() to chop a header off of a tvbuff, just specify lengths of -1, so we go all the way to the end. Clean up the Infiniband dissector call. svn path=/trunk/; revision=25608
2008-06-26 01:38:38 +00:00
val_to_str(erf_type, erf_type_vals, "Unknown type %u"));
convert to proto_tree_add_subtree[_format] Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66 Reviewed-on: https://code.wireshark.org/review/2667 Tested-by: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-06-26 02:59:50 +00:00
erf_item = proto_tree_add_item(tree, proto_erf, tvb, 0, -1, ENC_NA);
erf_tree = proto_item_add_subtree(erf_item, ett_erf);
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
convert to proto_tree_add_subtree[_format] Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66 Reviewed-on: https://code.wireshark.org/review/2667 Tested-by: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-06-26 02:59:50 +00:00
dissect_erf_pseudo_header(tvb, pinfo, erf_tree);
if (pinfo->pseudo_header->erf.phdr.type & 0x80) {
dissect_erf_pseudo_extension_header(tvb, pinfo, erf_tree);
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
}
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
flags = pinfo->pseudo_header->erf.phdr.flags;
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
/*
* Set if frame is Received or Sent.
* XXX - this is really testing the low-order bit of the capture
* interface number, so interface 0 is assumed to be capturing
* in one direction on a bi-directional link, interface 1 is
* assumed to be capturing in the other direction on that link,
* and interfaces 2 and 3 are assumed to be capturing in two
* different directions on another link. We don't distinguish
* between the two links.
*/
pinfo->p2p_dir = ( (flags & 0x01) ? P2P_DIR_RECV : P2P_DIR_SENT);
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
switch (erf_type) {
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
case ERF_TYPE_RAW_LINK:
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
if(sdh_handle) {
From Andrew Kampjes: SDH support for wireshark. - Added GPL license. - Removed not needed includes. - Skipped th .h file as it wasn't used. svn path=/trunk/; revision=43106
2012-06-05 10:42:38 +00:00
call_dissector(sdh_handle, tvb, pinfo, tree);
}
else{
Create call_data_dissector() to call data dissector. This saves many dissectors the need to find the data dissector and store a handle to it. There were also some that were finding it, but not using it. For others this was the only reason for their handoff function, so it could be eliminated. Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b Reviewed-on: https://code.wireshark.org/review/14530 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-20 00:33:14 +00:00
call_data_dissector(tvb, pinfo, tree);
From Andrew Kampjes: SDH support for wireshark. - Added GPL license. - Removed not needed includes. - Skipped th .h file as it wasn't used. svn path=/trunk/; revision=43106
2012-06-05 10:42:38 +00:00
}
Don't assign to a proto_item* if the value won't be used: Coverity 895-897 Also: Fix some indentation & whitespace. svn path=/trunk/; revision=36355
2011-03-26 16:39:30 +00:00
break;
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
case ERF_TYPE_ETH:
case ERF_TYPE_COLOR_ETH:
case ERF_TYPE_DSM_COLOR_ETH:
ERF: Add dissection of missing ERF types Wiretap support had already been added for old type variants COLOR_HASH_ETH and COLOR_HASH_POS, dissect them like the other variants. Change-Id: I60b83c50a258a27c31a498382c276bc4f4a34cbb Reviewed-on: https://code.wireshark.org/review/15397 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-12 06:54:01 +00:00
case ERF_TYPE_COLOR_HASH_ETH:
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
dissect_eth_header(tvb, pinfo, erf_tree);
/* fall through */
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
case ERF_TYPE_IPV4:
case ERF_TYPE_IPV6:
From Stephen Donnelly via bug 2235: This plugin implements a dissector for Infiniband. It is released under the GPL v2. Rather than using say libpcap to capture raw (unframed) IP packets from near the top of an IPoIB stack, this plugin dissects link level Infiniband frames. Infiniband trace files can be read from Endace ERF format trace files, or from libpcap DLT_ERF files containing ERF TYPE_INFINIBAND records. There is currently no native DLT_INFINIBAND in libpcap. Each record contains a hardware timestamp, capture metadata such as port Id, and a complete link level Infiniband frame starting from the Local Route Header. svn path=/trunk/; revision=24628
2008-03-14 17:47:53 +00:00
case ERF_TYPE_INFINIBAND:
From Stephen Donnelly: InfiniBand Link Packet (flow control) dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4656 svn path=/trunk/; revision=32425
2010-04-08 08:41:56 +00:00
case ERF_TYPE_INFINIBAND_LINK:
opa: Add dissectors for Intel’s Omni-Path Architecture (OPA) Added dissectors for OPA Fabric Executive (FE) Header, OPA Snoop and Capture (SnC) MetaData Header, OPA 9B Packets, and OPA MAD Packets. Bug: 12114 Change-Id: I6acd3c9e266e4b638167abbdd275ec7c1d472b4f Reviewed-on: https://code.wireshark.org/review/13473 Reviewed-by: Adam Goldman <adam.goldman@intel.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-02-04 15:10:28 +00:00
case ERF_TYPE_OPA_SNC:
case ERF_TYPE_OPA_9B:
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
if (!dissector_try_uint(erf_dissector_table, erf_type, tvb, pinfo, tree)) {
Create call_data_dissector() to call data dissector. This saves many dissectors the need to find the data dissector and store a handle to it. There were also some that were finding it, but not using it. For others this was the only reason for their handoff function, so it could be eliminated. Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b Reviewed-on: https://code.wireshark.org/review/14530 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-20 00:33:14 +00:00
call_data_dissector(tvb, pinfo, tree);
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
}
From Stephen Donnelly: InfiniBand Link Packet (flow control) dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4656 svn path=/trunk/; revision=32425
2010-04-08 08:41:56 +00:00
break;
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_LEGACY:
case ERF_TYPE_IP_COUNTER:
case ERF_TYPE_TCP_FLOW_COUNTER:
/* undefined */
break;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_PAD:
/* Nothing to do */
break;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_MC_RAW:
dissect_mc_raw_header(tvb, pinfo, erf_tree);
Create call_data_dissector() to call data dissector. This saves many dissectors the need to find the data dissector and store a handle to it. There were also some that were finding it, but not using it. For others this was the only reason for their handoff function, so it could be eliminated. Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b Reviewed-on: https://code.wireshark.org/review/14530 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-20 00:33:14 +00:00
call_data_dissector(tvb, pinfo, tree);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_MC_RAW_CHANNEL:
dissect_mc_rawlink_header(tvb, pinfo, erf_tree);
Create call_data_dissector() to call data dissector. This saves many dissectors the need to find the data dissector and store a handle to it. There were also some that were finding it, but not using it. For others this was the only reason for their handoff function, so it could be eliminated. Change-Id: I5d3f951ee1daa3d30c060d21bd12bbc881a8027b Reviewed-on: https://code.wireshark.org/review/14530 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-20 00:33:14 +00:00
call_data_dissector(tvb, pinfo, tree);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_MC_ATM:
dissect_mc_atm_header(tvb, pinfo, erf_tree);
/* continue with type ATM */
erf: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 Change-Id: I377a62a2702b89242a0abfb51f5617f265f698f3 Reviewed-on: https://code.wireshark.org/review/20403 Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-05 15:31:22 +00:00
/* FALL THROUGH */
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_ATM:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
memset(&atm_info, 0, sizeof(atm_info));
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
atm_hdr = tvb_get_ntohl(tvb, 0);
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.vpi = ((atm_hdr & 0x0ff00000) >> 20);
atm_info.vci = ((atm_hdr & 0x000ffff0) >> 4);
atm_info.channel = (flags & 0x03);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
/* Work around to have decoding working */
if (erf_rawcell_first) {
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
new_tvb = tvb_new_subset_remaining(tvb, ATM_HDR_LENGTH);
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
/* Treat this as a (short) ATM AAL5 PDU */
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.aal = AAL_5;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
switch (erf_aal5_type) {
case ERF_AAL5_GUESS:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.type = TRAF_UNKNOWN;
atm_info.subtype = TRAF_ST_UNKNOWN;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
/* Try to guess the type according to the first bytes */
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
erf_atm_guess_traffic_type(new_tvb, 0, tvb_captured_length(new_tvb), &atm_info);
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
break;
case ERF_AAL5_LLC:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.type = TRAF_LLCMX;
atm_info.subtype = TRAF_ST_UNKNOWN;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
break;
From Yair via bug 5779: Add option to leave AAL5 in unspecified format. (... with whitepsace changes by me.) svn path=/trunk/; revision=36416
2011-03-31 14:23:07 +00:00
case ERF_AAL5_UNSPEC:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.aal = AAL_5;
atm_info.type = TRAF_UNKNOWN;
atm_info.subtype = TRAF_ST_UNKNOWN;
From Yair via bug 5779: Add option to leave AAL5 in unspecified format. (... with whitepsace changes by me.) svn path=/trunk/; revision=36416
2011-03-31 14:23:07 +00:00
break;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
}
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
call_dissector_with_data(atm_untruncated_handle, new_tvb, pinfo, tree,
&atm_info);
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
} else {
/* Treat this as a raw cell */
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.flags |= ATM_RAW_CELL;
atm_info.flags |= ATM_NO_HEC;
atm_info.aal = AAL_UNKNOWN;
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
/* can call atm_untruncated because we set ATM_RAW_CELL flag */
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
call_dissector_with_data(atm_untruncated_handle, tvb, pinfo, tree,
&atm_info);
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
}
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_MC_AAL5:
dissect_mc_aal5_header(tvb, pinfo, erf_tree);
/* continue with type AAL5 */
erf: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 Change-Id: I377a62a2702b89242a0abfb51f5617f265f698f3 Reviewed-on: https://code.wireshark.org/review/20403 Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-05 15:31:22 +00:00
/* FALL THROUGH */
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
case ERF_TYPE_AAL5:
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
atm_hdr = tvb_get_ntohl(tvb, 0);
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
memset(&atm_info, 0, sizeof(atm_info));
atm_info.vpi = ((atm_hdr & 0x0ff00000) >> 20);
atm_info.vci = ((atm_hdr & 0x000ffff0) >> 4);
atm_info.channel = (flags & 0x03);
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
Switch a bunch of dissectors over to using tvb_new_subset_remaining() svn path=/trunk/; revision=29446
2009-08-16 12:36:22 +00:00
new_tvb = tvb_new_subset_remaining(tvb, ATM_HDR_LENGTH);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
/* Work around to have decoding working */
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.aal = AAL_5;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
switch (erf_aal5_type) {
case ERF_AAL5_GUESS:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.type = TRAF_UNKNOWN;
atm_info.subtype = TRAF_ST_UNKNOWN;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
/* Try to guess the type according to the first bytes */
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
erf_atm_guess_traffic_type(new_tvb, 0, tvb_captured_length(new_tvb), &atm_info);
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
break;
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
case ERF_AAL5_LLC:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.type = TRAF_LLCMX;
atm_info.subtype = TRAF_ST_UNKNOWN;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
break;
From Yair via bug 5779: Add option to leave AAL5 in unspecified format. (... with whitepsace changes by me.) svn path=/trunk/; revision=36416
2011-03-31 14:23:07 +00:00
case ERF_AAL5_UNSPEC:
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.aal = AAL_5;
atm_info.type = TRAF_UNKNOWN;
atm_info.subtype = TRAF_ST_UNKNOWN;
From Yair via bug 5779: Add option to leave AAL5 in unspecified format. (... with whitepsace changes by me.) svn path=/trunk/; revision=36416
2011-03-31 14:23:07 +00:00
break;
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
}
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
call_dissector_with_data(atm_untruncated_handle, new_tvb, pinfo, tree,
&atm_info);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
case ERF_TYPE_MC_AAL2:
dissect_mc_aal2_header(tvb, pinfo, erf_tree);
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
/*
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
* Most of the information is in the ATM header; fetch it.
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_hdr = tvb_get_ntohl(tvb, 0);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
/*
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
* The channel identification number is in the MC header, so it's
* in the pseudo-header, not in the packet data.
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
*/
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
aal2_cid = (pinfo->pseudo_header->erf.subhdr.mc_hdr & MC_AAL2_CID_MASK) >> MC_AAL2_CID_SHIFT;
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
/* Zero out and fill in the ATM pseudo-header. */
memset(&atm_info, 0, sizeof(atm_info));
atm_info.aal = AAL_2;
atm_info.flags |= ATM_AAL2_NOPHDR;
atm_info.vpi = ((atm_hdr & 0x0ff00000) >> 20);
atm_info.vci = ((atm_hdr & 0x000ffff0) >> 4);
atm_info.channel = (flags & 0x03);
atm_info.aal2_cid = aal2_cid;
atm_info.type = TRAF_UNKNOWN;
atm_info.subtype = TRAF_ST_UNKNOWN;
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
/* remove ATM cell header from tvb */
new_tvb = tvb_new_subset_remaining(tvb, ATM_HDR_LENGTH);
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
call_dissector_with_data(atm_untruncated_handle, new_tvb, pinfo, tree,
&atm_info);
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
break;
case ERF_TYPE_AAL2:
dissect_aal2_header(tvb, pinfo, erf_tree);
/*
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
* Most of the information is in the ATM header; fetch it.
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
*/
atm_hdr = tvb_get_ntohl(tvb, 0);
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
/*
* The channel identification number is in the AAL2 header, so it's
* in the pseudo-header, not in the packet data.
*/
aal2_cid = (pinfo->pseudo_header->erf.subhdr.aal2_hdr & AAL2_CID_MASK) >> AAL2_CID_SHIFT;
/* Zero out and fill in the ATM pseudo-header. */
memset(&atm_info, 0, sizeof(atm_info));
atm_info.aal = AAL_2;
atm_info.flags |= ATM_AAL2_NOPHDR;
atm_info.vpi = ((atm_hdr & 0x0ff00000) >> 20);
atm_info.vci = ((atm_hdr & 0x000ffff0) >> 4);
atm_info.channel = (flags & 0x03);
ERF: Fix Dead Store (Dead assignement/Dead increment) Warning found by Clang Change-Id: Ibdf2eef90dff97498ddf9e11dfa14b7117ea4eab Reviewed-on: https://code.wireshark.org/review/13326 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-01-16 11:04:58 +00:00
atm_info.aal2_cid = aal2_cid;
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
atm_info.type = TRAF_UNKNOWN;
atm_info.subtype = TRAF_ST_UNKNOWN;
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
/* remove ATM cell header from tvb */
Switch a bunch of dissectors over to using tvb_new_subset_remaining() svn path=/trunk/; revision=29446
2009-08-16 12:36:22 +00:00
new_tvb = tvb_new_subset_remaining(tvb, ATM_HDR_LENGTH);
Have various ATM dissectors use the data arguments for pseudo-headers. Don't use the pseudo-header pointed to by pinfo->pseudo_header; have the argument either point to a struct atm_phdr or to a pwatm_private_data_t. Don't *overwrite* the pseudo-header pointed to by pinfo->pseudo_header if you need to construct an ATM pseudo-header for a dissector; have your own struct atm_phdr structure, fill it in, and pass a pointer to *that* to the sub-dissector. Cleans things up a bit. Change-Id: I4464924def4de41c625002b2d273592bd529e46e Reviewed-on: https://code.wireshark.org/review/13270 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-14 00:03:26 +00:00
call_dissector_with_data(atm_untruncated_handle, new_tvb, pinfo, tree,
&atm_info);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
case ERF_TYPE_MC_HDLC:
dissect_mc_hdlc_header(tvb, pinfo, erf_tree);
/* continue with type HDLC */
erf: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 Change-Id: I377a62a2702b89242a0abfb51f5617f265f698f3 Reviewed-on: https://code.wireshark.org/review/20403 Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-05 15:31:22 +00:00
/* FALL THROUGH */
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_TYPE_HDLC_POS:
case ERF_TYPE_COLOR_HDLC_POS:
case ERF_TYPE_DSM_COLOR_HDLC_POS:
case ERF_TYPE_COLOR_MC_HDLC_POS:
ERF: Add dissection of missing ERF types Wiretap support had already been added for old type variants COLOR_HASH_ETH and COLOR_HASH_POS, dissect them like the other variants. Change-Id: I60b83c50a258a27c31a498382c276bc4f4a34cbb Reviewed-on: https://code.wireshark.org/review/15397 Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-05-12 06:54:01 +00:00
case ERF_TYPE_COLOR_HASH_POS:
From beroset: remove C++ incompatibilities https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8416 svn path=/trunk/; revision=48426
2013-03-19 20:00:52 +00:00
hdlc_type = (erf_hdlc_type_vals)erf_hdlc_type;
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
if (hdlc_type == ERF_HDLC_GUESS) {
/* Try to guess the type. */
first_byte = tvb_get_guint8(tvb, 0);
if (first_byte == 0x0f || first_byte == 0x8f)
hdlc_type = ERF_HDLC_CHDLC;
else {
Don't assign to a proto_item* if the value won't be used: Coverity 895-897 Also: Fix some indentation & whitespace. svn path=/trunk/; revision=36355
2011-03-26 16:39:30 +00:00
/* Anything to check for to recognize Frame Relay or MTP2?
Fix a lot of typos and misspellings Change-Id: I8512cfa1d424f82a873a0e0e1d22c7b075fdd7f3 Reviewed-on: https://code.wireshark.org/review/13069 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-01-06 00:58:42 +00:00
Should we require PPP packets to begin with FF 03? */
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
hdlc_type = ERF_HDLC_PPP;
}
}
/* Clean the pseudo header (if used in subdissector) and call the
appropriate subdissector. */
switch (hdlc_type) {
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
case ERF_HDLC_CHDLC:
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
call_dissector(chdlc_handle, tvb, pinfo, tree);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
case ERF_HDLC_PPP:
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
call_dissector(ppp_handle, tvb, pinfo, tree);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
case ERF_HDLC_FRELAY:
Rename the pseudo-header for X.25, V.120, and Frame Relay. It's not just for X.25, it's for anything that has the notion of Data Terminal Equipment and Data Communications Equipment; call it "dte_dce", not "x25". Change-Id: I3d51fec8b424e91ffd6d59895f50fc5ece791b08 Reviewed-on: https://code.wireshark.org/review/29834 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-09-26 00:12:43 +00:00
memset(&pinfo->pseudo_header->dte_dce, 0, sizeof(pinfo->pseudo_header->dte_dce));
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
call_dissector(frelay_handle, tvb, pinfo, tree);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
case ERF_HDLC_MTP2:
/* not used, but .. */
memset(&pinfo->pseudo_header->mtp2, 0, sizeof(pinfo->pseudo_header->mtp2));
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
call_dissector(mtp2_handle, tvb, pinfo, tree);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
break;
default:
break;
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
}
break;
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
ERF: Add basic no-break support for ERF_TYPE_META. Update erf_open heuristic to not break when ERF_TYPE_META records are present. Remove check for maximum non-pad ERF type and add defines for reserved types. No dissection in this commit beyond record type name, this will come later. Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85 Reviewed-on: https://code.wireshark.org/review/12708 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-19 03:23:53 +00:00
case ERF_TYPE_META:
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
dissect_meta_record_tags(tvb, pinfo, erf_tree);
ERF: Add basic no-break support for ERF_TYPE_META. Update erf_open heuristic to not break when ERF_TYPE_META records are present. Remove check for maximum non-pad ERF type and add defines for reserved types. No dissection in this commit beyond record type name, this will come later. Change-Id: Ib64e450e26b2878b5519fb6afeafa2ce9477ac85 Reviewed-on: https://code.wireshark.org/review/12708 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2015-11-19 03:23:53 +00:00
break;
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
default:
ERF: Make ERF wiretap forwards compatible. Dissector has always been able to cope with unknown record types so pass them through (and call the data dissector from the ERF dissector in this case). Previously was stopping processing on the first unrecognized record which is very unhelpful for otherwise valid files that have new types mixed in. Remove ERF type check altogether from open heuristic as ERF type could be past 48 in future and with more extension headers bit any byte value could be valid. Also allow setting ERF_RECORDS_TO_CHECK to 0 to force skipping the heuristic. Change-Id: I8331eef30ba2e949564f418b3100bd73b8f58116 Reviewed-on: https://code.wireshark.org/review/15361 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-03-21 04:32:13 +00:00
call_data_dissector(tvb, pinfo, tree);
pinfo->pseudo_header can and should be assumed to be non-null by a dissector. This fixes Coverity CID 238 (as we *were* assuming it was non-null in one statement, and then only checking it later). Set pinfo->p2p_dir to one of P2P_DIR_RECV or P2P_DIR_SENT, as it's supposed to be, not to a Boolean value, and explain the basis on which it's being set. svn path=/trunk/; revision=24055
2008-01-10 09:40:15 +00:00
break;
} /* erf type */
register_dissector -> new_register_dissector Picking off "easy" dissectors that only have one or two exit points at most. Change-Id: I3d5e576b796556ef070bb36d8b55da0b175dcba8 Reviewed-on: https://code.wireshark.org/review/11805 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-11-10 04:01:28 +00:00
return tvb_captured_length(tvb);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
static void erf_init_dissection(void)
{
erf_state.implicit_host_id = 0;
erf_state.source_map = wmem_map_new(wmem_file_scope(), wmem_int64_hash, g_int64_equal);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
erf_state.host_anchor_map = wmem_map_new(wmem_file_scope(), erf_anchor_key_hash, erf_anchor_key_equal);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Old map is freed automatically */
}
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
void
proto_register_erf(void)
{
static hf_register_info hf[] = {
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
/* ERF Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ts,
{ "Timestamp", "erf.ts",
FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL } },
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_rectype,
Convert proto_tree_add_uint_format to proto_tree_add_uint_format_value if hf_ field name is the first part of the formatted string. This was all manual inspection and most cases were either: 1. Case sensitivity differences between hf_ field name and formatted string. 2. Unnecessary whitespace between hf_ field name and colon in formatted string There are cases where the hf_ field name doesn't quite match the proto_tree_add_uint_format, but it's close enough that one of them should be "right", I'm just not sure which is, I just know the string in proto_tree_add_uint_format is the one displayed. svn path=/trunk/; revision=52098
2013-09-16 10:39:06 +00:00
{ "Record type", "erf.types",
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_type,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Type", "erf.types.type",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_DEC, VALS(erf_type_vals), ERF_HDR_TYPE_MASK, NULL, HFILL } },
{ &hf_erf_ehdr,
{ "Extension header present", "erf.types.ext_header",
FT_UINT8, BASE_DEC, NULL, ERF_HDR_EHDR_MASK, NULL, HFILL } },
{ &hf_erf_flags,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Flags", "erf.flags",
FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_flags_cap,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Capture interface", "erf.flags.cap",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_DEC, NULL, ERF_HDR_CAP_MASK, NULL, HFILL } },
{ &hf_erf_flags_vlen,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Varying record length", "erf.flags.vlen",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_DEC, NULL, ERF_HDR_VLEN_MASK, NULL, HFILL } },
{ &hf_erf_flags_trunc,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Truncated", "erf.flags.trunc",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_DEC, NULL, ERF_HDR_TRUNC_MASK, NULL, HFILL } },
{ &hf_erf_flags_rxe,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "RX error", "erf.flags.rxe",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_DEC, NULL, ERF_HDR_RXE_MASK, NULL, HFILL } },
{ &hf_erf_flags_dse,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "DS error", "erf.flags.dse",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_DEC, NULL, ERF_HDR_DSE_MASK, NULL, HFILL } },
{ &hf_erf_flags_res,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.flags.res",
FT_UINT8, BASE_HEX, NULL, ERF_HDR_RES_MASK, NULL, HFILL } },
{ &hf_erf_rlen,
{ "Record length", "erf.rlen",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_lctr,
{ "Loss counter", "erf.lctr",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
Some ERF pseudo-headers have color instead of lctr value Don't report expert-info warnings for lctr when it is actually color. Change-Id: I689ec84dd8f1cafa1ec7e8740f9bc4091339929a Reviewed-on: https://code.wireshark.org/review/20306 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-02-27 21:13:42 +00:00
{ &hf_erf_color,
{ "Color", "erf.color",
FT_UINT16, BASE_HEX, NULL, 0x0, NULL, HFILL } },
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_wlen,
{ "Wire length", "erf.wlen",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_t,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Extension Header", "erf.ehdr.types",
FT_UINT8, BASE_DEC, VALS(ehdr_type_vals), 0x0, NULL, HFILL } },
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Intercept ID Extension Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_int_res1,
{ "Reserved", "erf.ehdr.int.res1",
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_int_id,
{ "Intercept ID", "erf.ehdr.int.intid",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_ehdr_int_res2,
{ "Reserved", "erf.ehdr.int.res2",
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Raw Link Extension Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_raw_link_res,
{ "Reserved", "erf.ehdr.raw.res",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_ehdr_raw_link_seqnum,
{ "Sequence number", "erf.ehdr.raw.seqnum",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_ehdr_raw_link_rate,
{ "Rate", "erf.ehdr.raw.rate",
FT_UINT8, BASE_DEC, VALS(raw_link_rates), 0x0, NULL, HFILL } },
{ &hf_erf_ehdr_raw_link_type,
{ "Link Type", "erf.ehdr.raw.link_type",
FT_UINT8, BASE_DEC, VALS(raw_link_types), 0x0, NULL, HFILL } },
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
/* Classification Extension Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_class_flags,
{ "Flags", "erf.ehdr.class.flags",
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_class_flags_sh,
{ "Search hit", "erf.ehdr.class.flags.sh",
FT_UINT32, BASE_DEC, NULL, EHDR_CLASS_SH_MASK, NULL, HFILL } },
{ &hf_erf_ehdr_class_flags_shm,
{ "Multiple search hits", "erf.ehdr.class.flags.shm",
FT_UINT32, BASE_DEC, NULL, EHDR_CLASS_SHM_MASK, NULL, HFILL } },
{ &hf_erf_ehdr_class_flags_res1,
{ "Reserved", "erf.ehdr.class.flags.res1",
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
FT_UINT32, BASE_HEX, NULL, EHDR_CLASS_RES1_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_class_flags_user,
{ "User classification", "erf.ehdr.class.flags.user",
FT_UINT32, BASE_DEC, NULL, EHDR_CLASS_USER_MASK, NULL, HFILL } },
{ &hf_erf_ehdr_class_flags_res2,
{ "Reserved", "erf.ehdr.class.flags.res2",
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
FT_UINT32, BASE_HEX, NULL, EHDR_CLASS_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_class_flags_drop,
{ "Drop Steering Bit", "erf.ehdr.class.flags.drop",
FT_UINT32, BASE_DEC, NULL, EHDR_CLASS_DROP_MASK, NULL, HFILL } },
{ &hf_erf_ehdr_class_flags_str,
{ "Stream Steering Bits", "erf.ehdr.class.flags.str",
FT_UINT32, BASE_DEC, NULL, EHDR_CLASS_STER_MASK, NULL, HFILL } },
{ &hf_erf_ehdr_class_seqnum,
{ "Sequence number", "erf.ehdr.class.seqnum",
FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL } },
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
/* BFS Extension Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_bfs_hash,
{ "Hash", "erf.ehdr.bfs.hash",
FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_bfs_color,
{ "Filter Color", "erf.ehdr.bfs.color",
FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_bfs_raw_hash,
{ "Raw Hash", "erf.ehdr.bfs.rawhash",
FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
/* Channelised Extension Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_chan_morebits,
{ "More Bits", "erf.ehdr.chan.morebits",
FT_BOOLEAN hf[] entries with a 0 'bitmask' should have 'display' = BASE_NONE; In some cases: Use val_to_str_const() instead of val_to_str(); Reformat long lines; Do some general whitespace changes. svn path=/trunk/; revision=41587
2012-03-16 02:00:29 +00:00
FT_BOOLEAN, BASE_NONE, NULL, 0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_chan_morefrag,
{ "More Fragments", "erf.ehdr.chan.morefrag",
FT_BOOLEAN hf[] entries with a 0 'bitmask' should have 'display' = BASE_NONE; In some cases: Use val_to_str_const() instead of val_to_str(); Reformat long lines; Do some general whitespace changes. svn path=/trunk/; revision=41587
2012-03-16 02:00:29 +00:00
FT_BOOLEAN, BASE_NONE, NULL, 0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_chan_seqnum,
{ "Sequence Number", "erf.ehdr.chan.seqnum",
FT_UINT16, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_chan_res,
{ "Reserved", "erf.ehdr.chan.res",
FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_chan_virt_container_id,
{ "Virtual Container ID", "erf.ehdr.chan.vcid",
FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_chan_assoc_virt_container_size,
{ "Associated Virtual Container Size", "erf.ehdr.chan.vcsize",
FT_UINT8, BASE_HEX, VALS(channelised_assoc_virt_container_size), 0, NULL, HFILL } },
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
{ &hf_erf_ehdr_chan_rate,
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ "Origin Line Type/Rate", "erf.ehdr.chan.rate",
From Stephen Donnelly: a better fix for the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 : Previous patch solved the reported problem. This patch should cover input validation for the VC Id and Link Rate fields properly. Note link_rate==0 (unknown) is supported, as some hardware/firmware may not set this field, but vc_size==0 is defined invalid. From me: also initialize m_sdh_line_rate when the input is garbage. svn path=/trunk/; revision=44377
2012-08-09 13:20:39 +00:00
FT_UINT8, BASE_HEX, VALS(channelised_rate), 0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_chan_type,
{ "Frame Part Type", "erf.ehdr.chan.type",
FT_UINT8, BASE_HEX, VALS(channelised_type), 0, NULL, HFILL } },
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6943 : The ERF extension header 'New BFS' is poorly named, it is not descriptive. Rename the ERF 'New BFS' extension header to 'Signature' which is more descriptive, more easily distinguished, and consistent with the internal naming. svn path=/trunk/; revision=41515
2012-03-13 01:22:36 +00:00
/* Signature Extension Header */
{ &hf_erf_ehdr_signature_payload_hash,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Payload Hash", "erf.ehdr.signature.payloadhash",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT24, BASE_HEX, NULL, 0, NULL, HFILL } },
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6943 : The ERF extension header 'New BFS' is poorly named, it is not descriptive. Rename the ERF 'New BFS' extension header to 'Signature' which is more descriptive, more easily distinguished, and consistent with the internal naming. svn path=/trunk/; revision=41515
2012-03-13 01:22:36 +00:00
{ &hf_erf_ehdr_signature_color,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Filter Color", "erf.ehdr.signature.color",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL } },
From Stephen Donnelly via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6943 : The ERF extension header 'New BFS' is poorly named, it is not descriptive. Rename the ERF 'New BFS' extension header to 'Signature' which is more descriptive, more easily distinguished, and consistent with the internal naming. svn path=/trunk/; revision=41515
2012-03-13 01:22:36 +00:00
{ &hf_erf_ehdr_signature_flow_hash,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Flow Hash", "erf.ehdr.signature.flowhash",
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
FT_UINT24, BASE_HEX, NULL, 0, NULL, HFILL } },
Endace ERF channelisation and "New BFS" extension header support, from Andrew Kampjes. svn path=/trunk/; revision=38788
2011-08-30 03:58:12 +00:00
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Flow ID Extension Header */
{ &hf_erf_ehdr_flow_id_source_id,
{ "Source ID", "erf.ehdr.flowid.sourceid",
FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_flow_id_hash_type,
{ "Hash Type", "erf.ehdr.flowid.hashtype",
FT_UINT8, BASE_HEX, VALS(erf_hash_type), 0, NULL, HFILL } },
{ &hf_erf_ehdr_flow_id_stack_type,
{ "Stack Type", "erf.ehdr.flowid.stacktype",
FT_UINT8, BASE_HEX, VALS(erf_stack_type), 0, NULL, HFILL } },
{ &hf_erf_ehdr_flow_id_flow_hash,
{ "Flow Hash", "erf.ehdr.flowid.flowhash",
FT_UINT32, BASE_HEX, NULL, 0, NULL, HFILL } },
/* Host ID Extension Header */
{ &hf_erf_ehdr_host_id_sourceid,
{ "Source ID", "erf.ehdr.hostid.sourceid",
FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_erf_ehdr_host_id_hostid,
{ "Host ID", "erf.ehdr.hostid.hostid",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL } },
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Anchor ID Extension Header */
{ &hf_erf_ehdr_anchor_id_flags,
{ "Flags", "erf.ehdr.anchorid.flags",
FT_UINT8, BASE_HEX, NULL, 0, NULL, HFILL} },
{ &hf_erf_ehdr_anchor_id_definition,
{ "Anchor Definition", "erf.ehdr.anchorid.flags.definition",
FT_BOOLEAN, 8 /*bits in bitfield*/, NULL, 0x80, NULL, HFILL} },
{ &hf_erf_ehdr_anchor_id_reserved,
{ "Reserved", "erf.ehdr.anchorid.flags.rsvd",
FT_UINT8, BASE_HEX, NULL, 0x7f, NULL, HFILL} },
{ &hf_erf_ehdr_anchor_id_anchorid,
{ "Anchor ID", "erf.ehdr.anchorid.anchorid",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL} },
/* Generated fields for navigating Host ID/Anchor ID */
{ &hf_erf_anchor_linked,
{"Linked Frame", "erf.anchor.frame",
FT_FRAMENUM, BASE_NONE, NULL, 0, NULL, HFILL} },
{ &hf_erf_anchor_anchorid,
{ "Anchor ID", "erf.anchor.anchorid",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_erf_anchor_hostid,
{ "Host ID", "erf.anchor.hostid",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
/* Generated fields for navigating Host ID/Source ID */
{ &hf_erf_sourceid,
{ "Source ID", "erf.sourceid",
FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL } },
{ &hf_erf_hostid,
{ "Host ID", "erf.hostid",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL } },
{ &hf_erf_source_current,
{ "Next Metadata in Source", "erf.source_meta_frame_current",
FT_FRAMENUM, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_erf_source_next,
{ "Next Metadata in Source", "erf.source_meta_frame_next",
FT_FRAMENUM, BASE_NONE, NULL, 0, NULL, HFILL } },
{ &hf_erf_source_prev,
{ "Previous Metadata in Source", "erf.source_meta_frame_prev",
FT_FRAMENUM, BASE_NONE, NULL, 0, NULL, HFILL } },
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
/* Entropy Extension Header */
{ &hf_erf_ehdr_entropy_entropy,
{ "Entropy", "erf.ehdr.entropy.entropy",
FT_FLOAT, BASE_NONE, NULL, 0, NULL, HFILL} },
{ &hf_erf_ehdr_entropy_entropy_raw,
{ "Raw Entropy", "erf.ehdr.entropy.entropy.raw",
FT_UINT8, BASE_DEC, NULL, 0, NULL, HFILL} },
{ &hf_erf_ehdr_entropy_reserved,
{ "Reserved", "erf.ehdr.entropy.rsvd",
FT_UINT48, BASE_HEX, NULL, 0, NULL, HFILL} },
From Stephen Donnelly: Add BFS extension header decoding to ERF dissector. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5113 svn path=/trunk/; revision=33806
2010-08-16 05:34:12 +00:00
/* Unknown Extension Header */
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_ehdr_unk,
{ "Data", "erf.ehdr.unknown.data",
FT_UINT64, BASE_HEX, NULL, 0x0, NULL, HFILL } },
From Francesco Fusco: Endace ERFII (extension header) support. svn path=/trunk/; revision=26287
2008-09-29 16:20:24 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC HDLC Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_mc_hdlc,
{ "Multi Channel HDLC Header", "erf.mchdlc",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_cn,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Connection number", "erf.mchdlc.cn",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_CN_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_res1,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mchdlc.res1",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_HDLC_RES1_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_res2,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mchdlc.res2",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_HDLC_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_fcse,
{ "FCS error", "erf.mchdlc.fcse",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_FCSE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_sre,
{ "Short record error", "erf.mchdlc.sre",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_SRE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_lre,
{ "Long record error", "erf.mchdlc.lre",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_LRE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_afe,
{ "Aborted frame error", "erf.mchdlc.afe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_AFE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_oe,
{ "Octet error", "erf.mchdlc.oe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_OE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_lbe,
{ "Lost byte error", "erf.mchdlc.lbe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_LBE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_first,
{ "First record", "erf.mchdlc.first",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_HDLC_FIRST_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_hdlc_res3,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mchdlc.res3",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_HDLC_RES3_MASK, NULL, HFILL } },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC RAW Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_mc_raw,
{ "Multi Channel RAW Header", "erf.mcraw",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_raw_int,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Physical interface", "erf.mcraw.int",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAW_INT_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_raw_res1,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcraw.res1",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_RAW_RES1_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_raw_sre,
{ "Short record error", "erf.mcraw.sre",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAW_SRE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_raw_lre,
{ "Long record error", "erf.mcraw.lre",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAW_LRE_MASK, NULL, HFILL } },
{ &hf_erf_mc_raw_res2,
{ "Reserved", "erf.mcraw.res2",
FT_UINT32, BASE_HEX, NULL, MC_RAW_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_raw_lbe,
{ "Lost byte error", "erf.mcraw.lbe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAW_LBE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_raw_first,
{ "First record", "erf.mcraw.first",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAW_FIRST_MASK, NULL, HFILL } },
{ &hf_erf_mc_raw_res3,
{ "Reserved", "erf.mcraw.res3",
FT_UINT32, BASE_HEX, NULL, MC_RAW_RES3_MASK, NULL, HFILL } },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC ATM Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_mc_atm,
{ "Multi Channel ATM Header", "erf.mcatm",
FT_UINT32, BASE_HEX, NULL, 0x00, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_cn,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Connection number", "erf.mcatm.cn",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_CN_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_res1,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcatm.res1",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_ATM_RES1_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_mul,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Multiplexed", "erf.mcatm.mul",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_MUL_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_port,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Physical port", "erf.mcatm.port",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_PORT_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_res2,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcatm.res2",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_ATM_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_lbe,
{ "Lost Byte Error", "erf.mcatm.lbe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_LBE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_hec,
{ "HEC corrected", "erf.mcatm.hec",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_HEC_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_crc10,
{ "OAM Cell CRC10 Error (not implemented)", "erf.mcatm.crc10",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_CRC10_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_oamcell,
{ "OAM Cell", "erf.mcatm.oamcell",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_OAMCELL_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_first,
{ "First record", "erf.mcatm.first",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_ATM_FIRST_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_atm_res3,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcatm.res3",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_ATM_RES3_MASK, NULL, HFILL } },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC RAW Link Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_mc_rawl,
{ "Multi Channel RAW Link Header", "erf.mcrawl",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_rawl_cn,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Connection number", "erf.mcrawl.cn",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAWL_CN_MASK, NULL, HFILL } },
{ &hf_erf_mc_rawl_res1,
{ "Reserved", "erf.mcrawl.res1",
FT_UINT32, BASE_HEX, NULL, MC_RAWL_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_rawl_lbe,
{ "Lost byte error", "erf.mcrawl.lbe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAWL_LBE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_rawl_first,
{ "First record", "erf.mcrawl.first",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_RAWL_FIRST_MASK, NULL, HFILL } },
{ &hf_erf_mc_rawl_res2,
{ "Reserved", "erf.mcrawl.res2",
FT_UINT32, BASE_HEX, NULL, MC_RAWL_RES2_MASK, NULL, HFILL } },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC AAL5 Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_mc_aal5,
{ "Multi Channel AAL5 Header", "erf.mcaal5",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_cn,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Connection number", "erf.mcaal5.cn",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_CN_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_res1,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcaal5.res1",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_AAL5_RES1_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_port,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Physical port", "erf.mcaal5.port",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_PORT_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_crcck,
{ "CRC checked", "erf.mcaal5.crcck",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_CRCCK_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_crce,
{ "CRC error", "erf.mcaal5.crce",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_CRCE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_lenck,
{ "Length checked", "erf.mcaal5.lenck",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_LENCK_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_lene,
{ "Length error", "erf.mcaal5.lene",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_LENE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_res2,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcaal5.res2",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_AAL5_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_first,
{ "First record", "erf.mcaal5.first",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL5_FIRST_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal5_res3,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcaal5.res3",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_AAL5_RES3_MASK, NULL, HFILL } },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* MC AAL2 Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_mc_aal2,
{ "Multi Channel AAL2 Header", "erf.mcaal2",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_cn,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Connection number", "erf.mcaal2.cn",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL2_CN_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_res1,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved for extra connection", "erf.mcaal2.res1",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_AAL2_RES1_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_res2,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved for type", "erf.mcaal2.mul",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_AAL2_RES2_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_port,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Physical port", "erf.mcaal2.port",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL2_PORT_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_res3,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.mcaal2.res2",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, MC_AAL2_RES3_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_first,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "First cell received", "erf.mcaal2.lbe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL2_FIRST_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_maale,
{ "MAAL error", "erf.mcaal2.hec",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL2_MAALE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_lene,
{ "Length error", "erf.mcaal2.crc10",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL2_LENE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_mc_aal2_cid,
{ "Channel Identification Number", "erf.mcaal2.cid",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, MC_AAL2_CID_MASK, NULL, HFILL } },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
/* AAL2 Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_aal2,
{ "AAL2 Header", "erf.aal2",
FT_UINT32, BASE_HEX, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_aal2_cid,
{ "Channel Identification Number", "erf.aal2.cid",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, AAL2_CID_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_aal2_maale,
{ "MAAL error number", "erf.aal2.maale",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, AAL2_MAALE_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_aal2_maalei,
{ "MAAL error", "erf.aal2.hec",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, AAL2_MAALEI_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_aal2_first,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "First cell received", "erf.aal2.lbe",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_DEC, NULL, AAL2_FIRST_MASK, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_aal2_res1,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Reserved", "erf.aal2.res1",
Dissect the MC and AAL2 headers as 32-bit words. That's how they're extracted in the libwiretap module, and that's how they're shown in the ERF spec. This gets rid of some compiler warnings about type-punning. Merge some reserved bit fields to match what's in the ERF spec. Renumber others. Process the AAL2 and MC headers differently; yes, they're both big-endian 32-bit values, but that makes the code a bit clearer, and, heck, the optimizer may well combine the two sequences of code. Change-Id: Ief7f976e77e8f2fba1685ad5a50ee677a8070ae7 Reviewed-on: https://code.wireshark.org/review/13251 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 05:21:42 +00:00
FT_UINT32, BASE_HEX, NULL, AAL2_RES1_MASK, NULL, HFILL } },
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
/* ETH Header */
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ &hf_erf_eth,
{ "Ethernet pad", "erf.eth",
FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL } },
Cleanup: - packet-erf.h not used elsewhere; move to packet-erf.c; - reformat long lines; - minor code re-arrangement; - whitespace cleanup. svn path=/trunk/; revision=41345
2012-03-05 00:01:28 +00:00
{ &hf_erf_eth_off,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
{ "Offset", "erf.eth.off",
Clean up handling of the data before the Ethernet packet in ERF files. The data before the Ethernet packet isn't a 16-bit little-endian integer, it's two bytes, one byte of offset and one byte of padding. Change-Id: I327b88f058dda184b79d3c2c6cf0dea52c0d28b1 Reviewed-on: https://code.wireshark.org/review/13254 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-01-13 08:10:48 +00:00
FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_eth_pad,
{ "Padding", "erf.eth.pad",
FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } },
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Provenance record unknown tags */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
{ &hf_erf_meta_tag_type,
{ "Tag Type", "erf.meta.tag.type",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_meta_tag_len,
{ "Tag Length", "erf.meta.tag.len",
FT_UINT16, BASE_DEC, NULL, 0x0, NULL, HFILL } },
{ &hf_erf_meta_tag_unknown,
ERF: Fix dissector abort on short meta tags and typos Fix dissector abort on short tags. Fix value typo in hash mode enum. Differentiate unexpectedly short value, zero length (deliberate invalid) and off-end-of-record tags through expertinfo. Continue to use proto_tree_add_*() length mismatch warnings for unxepectedly long tags for now. Change WWN tags to FT_BYTES for now as they are 16 not 8 byte WWN. Not currently implemented outside Wireshark anyway. Ping-Bug: 12303 Change-Id: I79fe4332f0c1f2aed726c69acdbc958eb9e08816 Reviewed-on: https://code.wireshark.org/review/17382 Reviewed-by: Anthony Coddington <anthony.coddington@endace.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-08-29 23:04:23 +00:00
{ "Unknown Tag", "erf.meta.unknown",
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL } }
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
};
static gint *ett[] = {
&ett_erf,
&ett_erf_pseudo_hdr,
From Stephen Donnelly: ERF dissector cleanup https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7547 svn path=/trunk/; revision=44152
2012-07-31 07:03:25 +00:00
&ett_erf_rectype,
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
&ett_erf_flags,
&ett_erf_mc_hdlc,
&ett_erf_mc_raw,
&ett_erf_mc_atm,
&ett_erf_mc_rawlink,
&ett_erf_mc_aal5,
&ett_erf_mc_aal2,
From Stephen Donnelly: Endace ATM and AAL2 enhancements. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4447 svn path=/trunk/; revision=31766
2010-02-02 04:56:39 +00:00
&ett_erf_aal2,
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
&ett_erf_eth,
&ett_erf_meta,
&ett_erf_meta_tag,
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
&ett_erf_source,
&ett_erf_anchor,
ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of <All>: all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-25 22:21:25 +00:00
&ett_erf_anchor_flags,
&ett_erf_entropy_value
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
};
Make all enum_val_t's const. svn path=/trunk/; revision=46292
2012-11-29 20:15:37 +00:00
static const enum_val_t erf_hdlc_options[] = {
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
{ "chdlc", "Cisco HDLC", ERF_HDLC_CHDLC },
{ "ppp", "PPP serial", ERF_HDLC_PPP },
{ "frelay", "Frame Relay", ERF_HDLC_FRELAY },
{ "mtp2", "SS7 MTP2", ERF_HDLC_MTP2 },
{ "guess", "Attempt to guess", ERF_HDLC_GUESS },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
{ NULL, NULL, 0 }
};
Make all enum_val_t's const. svn path=/trunk/; revision=46292
2012-11-29 20:15:37 +00:00
static const enum_val_t erf_aal5_options[] = {
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
{ "guess", "Attempt to guess", ERF_AAL5_GUESS },
{ "llc", "LLC multiplexed", ERF_AAL5_LLC },
From Yair via bug 5779: Add option to leave AAL5 in unspecified format. (... with whitepsace changes by me.) svn path=/trunk/; revision=36416
2011-03-31 14:23:07 +00:00
{ "unspec", "Unspecified", ERF_AAL5_UNSPEC },
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
{ NULL, NULL, 0 }
};
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
static ei_register_info ei[] = {
{ &ei_erf_checksum_error, { "erf.checksum.error", PI_CHECKSUM, PI_ERROR, "ERF MC FCS Error", EXPFILL }},
{ &ei_erf_packet_loss, { "erf.packet_loss", PI_SEQUENCE, PI_WARN, "Packet loss occurred between previous and current packet", EXPFILL }},
{ &ei_erf_extension_headers_not_shown, { "erf.ehdr.more_not_shown", PI_SEQUENCE, PI_WARN, "More extension headers were present, not shown", EXPFILL }},
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
{ &ei_erf_meta_section_len_error, { "erf.meta.section_len.error", PI_PROTOCOL, PI_ERROR, "Provenance Section Length incorrect", EXPFILL }},
{ &ei_erf_meta_truncated_record, { "erf.meta.truncated_record", PI_MALFORMED, PI_ERROR, "Provenance truncated record", EXPFILL }},
{ &ei_erf_meta_truncated_tag, { "erf.meta.truncated_tag", PI_PROTOCOL, PI_ERROR, "Provenance truncated tag", EXPFILL }},
{ &ei_erf_meta_zero_len_tag, { "erf.meta.zero_len_tag", PI_PROTOCOL, PI_NOTE, "Provenance zero length tag", EXPFILL }},
{ &ei_erf_meta_reset, { "erf.meta.metadata_reset", PI_PROTOCOL, PI_WARN, "Provenance metadata reset", EXPFILL }}
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
};
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
module_t *erf_module;
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
expert_module_t* expert_erf;
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
proto_erf = proto_register_protocol("Extensible Record Format", "ERF", "erf");
new_register_dissector -> register_dissector for dissector directory. Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c Reviewed-on: https://code.wireshark.org/review/12485 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-12-09 04:04:01 +00:00
erf_handle = register_dissector("erf", dissect_erf, proto_erf);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
init_meta_tags();
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
proto_register_field_array(proto_erf, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
Batch of filterable expert info. svn path=/trunk/; revision=51625
2013-09-01 13:05:27 +00:00
expert_erf = expert_register_protocol(proto_erf);
expert_register_field_array(expert_erf, ei, array_length(ei));
Remove unneeded #includes (stdio.h,stdlib.h); Whitespace cleanup: trailing, indentation, "4-space tabs" svn path=/trunk/; revision=35850
2011-02-07 18:49:29 +00:00
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Register per-section Provenance fields */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
proto_register_field_array(proto_erf, (hf_register_info*) wmem_array_get_raw(erf_meta_index.hfri), (int) wmem_array_get_count(erf_meta_index.hfri));
proto_register_subtree_array((gint**) wmem_array_get_raw(erf_meta_index.ett), (int) wmem_array_get_count(erf_meta_index.ett));
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
erf_module = prefs_register_protocol(proto_erf, NULL);
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
prefs_register_enum_preference(erf_module, "hdlc_type", "ERF_HDLC Layer 2",
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
"Protocol encapsulated in HDLC records",
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
&erf_hdlc_type, erf_hdlc_options, FALSE);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Replace the old "erfatm" preference for the ERF dissector with an "aal5_type" dissector, which offers only "guess the traffic type" and "LLC multiplexed" as options, defaulting to "guess the type". Add a separate preference to control whether to treat single ATM cells as raw data or as the first cell of an AAL5 PDU (and dissecting them as short AAL5 PDUs). Don't reach inside the tvbuff to get the data and the length; use tvb_length() and tvb_get_ptr(). Pass the data *after* the AAL5 header to the "guess the traffic type" routine. svn path=/trunk/; revision=25736
2008-07-14 18:56:25 +00:00
prefs_register_bool_preference(erf_module, "rawcell_first",
"Raw ATM cells are first cell of AAL5 PDU",
"Whether raw ATM cells should be treated as "
"the first cell of an AAL5 PDU",
&erf_rawcell_first);
prefs_register_enum_preference(erf_module, "aal5_type",
"ATM AAL5 packet type",
"Protocol encapsulated in ATM AAL5 packets",
&erf_aal5_type, erf_aal5_options, FALSE);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
ERF: Fix Ethernet FCS detection and remove preference Use eth_maybefcs instead of eth_withoutfcs. ERF_TYPE_ETH records almost always have FCS, but using maybe means the "Assume packets have FCS" is respected. Mark the erf_ethfcs preference as obsolete. It was being ignored. This was broken by Change 3670 which changed the ERF dissector to use a dissector table. Change-Id: I45cffdaed3890f8a0f505b2011be8c5204d9b2a6 Reviewed-on: https://code.wireshark.org/review/15360 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-04-07 05:45:20 +00:00
/*
* We just use eth_maybefcs now and respect the Ethernet preference.
* ERF records usually have FCS.
*/
prefs_register_obsolete_preference(erf_module, "ethfcs");
packet-erf: added dissector table for "erf.types.type" type field. 1- removed unnecessary include <wiretap/erf.h> 2- used fall through in protocol switch case instead of calling same function with same params. fixes/changes after review with Evan Huus, changes ETH/IPv4/IPv6/Infiniband/InfinibandLink to use dissector table instead of direct function calls. other protocols should be called in the same way, we'll do it when have the time. instead of calling subdissector directly from packet-erf.c code it's easier to declare this and each time we need to register a new protocol over erf format we sould easily extend it from the protcol module instead using "dissector_add_uint()" function. the change is still backward compatible, if no upper protocol is registered for the specifc type an old fasion direct function call is performed. Change-Id: I3ae1ccfdd49ab8f90667185296cc950dc2184475 Reviewed-on: https://code.wireshark.org/review/3670 Petri-Dish: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2014-08-17 12:24:14 +00:00
Fix up dissector tables' UI names. This was inspired by using the Decode-As UI to decode Field "SSL TCP Dissector" Value (port) XXX as YYY. "SSL Port" makes more sense as the UI name. Change-Id: Id6398a5dc79e32bddc4f1bfcf0a468ae1364808f Reviewed-on: https://code.wireshark.org/review/19573 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-01-07 02:49:50 +00:00
erf_dissector_table = register_dissector_table("erf.types.type", "ERF Type", proto_erf, FT_UINT8, BASE_DEC);
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
register_init_routine(erf_init_dissection);
/* No extra cleanup needed */
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
void
proto_reg_handoff_erf(void)
{
Rename the routines that handle dissector tables with unsigned integer keys to have _uint in their names, to match the routines that handle dissector tables with string keys. (Using _port can confuse people into thinking they're intended solely for use with TCP/UDP/etc. ports when, in fact, they work better for things such as Ethernet types, where the binding of particular values to particular protocols are a lot stronger.) svn path=/trunk/; revision=35224
2010-12-20 05:35:29 +00:00
dissector_add_uint("wtap_encap", WTAP_ENCAP_ERF, erf_handle);
ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com> Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-06-01 08:34:25 +00:00
/* Also register dissector for Provenance non-packet records */
ERF: Add dissection and wiretap support for ERF_TYPE_META. ERF Dissector: Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers. Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h. The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type field describing what the hash was computed over. The Host ID extension header contains a 48-bit organizationally unique Host Identifier. Both extension headers contain the same 8-bit Source ID used for distinguishing records from multiple sources in the same file and for metadata linking to ERF_TYPE_META records. Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. ERF_TYPE_META records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. The dissector registers a field for each tag for each section type based on a template. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on MetaERF records and other records are associated using only the Source ID in the Flow ID extension header. Includes per-record generated Source summary and frame linking. These have the 'correct' Host ID and Source IDs from either extension header, including applying the Implicit Host ID, and links to the most recent ERF_TYPE_META record. Relies on Wireshark doing more than one pass to associate the correct implicit Host ID tree items for records before the first ERF_TYPE_META record. The metadata is technically not associated at that point anyway. ERF Wiretap: Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support. Adds read support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Concatenates and merges some summary fields to provide more useful information and attempt to combine ERF sources, streams and interfaces into wtap interfaces. Interface naming gracefully degrades when Host ID and Source ID are not present and is intended to be parseable for use by DAG software. Supports Implicit Host ID, but assumes it does not change. NOTE: Now only ERF interfaces that are present in the file are added. Only works with native ERF files for now. Written such that it is easily adapted for use by pcap dissector. Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records. Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META and ft_specific_record_phdr clashes with erf_mc_phdr. Only when native ERF file (as uses wth->file_type_subtype). Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF. Bug: 12303 Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d Reviewed-on: https://code.wireshark.org/review/14510 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-11 03:44:16 +00:00
dissector_add_uint("wtap_fts_rec", WTAP_FILE_TYPE_SUBTYPE_ERF, erf_handle);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Rename the ERF "erfhdlc" preference to "hdlc_type" ("erf" is redundant, and "hdlc" doesn't indicate that it's a protocol type), and, instead of a "raw" option, have a "try to guess the traffic type" option - for now, if the first byte is 0x0f or 0x8f, treat it as Cisco HDLC, otherwise treat it as PPP. svn path=/trunk/; revision=25737
2008-07-14 19:28:19 +00:00
/* Get handles for serial line protocols */
Manually add protocol dependencies derived from find_dissector. Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector. "data" dissector was not considered to be a dependency. Change-Id: I15d0d77301306587ef8e7af5876e74231816890d Reviewed-on: https://code.wireshark.org/review/14509 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-16 13:02:52 +00:00
chdlc_handle = find_dissector_add_dependency("chdlc", proto_erf);
ppp_handle = find_dissector_add_dependency("ppp_hdlc", proto_erf);
frelay_handle = find_dissector_add_dependency("fr", proto_erf);
mtp2_handle = find_dissector_add_dependency("mtp2_with_crc", proto_erf);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Just have a scalar handle_t for the Infiniband handle, for now. (The old code had the type value past the end of the array.) Rename the handle variables. svn path=/trunk/; revision=25739
2008-07-14 20:26:58 +00:00
/* Get handle for ATM dissector */
Manually add protocol dependencies derived from find_dissector. Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector. "data" dissector was not considered to be a dependency. Change-Id: I15d0d77301306587ef8e7af5876e74231816890d Reviewed-on: https://code.wireshark.org/review/14509 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-16 13:02:52 +00:00
atm_untruncated_handle = find_dissector_add_dependency("atm_untruncated", proto_erf);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
Manually add protocol dependencies derived from find_dissector. Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector. "data" dissector was not considered to be a dependency. Change-Id: I15d0d77301306587ef8e7af5876e74231816890d Reviewed-on: https://code.wireshark.org/review/14509 Petri-Dish: Michael Mann <mmann78@netscape.net> Reviewed-by: Michael Mann <mmann78@netscape.net>
2016-03-16 13:02:52 +00:00
sdh_handle = find_dissector_add_dependency("sdh", proto_erf);
From Florent DROUIN: This is a replacement of the existing decoding of ERF files (Extensible Record Format from Endace). For the decoding of the ERF files, according to the "type of record" given in the ERF header, several decoders can be used. Up to now, the decoder is determined according to an environment variable, or with a kind of heuristic. And, all the treatment is done during the file extraction. The new architecture, will separate the ERF file decoding, and the ERF record decoding. The ERF records will be decoded with a specific dissector. This dissector can be configured with options, to replace the environment variable. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1839 svn path=/trunk/; revision=23092
2007-10-08 11:41:21 +00:00
}
Add editor modelines; Adjust whitespace as needed. Change-Id: I434da226c842298f4fb2a4335d06d51e164af2af Reviewed-on: https://code.wireshark.org/review/4394 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-09-30 23:12:26 +00:00
/*
HTTPS (almost) everywhere. Change all wireshark.org URLs to use https. Fix some broken links while we're at it. Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c Reviewed-on: https://code.wireshark.org/review/34089 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2019-07-26 18:43:17 +00:00
* Editor modelines - https://www.wireshark.org/tools/modelines.html
Add editor modelines; Adjust whitespace as needed. Change-Id: I434da226c842298f4fb2a4335d06d51e164af2af Reviewed-on: https://code.wireshark.org/review/4394 Reviewed-by: Bill Meier <wmeier@newsguy.com>
2014-09-30 23:12:26 +00:00
*
* Local Variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/