diff --git a/epan/dissectors/packet-erf.c b/epan/dissectors/packet-erf.c index fb2e125c71..f8dd3dbb00 100644 --- a/epan/dissectors/packet-erf.c +++ b/epan/dissectors/packet-erf.c @@ -21,7 +21,7 @@ /* */ -#include "wiretap/erf.h" +#include "wiretap/erf_record.h" void proto_register_erf(void); void proto_reg_handoff_erf(void); diff --git a/epan/dissectors/packet-eth.c b/epan/dissectors/packet-eth.c index aa0cb78f2d..c85a31f25f 100644 --- a/epan/dissectors/packet-eth.c +++ b/epan/dissectors/packet-eth.c @@ -34,7 +34,7 @@ #include "packet-nsh.h" #include "packet-acdr.h" #include -#include +#include void proto_register_eth(void); void proto_reg_handoff_eth(void); diff --git a/epan/dissectors/packet-infiniband.c b/epan/dissectors/packet-infiniband.c index bc8f8cc462..13ef03d394 100644 --- a/epan/dissectors/packet-infiniband.c +++ b/epan/dissectors/packet-infiniband.c @@ -20,7 +20,7 @@ #include #include #include -#include +#include #include "packet-infiniband.h" diff --git a/epan/dissectors/packet-ip.c b/epan/dissectors/packet-ip.c index c0cf91a9cb..148e585175 100644 --- a/epan/dissectors/packet-ip.c +++ b/epan/dissectors/packet-ip.c @@ -37,7 +37,7 @@ #include #include -#include +#include #include #include "packet-ip.h" diff --git a/epan/dissectors/packet-ipv6.c b/epan/dissectors/packet-ipv6.c index 4371e30c3a..69d08df664 100644 --- a/epan/dissectors/packet-ipv6.c +++ b/epan/dissectors/packet-ipv6.c @@ -37,7 +37,7 @@ #include #include -#include +#include #include #include "packet-ip.h" #include "packet-juniper.h" diff --git a/epan/dissectors/packet-opa-snc.c b/epan/dissectors/packet-opa-snc.c index 27d0374efb..8d2996b156 100644 --- a/epan/dissectors/packet-opa-snc.c +++ b/epan/dissectors/packet-opa-snc.c @@ -13,7 +13,7 @@ #include #include -#include +#include void proto_reg_handoff_opa_snc(void); void proto_register_opa_snc(void); diff --git a/epan/dissectors/packet-opa.c b/epan/dissectors/packet-opa.c index 226a01b171..2494122c35 100644 --- a/epan/dissectors/packet-opa.c +++ b/epan/dissectors/packet-opa.c @@ -12,7 +12,7 @@ #include "config.h" #include -#include +#include void proto_reg_handoff_opa_9b(void); void proto_register_opa_9b(void); diff --git a/wiretap/erf-common.h b/wiretap/erf-common.h new file mode 100644 index 0000000000..7635ffcdae --- /dev/null +++ b/wiretap/erf-common.h @@ -0,0 +1,41 @@ +/* + * + * Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand. + * All rights reserved. + * + * This software and documentation has been developed by Endace Technology Ltd. + * along with the DAG PCI network capture cards. For further information please + * visit https://www.endace.com/. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef __W_ERF_COMMON_H__ +#define __W_ERF_COMMON_H__ + +/* + * Declarations of functions exported to file readers that handle + * LINKTYPE_ERF packets. + */ + +typedef struct erf_private erf_t; + +erf_t* erf_priv_create(void); +erf_t* erf_priv_free(erf_t* erf_priv); + +int erf_populate_interface_from_header(erf_t* erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header); + +#endif /* __W_ERF_COMMON_H__ */ + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ diff --git a/wiretap/erf.c b/wiretap/erf.c index e1ad854d3f..ebd47a68c4 100644 --- a/wiretap/erf.c +++ b/wiretap/erf.c @@ -35,6 +35,8 @@ #include "pcap-encap.h" #include "pcapng.h" #include "erf.h" +#include "erf_record.h" +#include "erf-common.h" struct erf_anchor_mapping { guint64 host_id; @@ -65,6 +67,8 @@ static void erf_close(wtap *wth); static int populate_summary_info(erf_t *erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header, Buffer *buf, guint32 packet_size, GPtrArray *anchor_mappings_to_update); static int erf_update_anchors_from_header(erf_t *erf_priv, wtap_rec *rec, union wtap_pseudo_header *pseudo_header, guint64 host_id, GPtrArray *anchor_mappings_to_update); +static int erf_get_source_from_header(union wtap_pseudo_header *pseudo_header, guint64 *host_id, guint8 *source_id); +static int erf_populate_interface(erf_t* erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header, guint64 host_id, guint8 source_id, guint8 if_num); typedef struct { gboolean write_next_extra_meta; @@ -82,7 +86,7 @@ typedef struct { GRand *rand; } erf_dump_t; -erf_dump_t* erf_dump_priv_create(void); +static erf_dump_t* erf_dump_priv_create(void); static void erf_dump_priv_free(erf_dump_t *dump_priv); static gboolean erf_dump_priv_compare_capture_comment(wtap_dumper *wdh, erf_dump_t *dump_priv,const union wtap_pseudo_header *pseudo_header, const guint8 *pd); static gboolean erf_comment_to_sections(wtap_dumper *wdh, guint16 section_type, guint16 section_id, gchar *comment, GPtrArray *sections); @@ -1725,7 +1729,7 @@ static gboolean erf_write_meta_record(wtap_dumper *wdh, erf_dump_t *dump_priv, g } -erf_dump_t *erf_dump_priv_create(void) { +static erf_dump_t *erf_dump_priv_create(void) { erf_dump_t *dump_priv; dump_priv = (erf_dump_t*)g_malloc(sizeof(erf_dump_t)); @@ -2026,7 +2030,7 @@ int erf_dump_open(wtap_dumper *wdh, int *err _U_) return TRUE; } -int erf_get_source_from_header(union wtap_pseudo_header *pseudo_header, guint64 *host_id, guint8 *source_id) +static int erf_get_source_from_header(union wtap_pseudo_header *pseudo_header, guint64 *host_id, guint8 *source_id) { guint8 type; guint8 has_more; @@ -2388,7 +2392,7 @@ static int erf_update_implicit_host_id(erf_t *erf_priv, wtap *wth, guint64 impli return 0; } -int erf_populate_interface(erf_t *erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header, guint64 host_id, guint8 source_id, guint8 if_num) +static int erf_populate_interface(erf_t *erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header, guint64 host_id, guint8 source_id, guint8 if_num) { wtap_block_t int_data; wtapng_if_descr_mandatory_t* int_data_mand; diff --git a/wiretap/erf.h b/wiretap/erf.h index 574f9daa9e..30da202904 100644 --- a/wiretap/erf.h +++ b/wiretap/erf.h @@ -17,351 +17,22 @@ #include #include "ws_symbol_export.h" -/* Record type defines */ -#define ERF_TYPE_LEGACY 0 -#define ERF_TYPE_HDLC_POS 1 -#define ERF_TYPE_ETH 2 -#define ERF_TYPE_ATM 3 -#define ERF_TYPE_AAL5 4 -#define ERF_TYPE_MC_HDLC 5 -#define ERF_TYPE_MC_RAW 6 -#define ERF_TYPE_MC_ATM 7 -#define ERF_TYPE_MC_RAW_CHANNEL 8 -#define ERF_TYPE_MC_AAL5 9 -#define ERF_TYPE_COLOR_HDLC_POS 10 -#define ERF_TYPE_COLOR_ETH 11 -#define ERF_TYPE_MC_AAL2 12 -#define ERF_TYPE_IP_COUNTER 13 -#define ERF_TYPE_TCP_FLOW_COUNTER 14 -#define ERF_TYPE_DSM_COLOR_HDLC_POS 15 -#define ERF_TYPE_DSM_COLOR_ETH 16 -#define ERF_TYPE_COLOR_MC_HDLC_POS 17 -#define ERF_TYPE_AAL2 18 -#define ERF_TYPE_COLOR_HASH_POS 19 -#define ERF_TYPE_COLOR_HASH_ETH 20 -#define ERF_TYPE_INFINIBAND 21 -#define ERF_TYPE_IPV4 22 -#define ERF_TYPE_IPV6 23 -#define ERF_TYPE_RAW_LINK 24 -#define ERF_TYPE_INFINIBAND_LINK 25 -/* XXX - what about 26? */ -#define ERF_TYPE_META 27 -#define ERF_TYPE_OPA_SNC 28 -#define ERF_TYPE_OPA_9B 29 - -/* 28-31 reserved for future public ERF types */ - -/* Record types reserved for local and internal use */ -#define ERF_TYPE_INTERNAL0 32 -#define ERF_TYPE_INTERNAL1 33 -#define ERF_TYPE_INTERNAL2 34 -#define ERF_TYPE_INTERNAL3 35 -#define ERF_TYPE_INTERNAL4 36 -#define ERF_TYPE_INTERNAL5 37 -#define ERF_TYPE_INTERNAL6 38 -#define ERF_TYPE_INTERNAL7 39 -#define ERF_TYPE_INTERNAL8 40 -#define ERF_TYPE_INTERNAL9 41 -#define ERF_TYPE_INTERNAL10 42 -#define ERF_TYPE_INTERNAL11 43 -#define ERF_TYPE_INTERNAL12 44 -#define ERF_TYPE_INTERNAL13 45 -#define ERF_TYPE_INTERNAL14 46 -#define ERF_TYPE_INTERNAL15 47 - -/* Pad records */ -#define ERF_TYPE_PAD 48 - -#define ERF_EXT_HDR_TYPE_CLASSIFICATION 3 -#define ERF_EXT_HDR_TYPE_INTERCEPTID 4 -#define ERF_EXT_HDR_TYPE_RAW_LINK 5 -#define ERF_EXT_HDR_TYPE_BFS 6 -#define ERF_EXT_HDR_TYPE_CHANNELISED 12 -#define ERF_EXT_HDR_TYPE_SIGNATURE 14 -#define ERF_EXT_HDR_TYPE_PKT_ID 15 -#define ERF_EXT_HDR_TYPE_FLOW_ID 16 -#define ERF_EXT_HDR_TYPE_HOST_ID 17 -#define ERF_EXT_HDR_TYPE_ANCHOR_ID 18 -#define ERF_EXT_HDR_TYPE_ENTROPY 19 - -/* Host ID and Anchor ID*/ -#define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) -#define ERF_EHDR_ANCHOR_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) -#define ERF_EHDR_MORE_EXTHDR_MASK G_GUINT64_CONSTANT(0x8000000000000000) -#define ERF_EHDR_ANCHOR_ID_DEFINITION_MASK G_GUINT64_CONSTANT(0x80000000000000) - -#define ERF_EHDR_FLOW_ID_STACK_TYPE_MASK G_GUINT64_CONSTANT(0xff00000000) -#define ERF_EHDR_FLOW_ID_SOURCE_ID_MASK G_GUINT64_CONSTANT(0xff000000000000) - -/* ERF Provenance metadata */ -#define ERF_META_SECTION_MASK 0xFF00 -#define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK) -#define ERF_META_HOST_ID_IMPLICIT G_MAXUINT64 -#define ERF_ANCHOR_ID_IS_DEFINITION(anchor_id) ((guint64)anchor_id & ERF_EHDR_ANCHOR_ID_DEFINITION_MASK) -#define ERF_EHDR_SET_MORE_EXTHDR(ext_hdr) ((guint64)ext_hdr | ERF_EHDR_MORE_EXTHDR_MASK) - -#define ERF_META_SECTION_CAPTURE 0xFF00 -#define ERF_META_SECTION_HOST 0xFF01 -#define ERF_META_SECTION_MODULE 0xFF02 -#define ERF_META_SECTION_INTERFACE 0xFF03 -#define ERF_META_SECTION_FLOW 0xFF04 -#define ERF_META_SECTION_STATS 0xFF05 -#define ERF_META_SECTION_INFO 0xFF06 -#define ERF_META_SECTION_CONTEXT 0xFF07 -#define ERF_META_SECTION_STREAM 0xFF08 -#define ERF_META_SECTION_TRANSFORM 0xFF09 -#define ERF_META_SECTION_DNS 0xFF0A -#define ERF_META_SECTION_SOURCE 0xFF0B - -#define ERF_META_TAG_padding 0 -#define ERF_META_TAG_comment 1 -#define ERF_META_TAG_gen_time 2 -#define ERF_META_TAG_parent_section 3 -#define ERF_META_TAG_reset 4 -#define ERF_META_TAG_event_time 5 -#define ERF_META_TAG_host_id 6 -#define ERF_META_TAG_attribute 7 -#define ERF_META_TAG_fcs_len 8 -#define ERF_META_TAG_mask_ipv4 9 -#define ERF_META_TAG_mask_cidr 10 - -#define ERF_META_TAG_org_name 11 -#define ERF_META_TAG_name 12 -#define ERF_META_TAG_descr 13 -#define ERF_META_TAG_config 14 -#define ERF_META_TAG_datapipe 15 -#define ERF_META_TAG_app_name 16 -#define ERF_META_TAG_os 17 -#define ERF_META_TAG_hostname 18 -#define ERF_META_TAG_user 19 -#define ERF_META_TAG_model 20 -#define ERF_META_TAG_fw_version 21 -#define ERF_META_TAG_serial_no 22 -#define ERF_META_TAG_ts_offset 23 -#define ERF_META_TAG_ts_clock_freq 24 -#define ERF_META_TAG_tzone 25 -#define ERF_META_TAG_tzone_name 26 -#define ERF_META_TAG_loc_lat 27 -#define ERF_META_TAG_loc_long 28 -#define ERF_META_TAG_snaplen 29 -#define ERF_META_TAG_card_num 30 -#define ERF_META_TAG_module_num 31 -#define ERF_META_TAG_access_num 32 -#define ERF_META_TAG_stream_num 33 -#define ERF_META_TAG_loc_name 34 -#define ERF_META_TAG_parent_file 35 -#define ERF_META_TAG_filter 36 -#define ERF_META_TAG_flow_hash_mode 37 -#define ERF_META_TAG_tunneling_mode 38 -#define ERF_META_TAG_npb_format 39 -#define ERF_META_TAG_mem 40 -#define ERF_META_TAG_datamine_id 41 -#define ERF_META_TAG_rotfile_id 42 -#define ERF_META_TAG_rotfile_name 43 -#define ERF_META_TAG_dev_name 44 -#define ERF_META_TAG_dev_path 45 -#define ERF_META_TAG_loc_descr 46 -#define ERF_META_TAG_app_version 47 -#define ERF_META_TAG_cpu_affinity 48 -#define ERF_META_TAG_cpu 49 -#define ERF_META_TAG_cpu_phys_cores 50 -#define ERF_META_TAG_cpu_numa_nodes 51 -#define ERF_META_TAG_dag_attribute 52 -#define ERF_META_TAG_dag_version 53 -#define ERF_META_TAG_stream_flags 54 -#define ERF_META_TAG_entropy_threshold 55 -#define ERF_META_TAG_smart_trunc_default 56 -#define ERF_META_TAG_ext_hdrs_added 57 -#define ERF_META_TAG_ext_hdrs_removed 58 -#define ERF_META_TAG_relative_snaplen 59 -#define ERF_META_TAG_temperature 60 -#define ERF_META_TAG_power 61 - -#define ERF_META_TAG_if_num 64 -#define ERF_META_TAG_if_vc 65 -#define ERF_META_TAG_if_speed 66 -#define ERF_META_TAG_if_ipv4 67 -#define ERF_META_TAG_if_ipv6 68 -#define ERF_META_TAG_if_mac 69 -#define ERF_META_TAG_if_eui 70 -#define ERF_META_TAG_if_ib_gid 71 -#define ERF_META_TAG_if_ib_lid 72 -#define ERF_META_TAG_if_wwn 73 -#define ERF_META_TAG_if_fc_id 74 -#define ERF_META_TAG_if_tx_speed 75 -#define ERF_META_TAG_if_erf_type 76 -#define ERF_META_TAG_if_link_type 77 -#define ERF_META_TAG_if_sfp_type 78 -#define ERF_META_TAG_if_rx_power 79 -#define ERF_META_TAG_if_tx_power 80 -#define ERF_META_TAG_if_link_status 81 -#define ERF_META_TAG_if_phy_mode 82 -#define ERF_META_TAG_if_port_type 83 -#define ERF_META_TAG_if_rx_latency 84 -#define ERF_META_TAG_tap_mode 85 -#define ERF_META_TAG_tap_fail_mode 86 -#define ERF_META_TAG_watchdog_expired 87 -#define ERF_META_TAG_watchdog_interval 88 - -#define ERF_META_TAG_src_ipv4 128 -#define ERF_META_TAG_dest_ipv4 129 -#define ERF_META_TAG_src_ipv6 130 -#define ERF_META_TAG_dest_ipv6 131 -#define ERF_META_TAG_src_mac 132 -#define ERF_META_TAG_dest_mac 133 -#define ERF_META_TAG_src_eui 134 -#define ERF_META_TAG_dest_eui 135 -#define ERF_META_TAG_src_ib_gid 136 -#define ERF_META_TAG_dest_ib_gid 137 -#define ERF_META_TAG_src_ib_lid 138 -#define ERF_META_TAG_dest_ib_lid 139 -#define ERF_META_TAG_src_wwn 140 -#define ERF_META_TAG_dest_wwn 141 -#define ERF_META_TAG_src_fc_id 142 -#define ERF_META_TAG_dest_fc_id 143 -#define ERF_META_TAG_src_port 144 -#define ERF_META_TAG_dest_port 145 -#define ERF_META_TAG_ip_proto 146 -#define ERF_META_TAG_flow_hash 147 -#define ERF_META_TAG_filter_match 148 -#define ERF_META_TAG_filter_match_name 149 -#define ERF_META_TAG_error_flags 150 -#define ERF_META_TAG_initiator_pkts 151 -#define ERF_META_TAG_responder_pkts 152 -#define ERF_META_TAG_initiator_bytes 153 -#define ERF_META_TAG_responder_bytes 154 -#define ERF_META_TAG_initiator_min_entropy 155 -#define ERF_META_TAG_responder_min_entropy 156 -#define ERF_META_TAG_initiator_avg_entropy 157 -#define ERF_META_TAG_responder_avg_entropy 158 -#define ERF_META_TAG_initiator_max_entropy 159 -#define ERF_META_TAG_responder_max_entropy 160 -#define ERF_META_TAG_dpi_application 161 -#define ERF_META_TAG_dpi_confidence 162 -#define ERF_META_TAG_dpi_state 163 -#define ERF_META_TAG_dpi_protocol_stack 164 -#define ERF_META_TAG_flow_state 165 - -#define ERF_META_TAG_start_time 193 -#define ERF_META_TAG_end_time 194 -#define ERF_META_TAG_stat_if_drop 195 -#define ERF_META_TAG_stat_frames 196 -#define ERF_META_TAG_stat_bytes 197 -#define ERF_META_TAG_stat_cap 198 -#define ERF_META_TAG_stat_cap_bytes 199 -#define ERF_META_TAG_stat_os_drop 200 -#define ERF_META_TAG_stat_ds_lctr 201 -#define ERF_META_TAG_stat_filter_match 202 -#define ERF_META_TAG_stat_filter_drop 203 -#define ERF_META_TAG_stat_too_short 204 -#define ERF_META_TAG_stat_too_long 205 -#define ERF_META_TAG_stat_rx_error 206 -#define ERF_META_TAG_stat_fcs_error 207 -#define ERF_META_TAG_stat_aborted 208 -#define ERF_META_TAG_stat_proto_error 209 -#define ERF_META_TAG_stat_b1_error 210 -#define ERF_META_TAG_stat_b2_error 211 -#define ERF_META_TAG_stat_b3_error 212 -#define ERF_META_TAG_stat_rei_error 213 -#define ERF_META_TAG_stat_drop 214 -#define ERF_META_TAG_stat_buf_drop 215 -#define ERF_META_TAG_stream_drop 216 -#define ERF_META_TAG_stream_buf_drop 217 - -#define ERF_META_TAG_ns_host_ipv4 256 -#define ERF_META_TAG_ns_host_ipv6 257 -#define ERF_META_TAG_ns_host_mac 258 -#define ERF_META_TAG_ns_host_eui 259 -#define ERF_META_TAG_ns_host_ib_gid 260 -#define ERF_META_TAG_ns_host_ib_lid 261 -#define ERF_META_TAG_ns_host_wwn 262 -#define ERF_META_TAG_ns_host_fc_id 263 -#define ERF_META_TAG_ns_dns_ipv4 264 -#define ERF_META_TAG_ns_dns_ipv6 265 - -#define ERF_META_TAG_exthdr 321 -#define ERF_META_TAG_pcap_ng_block 322 -#define ERF_META_TAG_asn1 323 - -#define ERF_META_TAG_clk_source 384 -#define ERF_META_TAG_clk_state 385 -#define ERF_META_TAG_clk_threshold 386 -#define ERF_META_TAG_clk_correction 387 -#define ERF_META_TAG_clk_failures 388 -#define ERF_META_TAG_clk_resyncs 389 -#define ERF_META_TAG_clk_phase_error 390 -#define ERF_META_TAG_clk_input_pulses 391 -#define ERF_META_TAG_clk_rejected_pulses 392 -#define ERF_META_TAG_clk_phc_index 393 -#define ERF_META_TAG_clk_phc_offset 394 -#define ERF_META_TAG_clk_timebase 395 -#define ERF_META_TAG_clk_descr 396 -#define ERF_META_TAG_clk_out_source 397 -#define ERF_META_TAG_clk_link_mode 398 -#define ERF_META_TAG_ptp_domain_num 399 -#define ERF_META_TAG_ptp_steps_removed 400 -#define ERF_META_TAG_ptp_offset_from_master 401 -#define ERF_META_TAG_ptp_mean_path_delay 402 -#define ERF_META_TAG_ptp_parent_identity 403 -#define ERF_META_TAG_ptp_parent_port_num 404 -#define ERF_META_TAG_ptp_gm_identity 405 -#define ERF_META_TAG_ptp_gm_clock_quality 406 -#define ERF_META_TAG_ptp_current_utc_offset 407 -#define ERF_META_TAG_ptp_time_properties 408 -#define ERF_META_TAG_ptp_time_source 409 -#define ERF_META_TAG_ptp_clock_identity 410 -#define ERF_META_TAG_ptp_port_num 411 -#define ERF_META_TAG_ptp_port_state 412 -#define ERF_META_TAG_ptp_delay_mechanism 413 -#define ERF_META_TAG_clk_port_proto 414 - #define ERF_POPULATE_SUCCESS 1 #define ERF_POPULATE_ALREADY_POPULATED 0 #define ERF_POPULATE_FAILED -1 #define ERF_MAX_INTERFACES 4 - /* - * The timestamp is 64bit unsigned fixed point little-endian value with - * 32 bits for second and 32 bits for fraction. - */ -typedef guint64 erf_timestamp_t; - -typedef struct erf_record { - erf_timestamp_t ts; - guint8 type; - guint8 flags; - guint16 rlen; - guint16 lctr; - guint16 wlen; -} erf_header_t; - -typedef struct erf_mc_hdr { - guint32 mc; -} erf_mc_header_t; - -typedef struct erf_aal2_hdr { - guint32 aal2; -} erf_aal2_header_t; - -typedef struct erf_eth_hdr { - guint8 offset; - guint8 pad; -} erf_eth_header_t; - -union erf_subhdr { - struct erf_mc_hdr mc_hdr; - struct erf_aal2_hdr aal2_hdr; - struct erf_eth_hdr eth_hdr; -}; - -typedef struct { +/* + * Private data for ERF files and LINKTYPE_ERF packets in pcap and pcapng. + */ +struct erf_private { GHashTable* if_map; GHashTable* anchor_map; guint64 implicit_host_id; guint64 capture_gentime; guint64 host_gentime; -} erf_t; +}; #define MIN_RECORDS_FOR_ERF_CHECK 3 #define RECORDS_FOR_ERF_CHECK 20 @@ -373,13 +44,6 @@ wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info); int erf_dump_can_write_encap(int encap); int erf_dump_open(wtap_dumper *wdh, int *err); -erf_t* erf_priv_create(void); -erf_t* erf_priv_free(erf_t* erf_priv); - -int erf_populate_interface(erf_t* erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header, guint64 host_id, guint8 source_id, guint8 if_num); -int erf_populate_interface_from_header(erf_t* erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header); -int erf_get_source_from_header(union wtap_pseudo_header *pseudo_header, guint64 *host_id, guint8 *source_id); - #endif /* __W_ERF_H__ */ /* diff --git a/wiretap/erf_record.h b/wiretap/erf_record.h new file mode 100644 index 0000000000..22297831df --- /dev/null +++ b/wiretap/erf_record.h @@ -0,0 +1,368 @@ +/* + * + * Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand. + * All rights reserved. + * + * This software and documentation has been developed by Endace Technology Ltd. + * along with the DAG PCI network capture cards. For further information please + * visit https://www.endace.com/. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef __W_ERF_RECORD_H__ +#define __W_ERF_RECORD_H__ + +/* + * Declarations and definitions for ERF records; for use by the ERF + * file reader, code to handle LINKTYPE_ERF packets in pcap and + * pcapng files, ERF metadata dissectors, and protocol dissectors + * that register for particular ERF record types. + */ + +/* Record type defines */ +#define ERF_TYPE_LEGACY 0 +#define ERF_TYPE_HDLC_POS 1 +#define ERF_TYPE_ETH 2 +#define ERF_TYPE_ATM 3 +#define ERF_TYPE_AAL5 4 +#define ERF_TYPE_MC_HDLC 5 +#define ERF_TYPE_MC_RAW 6 +#define ERF_TYPE_MC_ATM 7 +#define ERF_TYPE_MC_RAW_CHANNEL 8 +#define ERF_TYPE_MC_AAL5 9 +#define ERF_TYPE_COLOR_HDLC_POS 10 +#define ERF_TYPE_COLOR_ETH 11 +#define ERF_TYPE_MC_AAL2 12 +#define ERF_TYPE_IP_COUNTER 13 +#define ERF_TYPE_TCP_FLOW_COUNTER 14 +#define ERF_TYPE_DSM_COLOR_HDLC_POS 15 +#define ERF_TYPE_DSM_COLOR_ETH 16 +#define ERF_TYPE_COLOR_MC_HDLC_POS 17 +#define ERF_TYPE_AAL2 18 +#define ERF_TYPE_COLOR_HASH_POS 19 +#define ERF_TYPE_COLOR_HASH_ETH 20 +#define ERF_TYPE_INFINIBAND 21 +#define ERF_TYPE_IPV4 22 +#define ERF_TYPE_IPV6 23 +#define ERF_TYPE_RAW_LINK 24 +#define ERF_TYPE_INFINIBAND_LINK 25 +/* XXX - what about 26? */ +#define ERF_TYPE_META 27 +#define ERF_TYPE_OPA_SNC 28 +#define ERF_TYPE_OPA_9B 29 + +/* 28-31 reserved for future public ERF types */ + +/* Record types reserved for local and internal use */ +#define ERF_TYPE_INTERNAL0 32 +#define ERF_TYPE_INTERNAL1 33 +#define ERF_TYPE_INTERNAL2 34 +#define ERF_TYPE_INTERNAL3 35 +#define ERF_TYPE_INTERNAL4 36 +#define ERF_TYPE_INTERNAL5 37 +#define ERF_TYPE_INTERNAL6 38 +#define ERF_TYPE_INTERNAL7 39 +#define ERF_TYPE_INTERNAL8 40 +#define ERF_TYPE_INTERNAL9 41 +#define ERF_TYPE_INTERNAL10 42 +#define ERF_TYPE_INTERNAL11 43 +#define ERF_TYPE_INTERNAL12 44 +#define ERF_TYPE_INTERNAL13 45 +#define ERF_TYPE_INTERNAL14 46 +#define ERF_TYPE_INTERNAL15 47 + +/* Pad records */ +#define ERF_TYPE_PAD 48 + +#define ERF_EXT_HDR_TYPE_CLASSIFICATION 3 +#define ERF_EXT_HDR_TYPE_INTERCEPTID 4 +#define ERF_EXT_HDR_TYPE_RAW_LINK 5 +#define ERF_EXT_HDR_TYPE_BFS 6 +#define ERF_EXT_HDR_TYPE_CHANNELISED 12 +#define ERF_EXT_HDR_TYPE_SIGNATURE 14 +#define ERF_EXT_HDR_TYPE_PKT_ID 15 +#define ERF_EXT_HDR_TYPE_FLOW_ID 16 +#define ERF_EXT_HDR_TYPE_HOST_ID 17 +#define ERF_EXT_HDR_TYPE_ANCHOR_ID 18 +#define ERF_EXT_HDR_TYPE_ENTROPY 19 + +/* Host ID and Anchor ID*/ +#define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) +#define ERF_EHDR_ANCHOR_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) +#define ERF_EHDR_MORE_EXTHDR_MASK G_GUINT64_CONSTANT(0x8000000000000000) +#define ERF_EHDR_ANCHOR_ID_DEFINITION_MASK G_GUINT64_CONSTANT(0x80000000000000) + +#define ERF_EHDR_FLOW_ID_STACK_TYPE_MASK G_GUINT64_CONSTANT(0xff00000000) +#define ERF_EHDR_FLOW_ID_SOURCE_ID_MASK G_GUINT64_CONSTANT(0xff000000000000) + +/* ERF Provenance metadata */ +#define ERF_META_SECTION_MASK 0xFF00 +#define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK) +#define ERF_META_HOST_ID_IMPLICIT G_MAXUINT64 +#define ERF_ANCHOR_ID_IS_DEFINITION(anchor_id) ((guint64)anchor_id & ERF_EHDR_ANCHOR_ID_DEFINITION_MASK) +#define ERF_EHDR_SET_MORE_EXTHDR(ext_hdr) ((guint64)ext_hdr | ERF_EHDR_MORE_EXTHDR_MASK) + +#define ERF_META_SECTION_CAPTURE 0xFF00 +#define ERF_META_SECTION_HOST 0xFF01 +#define ERF_META_SECTION_MODULE 0xFF02 +#define ERF_META_SECTION_INTERFACE 0xFF03 +#define ERF_META_SECTION_FLOW 0xFF04 +#define ERF_META_SECTION_STATS 0xFF05 +#define ERF_META_SECTION_INFO 0xFF06 +#define ERF_META_SECTION_CONTEXT 0xFF07 +#define ERF_META_SECTION_STREAM 0xFF08 +#define ERF_META_SECTION_TRANSFORM 0xFF09 +#define ERF_META_SECTION_DNS 0xFF0A +#define ERF_META_SECTION_SOURCE 0xFF0B + +#define ERF_META_TAG_padding 0 +#define ERF_META_TAG_comment 1 +#define ERF_META_TAG_gen_time 2 +#define ERF_META_TAG_parent_section 3 +#define ERF_META_TAG_reset 4 +#define ERF_META_TAG_event_time 5 +#define ERF_META_TAG_host_id 6 +#define ERF_META_TAG_attribute 7 +#define ERF_META_TAG_fcs_len 8 +#define ERF_META_TAG_mask_ipv4 9 +#define ERF_META_TAG_mask_cidr 10 + +#define ERF_META_TAG_org_name 11 +#define ERF_META_TAG_name 12 +#define ERF_META_TAG_descr 13 +#define ERF_META_TAG_config 14 +#define ERF_META_TAG_datapipe 15 +#define ERF_META_TAG_app_name 16 +#define ERF_META_TAG_os 17 +#define ERF_META_TAG_hostname 18 +#define ERF_META_TAG_user 19 +#define ERF_META_TAG_model 20 +#define ERF_META_TAG_fw_version 21 +#define ERF_META_TAG_serial_no 22 +#define ERF_META_TAG_ts_offset 23 +#define ERF_META_TAG_ts_clock_freq 24 +#define ERF_META_TAG_tzone 25 +#define ERF_META_TAG_tzone_name 26 +#define ERF_META_TAG_loc_lat 27 +#define ERF_META_TAG_loc_long 28 +#define ERF_META_TAG_snaplen 29 +#define ERF_META_TAG_card_num 30 +#define ERF_META_TAG_module_num 31 +#define ERF_META_TAG_access_num 32 +#define ERF_META_TAG_stream_num 33 +#define ERF_META_TAG_loc_name 34 +#define ERF_META_TAG_parent_file 35 +#define ERF_META_TAG_filter 36 +#define ERF_META_TAG_flow_hash_mode 37 +#define ERF_META_TAG_tunneling_mode 38 +#define ERF_META_TAG_npb_format 39 +#define ERF_META_TAG_mem 40 +#define ERF_META_TAG_datamine_id 41 +#define ERF_META_TAG_rotfile_id 42 +#define ERF_META_TAG_rotfile_name 43 +#define ERF_META_TAG_dev_name 44 +#define ERF_META_TAG_dev_path 45 +#define ERF_META_TAG_loc_descr 46 +#define ERF_META_TAG_app_version 47 +#define ERF_META_TAG_cpu_affinity 48 +#define ERF_META_TAG_cpu 49 +#define ERF_META_TAG_cpu_phys_cores 50 +#define ERF_META_TAG_cpu_numa_nodes 51 +#define ERF_META_TAG_dag_attribute 52 +#define ERF_META_TAG_dag_version 53 +#define ERF_META_TAG_stream_flags 54 +#define ERF_META_TAG_entropy_threshold 55 +#define ERF_META_TAG_smart_trunc_default 56 +#define ERF_META_TAG_ext_hdrs_added 57 +#define ERF_META_TAG_ext_hdrs_removed 58 +#define ERF_META_TAG_relative_snaplen 59 +#define ERF_META_TAG_temperature 60 +#define ERF_META_TAG_power 61 + +#define ERF_META_TAG_if_num 64 +#define ERF_META_TAG_if_vc 65 +#define ERF_META_TAG_if_speed 66 +#define ERF_META_TAG_if_ipv4 67 +#define ERF_META_TAG_if_ipv6 68 +#define ERF_META_TAG_if_mac 69 +#define ERF_META_TAG_if_eui 70 +#define ERF_META_TAG_if_ib_gid 71 +#define ERF_META_TAG_if_ib_lid 72 +#define ERF_META_TAG_if_wwn 73 +#define ERF_META_TAG_if_fc_id 74 +#define ERF_META_TAG_if_tx_speed 75 +#define ERF_META_TAG_if_erf_type 76 +#define ERF_META_TAG_if_link_type 77 +#define ERF_META_TAG_if_sfp_type 78 +#define ERF_META_TAG_if_rx_power 79 +#define ERF_META_TAG_if_tx_power 80 +#define ERF_META_TAG_if_link_status 81 +#define ERF_META_TAG_if_phy_mode 82 +#define ERF_META_TAG_if_port_type 83 +#define ERF_META_TAG_if_rx_latency 84 +#define ERF_META_TAG_tap_mode 85 +#define ERF_META_TAG_tap_fail_mode 86 +#define ERF_META_TAG_watchdog_expired 87 +#define ERF_META_TAG_watchdog_interval 88 + +#define ERF_META_TAG_src_ipv4 128 +#define ERF_META_TAG_dest_ipv4 129 +#define ERF_META_TAG_src_ipv6 130 +#define ERF_META_TAG_dest_ipv6 131 +#define ERF_META_TAG_src_mac 132 +#define ERF_META_TAG_dest_mac 133 +#define ERF_META_TAG_src_eui 134 +#define ERF_META_TAG_dest_eui 135 +#define ERF_META_TAG_src_ib_gid 136 +#define ERF_META_TAG_dest_ib_gid 137 +#define ERF_META_TAG_src_ib_lid 138 +#define ERF_META_TAG_dest_ib_lid 139 +#define ERF_META_TAG_src_wwn 140 +#define ERF_META_TAG_dest_wwn 141 +#define ERF_META_TAG_src_fc_id 142 +#define ERF_META_TAG_dest_fc_id 143 +#define ERF_META_TAG_src_port 144 +#define ERF_META_TAG_dest_port 145 +#define ERF_META_TAG_ip_proto 146 +#define ERF_META_TAG_flow_hash 147 +#define ERF_META_TAG_filter_match 148 +#define ERF_META_TAG_filter_match_name 149 +#define ERF_META_TAG_error_flags 150 +#define ERF_META_TAG_initiator_pkts 151 +#define ERF_META_TAG_responder_pkts 152 +#define ERF_META_TAG_initiator_bytes 153 +#define ERF_META_TAG_responder_bytes 154 +#define ERF_META_TAG_initiator_min_entropy 155 +#define ERF_META_TAG_responder_min_entropy 156 +#define ERF_META_TAG_initiator_avg_entropy 157 +#define ERF_META_TAG_responder_avg_entropy 158 +#define ERF_META_TAG_initiator_max_entropy 159 +#define ERF_META_TAG_responder_max_entropy 160 +#define ERF_META_TAG_dpi_application 161 +#define ERF_META_TAG_dpi_confidence 162 +#define ERF_META_TAG_dpi_state 163 +#define ERF_META_TAG_dpi_protocol_stack 164 +#define ERF_META_TAG_flow_state 165 + +#define ERF_META_TAG_start_time 193 +#define ERF_META_TAG_end_time 194 +#define ERF_META_TAG_stat_if_drop 195 +#define ERF_META_TAG_stat_frames 196 +#define ERF_META_TAG_stat_bytes 197 +#define ERF_META_TAG_stat_cap 198 +#define ERF_META_TAG_stat_cap_bytes 199 +#define ERF_META_TAG_stat_os_drop 200 +#define ERF_META_TAG_stat_ds_lctr 201 +#define ERF_META_TAG_stat_filter_match 202 +#define ERF_META_TAG_stat_filter_drop 203 +#define ERF_META_TAG_stat_too_short 204 +#define ERF_META_TAG_stat_too_long 205 +#define ERF_META_TAG_stat_rx_error 206 +#define ERF_META_TAG_stat_fcs_error 207 +#define ERF_META_TAG_stat_aborted 208 +#define ERF_META_TAG_stat_proto_error 209 +#define ERF_META_TAG_stat_b1_error 210 +#define ERF_META_TAG_stat_b2_error 211 +#define ERF_META_TAG_stat_b3_error 212 +#define ERF_META_TAG_stat_rei_error 213 +#define ERF_META_TAG_stat_drop 214 +#define ERF_META_TAG_stat_buf_drop 215 +#define ERF_META_TAG_stream_drop 216 +#define ERF_META_TAG_stream_buf_drop 217 + +#define ERF_META_TAG_ns_host_ipv4 256 +#define ERF_META_TAG_ns_host_ipv6 257 +#define ERF_META_TAG_ns_host_mac 258 +#define ERF_META_TAG_ns_host_eui 259 +#define ERF_META_TAG_ns_host_ib_gid 260 +#define ERF_META_TAG_ns_host_ib_lid 261 +#define ERF_META_TAG_ns_host_wwn 262 +#define ERF_META_TAG_ns_host_fc_id 263 +#define ERF_META_TAG_ns_dns_ipv4 264 +#define ERF_META_TAG_ns_dns_ipv6 265 + +#define ERF_META_TAG_exthdr 321 +#define ERF_META_TAG_pcap_ng_block 322 +#define ERF_META_TAG_asn1 323 + +#define ERF_META_TAG_clk_source 384 +#define ERF_META_TAG_clk_state 385 +#define ERF_META_TAG_clk_threshold 386 +#define ERF_META_TAG_clk_correction 387 +#define ERF_META_TAG_clk_failures 388 +#define ERF_META_TAG_clk_resyncs 389 +#define ERF_META_TAG_clk_phase_error 390 +#define ERF_META_TAG_clk_input_pulses 391 +#define ERF_META_TAG_clk_rejected_pulses 392 +#define ERF_META_TAG_clk_phc_index 393 +#define ERF_META_TAG_clk_phc_offset 394 +#define ERF_META_TAG_clk_timebase 395 +#define ERF_META_TAG_clk_descr 396 +#define ERF_META_TAG_clk_out_source 397 +#define ERF_META_TAG_clk_link_mode 398 +#define ERF_META_TAG_ptp_domain_num 399 +#define ERF_META_TAG_ptp_steps_removed 400 +#define ERF_META_TAG_ptp_offset_from_master 401 +#define ERF_META_TAG_ptp_mean_path_delay 402 +#define ERF_META_TAG_ptp_parent_identity 403 +#define ERF_META_TAG_ptp_parent_port_num 404 +#define ERF_META_TAG_ptp_gm_identity 405 +#define ERF_META_TAG_ptp_gm_clock_quality 406 +#define ERF_META_TAG_ptp_current_utc_offset 407 +#define ERF_META_TAG_ptp_time_properties 408 +#define ERF_META_TAG_ptp_time_source 409 +#define ERF_META_TAG_ptp_clock_identity 410 +#define ERF_META_TAG_ptp_port_num 411 +#define ERF_META_TAG_ptp_port_state 412 +#define ERF_META_TAG_ptp_delay_mechanism 413 +#define ERF_META_TAG_clk_port_proto 414 + + /* + * The timestamp is 64bit unsigned fixed point little-endian value with + * 32 bits for second and 32 bits for fraction. + */ +typedef guint64 erf_timestamp_t; + +typedef struct erf_record { + erf_timestamp_t ts; + guint8 type; + guint8 flags; + guint16 rlen; + guint16 lctr; + guint16 wlen; +} erf_header_t; + +typedef struct erf_mc_hdr { + guint32 mc; +} erf_mc_header_t; + +typedef struct erf_aal2_hdr { + guint32 aal2; +} erf_aal2_header_t; + +typedef struct erf_eth_hdr { + guint8 offset; + guint8 pad; +} erf_eth_header_t; + +union erf_subhdr { + struct erf_mc_hdr mc_hdr; + struct erf_aal2_hdr aal2_hdr; + struct erf_eth_hdr eth_hdr; +}; + +#endif /* __W_ERF_RECORD_H__ */ + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ diff --git a/wiretap/libpcap.c b/wiretap/libpcap.c index d88346c185..5e3dbf07cc 100644 --- a/wiretap/libpcap.c +++ b/wiretap/libpcap.c @@ -16,7 +16,7 @@ #include "pcap-common.h" #include "pcap-encap.h" #include "libpcap.h" -#include "erf.h" +#include "erf-common.h" /* See source to the "libpcap" library for information on the "libpcap" file format. */ diff --git a/wiretap/pcap-common.c b/wiretap/pcap-common.c index 4d64a7a777..062e65dc32 100644 --- a/wiretap/pcap-common.c +++ b/wiretap/pcap-common.c @@ -18,7 +18,7 @@ #include "wtap-int.h" #include "file_wrappers.h" #include "atm.h" -#include "erf.h" +#include "erf_record.h" #include "pcap-encap.h" #include "pcap-common.h"