diff options
author | Anthony Coddington <anthony.coddington@endace.com> | 2017-06-01 20:34:25 +1200 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-07-17 02:08:52 +0000 |
commit | f3181f706b39955a4f4bc26f1d6d75166a67c235 (patch) | |
tree | 4d1d9d5ab2a17a05219211537ba15693d46cd9b4 /wiretap/wtap.h | |
parent | 32ec45dc92a699e34e23197d2de48a043dfad426 (diff) |
ERF_TYPE_META write and comment support
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/wtap.h')
-rw-r--r-- | wiretap/wtap.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 7c895b5af3..a067d85fe0 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -959,7 +959,7 @@ struct erf_ehdr { * (Multichannel or Ethernet) */ -#define MAX_ERF_EHDR 8 +#define MAX_ERF_EHDR 16 struct wtap_erf_eth_hdr { guint8 offset; @@ -1233,6 +1233,8 @@ struct wtap_pkthdr { guint32 interface_id; /* identifier of the interface. */ /* options */ gchar *opt_comment; /* NULL if not available */ + gboolean has_comment_changed; /* TRUE if the comment has been changed. Currently only valid while dumping. */ + guint64 drop_count; /* number of packets lost (by the interface and the operating system) between this packet and the preceding one. */ guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */ @@ -1896,6 +1898,8 @@ void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped); struct addrinfo; WS_DLL_PUBLIC gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists); +WS_DLL_PUBLIC +gboolean wtap_dump_get_needs_reload(wtap_dumper *wdh); /** * Closes open file handles and frees memory associated with wdh. Note that |