diff options
author | Anthony Coddington <anthony.coddington@endace.com> | 2018-02-26 11:21:25 +1300 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2018-02-27 09:06:01 +0000 |
commit | 15c261e94b888b0ae4e6122fb11fba2219c932fa (patch) | |
tree | 582ff8535af33f6ab71d737d524ee0a1bfe85cda /wiretap | |
parent | 21b4d6ecf1e287658565092720870f0b6aba1c15 (diff) |
ERF: Add support for new extension header and Provenance tags
Add support for Entropy Extension header, currently with one field. Uses
a conversion function to convert representation to bits.
Add various entropy and tap mode Provenance (ERF_TYPE_META) tags.
The only complex tag is ext_hdrs_added/removed. This tag consist of up
to 4 big endian uint32 bitfields, with each bit representing an
extension header number. ehdr_type_vals and a new ehdr_type_vals_short
are used to generate the tags. Custom printing is used for the header
line to display unknown values as integer and support the special case
of <All>: all supplied bits 1 meaning all extension headers removed.
Storage for the up to 4 subtree header_field id entries is in the first
4 extra hf_values[] for now, the ett value is reused.
Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better
solution is needed sooner rather than later but the structure is only
allocated for tags that need it.
Change-Id: I9e359f044131bce2afc189bebc21239eed429b21
Reviewed-on: https://code.wireshark.org/review/26111
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/erf.h | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/wiretap/erf.h b/wiretap/erf.h index 271e2156d4..8da7d00d08 100644 --- a/wiretap/erf.h +++ b/wiretap/erf.h @@ -101,9 +101,11 @@ #define ERF_EXT_HDR_TYPE_BFS 6 #define ERF_EXT_HDR_TYPE_CHANNELISED 12 #define ERF_EXT_HDR_TYPE_SIGNATURE 14 +#define ERF_EXT_HDR_TYPE_PKT_ID 15 #define ERF_EXT_HDR_TYPE_FLOW_ID 16 #define ERF_EXT_HDR_TYPE_HOST_ID 17 #define ERF_EXT_HDR_TYPE_ANCHOR_ID 18 +#define ERF_EXT_HDR_TYPE_ENTROPY 19 /* Host ID and Anchor ID*/ #define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) @@ -188,6 +190,12 @@ #define ERF_META_TAG_cpu_numa_nodes 51 #define ERF_META_TAG_dag_attribute 52 #define ERF_META_TAG_dag_version 53 +#define ERF_META_TAG_stream_flags 54 +#define ERF_META_TAG_entropy_threshold 55 +#define ERF_META_TAG_smart_trunc_default 56 +#define ERF_META_TAG_ext_hdrs_added 57 +#define ERF_META_TAG_ext_hdrs_removed 58 +#define ERF_META_TAG_relative_snaplen 59 #define ERF_META_TAG_if_num 64 #define ERF_META_TAG_if_vc 65 @@ -210,6 +218,10 @@ #define ERF_META_TAG_if_phy_mode 82 #define ERF_META_TAG_if_port_type 83 #define ERF_META_TAG_if_rx_latency 84 +#define ERF_META_TAG_tap_mode 85 +#define ERF_META_TAG_tap_fail_mode 86 +#define ERF_META_TAG_watchdog_expired 87 +#define ERF_META_TAG_watchdog_interval 88 #define ERF_META_TAG_src_ipv4 128 #define ERF_META_TAG_dest_ipv4 129 @@ -234,6 +246,21 @@ #define ERF_META_TAG_filter_match 148 #define ERF_META_TAG_filter_match_name 149 #define ERF_META_TAG_error_flags 150 +#define ERF_META_TAG_initiator_pkts 151 +#define ERF_META_TAG_responder_pkts 152 +#define ERF_META_TAG_initiator_bytes 153 +#define ERF_META_TAG_responder_bytes 154 +#define ERF_META_TAG_initiator_min_entropy 155 +#define ERF_META_TAG_responder_min_entropy 156 +#define ERF_META_TAG_initiator_avg_entropy 157 +#define ERF_META_TAG_responder_avg_entropy 158 +#define ERF_META_TAG_initiator_max_entropy 159 +#define ERF_META_TAG_responder_max_entropy 160 +#define ERF_META_TAG_dpi_application 161 +#define ERF_META_TAG_dpi_confidence 162 +#define ERF_META_TAG_dpi_state 163 +#define ERF_META_TAG_dpi_protocol_stack 164 +#define ERF_META_TAG_flow_state 165 #define ERF_META_TAG_start_time 193 #define ERF_META_TAG_end_time 194 |