From f3181f706b39955a4f4bc26f1d6d75166a67c235 Mon Sep 17 00:00:00 2001 From: Anthony Coddington Date: Thu, 1 Jun 2017 20:34:25 +1200 Subject: ERF_TYPE_META write and comment support Support per-packet comments in ERF_TYPE_META through a new Anchor ID extension header with per-Host unique 48-bit Anchor ID which links an ERF_TYPE_META record with a packet record. There may be more than one Anchor ID associated with a packet, where they are grouped by Host ID extension header in the extension header list. Like other ERF_TYPE_META existing comments should not be overwritten and instead a new record generated. See erf_write_anchor_meta_update_phdr() for detailed comments on the extension header stack required. As Wireshark only supports one comment currently, use the one one with the latest metadata generation time (gen_time). Do this for capture comment too. Write various wtap metadata in periodic per-second ERF_TYPE_META records if non-WTAP_ENCAP_ERF or we have an updated capture comment. Refactor erf_dump to create fake ERF header first then follow common pseudoheadr and payload write code rather than two separate code paths. Support an ERF_HOST_ID environment variable to define Wireshark's Host ID when writing. Defaults to 0 for now. ERF dissector updates to support Anchor ID extension header with basic frame linking. Update ERF_TYPE_META naming and descriptions to official name (Provenance) Core changes: Add has_comment_changed to wtap_pkthdr, TRUE when a packet opt_comment has unsaved changes by the user. Add needs_reload to wtap_dumper which forces a full reload of the file on save, otherwise wireshark gets confused by additional packets being written. Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c Ping-Bug: 12303 Reviewed-on: https://code.wireshark.org/review/21873 Petri-Dish: Anders Broman Tested-by: Petri Dish Buildbot Reviewed-by: Stephen Donnelly Reviewed-by: Guy Harris --- ui/tap_export_pdu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'ui') diff --git a/ui/tap_export_pdu.c b/ui/tap_export_pdu.c index 3624e88c42..2e5ee3d4c2 100644 --- a/ui/tap_export_pdu.c +++ b/ui/tap_export_pdu.c @@ -68,10 +68,12 @@ export_pdu_packet(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const pkthdr.pkt_encap = exp_pdu_tap_data->pkt_encap; - if (pinfo->fd->flags.has_user_comment) + if (pinfo->fd->flags.has_user_comment) { pkthdr.opt_comment = g_strdup(epan_get_user_comment(edt->session, pinfo->fd)); - else if (pinfo->fd->flags.has_phdr_comment) + pkthdr.has_comment_changed = TRUE; + } else if (pinfo->fd->flags.has_phdr_comment) { pkthdr.opt_comment = g_strdup(pinfo->phdr->opt_comment); + } pkthdr.presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_INTERFACE_ID|WTAP_HAS_TS|WTAP_HAS_PACK_FLAGS; -- cgit v1.2.1