ERF: Fix issues with Host ID mapping

packet-erf: Fix Host ID/Source ID showing for all extension header types.
Only show generated Host ID/Source ID when there is a Host ID extension header
or there was not one on the record.
Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely)
and that it matches the one in the Host ID header. This is consistent with other tools.
Does support multiple Host ID extension headers though.

Fix dag_version tag short name. Was clashing with another tag due to typo.

ERF wiretap: Don't conflate Host ID 0 with implicit Host ID.

While the implicit Host ID defaults to 0, it is not the same thing as seeing
a packet with Host ID explicitly 0 in the extension header which means
explicitly unknown source.
Store the initial (unknown) implicit Host ID interface mapping in it's own
special mapping table entry rather than 0.

Noticed we can currently get duplicate interfaces in the unusual event of mixed
implicit and explicit Host ID packet extension headers for the same ID before
we discover that mapping.
Consistently abandon the implicit version for consistency with the dissector
linking behaviour and mark the interface as unmatched in the description. In
2 pass mode (including normal Wireshark file open) the abandoned interface ends
up with no packets. In the common cases (all Host ID or no Host ID on packet
records) this duplicate interface will not be created in the first place.

Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/18704
Reviewed-by: Stephen Donnelly
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 37 insertions, 45 deletions

diff --git a/epan/dissectors/packet-erf.c b/epan/dissectors/packet-erf.c
index 9d832c4b10..576a63c0e9 100644
--- a/epan/dissectors/packet-erf.c
+++ b/epan/dissectors/packet-erf.c
@@ -731,7 +731,7 @@ static const erf_meta_hf_template_t erf_meta_tags[] = {
   { ERF_META_TAG_cpu_phys_cores,    { "CPU Physical Cores",                 "cpu_phys_cores",    FT_UINT32,        BASE_DEC,          NULL, 0x0, NULL, HFILL } },
   { ERF_META_TAG_cpu_numa_nodes,    { "CPU NUMA Nodes",                     "cpu_numa_nodes",    FT_UINT32,        BASE_DEC,          NULL, 0x0, NULL, HFILL } },
   { ERF_META_TAG_dag_attribute,     { "DAG Attribute",                      "dag_attribute",     FT_STRING,        BASE_NONE,         NULL, 0x0, NULL, HFILL } },
-  { ERF_META_TAG_dag_version,       { "DAG Software Version",               "dag_attribute",     FT_STRING,        BASE_NONE,         NULL, 0x0, NULL, HFILL } },
+  { ERF_META_TAG_dag_version,       { "DAG Software Version",               "dag_version",       FT_STRING,        BASE_NONE,         NULL, 0x0, NULL, HFILL } },
 
   { ERF_META_TAG_if_num,            { "Interface Number",                   "if_num",            FT_UINT32,        BASE_DEC,          NULL, 0x0, NULL, HFILL } },
   { ERF_META_TAG_if_vc,             { "Interface Virtual Circuit",          "if_vc",             FT_UINT32,        BASE_DEC,          NULL, 0x0, NULL, HFILL } },
@@ -1533,15 +1533,6 @@ dissect_flow_id_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, i
   }
 }
 
-static guint64
-find_host_id(packet_info *pinfo) {
-  guint64 *hdr = NULL;
-
-  hdr = erf_get_ehdr(pinfo, ERF_EXT_HDR_TYPE_HOST_ID, NULL);
-
-  return hdr ? (*hdr & ERF_EHDR_HOST_ID_MASK) : 0;
-}
-
 static void
 dissect_host_id_source_id(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint64 host_id, guint8 source_id)
 {
@@ -1884,26 +1875,8 @@ dissect_erf_pseudo_extension_header(tvbuff_t *tvb, packet_info *pinfo, proto_tre
   int         i        = 0;
   int         max      = sizeof(pinfo->pseudo_header->erf.ehdr_list)/sizeof(struct erf_ehdr);
 
-  guint64     host_id        = 0;
+  guint64     host_id        = ERF_META_HOST_ID_IMPLICIT;
   guint8      source_id      = 0;
-  guint64     host_id_last   = 0;
-  guint8      source_id_last = 0;
-
-  /*
-   * Get the first Host ID of the record (which may not be the first extension
-   * header).
-   */
-  host_id = find_host_id(pinfo);
-  if (host_id == 0) {
-    /*
-     * XXX: We are relying here on the Wireshark doing a second parse any
-     * time it does anything with tree items (including filtering) to associate
-     * the records before the first ERF_TYPE_META record. This does not work
-     * with TShark in one-pass mode, in which case the first few records get
-     * Host ID 0 (unset).
-     */
-    host_id = erf_state.implicit_host_id;
-  }
 
   while(has_more && (i < max)) {
     hdr = pinfo->pseudo_header->erf.ehdr_list[i].ehdr;
@@ -1932,25 +1905,17 @@ dissect_erf_pseudo_extension_header(tvbuff_t *tvb, packet_info *pinfo, proto_tre
       dissect_signature_ex_header(tvb, pinfo, ehdr_tree, i);
       break;
     case ERF_EXT_HDR_TYPE_FLOW_ID:
-      source_id = (guint8)((hdr >> 48) & 0xFF);
+      if (source_id == 0) {
+        source_id = (guint8)((hdr >> 48) & 0xFF);
+      }
       dissect_flow_id_ex_header(tvb, pinfo, ehdr_tree, i);
       break;
     case ERF_EXT_HDR_TYPE_HOST_ID:
       host_id = hdr & ERF_EHDR_HOST_ID_MASK;
       source_id = (guint8)((hdr >> 48) & 0xFF);
       dissect_host_id_ex_header(tvb, pinfo, ehdr_tree, i);
-      break;
-    default:
-      dissect_unknown_ex_header(tvb, pinfo, ehdr_tree, i);
-      break;
-    }
 
-    /* Track and dissect combined Host ID and Source ID(s) */
-    if (source_id != source_id_last || host_id != host_id_last) {
-      /*
-       * TODO: Do we also want to track Host ID 0 Source ID 0 records? These
-       * are technically unassociated.
-       */
+      /* Track and dissect combined Host ID and Source ID(s) */
       if (!PINFO_FD_VISITED(pinfo)) {
         if ((pinfo->pseudo_header->erf.phdr.type & 0x7f) == ERF_TYPE_META) {
           /* Update the implicit Host ID when ERF_TYPE_META */
@@ -1963,13 +1928,13 @@ dissect_erf_pseudo_extension_header(tvbuff_t *tvb, packet_info *pinfo, proto_tre
           erf_source_append(host_id, source_id, pinfo->num);
         }
       }
-
       dissect_host_id_source_id(tvb, pinfo, tree, host_id, source_id);
+      break;
+    default:
+      dissect_unknown_ex_header(tvb, pinfo, ehdr_tree, i);
+      break;
     }
 
-    host_id_last = host_id;
-    source_id_last = source_id;
-
     has_more = type & 0x80;
     i += 1;
   }
@@ -1977,6 +1942,33 @@ dissect_erf_pseudo_extension_header(tvbuff_t *tvb, packet_info *pinfo, proto_tre
     proto_tree_add_expert(tree, pinfo, &ei_erf_extension_headers_not_shown, tvb, 0, 0);
   }
 
+  /* If we have no explicit Host ID association, associate with the first Source ID (or 0) and implicit Host ID */
+  /* XXX: We are allowed to assume there is only one Source ID unless we have
+   * a Host ID extension header */
+  if (host_id == ERF_META_HOST_ID_IMPLICIT) {
+    /*
+     * XXX: We are relying here on the Wireshark doing a second parse any
+     * time it does anything with tree items (including filtering) to associate
+     * the records before the first ERF_TYPE_META record. This does not work
+     * with TShark in one-pass mode, in which case the first few records get
+     * Host ID 0 (unset).
+     */
+    host_id = erf_state.implicit_host_id;
+
+    /*
+     * TODO: Do we also want to track Host ID 0 Source ID 0 records?
+     * Don't for now to preserve feel of legacy files.
+     */
+    if (host_id != 0 || source_id != 0) {
+      if (!PINFO_FD_VISITED(pinfo)) {
+        if ((pinfo->pseudo_header->erf.phdr.type & 0x7f) == ERF_TYPE_META) {
+          /* Add to the sequence of ERF_TYPE_META records */
+          erf_source_append(host_id, source_id, pinfo->num);
+        }
+      }
+      dissect_host_id_source_id(tvb, pinfo, tree, host_id, source_id);
+    }
+  }
 }
 
 guint64* erf_get_ehdr(packet_info *pinfo, guint8 hdrtype, gint* afterindex) {