diff options
author | Anthony Coddington <anthony.coddington@endace.com> | 2017-06-01 20:34:25 +1200 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2017-07-17 02:08:52 +0000 |
commit | f3181f706b39955a4f4bc26f1d6d75166a67c235 (patch) | |
tree | 4d1d9d5ab2a17a05219211537ba15693d46cd9b4 /wiretap/erf.h | |
parent | 32ec45dc92a699e34e23197d2de48a043dfad426 (diff) |
ERF_TYPE_META write and comment support
Support per-packet comments in ERF_TYPE_META through a new Anchor ID
extension header with per-Host unique 48-bit Anchor ID which links an
ERF_TYPE_META record with a packet record. There may be more than one
Anchor ID associated with a packet, where they are grouped by Host ID
extension header in the extension header list. Like other ERF_TYPE_META
existing comments should not be overwritten and instead a new record
generated. See erf_write_anchor_meta_update_phdr() for detailed comments
on the extension header stack required.
As Wireshark only supports one comment currently, use the one one with
the latest metadata generation time (gen_time). Do this for capture
comment too.
Write various wtap metadata in periodic per-second ERF_TYPE_META records
if non-WTAP_ENCAP_ERF or we have an updated capture comment.
Refactor erf_dump to create fake ERF header first then follow common
pseudoheadr and payload write code rather than two separate code paths.
Support an ERF_HOST_ID environment variable to define Wireshark's Host
ID when writing. Defaults to 0 for now.
ERF dissector updates to support Anchor ID extension header with basic
frame linking.
Update ERF_TYPE_META naming and descriptions to official name
(Provenance)
Core changes:
Add has_comment_changed to wtap_pkthdr, TRUE when a packet
opt_comment has unsaved changes by the user.
Add needs_reload to wtap_dumper which forces a full reload of the file
on save, otherwise wireshark gets confused by additional packets being
written.
Change-Id: I0bb04411548c7bcd2d6ed82af689fbeed104546c
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/21873
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stephen Donnelly <stephen.donnelly@endace.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/erf.h')
-rw-r--r-- | wiretap/erf.h | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/wiretap/erf.h b/wiretap/erf.h index 2afa4024a1..271e2156d4 100644 --- a/wiretap/erf.h +++ b/wiretap/erf.h @@ -103,14 +103,23 @@ #define ERF_EXT_HDR_TYPE_SIGNATURE 14 #define ERF_EXT_HDR_TYPE_FLOW_ID 16 #define ERF_EXT_HDR_TYPE_HOST_ID 17 +#define ERF_EXT_HDR_TYPE_ANCHOR_ID 18 -/* Host ID */ +/* Host ID and Anchor ID*/ #define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) +#define ERF_EHDR_ANCHOR_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) +#define ERF_EHDR_MORE_EXTHDR_MASK G_GUINT64_CONSTANT(0x8000000000000000) +#define ERF_EHDR_ANCHOR_ID_DEFINITION_MASK G_GUINT64_CONSTANT(0x80000000000000) -/* ERF Meta */ +#define ERF_EHDR_FLOW_ID_STACK_TYPE_MASK G_GUINT64_CONSTANT(0xff00000000) +#define ERF_EHDR_FLOW_ID_SOURCE_ID_MASK G_GUINT64_CONSTANT(0xff000000000000) + +/* ERF Provenance metadata */ #define ERF_META_SECTION_MASK 0xFF00 #define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK) #define ERF_META_HOST_ID_IMPLICIT G_MAXUINT64 +#define ERF_ANCHOR_ID_IS_DEFINITION(anchor_id) ((guint64)anchor_id & ERF_EHDR_ANCHOR_ID_DEFINITION_MASK) +#define ERF_EHDR_SET_MORE_EXTHDR(ext_hdr) ((guint64)ext_hdr | ERF_EHDR_MORE_EXTHDR_MASK) #define ERF_META_SECTION_CAPTURE 0xFF00 #define ERF_META_SECTION_HOST 0xFF01 @@ -299,6 +308,12 @@ #define ERF_META_TAG_ptp_delay_mechanism 413 #define ERF_META_TAG_clk_port_proto 414 +#define ERF_POPULATE_SUCCESS 1 +#define ERF_POPULATE_ALREADY_POPULATED 0 +#define ERF_POPULATE_FAILED -1 + +#define ERF_MAX_INTERFACES 4 + /* * The timestamp is 64bit unsigned fixed point little-endian value with * 32 bits for second and 32 bits for fraction. @@ -335,14 +350,17 @@ union erf_subhdr { typedef struct { GHashTable* if_map; + GHashTable* anchor_map; guint64 implicit_host_id; - gboolean capture_metadata; - gboolean host_metadata; + guint64 capture_gentime; + guint64 host_gentime; } erf_t; #define MIN_RECORDS_FOR_ERF_CHECK 3 #define RECORDS_FOR_ERF_CHECK 20 #define FCS_BITS 32 +/*Configurable through ERF_HOST_ID environment variable */ +#define ERF_WS_DEFAULT_HOST_ID 0 wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info); int erf_dump_can_write_encap(int encap); |