From 15c261e94b888b0ae4e6122fb11fba2219c932fa Mon Sep 17 00:00:00 2001 From: Anthony Coddington Date: Mon, 26 Feb 2018 11:21:25 +1300 Subject: ERF: Add support for new extension header and Provenance tags Add support for Entropy Extension header, currently with one field. Uses a conversion function to convert representation to bits. Add various entropy and tap mode Provenance (ERF_TYPE_META) tags. The only complex tag is ext_hdrs_added/removed. This tag consist of up to 4 big endian uint32 bitfields, with each bit representing an extension header number. ehdr_type_vals and a new ehdr_type_vals_short are used to generate the tags. Custom printing is used for the header line to display unknown values as integer and support the special case of : all supplied bits 1 meaning all extension headers removed. Storage for the up to 4 subtree header_field id entries is in the first 4 extra hf_values[] for now, the ett value is reused. Increase erfmeta_tag_info_ext_t ERF_HF_VALUES_PER_TAG to 32. A better solution is needed sooner rather than later but the structure is only allocated for tags that need it. Change-Id: I9e359f044131bce2afc189bebc21239eed429b21 Reviewed-on: https://code.wireshark.org/review/26111 Petri-Dish: Alexis La Goutte Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- wiretap/erf.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'wiretap/erf.h') diff --git a/wiretap/erf.h b/wiretap/erf.h index 271e2156d4..8da7d00d08 100644 --- a/wiretap/erf.h +++ b/wiretap/erf.h @@ -101,9 +101,11 @@ #define ERF_EXT_HDR_TYPE_BFS 6 #define ERF_EXT_HDR_TYPE_CHANNELISED 12 #define ERF_EXT_HDR_TYPE_SIGNATURE 14 +#define ERF_EXT_HDR_TYPE_PKT_ID 15 #define ERF_EXT_HDR_TYPE_FLOW_ID 16 #define ERF_EXT_HDR_TYPE_HOST_ID 17 #define ERF_EXT_HDR_TYPE_ANCHOR_ID 18 +#define ERF_EXT_HDR_TYPE_ENTROPY 19 /* Host ID and Anchor ID*/ #define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff) @@ -188,6 +190,12 @@ #define ERF_META_TAG_cpu_numa_nodes 51 #define ERF_META_TAG_dag_attribute 52 #define ERF_META_TAG_dag_version 53 +#define ERF_META_TAG_stream_flags 54 +#define ERF_META_TAG_entropy_threshold 55 +#define ERF_META_TAG_smart_trunc_default 56 +#define ERF_META_TAG_ext_hdrs_added 57 +#define ERF_META_TAG_ext_hdrs_removed 58 +#define ERF_META_TAG_relative_snaplen 59 #define ERF_META_TAG_if_num 64 #define ERF_META_TAG_if_vc 65 @@ -210,6 +218,10 @@ #define ERF_META_TAG_if_phy_mode 82 #define ERF_META_TAG_if_port_type 83 #define ERF_META_TAG_if_rx_latency 84 +#define ERF_META_TAG_tap_mode 85 +#define ERF_META_TAG_tap_fail_mode 86 +#define ERF_META_TAG_watchdog_expired 87 +#define ERF_META_TAG_watchdog_interval 88 #define ERF_META_TAG_src_ipv4 128 #define ERF_META_TAG_dest_ipv4 129 @@ -234,6 +246,21 @@ #define ERF_META_TAG_filter_match 148 #define ERF_META_TAG_filter_match_name 149 #define ERF_META_TAG_error_flags 150 +#define ERF_META_TAG_initiator_pkts 151 +#define ERF_META_TAG_responder_pkts 152 +#define ERF_META_TAG_initiator_bytes 153 +#define ERF_META_TAG_responder_bytes 154 +#define ERF_META_TAG_initiator_min_entropy 155 +#define ERF_META_TAG_responder_min_entropy 156 +#define ERF_META_TAG_initiator_avg_entropy 157 +#define ERF_META_TAG_responder_avg_entropy 158 +#define ERF_META_TAG_initiator_max_entropy 159 +#define ERF_META_TAG_responder_max_entropy 160 +#define ERF_META_TAG_dpi_application 161 +#define ERF_META_TAG_dpi_confidence 162 +#define ERF_META_TAG_dpi_state 163 +#define ERF_META_TAG_dpi_protocol_stack 164 +#define ERF_META_TAG_flow_state 165 #define ERF_META_TAG_start_time 193 #define ERF_META_TAG_end_time 194 -- cgit v1.2.3