Wireshark · Wireshark-commits: [Wireshark-commits] master 3db7b1e: ERF: Add dissection and wiretap support for ERF_TYPE

Wireshark-commits: [Wireshark-commits] master 3db7b1e: ERF: Add dissection and wiretap support for

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>

Date: Fri, 1 Apr 2016 12:50:55 +0000 (UTC)

URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3db7b1ed04e0f627c97a0c2d961bfea79429a24d
Submitter: Michael Mann (mmann78@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

3db7b1e by Anthony Coddington (anthony.coddington@xxxxxxxxxx):

ERF: Add dissection and wiretap support for ERF_TYPE_META.

ERF Dissector:
Add dissection for ERF_TYPE_META, Host ID and Flow ID extension headers.
Rename ERF extension header defines to ERF_EXT_HDR* and put in erf.h.

The Flow ID extension header has an improved 32-bit Flow Hash with a Hash Type
field describing what the hash was computed over. The Host ID extension header
contains a 48-bit organizationally unique Host Identifier. Both extension
headers contain the same 8-bit Source ID used for distinguishing records from
multiple sources in the same file and for metadata linking to ERF_TYPE_META
records. Host ID is used to identify the capturing host and can also be used to
distinguish records from multiple hosts in the same file.

ERF_TYPE_META records have a payload consisting of TLV metadata, divided into
sections which define the context of the TLV tag. The dissector registers
a field for each tag for each section type based on a template.
ERF_TYPE_META records generally have a Host ID extension header used to link
metadata to packet records with the same Host ID and Source ID. The associated
Host ID can either be explicit on all records, or implicit where the Host ID
extension header is only present on MetaERF records and other records are
associated using only the Source ID in the Flow ID extension header.

Includes per-record generated Source summary and frame linking. These have the
'correct' Host ID and Source IDs from either extension header, including
applying the Implicit Host ID, and links to the most recent ERF_TYPE_META
record. Relies on Wireshark doing more than one pass to associate the correct
implicit Host ID tree items for records before the first ERF_TYPE_META record.
The metadata is technically not associated at that point anyway.

ERF Wiretap:
Add per-HostID/per-SourceID wtap interfaces and basic ERF_TYPE_META support.

Adds read support for displaying some fields of the 'first'
ERF_TYPE_META record in the Capture File Properties screen. Concatenates
and merges some summary fields to provide more useful information and
attempt to combine ERF sources, streams and interfaces into wtap interfaces.

Interface naming gracefully degrades when Host ID and Source ID are not present
and is intended to be parseable for use by DAG software.
Supports Implicit Host ID, but assumes it does not change.
NOTE: Now only ERF interfaces that are present in the file are added.
Only works with native ERF files for now. Written such that it is easily
adapted for use by pcap dissector.

Some support for setting REC_TYPE_FT_SPECIFIC_REPORT on MetaERF records.
Disabled for now as this breaks pcapng_dump saving of ERF_TYPE_META
and ft_specific_record_phdr clashes with erf_mc_phdr.
Only when native ERF file (as uses wth->file_type_subtype).
Register packet-erf as a dissector of WTAP_FILE_TYPE_SUBTYPE_ERF.

Bug: 12303
Change-Id: I6a697cdc851319595da2852f3a977cef8a42431d
Reviewed-on: https://code.wireshark.org/review/14510
Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Tested-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
Reviewed-by: Michael Mann <mmann78@xxxxxxxxxxxx>

Actions performed:

from 5ca557c support for IP-over-Infiniband - pcap encapsulation
adds 3db7b1e ERF: Add dissection and wiretap support for ERF_TYPE_META.

Summary of changes:
epan/dissectors/packet-erf.c | 1143 ++++++++++++++++++++++++++++++++++++++++-
wiretap/erf.c | 1149 +++++++++++++++++++++++++++++++++++++++++-
wiretap/erf.h | 184 +++++++
3 files changed, 2440 insertions(+), 36 deletions(-)

Prev by Date: [Wireshark-commits] buildbot failure in Wireshark (development) on Ubuntu 14.04 x64
Next by Date: [Wireshark-commits] master e6a65af: Qt: Try to speed up SplashOverlay
Previous by thread: [Wireshark-commits] buildbot failure in Wireshark (development) on Ubuntu 14.04 x64
Next by thread: [Wireshark-commits] master e6a65af: Qt: Try to speed up SplashOverlay
Index(es):
- Date
- Thread