Changeset a857389

Timestamp:

02/15/18 17:59:50 (3 years ago)

Author:

Shane Alcock <salcock@…>

Branches:

cachetimestamps, develop, etsilive, master, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance

Children:

5a70a80

Parents:

3004d6c

git-author:

Anthony Coddington <anthony.coddington@…> (02/14/18 16:03:04)

git-committer:

Shane Alcock <salcock@…> (02/15/18 17:59:50)

Message:

Initial support for ERF provenance records

Update erftypes.h with TYPE_META (27).
Check for ERF_TYPE_MAX rather than some arbitrary type in ERF sanity checks. In Wireshark we recently completely removed these checks as there are only a few types before TYPE_PAD/ERF_TYPE_MAX, but leave them in for now.
Add TRACE_TYPE_ERF_META for provenance record payload.
Continue to use TRACE_RT_DATA_ERF as provenance is a valid ERF record. Note: this means that LIBTRACE_IS_META_PACKET() will currently return FALSE which may confuse some tools. Other places in the code also tend to check for TRACE_TYPE_NONDATA which isn't true here either.
Return zero for wire length of provenance records.
Don't allow snapping them (just return the same value).
Skip provenance records in l2 parsers and trace_get_payload_from_meta().
Return provenance payload for trace_get_packet_meta().

Also add support for a couple of missing ERF_TYPE_ETH_COLOR variants.

Location:

lib

Files:

• erftypes.h (modified) (2 diffs)
• format_dag25.c (modified) (2 diffs)
• format_erf.c (modified) (8 diffs)
• format_erf.h (modified) (1 diff)
• libtrace.h.in (modified) (1 diff)
• linktypes.c (modified) (3 diffs)
• protocols_l2.c (modified) (5 diffs)
• protocols_pktmeta.c (modified) (2 diffs)

lib/erftypes.h

@@ -162 +162 @@
 #endif
 
+/** Provenance Metadata Record */
+#ifndef ERF_TYPE_META
+#define ERF_TYPE_META   27
+#endif
+/* TODO: Endace has deprecated TYPE_* in favour of ERF_TYPE_*. New types do not have TYPE_* aliases. */
+#ifndef TYPE_META
+#define TYPE_META       ERF_TYPE_META
+#endif
+
 /** Padding record */
 #ifndef TYPE_PAD
@@ -167 +176 @@
 #endif
 
+#ifndef ERF_TYPE_MAX
+#define ERF_TYPE_MAX    TYPE_PAD
+#endif
 
 #endif /* _ERFTYPES_H_ */

lib/format_dag25.c

@@ -187 +187 @@
                 switch(erfptr->type) {
                         case TYPE_ETH:
+                        case TYPE_COLOR_ETH:
                         case TYPE_DSM_COLOR_ETH:
+                        case TYPE_COLOR_HASH_ETH:
                                 return 2;
                         default:                return 0;
@@ -1050 +1052 @@
         /* No loss counter for DSM coloured records - have to use some
          * other API */
-        if (erfptr->type == TYPE_DSM_COLOR_ETH) {
+        if (erf_is_color_type(erfptr->type)) {
                 /* TODO */
         } else {

lib/format_erf.c

@@ -120 +120 @@
 } erf_index_t;
 
-
 /* Ethernet packets have a 2 byte padding before the packet
  * so that the IP header is aligned on a 32 bit boundary.
@@ -132 +131 @@
                 dag_record_t *erfptr = (dag_record_t *)packet->header;
                 switch((erfptr->type & 0x7f)) {
-                        case TYPE_ETH:          
+                        case TYPE_ETH:
+                        case TYPE_COLOR_ETH:
                         case TYPE_DSM_COLOR_ETH:
+                        case TYPE_COLOR_HASH_ETH:
                                 return 2;
                         default:                return 0;
@@ -144 +145 @@
                 }
         }
+}
+
+int erf_is_color_type(uint8_t erf_type)
+{
+        switch(erf_type & 0x7f) {
+                case TYPE_COLOR_HDLC_POS:
+                case TYPE_DSM_COLOR_HDLC_POS:
+                case TYPE_COLOR_ETH:
+                case TYPE_DSM_COLOR_ETH:
+                case TYPE_COLOR_HASH_POS:
+                case TYPE_COLOR_HASH_ETH:
+                        return 1;
+        }
+
+        return 0;
 }
 
@@ -200 +216 @@
         }
         /* Is this a proper typed packet */
-        if ((erf->type & 0x7f) > TYPE_AAL2) {
+        if ((erf->type & 0x7f) > ERF_TYPE_MAX) {
                 return 0;
         }
@@ -464 +480 @@
 
         /* Check for loss */
-        if ((erfptr->type & 0x7f) == TYPE_DSM_COLOR_ETH) {
+        if (erf_is_color_type(erfptr->type)) {
                 /* No idea how we get this yet */
 
@@ -521 +537 @@
 
         /* Unknown/corrupt */
-        if ((((dag_record_t *)packet->buffer)->type & 0x7f) >= TYPE_RAW_LINK) {
+        if ((((dag_record_t *)packet->buffer)->type & 0x7f) > ERF_TYPE_MAX) {
                 trace_set_err(libtrace, TRACE_ERR_BAD_PACKET, 
                                 "Corrupt or Unknown ERF type");
@@ -758 +774 @@
         dag_record_t *erfptr = 0;
         erfptr = (dag_record_t *)packet->header;
+
+        if ((erfptr->type & 0x7f) == TYPE_META)
+                return 0;
+
         return ntohs(erfptr->wlen);
 }
@@ -764 +784 @@
         dag_record_t *erfptr = 0;
         assert(packet);
-        if(size  > trace_get_capture_length(packet)) {
+        erfptr = (dag_record_t *)packet->header;
+
+        if(size > trace_get_capture_length(packet) || (erfptr->type & 0x7f) == TYPE_META) {
                 /* Can't make a packet larger */
                 return trace_get_capture_length(packet);
         }
+
         /* Reset cached capture length - otherwise we will both return the
          * wrong value here and subsequent get_capture_length() calls will
          * return the wrong value. */
         packet->capture_length = -1;
-        erfptr = (dag_record_t *)packet->header;
         erfptr->rlen = htons(size + erf_get_framing_length(packet));
         return trace_get_capture_length(packet);

lib/format_erf.h

@@ -53 +53 @@
 int erf_get_wire_length(const libtrace_packet_t *packet);
 size_t erf_set_capture_length(libtrace_packet_t *packet, size_t size);
+int erf_is_color_type(uint8_t erf_type);
 
 #endif

lib/libtrace.h.in

@@ -369 +369 @@
        TRACE_TYPE_METADATA = 18,        /**< WDCAP-style meta-data */
        TRACE_TYPE_NONDATA = 19,         /**< Not a data packet */
-       TRACE_TYPE_OPENBSD_LOOP = 20     /**< OpenBSD loopback */
+       TRACE_TYPE_OPENBSD_LOOP = 20,    /**< OpenBSD loopback */
+       TRACE_TYPE_ERF_META = 21 /**< ERF Provenance metadata record */
 } libtrace_linktype_t;
 

lib/linktypes.c

@@ -102 +102 @@
                 /* Used for test traces within WAND */
                 case TRACE_TYPE_80211_PRISM:    
+                /* Could use DLT_ERF, but would only really make sense with PCAP-NG */
+                case TRACE_TYPE_ERF_META:
                 /* Probably == PPP */
                 /* TODO: We haven't researched these yet */
@@ -169 +171 @@
                 case TYPE_ATM:          return TRACE_TYPE_ATM;
                 case TYPE_AAL5:         return TRACE_TYPE_AAL5;
+                case TYPE_COLOR_ETH:return TRACE_TYPE_ETH;
                 case TYPE_DSM_COLOR_ETH:return TRACE_TYPE_ETH;
+                case TYPE_COLOR_HASH_ETH:return TRACE_TYPE_ETH;
                 case TYPE_IPV4:         return TRACE_TYPE_NONE;
                 case TYPE_IPV6:         return TRACE_TYPE_NONE;
+                case TYPE_META:         return TRACE_TYPE_ERF_META;
         }
         return ~0U;
@@ -183 +188 @@
                 case TRACE_TYPE_ATM:    return TYPE_ATM;
                 case TRACE_TYPE_AAL5:   return TYPE_AAL5;
+                case TRACE_TYPE_ERF_META: return TYPE_META;
                 
                 /* Not technically correct! Could be IPv6 packet 

lib/protocols_l2.c

@@ -482 +482 @@
                 case TRACE_TYPE_80211_PRISM:
                 case TRACE_TYPE_PFLOG:
+                case TRACE_TYPE_ERF_META:
                         break;
                 case TRACE_TYPE_UNKNOWN:
@@ -517 +518 @@
                                 case TRACE_TYPE_80211_PRISM:
                                 case TRACE_TYPE_PFLOG:
+                                case TRACE_TYPE_ERF_META:
                                         break;
                                 case TRACE_TYPE_UNKNOWN:
@@ -583 +585 @@
                 case TRACE_TYPE_METADATA:
                 case TRACE_TYPE_NONDATA:
+                case TRACE_TYPE_ERF_META:
                 case TRACE_TYPE_UNKNOWN:
                         return NULL;
@@ -685 +688 @@
                 case TRACE_TYPE_NONDATA:
                 case TRACE_TYPE_OPENBSD_LOOP:
+                case TRACE_TYPE_ERF_META:
                 case TRACE_TYPE_UNKNOWN:
                         return NULL;
@@ -734 +738 @@
                 case TRACE_TYPE_NONDATA:
                 case TRACE_TYPE_OPENBSD_LOOP:
+                case TRACE_TYPE_ERF_META:
                 case TRACE_TYPE_UNKNOWN:
                         /* No MAC address */

lib/protocols_pktmeta.c

@@ -138 +138 @@
                 case TRACE_TYPE_80211_RADIO:
                 case TRACE_TYPE_80211_PRISM:
+                case TRACE_TYPE_ERF_META:
                         return pktbuf;
                 /* Non metadata packets */
@@ -211 +212 @@
                 case TRACE_TYPE_NONDATA:
                 case TRACE_TYPE_OPENBSD_LOOP:
+                case TRACE_TYPE_ERF_META:
                 case TRACE_TYPE_UNKNOWN:
                         /* In this case, the pointer passed in does not point