Ignore:
Timestamp:
02/15/18 17:59:50 (3 years ago)
Author:
Shane Alcock <salcock@…>
Branches:
cachetimestamps, develop, etsilive, master, rc-4.0.3, rc-4.0.4, ringdecrementfix, ringperformance
Children:
5a70a80
Parents:
3004d6c
git-author:
Anthony Coddington <anthony.coddington@…> (02/14/18 16:03:04)
git-committer:
Shane Alcock <salcock@…> (02/15/18 17:59:50)
Message:

Initial support for ERF provenance records

Update erftypes.h with TYPE_META (27).
Check for ERF_TYPE_MAX rather than some arbitrary type in ERF sanity checks. In Wireshark we recently completely removed these checks as there are only a few types before TYPE_PAD/ERF_TYPE_MAX, but leave them in for now.
Add TRACE_TYPE_ERF_META for provenance record payload.
Continue to use TRACE_RT_DATA_ERF as provenance is a valid ERF record. Note: this means that LIBTRACE_IS_META_PACKET() will currently return FALSE which may confuse some tools. Other places in the code also tend to check for TRACE_TYPE_NONDATA which isn't true here either.
Return zero for wire length of provenance records.
Don't allow snapping them (just return the same value).
Skip provenance records in l2 parsers and trace_get_payload_from_meta().
Return provenance payload for trace_get_packet_meta().

Also add support for a couple of missing ERF_TYPE_ETH_COLOR variants.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/protocols_pktmeta.c

    ree6e802 ra857389  
    138138                case TRACE_TYPE_80211_RADIO:
    139139                case TRACE_TYPE_80211_PRISM:
     140                case TRACE_TYPE_ERF_META:
    140141                        return pktbuf;
    141142                /* Non metadata packets */
     
    211212                case TRACE_TYPE_NONDATA:
    212213                case TRACE_TYPE_OPENBSD_LOOP:
     214                case TRACE_TYPE_ERF_META:
    213215                case TRACE_TYPE_UNKNOWN:
    214216                        /* In this case, the pointer passed in does not point
Note: See TracChangeset for help on using the changeset viewer.