diff options
| author | Anthony Coddington <anthony.coddington@endace.com> | 2016-10-14 12:46:29 +1300 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-11-08 12:09:39 +0000 |
| commit | 7531318e054153fbd5e33624ef30314acd52b6bc (patch) | |
| tree | ad70fe9fd434e29e8f5622f74e677f1903d46f64 /wiretap/erf.h | |
| parent | 1ae0c1ebfaed748378395a0c690b10f8e7eb3265 (diff) | |
| download | wireshark-7531318e054153fbd5e33624ef30314acd52b6bc.tar.gz | |
ERF: Fix issues with Host ID mapping
packet-erf: Fix Host ID/Source ID showing for all extension header types.
Only show generated Host ID/Source ID when there is a Host ID extension header
or there was not one on the record.
Assumes there is only one Source ID if multiple Flow ID extension headers (unlikely)
and that it matches the one in the Host ID header. This is consistent with other tools.
Does support multiple Host ID extension headers though.
Fix dag_version tag short name. Was clashing with another tag due to typo.
ERF wiretap: Don't conflate Host ID 0 with implicit Host ID.
While the implicit Host ID defaults to 0, it is not the same thing as seeing
a packet with Host ID explicitly 0 in the extension header which means
explicitly unknown source.
Store the initial (unknown) implicit Host ID interface mapping in it's own
special mapping table entry rather than 0.
Noticed we can currently get duplicate interfaces in the unusual event of mixed
implicit and explicit Host ID packet extension headers for the same ID before
we discover that mapping.
Consistently abandon the implicit version for consistency with the dissector
linking behaviour and mark the interface as unmatched in the description. In
2 pass mode (including normal Wireshark file open) the abandoned interface ends
up with no packets. In the common cases (all Host ID or no Host ID on packet
records) this duplicate interface will not be created in the first place.
Change-Id: Ic5d0b2ce9aae973f1693a247cf240ef1324ff70a
Ping-Bug: 12303
Reviewed-on: https://code.wireshark.org/review/18704
Reviewed-by: Stephen Donnelly
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap/erf.h')
| -rw-r--r-- | wiretap/erf.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/wiretap/erf.h b/wiretap/erf.h index c7d9e0ccac..2afa4024a1 100644 --- a/wiretap/erf.h +++ b/wiretap/erf.h @@ -110,6 +110,7 @@ /* ERF Meta */ #define ERF_META_SECTION_MASK 0xFF00 #define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK) +#define ERF_META_HOST_ID_IMPLICIT G_MAXUINT64 #define ERF_META_SECTION_CAPTURE 0xFF00 #define ERF_META_SECTION_HOST 0xFF01 |