Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
erf_record.h
Go to the documentation of this file.
1
13#ifndef __W_ERF_RECORD_H__
14#define __W_ERF_RECORD_H__
15
16/*
17 * Declarations and definitions for ERF records; for use by the ERF
18 * file reader, code to handle LINKTYPE_ERF packets in pcap and
19 * pcapng files, ERF metadata dissectors, and protocol dissectors
20 * that register for particular ERF record types.
21 */
22
23/* Record type defines */
24#define ERF_TYPE_LEGACY 0
25#define ERF_TYPE_HDLC_POS 1
26#define ERF_TYPE_ETH 2
27#define ERF_TYPE_ATM 3
28#define ERF_TYPE_AAL5 4
29#define ERF_TYPE_MC_HDLC 5
30#define ERF_TYPE_MC_RAW 6
31#define ERF_TYPE_MC_ATM 7
32#define ERF_TYPE_MC_RAW_CHANNEL 8
33#define ERF_TYPE_MC_AAL5 9
34#define ERF_TYPE_COLOR_HDLC_POS 10
35#define ERF_TYPE_COLOR_ETH 11
36#define ERF_TYPE_MC_AAL2 12
37#define ERF_TYPE_IP_COUNTER 13
38#define ERF_TYPE_TCP_FLOW_COUNTER 14
39#define ERF_TYPE_DSM_COLOR_HDLC_POS 15
40#define ERF_TYPE_DSM_COLOR_ETH 16
41#define ERF_TYPE_COLOR_MC_HDLC_POS 17
42#define ERF_TYPE_AAL2 18
43#define ERF_TYPE_COLOR_HASH_POS 19
44#define ERF_TYPE_COLOR_HASH_ETH 20
45#define ERF_TYPE_INFINIBAND 21
46#define ERF_TYPE_IPV4 22
47#define ERF_TYPE_IPV6 23
48#define ERF_TYPE_RAW_LINK 24
49#define ERF_TYPE_INFINIBAND_LINK 25
50/* XXX - what about 26? */
51#define ERF_TYPE_META 27
52#define ERF_TYPE_OPA_SNC 28
53#define ERF_TYPE_OPA_9B 29
54
55/* 28-31 reserved for future public ERF types */
56
57/* Record types reserved for local and internal use */
58#define ERF_TYPE_INTERNAL0 32
59#define ERF_TYPE_INTERNAL1 33
60#define ERF_TYPE_INTERNAL2 34
61#define ERF_TYPE_INTERNAL3 35
62#define ERF_TYPE_INTERNAL4 36
63#define ERF_TYPE_INTERNAL5 37
64#define ERF_TYPE_INTERNAL6 38
65#define ERF_TYPE_INTERNAL7 39
66#define ERF_TYPE_INTERNAL8 40
67#define ERF_TYPE_INTERNAL9 41
68#define ERF_TYPE_INTERNAL10 42
69#define ERF_TYPE_INTERNAL11 43
70#define ERF_TYPE_INTERNAL12 44
71#define ERF_TYPE_INTERNAL13 45
72#define ERF_TYPE_INTERNAL14 46
73#define ERF_TYPE_INTERNAL15 47
74
75/* Pad records */
76#define ERF_TYPE_PAD 48
77
78#define ERF_EXT_HDR_TYPE_CLASSIFICATION 3
79#define ERF_EXT_HDR_TYPE_INTERCEPTID 4
80#define ERF_EXT_HDR_TYPE_RAW_LINK 5
81#define ERF_EXT_HDR_TYPE_BFS 6
82#define ERF_EXT_HDR_TYPE_CHANNELISED 12
83#define ERF_EXT_HDR_TYPE_SIGNATURE 14
84#define ERF_EXT_HDR_TYPE_PKT_ID 15
85#define ERF_EXT_HDR_TYPE_FLOW_ID 16
86#define ERF_EXT_HDR_TYPE_HOST_ID 17
87#define ERF_EXT_HDR_TYPE_ANCHOR_ID 18
88#define ERF_EXT_HDR_TYPE_ENTROPY 19
89
90/* ERF Header */
91#define ERF_HDR_TYPE_MASK 0x7f
92#define ERF_HDR_EHDR_MASK 0x80
93#define ERF_HDR_FLAGS_MASK 0xff
94#define ERF_HDR_CAP_MASK 0x43
95#define ERF_HDR_CAP_LO_MASK 0x03
96#define ERF_HDR_CAP_HI_MASK 0x40
97#define ERF_HDR_VLEN_MASK 0x04
98#define ERF_HDR_TRUNC_MASK 0x08
99#define ERF_HDR_RXE_MASK 0x10
100#define ERF_HDR_DSE_MASK 0x20
101#define ERF_HDR_RES_MASK 0x80
102
103/*
104 * Calculate 3-bit ERF InterfaceID value from ERF Header flags byte
105 */
106#define erf_interface_id_from_flags(flags) ((((uint8_t)flags) & ERF_HDR_CAP_HI_MASK >> 4 ) | (((uint8_t)flags) & ERF_HDR_CAP_LO_MASK))
107
108/* Host ID and Anchor ID*/
109#define ERF_EHDR_HOST_ID_MASK UINT64_C(0xffffffffffff)
110#define ERF_EHDR_ANCHOR_ID_MASK UINT64_C(0xffffffffffff)
111#define ERF_EHDR_MORE_EXTHDR_MASK UINT64_C(0x8000000000000000)
112#define ERF_EHDR_ANCHOR_ID_DEFINITION_MASK UINT64_C(0x80000000000000)
113
114#define ERF_EHDR_FLOW_ID_STACK_TYPE_MASK UINT64_C(0xff00000000)
115#define ERF_EHDR_FLOW_ID_SOURCE_ID_MASK UINT64_C(0xff000000000000)
116
117/* ERF Provenance metadata */
118#define ERF_META_SECTION_MASK 0xFF00
119#define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK)
120#define ERF_META_HOST_ID_IMPLICIT UINT64_MAX
121#define ERF_ANCHOR_ID_IS_DEFINITION(anchor_id) ((uint64_t)anchor_id & ERF_EHDR_ANCHOR_ID_DEFINITION_MASK)
122#define ERF_EHDR_SET_MORE_EXTHDR(ext_hdr) ((uint64_t)ext_hdr | ERF_EHDR_MORE_EXTHDR_MASK)
123
124#define ERF_META_SECTION_CAPTURE 0xFF00
125#define ERF_META_SECTION_HOST 0xFF01
126#define ERF_META_SECTION_MODULE 0xFF02
127#define ERF_META_SECTION_INTERFACE 0xFF03
128#define ERF_META_SECTION_FLOW 0xFF04
129#define ERF_META_SECTION_STATS 0xFF05
130#define ERF_META_SECTION_INFO 0xFF06
131#define ERF_META_SECTION_CONTEXT 0xFF07
132#define ERF_META_SECTION_STREAM 0xFF08
133#define ERF_META_SECTION_TRANSFORM 0xFF09
134#define ERF_META_SECTION_DNS 0xFF0A
135#define ERF_META_SECTION_SOURCE 0xFF0B
136#define ERF_META_SECTION_NETWORK 0xFF0C
137#define ERF_META_SECTION_ENDPOINT 0xFF0D
138#define ERF_META_SECTION_INPUT 0xFF0E
139#define ERF_META_SECTION_OUTPUT 0xFF0F
140
141#define ERF_META_TAG_padding 0
142#define ERF_META_TAG_comment 1
143#define ERF_META_TAG_gen_time 2
144#define ERF_META_TAG_parent_section 3
145#define ERF_META_TAG_reset 4
146#define ERF_META_TAG_event_time 5
147#define ERF_META_TAG_host_id 6
148#define ERF_META_TAG_attribute 7
149#define ERF_META_TAG_fcs_len 8
150#define ERF_META_TAG_mask_ipv4 9
151#define ERF_META_TAG_mask_cidr 10
152
153#define ERF_META_TAG_org_name 11
154#define ERF_META_TAG_name 12
155#define ERF_META_TAG_descr 13
156#define ERF_META_TAG_config 14
157#define ERF_META_TAG_datapipe 15
158#define ERF_META_TAG_app_name 16
159#define ERF_META_TAG_os 17
160#define ERF_META_TAG_hostname 18
161#define ERF_META_TAG_user 19
162#define ERF_META_TAG_model 20
163#define ERF_META_TAG_fw_version 21
164#define ERF_META_TAG_serial_no 22
165#define ERF_META_TAG_ts_offset 23
166#define ERF_META_TAG_ts_clock_freq 24
167#define ERF_META_TAG_tzone 25
168#define ERF_META_TAG_tzone_name 26
169#define ERF_META_TAG_loc_lat 27
170#define ERF_META_TAG_loc_long 28
171#define ERF_META_TAG_snaplen 29
172#define ERF_META_TAG_card_num 30
173#define ERF_META_TAG_module_num 31
174#define ERF_META_TAG_access_num 32
175#define ERF_META_TAG_stream_num 33
176#define ERF_META_TAG_loc_name 34
177#define ERF_META_TAG_parent_file 35
178#define ERF_META_TAG_filter 36
179#define ERF_META_TAG_flow_hash_mode 37
180#define ERF_META_TAG_tunneling_mode 38
181#define ERF_META_TAG_npb_format 39
182#define ERF_META_TAG_mem 40
183#define ERF_META_TAG_datamine_id 41
184#define ERF_META_TAG_rotfile_id 42
185#define ERF_META_TAG_rotfile_name 43
186#define ERF_META_TAG_dev_name 44
187#define ERF_META_TAG_dev_path 45
188#define ERF_META_TAG_loc_descr 46
189#define ERF_META_TAG_app_version 47
190#define ERF_META_TAG_cpu_affinity 48
191#define ERF_META_TAG_cpu 49
192#define ERF_META_TAG_cpu_phys_cores 50
193#define ERF_META_TAG_cpu_numa_nodes 51
194#define ERF_META_TAG_dag_attribute 52
195#define ERF_META_TAG_dag_version 53
196#define ERF_META_TAG_stream_flags 54
197#define ERF_META_TAG_entropy_threshold 55
198#define ERF_META_TAG_smart_trunc_default 56
199#define ERF_META_TAG_ext_hdrs_added 57
200#define ERF_META_TAG_ext_hdrs_removed 58
201#define ERF_META_TAG_relative_snaplen 59
202#define ERF_META_TAG_temperature 60
203#define ERF_META_TAG_power 61
204#define ERF_META_TAG_vendor 62
205#define ERF_META_TAG_cpu_threads 63
206
207#define ERF_META_TAG_if_num 64
208#define ERF_META_TAG_if_vc 65
209#define ERF_META_TAG_if_speed 66
210#define ERF_META_TAG_if_ipv4 67
211#define ERF_META_TAG_if_ipv6 68
212#define ERF_META_TAG_if_mac 69
213#define ERF_META_TAG_if_eui 70
214#define ERF_META_TAG_if_ib_gid 71
215#define ERF_META_TAG_if_ib_lid 72
216#define ERF_META_TAG_if_wwn 73
217#define ERF_META_TAG_if_fc_id 74
218#define ERF_META_TAG_if_tx_speed 75
219#define ERF_META_TAG_if_erf_type 76
220#define ERF_META_TAG_if_link_type 77
221#define ERF_META_TAG_if_sfp_type 78
222#define ERF_META_TAG_if_rx_power 79
223#define ERF_META_TAG_if_tx_power 80
224#define ERF_META_TAG_if_link_status 81
225#define ERF_META_TAG_if_phy_mode 82
226#define ERF_META_TAG_if_port_type 83
227#define ERF_META_TAG_if_rx_latency 84
228#define ERF_META_TAG_tap_mode 85
229#define ERF_META_TAG_tap_fail_mode 86
230#define ERF_META_TAG_watchdog_expired 87
231#define ERF_META_TAG_watchdog_interval 88
232
233#define ERF_META_TAG_src_ipv4 128
234#define ERF_META_TAG_dest_ipv4 129
235#define ERF_META_TAG_src_ipv6 130
236#define ERF_META_TAG_dest_ipv6 131
237#define ERF_META_TAG_src_mac 132
238#define ERF_META_TAG_dest_mac 133
239#define ERF_META_TAG_src_eui 134
240#define ERF_META_TAG_dest_eui 135
241#define ERF_META_TAG_src_ib_gid 136
242#define ERF_META_TAG_dest_ib_gid 137
243#define ERF_META_TAG_src_ib_lid 138
244#define ERF_META_TAG_dest_ib_lid 139
245#define ERF_META_TAG_src_wwn 140
246#define ERF_META_TAG_dest_wwn 141
247#define ERF_META_TAG_src_fc_id 142
248#define ERF_META_TAG_dest_fc_id 143
249#define ERF_META_TAG_src_port 144
250#define ERF_META_TAG_dest_port 145
251#define ERF_META_TAG_ip_proto 146
252#define ERF_META_TAG_flow_hash 147
253#define ERF_META_TAG_filter_match 148
254#define ERF_META_TAG_filter_match_name 149
255#define ERF_META_TAG_error_flags 150
256#define ERF_META_TAG_initiator_pkts 151
257#define ERF_META_TAG_responder_pkts 152
258#define ERF_META_TAG_initiator_bytes 153
259#define ERF_META_TAG_responder_bytes 154
260#define ERF_META_TAG_initiator_min_entropy 155
261#define ERF_META_TAG_responder_min_entropy 156
262#define ERF_META_TAG_initiator_avg_entropy 157
263#define ERF_META_TAG_responder_avg_entropy 158
264#define ERF_META_TAG_initiator_max_entropy 159
265#define ERF_META_TAG_responder_max_entropy 160
266#define ERF_META_TAG_dpi_application 161
267#define ERF_META_TAG_dpi_confidence 162
268#define ERF_META_TAG_dpi_state 163
269#define ERF_META_TAG_dpi_protocol_stack 164
270#define ERF_META_TAG_flow_state 165
271#define ERF_META_TAG_vlan_id 166
272#define ERF_META_TAG_mpls_label 167
273#define ERF_META_TAG_vlan_pcp 168
274#define ERF_META_TAG_mpls_tc 169
275#define ERF_META_TAG_dscp 170
276#define ERF_META_TAG_initiator_mpls_label 171
277#define ERF_META_TAG_responder_mpls_label 172
278#define ERF_META_TAG_initiator_mpls_tc 173
279#define ERF_META_TAG_responder_mpls_tc 174
280#define ERF_META_TAG_initiator_ipv4 175
281#define ERF_META_TAG_responder_ipv4 176
282#define ERF_META_TAG_initiator_ipv6 177
283#define ERF_META_TAG_responder_ipv6 178
284#define ERF_META_TAG_initiator_mac 179
285#define ERF_META_TAG_responder_mac 180
286#define ERF_META_TAG_initiator_port 181
287#define ERF_META_TAG_responder_port 182
288#define ERF_META_TAG_initiator_retx 183
289#define ERF_META_TAG_responder_retx 184
290#define ERF_META_TAG_initiator_zwin 185
291#define ERF_META_TAG_responder_zwin 186
292#define ERF_META_TAG_initiator_tcp_flags 187
293#define ERF_META_TAG_responder_tcp_flags 188
294#define ERF_META_TAG_tcp_irtt 189
295
296#define ERF_META_TAG_start_time 193
297#define ERF_META_TAG_end_time 194
298#define ERF_META_TAG_stat_if_drop 195
299#define ERF_META_TAG_stat_frames 196
300#define ERF_META_TAG_stat_bytes 197
301#define ERF_META_TAG_stat_cap 198
302#define ERF_META_TAG_stat_cap_bytes 199
303#define ERF_META_TAG_stat_os_drop 200
304#define ERF_META_TAG_stat_ds_lctr 201
305#define ERF_META_TAG_stat_filter_match 202
306#define ERF_META_TAG_stat_filter_drop 203
307#define ERF_META_TAG_stat_too_short 204
308#define ERF_META_TAG_stat_too_long 205
309#define ERF_META_TAG_stat_rx_error 206
310#define ERF_META_TAG_stat_fcs_error 207
311#define ERF_META_TAG_stat_aborted 208
312#define ERF_META_TAG_stat_proto_error 209
313#define ERF_META_TAG_stat_b1_error 210
314#define ERF_META_TAG_stat_b2_error 211
315#define ERF_META_TAG_stat_b3_error 212
316#define ERF_META_TAG_stat_rei_error 213
317#define ERF_META_TAG_stat_drop 214
318#define ERF_META_TAG_stat_buf_drop 215
319#define ERF_META_TAG_stream_drop 216
320#define ERF_META_TAG_stream_buf_drop 217
321#define ERF_META_TAG_pkt_drop 218
322#define ERF_META_TAG_record_drop 219
323#define ERF_META_TAG_bandwidth 220
324#define ERF_META_TAG_duration 221
325#define ERF_META_TAG_top_index 222
326#define ERF_META_TAG_concurrent_flows 223
327#define ERF_META_TAG_active_flows 224
328#define ERF_META_TAG_created_flows 225
329#define ERF_META_TAG_deleted_flows 226
330#define ERF_META_TAG_active_endpoints 227
331#define ERF_META_TAG_tx_pkts 228
332#define ERF_META_TAG_tx_bytes 229
333#define ERF_META_TAG_rx_bandwidth 230
334#define ERF_META_TAG_tx_bandwidth 231
335#define ERF_META_TAG_records 232
336#define ERF_META_TAG_record_bytes 233
337#define ERF_META_TAG_pkt_drop_bytes 234
338#define ERF_META_TAG_record_drop_bytes 235
339#define ERF_META_TAG_drop_bandwidth 236
340#define ERF_META_TAG_retx_pkts 237
341#define ERF_META_TAG_zwin_pkts 238
342
343#define ERF_META_TAG_ns_host_ipv4 256
344#define ERF_META_TAG_ns_host_ipv6 257
345#define ERF_META_TAG_ns_host_mac 258
346#define ERF_META_TAG_ns_host_eui 259
347#define ERF_META_TAG_ns_host_ib_gid 260
348#define ERF_META_TAG_ns_host_ib_lid 261
349#define ERF_META_TAG_ns_host_wwn 262
350#define ERF_META_TAG_ns_host_fc_id 263
351#define ERF_META_TAG_ns_dns_ipv4 264
352#define ERF_META_TAG_ns_dns_ipv6 265
353
354#define ERF_META_TAG_exthdr 321
355#define ERF_META_TAG_pcap_ng_block 322
356#define ERF_META_TAG_asn1 323
357#define ERF_META_TAG_section_ref 324
358
359#define ERF_META_TAG_clk_source 384
360#define ERF_META_TAG_clk_state 385
361#define ERF_META_TAG_clk_threshold 386
362#define ERF_META_TAG_clk_correction 387
363#define ERF_META_TAG_clk_failures 388
364#define ERF_META_TAG_clk_resyncs 389
365#define ERF_META_TAG_clk_phase_error 390
366#define ERF_META_TAG_clk_input_pulses 391
367#define ERF_META_TAG_clk_rejected_pulses 392
368#define ERF_META_TAG_clk_phc_index 393
369#define ERF_META_TAG_clk_phc_offset 394
370#define ERF_META_TAG_clk_timebase 395
371#define ERF_META_TAG_clk_descr 396
372#define ERF_META_TAG_clk_out_source 397
373#define ERF_META_TAG_clk_link_mode 398
374#define ERF_META_TAG_ptp_domain_num 399
375#define ERF_META_TAG_ptp_steps_removed 400
376#define ERF_META_TAG_ptp_offset_from_master 401
377#define ERF_META_TAG_ptp_mean_path_delay 402
378#define ERF_META_TAG_ptp_parent_identity 403
379#define ERF_META_TAG_ptp_parent_port_num 404
380#define ERF_META_TAG_ptp_gm_identity 405
381#define ERF_META_TAG_ptp_gm_clock_quality 406
382#define ERF_META_TAG_ptp_current_utc_offset 407
383#define ERF_META_TAG_ptp_time_properties 408
384#define ERF_META_TAG_ptp_time_source 409
385#define ERF_META_TAG_ptp_clock_identity 410
386#define ERF_META_TAG_ptp_port_num 411
387#define ERF_META_TAG_ptp_port_state 412
388#define ERF_META_TAG_ptp_delay_mechanism 413
389#define ERF_META_TAG_clk_port_proto 414
390#define ERF_META_TAG_ntp_status 415
391#define ERF_META_TAG_ntp_stratum 416
392#define ERF_META_TAG_ntp_rootdelay 417
393#define ERF_META_TAG_ntp_rootdisp 418
394#define ERF_META_TAG_ntp_offset 419
395#define ERF_META_TAG_ntp_frequency 420
396#define ERF_META_TAG_ntp_sys_jitter 421
397#define ERF_META_TAG_ntp_peer_remote 422
398#define ERF_META_TAG_ntp_peer_refid 423
399
400 /*
401 * The timestamp is 64bit unsigned fixed point little-endian value with
402 * 32 bits for second and 32 bits for fraction.
403 */
404typedef uint64_t erf_timestamp_t;
405
406typedef struct erf_record {
407 erf_timestamp_t ts;
408 uint8_t type;
409 uint8_t flags;
410 uint16_t rlen;
411 uint16_t lctr;
412 uint16_t wlen;
413} erf_header_t;
414
415typedef struct erf_mc_hdr {
416 uint32_t mc;
417} erf_mc_header_t;
418
419typedef struct erf_aal2_hdr {
420 uint32_t aal2;
421} erf_aal2_header_t;
422
423typedef struct erf_eth_hdr {
424 uint8_t offset;
425 uint8_t pad;
426} erf_eth_header_t;
427
428union erf_subhdr {
429 struct erf_mc_hdr mc_hdr;
430 struct erf_aal2_hdr aal2_hdr;
431 struct erf_eth_hdr eth_hdr;
432};
433
434#endif /* __W_ERF_RECORD_H__ */
435
436/*
437 * Editor modelines - https://www.wireshark.org/tools/modelines.html
438 *
439 * Local variables:
440 * c-basic-offset: 8
441 * tab-width: 8
442 * indent-tabs-mode: t
443 * End:
444 *
445 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
446 * :indentSize=8:tabSize=8:noTabs=false:
447 */
_eth_hdr
Definition packet-eth.h:15
erf_aal2_hdr
Definition erf_record.h:419
erf_eth_hdr
Definition erf_record.h:423
erf_mc_hdr
Definition erf_record.h:415
erf_record
Definition erf_record.h:406
erf_subhdr
Definition erf_record.h:428
Generated by doxygen 1.9.8