ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2894] New: Endace ERFII (extension header) support

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 23 Sep 2008 17:07:12 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2894

           Summary: Endace ERFII (extension header) support
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: francesco.fusco@xxxxxxxxxx



Francesco Fusco <francesco.fusco@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2252|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=2252)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2252)
this patch introduces the ERFII support into wireshark

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The Endace record format (ERF) has been updated to support extension
headers. Extension headers are a way to extend the traditional ERF
records and are used to add information to the packet to be
transported to the host.

Without proper extension header support wireshark is not able to open
.erf capture files containing headers with extensions.

This patch introduces the support for the extension headers defined at
this time (Classification, InterceptID and RawLink) so that wireshark
can open .erf files even with extensions and dissect extensions if
they are present.

This patch also introduces the support for new ERF header types
(ERF_TYPE_RAW_LINK, ERF_TYPE_IPV4, ERF_TYPE_IPV6).

The introduction of those features required changes in the wiretap
code (erf.c and libpcap.c) in order to read the extension headers and
remove them from the packet size. The erf dissector has been modified
in order to deal with extensions. At the moment only 8 extensions are
dissected (and shown), but the user receives a message throught the
expert window every time more than 8 extensions are present.

The patch has been tested width real erf traces and the results compared 
with other internal tools.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube