Wireshark-bugs: [Wireshark-bugs] [Bug 12303] New: ERF metadata support
Date: Tue, 29 Mar 2016 03:23:09 +0000
Bug ID | 12303 |
---|---|
Summary | ERF metadata support |
Product | Wireshark |
Version | Git |
Hardware | All |
OS | All |
Status | UNCONFIRMED |
Severity | Enhancement |
Priority | Low |
Component | Capture file support (libwiretap) |
Assignee | [email protected] |
Reporter | [email protected] |
Created attachment 14451 [details] ERF_TYPE_META record per second injected into some synthetic traffic. Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- This bug tracks support for ERF ERF_TYPE_META metadata records in Wireshark. ERF_TYPE_META (MetaERF) records have a payload consisting of TLV metadata, divided into sections which define the context of the TLV tag. ERF_TYPE_META records generally have a Host ID extension header used to link metadata to packet records with the same Host ID and Source ID. The Host ID is used to identify the capturing host and can also be used to distinguish records from multiple hosts in the same file. The 8-bit Source ID is used for distinguishing records from multiple sources in the same file and for metadata linking. The associated Host ID can either be explicit on all records, or implicit where the Host ID extension header is only present on ERF_TYPE_META records and other records are associated using only the Source ID in the Flow ID extension header. Change 12708 (https://code.wireshark.org/review/#/c/12708/) added basic heuristic updates to allow opening trace files with ERF_TYPE_META records. It was backported to master-2.0 and master-1.12. Change 14510 (https://code.wireshark.org/review/#/c/14510/) adds dissection of ERF_TYPE_META records, per-HostID/per-SourceID wtap interfaces and basic (read-only) ERF_TYPE_META support in wiretap. It adds support for displaying some fields of the 'first' ERF_TYPE_META record in the Capture File Properties screen. Some summary fields are concatenated and merged to provide more useful information and combine ERF sources, streams and interfaces into wtap interfaces. It includes some support for REC_TYPE_FT_SPECIFIC_REPORT but this is disabled for compatibility with the PCAP-NG dumper for now. Attached is a sample capture file with one ERF_TYPE_META record per second injected into some synthetic traffic.
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 10788] prevent linking against your older installed libraries
- Next by Date: [Wireshark-bugs] [Bug 12278] Buildbot crash output: fuzz-2016-03-22-29021.pcap
- Previous by thread: [Wireshark-bugs] [Bug 10788] prevent linking against your older installed libraries
- Next by thread: [Wireshark-bugs] [Bug 12304] New: Buildbot crash output: fuzz-2016-03-26-26740.pcap
- Index(es):
- Get Wireshark
- Download
- Code of Conduct