The code for reading ERF files has not been significantly updated since
2004. This patch brings it up to date with a number of changes.
1) Increase number of decodable ERF types from 7 to 12. This covers
newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond precision,
now displaying with nanosecond resolution. Hardware precision is 7.5 to
30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the ERF HDLC
capture formats do not include information on what protocol is used at
the next level. This is currently done via an environment variable
'ERF_HDLC_ENCAP' and is analagous to the existing 'ERF_ATM_ENCAP'
variable.
If the user does not specify an HDLC encapsulation it tries to guess,
and falls back to MTP2 for backwards compatibility with Florent's
existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use WTAP_ENCAP_MTP2_WITH_PHDR
rather than WTAP_ENCAP_MTP2. This allows us to put the 'Multi-Channel
ERF' record 'channel number' field into the MTP2 pseudo header
'link_number' field. This is then displayed in Frame information, and
can be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used or not,
we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing user preference
to decide.
Stephen.
--
-----------------------------------------------------------------------
Stephen Donnelly BCMS PhD email: sfd@xxxxxxxxxx
Endace Technology Ltd phone: +64 7 839 0540
Hamilton, New Zealand cell: +64 21 1104378
-----------------------------------------------------------------------
Attachment:
erf-input.patch.gz
Description: GNU Zip compressed data
