| blob | 531df5b4de96662a266ff7947f9ed1c0327adfa4 |
1 /** @file
2 *
3 * Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand.
4 * All rights reserved.
5 *
6 * This software and documentation has been developed by Endace Technology Ltd.
7 * along with the DAG PCI network capture cards. For further information please
8 * visit https://www.endace.com/.
9 *
10 * SPDX-License-Identifier: BSD-3-Clause
11 */
13 #ifndef __W_ERF_RECORD_H__
14 #define __W_ERF_RECORD_H__
16 /*
17 * Declarations and definitions for ERF records; for use by the ERF
18 * file reader, code to handle LINKTYPE_ERF packets in pcap and
19 * pcapng files, ERF metadata dissectors, and protocol dissectors
20 * that register for particular ERF record types.
21 */
23 /* Record type defines */
24 #define ERF_TYPE_LEGACY 0
25 #define ERF_TYPE_HDLC_POS 1
26 #define ERF_TYPE_ETH 2
27 #define ERF_TYPE_ATM 3
28 #define ERF_TYPE_AAL5 4
29 #define ERF_TYPE_MC_HDLC 5
30 #define ERF_TYPE_MC_RAW 6
31 #define ERF_TYPE_MC_ATM 7
32 #define ERF_TYPE_MC_RAW_CHANNEL 8
33 #define ERF_TYPE_MC_AAL5 9
34 #define ERF_TYPE_COLOR_HDLC_POS 10
35 #define ERF_TYPE_COLOR_ETH 11
36 #define ERF_TYPE_MC_AAL2 12
37 #define ERF_TYPE_IP_COUNTER 13
38 #define ERF_TYPE_TCP_FLOW_COUNTER 14
39 #define ERF_TYPE_DSM_COLOR_HDLC_POS 15
40 #define ERF_TYPE_DSM_COLOR_ETH 16
41 #define ERF_TYPE_COLOR_MC_HDLC_POS 17
42 #define ERF_TYPE_AAL2 18
43 #define ERF_TYPE_COLOR_HASH_POS 19
44 #define ERF_TYPE_COLOR_HASH_ETH 20
45 #define ERF_TYPE_INFINIBAND 21
46 #define ERF_TYPE_IPV4 22
47 #define ERF_TYPE_IPV6 23
48 #define ERF_TYPE_RAW_LINK 24
49 #define ERF_TYPE_INFINIBAND_LINK 25
50 /* XXX - what about 26? */
51 #define ERF_TYPE_META 27
52 #define ERF_TYPE_OPA_SNC 28
53 #define ERF_TYPE_OPA_9B 29
55 /* 28-31 reserved for future public ERF types */
57 /* Record types reserved for local and internal use */
58 #define ERF_TYPE_INTERNAL0 32
59 #define ERF_TYPE_INTERNAL1 33
60 #define ERF_TYPE_INTERNAL2 34
61 #define ERF_TYPE_INTERNAL3 35
62 #define ERF_TYPE_INTERNAL4 36
63 #define ERF_TYPE_INTERNAL5 37
64 #define ERF_TYPE_INTERNAL6 38
65 #define ERF_TYPE_INTERNAL7 39
66 #define ERF_TYPE_INTERNAL8 40
67 #define ERF_TYPE_INTERNAL9 41
68 #define ERF_TYPE_INTERNAL10 42
69 #define ERF_TYPE_INTERNAL11 43
70 #define ERF_TYPE_INTERNAL12 44
71 #define ERF_TYPE_INTERNAL13 45
72 #define ERF_TYPE_INTERNAL14 46
73 #define ERF_TYPE_INTERNAL15 47
75 /* Pad records */
76 #define ERF_TYPE_PAD 48
78 #define ERF_EXT_HDR_TYPE_CLASSIFICATION 3
79 #define ERF_EXT_HDR_TYPE_INTERCEPTID 4
80 #define ERF_EXT_HDR_TYPE_RAW_LINK 5
81 #define ERF_EXT_HDR_TYPE_BFS 6
82 #define ERF_EXT_HDR_TYPE_CHANNELISED 12
83 #define ERF_EXT_HDR_TYPE_SIGNATURE 14
84 #define ERF_EXT_HDR_TYPE_PKT_ID 15
85 #define ERF_EXT_HDR_TYPE_FLOW_ID 16
86 #define ERF_EXT_HDR_TYPE_HOST_ID 17
87 #define ERF_EXT_HDR_TYPE_ANCHOR_ID 18
88 #define ERF_EXT_HDR_TYPE_ENTROPY 19
90 /* ERF Header */
91 #define ERF_HDR_TYPE_MASK 0x7f
92 #define ERF_HDR_EHDR_MASK 0x80
93 #define ERF_HDR_FLAGS_MASK 0xff
94 #define ERF_HDR_CAP_MASK 0x43
95 #define ERF_HDR_CAP_LO_MASK 0x03
96 #define ERF_HDR_CAP_HI_MASK 0x40
97 #define ERF_HDR_VLEN_MASK 0x04
98 #define ERF_HDR_TRUNC_MASK 0x08
99 #define ERF_HDR_RXE_MASK 0x10
100 #define ERF_HDR_DSE_MASK 0x20
101 #define ERF_HDR_RES_MASK 0x80
103 /*
104 * Calculate 3-bit ERF InterfaceID value from ERF Header flags byte
105 */
106 #define erf_interface_id_from_flags(flags) (((((uint8_t)flags) & ERF_HDR_CAP_HI_MASK) >> 4 ) | (((uint8_t)flags) & ERF_HDR_CAP_LO_MASK))
108 /* Host ID and Anchor ID*/
109 #define ERF_EHDR_HOST_ID_MASK UINT64_C(0xffffffffffff)
110 #define ERF_EHDR_ANCHOR_ID_MASK UINT64_C(0xffffffffffff)
111 #define ERF_EHDR_MORE_EXTHDR_MASK UINT64_C(0x8000000000000000)
112 #define ERF_EHDR_ANCHOR_ID_DEFINITION_MASK UINT64_C(0x80000000000000)
114 #define ERF_EHDR_FLOW_ID_STACK_TYPE_MASK UINT64_C(0xff00000000)
115 #define ERF_EHDR_FLOW_ID_SOURCE_ID_MASK UINT64_C(0xff000000000000)
117 /* ERF Provenance metadata */
118 #define ERF_META_SECTION_MASK 0xFF00
119 #define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK)
120 #define ERF_META_HOST_ID_IMPLICIT UINT64_MAX
121 #define ERF_ANCHOR_ID_IS_DEFINITION(anchor_id) ((uint64_t)anchor_id & ERF_EHDR_ANCHOR_ID_DEFINITION_MASK)
122 #define ERF_EHDR_SET_MORE_EXTHDR(ext_hdr) ((uint64_t)ext_hdr | ERF_EHDR_MORE_EXTHDR_MASK)
124 #define ERF_META_SECTION_CAPTURE 0xFF00
125 #define ERF_META_SECTION_HOST 0xFF01
126 #define ERF_META_SECTION_MODULE 0xFF02
127 #define ERF_META_SECTION_INTERFACE 0xFF03
128 #define ERF_META_SECTION_FLOW 0xFF04
129 #define ERF_META_SECTION_STATS 0xFF05
130 #define ERF_META_SECTION_INFO 0xFF06
131 #define ERF_META_SECTION_CONTEXT 0xFF07
132 #define ERF_META_SECTION_STREAM 0xFF08
133 #define ERF_META_SECTION_TRANSFORM 0xFF09
134 #define ERF_META_SECTION_DNS 0xFF0A
135 #define ERF_META_SECTION_SOURCE 0xFF0B
136 #define ERF_META_SECTION_NETWORK 0xFF0C
137 #define ERF_META_SECTION_ENDPOINT 0xFF0D
138 #define ERF_META_SECTION_INPUT 0xFF0E
139 #define ERF_META_SECTION_OUTPUT 0xFF0F
141 #define ERF_META_TAG_padding 0
142 #define ERF_META_TAG_comment 1
143 #define ERF_META_TAG_gen_time 2
144 #define ERF_META_TAG_parent_section 3
145 #define ERF_META_TAG_reset 4
146 #define ERF_META_TAG_event_time 5
147 #define ERF_META_TAG_host_id 6
148 #define ERF_META_TAG_attribute 7
149 #define ERF_META_TAG_fcs_len 8
150 #define ERF_META_TAG_mask_ipv4 9
151 #define ERF_META_TAG_mask_cidr 10
153 #define ERF_META_TAG_org_name 11
154 #define ERF_META_TAG_name 12
155 #define ERF_META_TAG_descr 13
156 #define ERF_META_TAG_config 14
157 #define ERF_META_TAG_datapipe 15
158 #define ERF_META_TAG_app_name 16
159 #define ERF_META_TAG_os 17
160 #define ERF_META_TAG_hostname 18
161 #define ERF_META_TAG_user 19
162 #define ERF_META_TAG_model 20
163 #define ERF_META_TAG_fw_version 21
164 #define ERF_META_TAG_serial_no 22
165 #define ERF_META_TAG_ts_offset 23
166 #define ERF_META_TAG_ts_clock_freq 24
167 #define ERF_META_TAG_tzone 25
168 #define ERF_META_TAG_tzone_name 26
169 #define ERF_META_TAG_loc_lat 27
170 #define ERF_META_TAG_loc_long 28
171 #define ERF_META_TAG_snaplen 29
172 #define ERF_META_TAG_card_num 30
173 #define ERF_META_TAG_module_num 31
174 #define ERF_META_TAG_access_num 32
175 #define ERF_META_TAG_stream_num 33
176 #define ERF_META_TAG_loc_name 34
177 #define ERF_META_TAG_parent_file 35
178 #define ERF_META_TAG_filter 36
179 #define ERF_META_TAG_flow_hash_mode 37
180 #define ERF_META_TAG_tunneling_mode 38
181 #define ERF_META_TAG_npb_format 39
182 #define ERF_META_TAG_mem 40
183 #define ERF_META_TAG_datamine_id 41
184 #define ERF_META_TAG_rotfile_id 42
185 #define ERF_META_TAG_rotfile_name 43
186 #define ERF_META_TAG_dev_name 44
187 #define ERF_META_TAG_dev_path 45
188 #define ERF_META_TAG_loc_descr 46
189 #define ERF_META_TAG_app_version 47
190 #define ERF_META_TAG_cpu_affinity 48
191 #define ERF_META_TAG_cpu 49
192 #define ERF_META_TAG_cpu_phys_cores 50
193 #define ERF_META_TAG_cpu_numa_nodes 51
194 #define ERF_META_TAG_dag_attribute 52
195 #define ERF_META_TAG_dag_version 53
196 #define ERF_META_TAG_stream_flags 54
197 #define ERF_META_TAG_entropy_threshold 55
198 #define ERF_META_TAG_smart_trunc_default 56
199 #define ERF_META_TAG_ext_hdrs_added 57
200 #define ERF_META_TAG_ext_hdrs_removed 58
201 #define ERF_META_TAG_relative_snaplen 59
202 #define ERF_META_TAG_temperature 60
203 #define ERF_META_TAG_power 61
204 #define ERF_META_TAG_vendor 62
205 #define ERF_META_TAG_cpu_threads 63
207 #define ERF_META_TAG_if_num 64
208 #define ERF_META_TAG_if_vc 65
209 #define ERF_META_TAG_if_speed 66
210 #define ERF_META_TAG_if_ipv4 67
211 #define ERF_META_TAG_if_ipv6 68
212 #define ERF_META_TAG_if_mac 69
213 #define ERF_META_TAG_if_eui 70
214 #define ERF_META_TAG_if_ib_gid 71
215 #define ERF_META_TAG_if_ib_lid 72
216 #define ERF_META_TAG_if_wwn 73
217 #define ERF_META_TAG_if_fc_id 74
218 #define ERF_META_TAG_if_tx_speed 75
219 #define ERF_META_TAG_if_erf_type 76
220 #define ERF_META_TAG_if_link_type 77
221 #define ERF_META_TAG_if_sfp_type 78
222 #define ERF_META_TAG_if_rx_power 79
223 #define ERF_META_TAG_if_tx_power 80
224 #define ERF_META_TAG_if_link_status 81
225 #define ERF_META_TAG_if_phy_mode 82
226 #define ERF_META_TAG_if_port_type 83
227 #define ERF_META_TAG_if_rx_latency 84
228 #define ERF_META_TAG_tap_mode 85
229 #define ERF_META_TAG_tap_fail_mode 86
230 #define ERF_META_TAG_watchdog_expired 87
231 #define ERF_META_TAG_watchdog_interval 88
233 #define ERF_META_TAG_src_ipv4 128
234 #define ERF_META_TAG_dest_ipv4 129
235 #define ERF_META_TAG_src_ipv6 130
236 #define ERF_META_TAG_dest_ipv6 131
237 #define ERF_META_TAG_src_mac 132
238 #define ERF_META_TAG_dest_mac 133
239 #define ERF_META_TAG_src_eui 134
240 #define ERF_META_TAG_dest_eui 135
241 #define ERF_META_TAG_src_ib_gid 136
242 #define ERF_META_TAG_dest_ib_gid 137
243 #define ERF_META_TAG_src_ib_lid 138
244 #define ERF_META_TAG_dest_ib_lid 139
245 #define ERF_META_TAG_src_wwn 140
246 #define ERF_META_TAG_dest_wwn 141
247 #define ERF_META_TAG_src_fc_id 142
248 #define ERF_META_TAG_dest_fc_id 143
249 #define ERF_META_TAG_src_port 144
250 #define ERF_META_TAG_dest_port 145
251 #define ERF_META_TAG_ip_proto 146
252 #define ERF_META_TAG_flow_hash 147
253 #define ERF_META_TAG_filter_match 148
254 #define ERF_META_TAG_filter_match_name 149
255 #define ERF_META_TAG_error_flags 150
256 #define ERF_META_TAG_initiator_pkts 151
257 #define ERF_META_TAG_responder_pkts 152
258 #define ERF_META_TAG_initiator_bytes 153
259 #define ERF_META_TAG_responder_bytes 154
260 #define ERF_META_TAG_initiator_min_entropy 155
261 #define ERF_META_TAG_responder_min_entropy 156
262 #define ERF_META_TAG_initiator_avg_entropy 157
263 #define ERF_META_TAG_responder_avg_entropy 158
264 #define ERF_META_TAG_initiator_max_entropy 159
265 #define ERF_META_TAG_responder_max_entropy 160
266 #define ERF_META_TAG_dpi_application 161
267 #define ERF_META_TAG_dpi_confidence 162
268 #define ERF_META_TAG_dpi_state 163
269 #define ERF_META_TAG_dpi_protocol_stack 164
270 #define ERF_META_TAG_flow_state 165
271 #define ERF_META_TAG_vlan_id 166
272 #define ERF_META_TAG_mpls_label 167
273 #define ERF_META_TAG_vlan_pcp 168
274 #define ERF_META_TAG_mpls_tc 169
275 #define ERF_META_TAG_dscp 170
276 #define ERF_META_TAG_initiator_mpls_label 171
277 #define ERF_META_TAG_responder_mpls_label 172
278 #define ERF_META_TAG_initiator_mpls_tc 173
279 #define ERF_META_TAG_responder_mpls_tc 174
280 #define ERF_META_TAG_initiator_ipv4 175
281 #define ERF_META_TAG_responder_ipv4 176
282 #define ERF_META_TAG_initiator_ipv6 177
283 #define ERF_META_TAG_responder_ipv6 178
284 #define ERF_META_TAG_initiator_mac 179
285 #define ERF_META_TAG_responder_mac 180
286 #define ERF_META_TAG_initiator_port 181
287 #define ERF_META_TAG_responder_port 182
288 #define ERF_META_TAG_initiator_retx 183
289 #define ERF_META_TAG_responder_retx 184
290 #define ERF_META_TAG_initiator_zwin 185
291 #define ERF_META_TAG_responder_zwin 186
292 #define ERF_META_TAG_initiator_tcp_flags 187
293 #define ERF_META_TAG_responder_tcp_flags 188
294 #define ERF_META_TAG_tcp_irtt 189
296 #define ERF_META_TAG_start_time 193
297 #define ERF_META_TAG_end_time 194
298 #define ERF_META_TAG_stat_if_drop 195
299 #define ERF_META_TAG_stat_frames 196
300 #define ERF_META_TAG_stat_bytes 197
301 #define ERF_META_TAG_stat_cap 198
302 #define ERF_META_TAG_stat_cap_bytes 199
303 #define ERF_META_TAG_stat_os_drop 200
304 #define ERF_META_TAG_stat_ds_lctr 201
305 #define ERF_META_TAG_stat_filter_match 202
306 #define ERF_META_TAG_stat_filter_drop 203
307 #define ERF_META_TAG_stat_too_short 204
308 #define ERF_META_TAG_stat_too_long 205
309 #define ERF_META_TAG_stat_rx_error 206
310 #define ERF_META_TAG_stat_fcs_error 207
311 #define ERF_META_TAG_stat_aborted 208
312 #define ERF_META_TAG_stat_proto_error 209
313 #define ERF_META_TAG_stat_b1_error 210
314 #define ERF_META_TAG_stat_b2_error 211
315 #define ERF_META_TAG_stat_b3_error 212
316 #define ERF_META_TAG_stat_rei_error 213
317 #define ERF_META_TAG_stat_drop 214
318 #define ERF_META_TAG_stat_buf_drop 215
319 #define ERF_META_TAG_stream_drop 216
320 #define ERF_META_TAG_stream_buf_drop 217
321 #define ERF_META_TAG_pkt_drop 218
322 #define ERF_META_TAG_record_drop 219
323 #define ERF_META_TAG_bandwidth 220
324 #define ERF_META_TAG_duration 221
325 #define ERF_META_TAG_top_index 222
326 #define ERF_META_TAG_concurrent_flows 223
327 #define ERF_META_TAG_active_flows 224
328 #define ERF_META_TAG_created_flows 225
329 #define ERF_META_TAG_deleted_flows 226
330 #define ERF_META_TAG_active_endpoints 227
331 #define ERF_META_TAG_tx_pkts 228
332 #define ERF_META_TAG_tx_bytes 229
333 #define ERF_META_TAG_rx_bandwidth 230
334 #define ERF_META_TAG_tx_bandwidth 231
335 #define ERF_META_TAG_records 232
336 #define ERF_META_TAG_record_bytes 233
337 #define ERF_META_TAG_pkt_drop_bytes 234
338 #define ERF_META_TAG_record_drop_bytes 235
339 #define ERF_META_TAG_drop_bandwidth 236
340 #define ERF_META_TAG_retx_pkts 237
341 #define ERF_META_TAG_zwin_pkts 238
343 #define ERF_META_TAG_ns_host_ipv4 256
344 #define ERF_META_TAG_ns_host_ipv6 257
345 #define ERF_META_TAG_ns_host_mac 258
346 #define ERF_META_TAG_ns_host_eui 259
347 #define ERF_META_TAG_ns_host_ib_gid 260
348 #define ERF_META_TAG_ns_host_ib_lid 261
349 #define ERF_META_TAG_ns_host_wwn 262
350 #define ERF_META_TAG_ns_host_fc_id 263
351 #define ERF_META_TAG_ns_dns_ipv4 264
352 #define ERF_META_TAG_ns_dns_ipv6 265
354 #define ERF_META_TAG_exthdr 321
355 #define ERF_META_TAG_pcap_ng_block 322
356 #define ERF_META_TAG_asn1 323
357 #define ERF_META_TAG_section_ref 324
359 #define ERF_META_TAG_clk_source 384
360 #define ERF_META_TAG_clk_state 385
361 #define ERF_META_TAG_clk_threshold 386
362 #define ERF_META_TAG_clk_correction 387
363 #define ERF_META_TAG_clk_failures 388
364 #define ERF_META_TAG_clk_resyncs 389
365 #define ERF_META_TAG_clk_phase_error 390
366 #define ERF_META_TAG_clk_input_pulses 391
367 #define ERF_META_TAG_clk_rejected_pulses 392
368 #define ERF_META_TAG_clk_phc_index 393
369 #define ERF_META_TAG_clk_phc_offset 394
370 #define ERF_META_TAG_clk_timebase 395
371 #define ERF_META_TAG_clk_descr 396
372 #define ERF_META_TAG_clk_out_source 397
373 #define ERF_META_TAG_clk_link_mode 398
374 #define ERF_META_TAG_ptp_domain_num 399
375 #define ERF_META_TAG_ptp_steps_removed 400
376 #define ERF_META_TAG_ptp_offset_from_master 401
377 #define ERF_META_TAG_ptp_mean_path_delay 402
378 #define ERF_META_TAG_ptp_parent_identity 403
379 #define ERF_META_TAG_ptp_parent_port_num 404
380 #define ERF_META_TAG_ptp_gm_identity 405
381 #define ERF_META_TAG_ptp_gm_clock_quality 406
382 #define ERF_META_TAG_ptp_current_utc_offset 407
383 #define ERF_META_TAG_ptp_time_properties 408
384 #define ERF_META_TAG_ptp_time_source 409
385 #define ERF_META_TAG_ptp_clock_identity 410
386 #define ERF_META_TAG_ptp_port_num 411
387 #define ERF_META_TAG_ptp_port_state 412
388 #define ERF_META_TAG_ptp_delay_mechanism 413
389 #define ERF_META_TAG_clk_port_proto 414
390 #define ERF_META_TAG_ntp_status 415
391 #define ERF_META_TAG_ntp_stratum 416
392 #define ERF_META_TAG_ntp_rootdelay 417
393 #define ERF_META_TAG_ntp_rootdisp 418
394 #define ERF_META_TAG_ntp_offset 419
395 #define ERF_META_TAG_ntp_frequency 420
396 #define ERF_META_TAG_ntp_sys_jitter 421
397 #define ERF_META_TAG_ntp_peer_remote 422
398 #define ERF_META_TAG_ntp_peer_refid 423
400 /*
401 * The timestamp is 64bit unsigned fixed point little-endian value with
402 * 32 bits for second and 32 bits for fraction.
403 */
407 erf_timestamp_t ts;
432 };
436 /*
437 * Editor modelines - https://www.wireshark.org/tools/modelines.html
438 *
439 * Local variables:
440 * c-basic-offset: 8
441 * tab-width: 8
442 * indent-tabs-mode: t
443 * End:
444 *
445 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
446 * :indentSize=8:tabSize=8:noTabs=false:
447 */