Determining final L3 layer protocol right inside PktSrc.

src/Packet.h

@@ -3,6 +3,14 @@
 
 #include "Desc.h"
 #include "IP.h"
+#include "NetVar.h"
+
+enum Layer3Proto {
+	L3_UNKNOWN = -1,
+	L3_IPV4 = 1,
+	L3_IPV6 = 2,
+	L3_ARP = 3,
+};
 
 // A link-layer packet.
 //
@@ -26,7 +34,7 @@ public:
 	Packet(int arg_link_type, struct timeval *arg_ts, uint32 arg_caplen,
 		uint32 arg_len, const u_char *arg_data, int arg_free = false,
 		std::string arg_tag = std::string(""), uint32 arg_hdrsize = 0,
-		int arg_l3_proto = -1)
+		Layer3Proto arg_l3_proto = L3_UNKNOWN)
 		{
 		Init(arg_link_type, arg_ts, arg_caplen, arg_len, arg_data, arg_free, arg_tag,
 			arg_hdrsize, arg_l3_proto);
@@ -45,7 +53,7 @@ public:
 	void Init(int arg_link_type, struct timeval *arg_ts, uint32 arg_caplen,
 		uint32 arg_len, const u_char *arg_data, int arg_free = false,
 		std::string arg_tag = std::string(""), uint32 arg_hdrsize = 0,
-		int arg_l3_proto = -1)
+		Layer3Proto arg_l3_proto = L3_UNKNOWN)
 		{
 		link_type = arg_link_type;
 		ts = *arg_ts;
@@ -86,7 +94,7 @@ public:
 	uint32 cap_len;			/// Captured packet length
 	uint32 len;			/// Actual length on wire
 	uint32 hdr_size;		/// Layer 2 header size
-	uint32 l3_proto;		/// Layer 3 protocol identified (if any)
+	Layer3Proto l3_proto;		/// Layer 3 protocol identified (if any)
 	uint32 eth_type;		/// If L2==ethernet, innermost ethertype field
 	uint32 vlan;			/// (Outermost) VLan tag if any, else 0
 

src/Serializer.cc

@@ -1175,7 +1175,7 @@ Packet* Packet::Unserialize(UnserialInfo* info)
 		}
 
 	Packet *p = new Packet(link_type, &ts, caplen, len, pkt, true,
-			std::string(tag), hdr_size, l3_proto);
+			       std::string(tag), hdr_size, (Layer3Proto) l3_proto);
 	delete [] tag;
 
 	// For the global timer manager, we take the global network_time as the

src/Sessions.cc

@@ -206,7 +206,7 @@ void NetSessions::ProcNextPacket(double t, const Packet *pkt)
 
 	uint32 caplen = pkt->cap_len - pkt->hdr_size;
 
-	if ( pkt->l3_proto == AF_INET )
+	if ( pkt->l3_proto == L3_IPV4 )
 		{
 		if ( caplen < sizeof(struct ip) )
 			{
@@ -219,7 +219,7 @@ void NetSessions::ProcNextPacket(double t, const Packet *pkt)
 		DoNextPacket(t, pkt, &ip_hdr, 0);
 		}
 
-	else if ( pkt->l3_proto == AF_INET6 )
+	else if ( pkt->l3_proto == L3_IPV6 )
 		{
 		if ( caplen < sizeof(struct ip6_hdr) )
 			{
@@ -231,7 +231,7 @@ void NetSessions::ProcNextPacket(double t, const Packet *pkt)
 		DoNextPacket(t, pkt, &ip_hdr, 0);
 		}
 
-	else if ( analyzer::arp::ARP_Analyzer::IsARP(pkt) )
+	else if ( pkt->l3_proto == L3_ARP )
 		{
 		if ( arp_analyzer )
 			arp_analyzer->NextPacket(t, pkt);
@@ -774,7 +774,7 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
 
 	struct timeval ts;
 	int link_type;
-	int l3_proto;
+	Layer3Proto l3_proto;
 
 	if ( pkt )
 		ts = pkt->ts;
@@ -790,12 +790,12 @@ void NetSessions::DoNextInnerPacket(double t, const Packet* pkt,
 	if ( inner->IP4_Hdr() )
 		{
 		data = (const u_char*) inner->IP4_Hdr();
-		l3_proto = AF_INET;
+		l3_proto = L3_IPV4;
 		}
 	else
 		{
 		data = (const u_char*) inner->IP6_Hdr();
-		l3_proto = AF_INET6;
+		l3_proto = L3_IPV6;
 		}
 
 	EncapsulationStack* outer = prev ?

src/analyzer/protocol/arp/ARP.cc

@@ -19,25 +19,6 @@ ARP_Analyzer::~ARP_Analyzer()
 	{
 	}
 
-// Assumes pkt->hdr_size indicates size of the Layer 2 header.
-bool ARP_Analyzer::IsARP(const Packet* pkt)
-	{
-	if ( pkt->hdr_size < 2 )
-		return false;
-
-	unsigned short network_protocol =
-		*(unsigned short*) (pkt->data + pkt->hdr_size - 2);
-
-	switch ( ntohs(network_protocol) ) {
-	case ETHERTYPE_ARP:
-	case ETHERTYPE_REVARP:
-		return true;
-	default:
-		return false;
-	}
-	}
-
-
 // Argh! FreeBSD and Linux have almost completely different net/if_arp.h .
 // ... and on Solaris we are missing half of the ARPOP codes, so define
 // them here as necessary:

src/analyzer/protocol/arp/ARP.h

@@ -44,9 +44,6 @@ public:
 			const char* spa, const char* sha,
 			const char* tpa, const char* tha);
 
-	// Whether a packet is of interest for ARP analysis.
-	static bool IsARP(const Packet *pkt);
-
 protected:
 	AddrVal* ConstructAddrVal(const void* addr);
 	StringVal* EthAddrToStr(const u_char* addr);

src/iosource/PktSrc.cc

@@ -289,7 +289,7 @@ void PktSrc::Process()
 	// labels are in place.
 	bool have_mpls = false;
 
-	int l3_proto = AF_UNSPEC;
+	Layer3Proto l3_proto = L3_UNKNOWN;
 	const u_char* data = current_packet.data;
 
 	current_packet.link_type = props.link_type;
@@ -307,16 +307,17 @@ void PktSrc::Process()
 		// as the AF_ value." As we may be reading traces captured on
 		// platforms other than what we're running on, we accept them
 		// all here.
-		if ( protocol == 24 || protocol == 28 || protocol == 30 )
-			protocol = AF_INET6;
 
-		if ( protocol != AF_INET && protocol != AF_INET6 )
+		if ( protocol == AF_INET )
+			l3_proto = L3_IPV4;
+		else if ( protocol == 24 || protocol == 28 || protocol == 30 )
+			l3_proto = L3_IPV6;
+		else
 			{
 			Weird("non_ip_packet_in_null_transport", &current_packet);
 			goto done;
 			}
 
-		l3_proto = protocol;
 		break;
 		}
 
@@ -365,9 +366,9 @@ void PktSrc::Process()
 				data += 8; // Skip the PPPoE session and PPP header
 
 				if ( protocol == 0x0021 )
-					l3_proto = AF_INET;
+					l3_proto = L3_IPV4;
 				else if ( protocol == 0x0057 )
-					l3_proto = AF_INET6;
+					l3_proto = L3_IPV6;
 				else
 					{
 					// Neither IPv4 nor IPv6.
@@ -379,14 +380,14 @@ void PktSrc::Process()
 			}
 
 		// Normal path to determine Layer 3 protocol.
-		if ( ! have_mpls && ! l3_proto )
+		if ( ! have_mpls && l3_proto == L3_UNKNOWN )
 			{
 			if ( protocol == 0x800 )
-				l3_proto = AF_INET;
+				l3_proto = L3_IPV4;
 			else if ( protocol == 0x86dd )
-				l3_proto = AF_INET6;
+				l3_proto = L3_IPV6;
 			else if ( protocol == 0x0806 || protocol == 0x8035 )
-				l3_proto = AF_UNSPEC;
+				l3_proto = L3_ARP;
 			else
 				{
 				// Neither IPv4 nor IPv6.
@@ -411,9 +412,9 @@ void PktSrc::Process()
 			have_mpls = true;
 			}
 		else if ( protocol == 0x0021 )
-			l3_proto = AF_INET;
+			l3_proto = L3_IPV4;
 		else if ( protocol == 0x0057 )
-			l3_proto = AF_INET6;
+			l3_proto = L3_IPV6;
 		else
 			{
 			// Neither IPv4 nor IPv6.
@@ -430,9 +431,9 @@ void PktSrc::Process()
 		const struct ip* ip = (const struct ip *)data;
 
 		if ( ip->ip_v == 4 )
-			l3_proto = AF_INET;
+			l3_proto = L3_IPV4;
 		else if ( ip->ip_v == 6 )
-			l3_proto = AF_INET6;
+			l3_proto = L3_IPV6;
 		else
 			{
 			// Neither IPv4 nor IPv6.
@@ -471,9 +472,9 @@ void PktSrc::Process()
 		const struct ip* ip = (const struct ip *)data;
 
 		if ( ip->ip_v == 4 )
-			l3_proto = AF_INET;
+			l3_proto = L3_IPV4;
 		else if ( ip->ip_v == 6 )
-			l3_proto = AF_INET6;
+			l3_proto = L3_IPV6;
 		else
 			{
 			// Neither IPv4 nor IPv6.
@@ -495,9 +496,9 @@ void PktSrc::Process()
 		const struct ip* ip = (const struct ip *)data;
 
 		if ( ip->ip_v == 4 )
-			l3_proto = AF_INET;
+			l3_proto = L3_IPV4;
 		else if ( ip->ip_v == 6 )
-			l3_proto = AF_INET6;
+			l3_proto = L3_IPV6;
 		else
 			{
 			// Neither IPv4 nor IPv6.
@@ -507,9 +508,8 @@ void PktSrc::Process()
 
 		}
 
-	// We've now determined (a) AF_INET (IPv4) vs (b) AF_INET6 (IPv6) vs
-	// (c) AF_UNSPEC (0 == anything else)
-	assert(l3_proto == AF_INET || l3_proto == AF_INET6 || l3_proto == AF_UNSPEC);
+	// We've now determined (a) L3_IPV4 vs (b) L3_IPV6 vs
+	// (c) L3_ARP vs (d) L3_UNKNOWN (0 == anything else)
 	current_packet.l3_proto = l3_proto;
 
 	// Calculate how much header we've used up.
@@ -556,7 +556,7 @@ bool PktSrc::ExtractNextPacketInternal()
 
 	if ( ExtractNextPacket(&current_packet) )
 		{
-		current_packet.l3_proto = AF_UNSPEC;
+		current_packet.l3_proto = L3_UNKNOWN;
 
 		if ( ! first_timestamp )
 			first_timestamp = current_packet.time;