From: Stephen Donnelly <stephen.donnelly@endace.com>
Date: Thu, 5 Mar 2020 21:49:17 +0000 (+1300)
Subject: dag: Skip over ERF_TYPE_META records
X-Git-Tag: suricata-5.0.3~98
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=166124808bd21453fe500f20be0a07054d9ce628;p=thirdparty%2Fsuricata.git

dag: Skip over ERF_TYPE_META records

Suricata generates an error on unrecognised ERF types.
Suricata should ignore ERF 'Provenance' records with ERF_TYPE_META.

(cherry picked from commit 47082dd5df1b71485333039cd6af75b39cdfffeb)
---

diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c
index 9d4e34fc54..1bd9a506f1 100644
--- a/src/source-erf-dag.c
+++ b/src/source-erf-dag.c
@@ -432,16 +432,17 @@ ProcessErfDagRecords(ErfDagThreadVars *ewtn, uint8_t *top, uint32_t *pkts_read)
 
         /* Only support ethernet at this time. */
         switch (hdr_type & 0x7f) {
-        case TYPE_PAD:
+        case ERF_TYPE_PAD:
+        case ERF_TYPE_META:
             /* Skip. */
             continue;
-        case TYPE_DSM_COLOR_ETH:
-        case TYPE_COLOR_ETH:
-        case TYPE_COLOR_HASH_ETH:
+        case ERF_TYPE_DSM_COLOR_ETH:
+        case ERF_TYPE_COLOR_ETH:
+        case ERF_TYPE_COLOR_HASH_ETH:
             /* In these types the color value overwrites the lctr
              * (drop count). */
             break;
-        case TYPE_ETH:
+        case ERF_TYPE_ETH:
             if (dr->lctr) {
                 StatsAddUI64(ewtn->tv, ewtn->drops, SCNtohs(dr->lctr));
             }