From 8c02956332496d4421e7d749d38f00b6323ecdf7 Mon Sep 17 00:00:00 2001
From: Stephen Donnelly <stephen.donnelly@endace.com>
Date: Fri, 6 Mar 2020 10:49:17 +1300
Subject: [PATCH] dag: Skip over ERF_TYPE_META records

Suricata generates an error on unrecognised ERF types.
Suricata should ignore ERF 'Provenance' records with ERF_TYPE_META.

(cherry picked from commit 47082dd5df1b71485333039cd6af75b39cdfffeb)
---
 src/source-erf-dag.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/source-erf-dag.c b/src/source-erf-dag.c
index 9d4e34fc54..1bd9a506f1 100644
--- a/src/source-erf-dag.c
+++ b/src/source-erf-dag.c
@@ -432,16 +432,17 @@ ProcessErfDagRecords(ErfDagThreadVars *ewtn, uint8_t *top, uint32_t *pkts_read)
 
         /* Only support ethernet at this time. */
         switch (hdr_type & 0x7f) {
-        case TYPE_PAD:
+        case ERF_TYPE_PAD:
+        case ERF_TYPE_META:
             /* Skip. */
             continue;
-        case TYPE_DSM_COLOR_ETH:
-        case TYPE_COLOR_ETH:
-        case TYPE_COLOR_HASH_ETH:
+        case ERF_TYPE_DSM_COLOR_ETH:
+        case ERF_TYPE_COLOR_ETH:
+        case ERF_TYPE_COLOR_HASH_ETH:
             /* In these types the color value overwrites the lctr
              * (drop count). */
             break;
-        case TYPE_ETH:
+        case ERF_TYPE_ETH:
             if (dr->lctr) {
                 StatsAddUI64(ewtn->tv, ewtn->drops, SCNtohs(dr->lctr));
             }