3 * Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand.
6 * This software and documentation has been developed by Endace Technology Ltd.
7 * along with the DAG PCI network capture cards. For further information please
8 * visit http://www.endace.com/.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions are met:
13 * 1. Redistributions of source code must retain the above copyright notice,
14 * this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * 3. The name of Endace Technology Ltd may not be used to endorse or promote
21 * products derived from this software without specific prior written
24 * THIS SOFTWARE IS PROVIDED BY ENDACE TECHNOLOGY LTD ``AS IS'' AND ANY EXPRESS
25 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
27 * EVENT SHALL ENDACE TECHNOLOGY LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
29 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
31 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
40 #include <wiretap/wtap.h>
41 #include "ws_symbol_export.h"
43 /* Record type defines */
44 #define ERF_TYPE_LEGACY 0
45 #define ERF_TYPE_HDLC_POS 1
46 #define ERF_TYPE_ETH 2
47 #define ERF_TYPE_ATM 3
48 #define ERF_TYPE_AAL5 4
49 #define ERF_TYPE_MC_HDLC 5
50 #define ERF_TYPE_MC_RAW 6
51 #define ERF_TYPE_MC_ATM 7
52 #define ERF_TYPE_MC_RAW_CHANNEL 8
53 #define ERF_TYPE_MC_AAL5 9
54 #define ERF_TYPE_COLOR_HDLC_POS 10
55 #define ERF_TYPE_COLOR_ETH 11
56 #define ERF_TYPE_MC_AAL2 12
57 #define ERF_TYPE_IP_COUNTER 13
58 #define ERF_TYPE_TCP_FLOW_COUNTER 14
59 #define ERF_TYPE_DSM_COLOR_HDLC_POS 15
60 #define ERF_TYPE_DSM_COLOR_ETH 16
61 #define ERF_TYPE_COLOR_MC_HDLC_POS 17
62 #define ERF_TYPE_AAL2 18
63 #define ERF_TYPE_COLOR_HASH_POS 19
64 #define ERF_TYPE_COLOR_HASH_ETH 20
65 #define ERF_TYPE_INFINIBAND 21
66 #define ERF_TYPE_IPV4 22
67 #define ERF_TYPE_IPV6 23
68 #define ERF_TYPE_RAW_LINK 24
69 #define ERF_TYPE_INFINIBAND_LINK 25
70 /* XXX - what about 26? */
71 #define ERF_TYPE_META 27
72 #define ERF_TYPE_OPA_SNC 28
73 #define ERF_TYPE_OPA_9B 29
75 /* 28-31 reserved for future public ERF types */
77 /* Record types reserved for local and internal use */
78 #define ERF_TYPE_INTERNAL0 32
79 #define ERF_TYPE_INTERNAL1 33
80 #define ERF_TYPE_INTERNAL2 34
81 #define ERF_TYPE_INTERNAL3 35
82 #define ERF_TYPE_INTERNAL4 36
83 #define ERF_TYPE_INTERNAL5 37
84 #define ERF_TYPE_INTERNAL6 38
85 #define ERF_TYPE_INTERNAL7 39
86 #define ERF_TYPE_INTERNAL8 40
87 #define ERF_TYPE_INTERNAL9 41
88 #define ERF_TYPE_INTERNAL10 42
89 #define ERF_TYPE_INTERNAL11 43
90 #define ERF_TYPE_INTERNAL12 44
91 #define ERF_TYPE_INTERNAL13 45
92 #define ERF_TYPE_INTERNAL14 46
93 #define ERF_TYPE_INTERNAL15 47
96 #define ERF_TYPE_PAD 48
98 #define ERF_EXT_HDR_TYPE_CLASSIFICATION 3
99 #define ERF_EXT_HDR_TYPE_INTERCEPTID 4
100 #define ERF_EXT_HDR_TYPE_RAW_LINK 5
101 #define ERF_EXT_HDR_TYPE_BFS 6
102 #define ERF_EXT_HDR_TYPE_CHANNELISED 12
103 #define ERF_EXT_HDR_TYPE_SIGNATURE 14
104 #define ERF_EXT_HDR_TYPE_FLOW_ID 16
105 #define ERF_EXT_HDR_TYPE_HOST_ID 17
108 #define ERF_EHDR_HOST_ID_MASK G_GUINT64_CONSTANT(0xffffffffffff)
111 #define ERF_META_SECTION_MASK 0xFF00
112 #define ERF_META_IS_SECTION(type) (type > 0 && (type & ERF_META_SECTION_MASK) == ERF_META_SECTION_MASK)
114 #define ERF_META_SECTION_CAPTURE 0xFF00
115 #define ERF_META_SECTION_HOST 0xFF01
116 #define ERF_META_SECTION_MODULE 0xFF02
117 #define ERF_META_SECTION_INTERFACE 0xFF03
118 #define ERF_META_SECTION_FLOW 0xFF04
119 #define ERF_META_SECTION_STATS 0xFF05
120 #define ERF_META_SECTION_INFO 0xFF06
121 #define ERF_META_SECTION_CONTEXT 0xFF07
122 #define ERF_META_SECTION_STREAM 0xFF08
123 #define ERF_META_SECTION_TRANSFORM 0xFF09
124 #define ERF_META_SECTION_DNS 0xFF0A
125 #define ERF_META_SECTION_SOURCE 0xFF0B
127 #define ERF_META_TAG_padding 0
128 #define ERF_META_TAG_comment 1
129 #define ERF_META_TAG_gen_time 2
130 #define ERF_META_TAG_parent_section 3
131 #define ERF_META_TAG_reset 4
132 #define ERF_META_TAG_event_time 5
133 #define ERF_META_TAG_host_id 6
134 #define ERF_META_TAG_fcs_len 8
135 #define ERF_META_TAG_mask_ipv4 9
136 #define ERF_META_TAG_mask_cidr 10
138 #define ERF_META_TAG_org_name 11
139 #define ERF_META_TAG_name 12
140 #define ERF_META_TAG_descr 13
141 #define ERF_META_TAG_config 14
142 #define ERF_META_TAG_datapipe 15
143 #define ERF_META_TAG_app_name 16
144 #define ERF_META_TAG_os 17
145 #define ERF_META_TAG_hostname 18
146 #define ERF_META_TAG_user 19
147 #define ERF_META_TAG_model 20
148 #define ERF_META_TAG_fw_version 21
149 #define ERF_META_TAG_serial_no 22
150 #define ERF_META_TAG_ts_offset 23
151 #define ERF_META_TAG_ts_clock_freq 24
152 #define ERF_META_TAG_tzone 25
153 #define ERF_META_TAG_tzone_name 26
154 #define ERF_META_TAG_loc_lat 27
155 #define ERF_META_TAG_loc_long 28
156 #define ERF_META_TAG_snaplen 29
157 #define ERF_META_TAG_card_num 30
158 #define ERF_META_TAG_module_num 31
159 #define ERF_META_TAG_access_num 32
160 #define ERF_META_TAG_stream_num 33
161 #define ERF_META_TAG_loc_name 34
162 #define ERF_META_TAG_parent_file 35
163 #define ERF_META_TAG_filter 36
164 #define ERF_META_TAG_flow_hash_mode 37
165 #define ERF_META_TAG_tunneling_mode 38
166 #define ERF_META_TAG_npb_format 39
167 #define ERF_META_TAG_mem 40
168 #define ERF_META_TAG_datamine_id 41
169 #define ERF_META_TAG_rotfile_id 42
170 #define ERF_META_TAG_rotfile_name 43
171 #define ERF_META_TAG_dev_name 44
172 #define ERF_META_TAG_dev_path 45
173 #define ERF_META_TAG_loc_descr 46
174 #define ERF_META_TAG_app_version 47
175 #define ERF_META_TAG_cpu_affinity 48
176 #define ERF_META_TAG_cpu 49
177 #define ERF_META_TAG_cpu_phys_cores 50
178 #define ERF_META_TAG_cpu_numa_nodes 51
179 #define ERF_META_TAG_dag_attribute 52
180 #define ERF_META_TAG_dag_version 53
182 #define ERF_META_TAG_if_num 64
183 #define ERF_META_TAG_if_vc 65
184 #define ERF_META_TAG_if_speed 66
185 #define ERF_META_TAG_if_ipv4 67
186 #define ERF_META_TAG_if_ipv6 68
187 #define ERF_META_TAG_if_mac 69
188 #define ERF_META_TAG_if_eui 70
189 #define ERF_META_TAG_if_ib_gid 71
190 #define ERF_META_TAG_if_ib_lid 72
191 #define ERF_META_TAG_if_wwn 73
192 #define ERF_META_TAG_if_fc_id 74
193 #define ERF_META_TAG_if_tx_speed 75
194 #define ERF_META_TAG_if_erf_type 76
195 #define ERF_META_TAG_if_link_type 77
196 #define ERF_META_TAG_if_sfp_type 78
197 #define ERF_META_TAG_if_rx_power 79
198 #define ERF_META_TAG_if_tx_power 80
199 #define ERF_META_TAG_if_link_status 81
200 #define ERF_META_TAG_if_phy_mode 82
201 #define ERF_META_TAG_if_port_type 83
203 #define ERF_META_TAG_src_ipv4 128
204 #define ERF_META_TAG_dest_ipv4 129
205 #define ERF_META_TAG_src_ipv6 130
206 #define ERF_META_TAG_dest_ipv6 131
207 #define ERF_META_TAG_src_mac 132
208 #define ERF_META_TAG_dest_mac 133
209 #define ERF_META_TAG_src_eui 134
210 #define ERF_META_TAG_dest_eui 135
211 #define ERF_META_TAG_src_ib_gid 136
212 #define ERF_META_TAG_dest_ib_gid 137
213 #define ERF_META_TAG_src_ib_lid 138
214 #define ERF_META_TAG_dest_ib_lid 139
215 #define ERF_META_TAG_src_wwn 140
216 #define ERF_META_TAG_dest_wwn 141
217 #define ERF_META_TAG_src_fc_id 142
218 #define ERF_META_TAG_dest_fc_id 143
219 #define ERF_META_TAG_src_port 144
220 #define ERF_META_TAG_dest_port 145
221 #define ERF_META_TAG_ip_proto 146
222 #define ERF_META_TAG_flow_hash 147
223 #define ERF_META_TAG_filter_match 148
224 #define ERF_META_TAG_filter_match_name 149
225 #define ERF_META_TAG_error_flags 150
227 #define ERF_META_TAG_start_time 193
228 #define ERF_META_TAG_end_time 194
229 #define ERF_META_TAG_stat_if_drop 195
230 #define ERF_META_TAG_stat_frames 196
231 #define ERF_META_TAG_stat_bytes 197
232 #define ERF_META_TAG_stat_cap 198
233 #define ERF_META_TAG_stat_cap_bytes 199
234 #define ERF_META_TAG_stat_os_drop 200
235 #define ERF_META_TAG_stat_ds_lctr 201
236 #define ERF_META_TAG_stat_filter_match 202
237 #define ERF_META_TAG_stat_filter_drop 203
238 #define ERF_META_TAG_stat_too_short 204
239 #define ERF_META_TAG_stat_too_long 205
240 #define ERF_META_TAG_stat_rx_error 206
241 #define ERF_META_TAG_stat_fcs_error 207
242 #define ERF_META_TAG_stat_aborted 208
243 #define ERF_META_TAG_stat_proto_error 209
244 #define ERF_META_TAG_stat_b1_error 210
245 #define ERF_META_TAG_stat_b2_error 211
246 #define ERF_META_TAG_stat_b3_error 212
247 #define ERF_META_TAG_stat_rei_error 213
248 #define ERF_META_TAG_stat_drop 214
249 #define ERF_META_TAG_stat_buf_drop 215
250 #define ERF_META_TAG_stream_drop 216
251 #define ERF_META_TAG_stream_buf_drop 217
253 #define ERF_META_TAG_ns_host_ipv4 256
254 #define ERF_META_TAG_ns_host_ipv6 257
255 #define ERF_META_TAG_ns_host_mac 258
256 #define ERF_META_TAG_ns_host_eui 259
257 #define ERF_META_TAG_ns_host_ib_gid 260
258 #define ERF_META_TAG_ns_host_ib_lid 261
259 #define ERF_META_TAG_ns_host_wwn 262
260 #define ERF_META_TAG_ns_host_fc_id 263
261 #define ERF_META_TAG_ns_dns_ipv4 264
262 #define ERF_META_TAG_ns_dns_ipv6 265
264 #define ERF_META_TAG_exthdr 321
265 #define ERF_META_TAG_pcap_ng_block 322
266 #define ERF_META_TAG_asn1 323
270 * The timestamp is 64bit unsigned fixed point little-endian value with
271 * 32 bits for second and 32 bits for fraction.
273 typedef guint64 erf_timestamp_t;
275 typedef struct erf_record {
284 typedef struct erf_mc_hdr {
288 typedef struct erf_aal2_hdr {
292 typedef struct erf_eth_hdr {
298 struct erf_mc_hdr mc_hdr;
299 struct erf_aal2_hdr aal2_hdr;
300 struct erf_eth_hdr eth_hdr;
305 guint64 implicit_host_id;
306 gboolean capture_metadata;
307 gboolean host_metadata;
310 #define MIN_RECORDS_FOR_ERF_CHECK 3
311 #define RECORDS_FOR_ERF_CHECK 20
314 wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info);
315 int erf_dump_can_write_encap(int encap);
316 int erf_dump_open(wtap_dumper *wdh, int *err);
318 erf_t* erf_priv_create(void);
319 erf_t* erf_priv_free(erf_t* erf_priv);
321 int erf_populate_interfaces(wtap *wth);
322 int erf_populate_interface(erf_t* erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header, guint64 host_id, guint8 source_id, guint8 if_num);
323 int erf_populate_interface_from_header(erf_t* erf_priv, wtap *wth, union wtap_pseudo_header *pseudo_header);
324 int erf_get_source_from_header(union wtap_pseudo_header *pseudo_header, guint64 *host_id, guint8 *source_id);
326 #endif /* __W_ERF_H__ */
329 * Editor modelines - http://www.wireshark.org/tools/modelines.html
334 * indent-tabs-mode: t
337 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
338 * :indentSize=8:tabSize=8:noTabs=false: