wiretap/network_instruments.h

   1 /***************************************************************************
   2                           network_instruments.h  -  description
   3                              -------------------
   4     begin                : Wed Oct 29 2003
   5     copyright            : (C) 2003 by root
   6     email                : scotte[AT}netinst.com
   7  ***************************************************************************/
   8
   9 /***************************************************************************
  10  *                                                                         *
  11  *   This program is free software; you can redistribute it and/or modify  *
  12  *   it under the terms of the GNU General Public License as published by  *
  13  *   the Free Software Foundation; either version 2 of the License, or     *
  14  *   (at your option) any later version.                                   *
  15  *                                                                         *
  16  ***************************************************************************/
  17
  18 #ifndef __NETWORK_INSTRUMENTS_H__
  19 #define __NETWORK_INSTRUMENTS_H__
  20
  21 #include <glib.h>
  22 #include "wtap.h"
  23
  24 wtap_open_return_val network_instruments_open(wtap *wth, int *err, gchar **err_info);
  25 int network_instruments_dump_can_write_encap(int encap);
  26 gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err);
  27
  28 /*
  29  * In v15 the high_byte was added to allow a larger offset This was done by
  30  * reducing the size of observer_version by 1 byte.  Since version strings are
  31  * only 30 characters the high_byte will always be 0 in previous versions.
  32  */
  33 typedef struct capture_file_header
  34 {
  35     char    observer_version[31];
  36     guint8  offset_to_first_packet_high_byte; /* allows to extend the offset to the first packet to 256*0x10000 = 16 MB */
  37     guint16 offset_to_first_packet;
  38     char    probe_instance;
  39     guint8  number_of_information_elements;   /* number of TLVs in the header */
  40 } capture_file_header;
  41
  42 #define CAPTURE_FILE_HEADER_FROM_LE_IN_PLACE(_capture_file_header) \
  43     _capture_file_header.offset_to_first_packet = GUINT16_FROM_LE((_capture_file_header).offset_to_first_packet)
  44
  45 #define CAPTURE_FILE_HEADER_TO_LE_IN_PLACE(_capture_file_header) \
  46     _capture_file_header.offset_to_first_packet = GUINT16_TO_LE((_capture_file_header).offset_to_first_packet)
  47
  48 typedef struct tlv_header
  49 {
  50     guint16 type;
  51     guint16 length;        /* includes the length of the TLV header */
  52 } tlv_header;
  53
  54 #define TLV_HEADER_FROM_LE_IN_PLACE(_tlv_header) \
  55     (_tlv_header).type   = GUINT16_FROM_LE((_tlv_header).type); \
  56     (_tlv_header).length = GUINT16_FROM_LE((_tlv_header).length)
  57
  58 #define TLV_HEADER_TO_LE_IN_PLACE(_tlv_header) \
  59     (_tlv_header).type   = GUINT16_TO_LE((_tlv_header).type); \
  60     (_tlv_header).length = GUINT16_TO_LE((_tlv_header).length)
  61
  62 typedef struct tlv_time_info {
  63     guint16 type;
  64     guint16 length;
  65     guint32 time_format;
  66 } tlv_time_info;
  67
  68 #define TLV_TIME_INFO_FROM_LE_IN_PLACE(_tlv_time_info) \
  69     (_tlv_time_info).type   = GUINT16_FROM_LE((_tlv_time_info).type); \
  70     (_tlv_time_info).length = GUINT16_FROM_LE((_tlv_time_info).length); \
  71     (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format)
  72
  73 #define TLV_TIME_INFO_TO_LE_IN_PLACE(_tlv_time_info) \
  74     (_tlv_time_info).type   = GUINT16_TO_LE((_tlv_time_info).type); \
  75     (_tlv_time_info).length = GUINT16_TO_LE((_tlv_time_info).length); \
  76     (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format)
  77
  78 typedef struct tlv_wireless_info {
  79     guint8 quality;
  80     guint8 signalStrength;
  81     guint8 rate;
  82     guint8 frequency;
  83     guint8 qualityPercent;
  84     guint8 strengthPercent;
  85     guint8 conditions;
  86     guint8 reserved;
  87 } tlv_wireless_info;
  88
  89 /*
  90  * Wireless conditions
  91  */
  92 #define WIRELESS_WEP_SUCCESS            0x80
  93
  94 /*
  95  * TLV type values.
  96  */
  97 #define INFORMATION_TYPE_ALIAS_LIST 0x01
  98 #define INFORMATION_TYPE_COMMENT    0x02 /* ASCII text */
  99 #define INFORMATION_TYPE_TIME_INFO  0x04
 100 #define INFORMATION_TYPE_WIRELESS   0x101
 101
 102 /*
 103  * TVL TIME_INFO values.
 104  */
 105 #define TIME_INFO_LOCAL 0
 106 #define TIME_INFO_GMT   1
 107
 108 typedef struct packet_entry_header
 109 {
 110     guint32 packet_magic;
 111     guint32 network_speed;
 112     guint16 captured_size;
 113     guint16 network_size;
 114     guint16 offset_to_frame;
 115     guint16 offset_to_next_packet;
 116     guint8 network_type;
 117     guint8 flags;
 118     guint8 number_of_information_elements;    /* number of TLVs in the header */
 119     guint8 packet_type;
 120     guint16 errors;
 121     guint16 reserved;
 122     guint64 packet_number;
 123     guint64 original_packet_number;
 124     guint64 nano_seconds_since_2000;
 125 } packet_entry_header;
 126
 127 #define PACKET_ENTRY_HEADER_FROM_LE_IN_PLACE(_packet_entry_header) \
 128     (_packet_entry_header).packet_magic            = GUINT32_FROM_LE((_packet_entry_header).packet_magic); \
 129     (_packet_entry_header).network_speed           = GUINT32_FROM_LE((_packet_entry_header).network_speed); \
 130     (_packet_entry_header).captured_size           = GUINT16_FROM_LE((_packet_entry_header).captured_size); \
 131     (_packet_entry_header).network_size            = GUINT16_FROM_LE((_packet_entry_header).network_size); \
 132     (_packet_entry_header).offset_to_frame         = GUINT16_FROM_LE((_packet_entry_header).offset_to_frame); \
 133     (_packet_entry_header).offset_to_next_packet   = GUINT16_FROM_LE((_packet_entry_header).offset_to_next_packet); \
 134     (_packet_entry_header).errors                  = GUINT16_FROM_LE((_packet_entry_header).errors); \
 135     (_packet_entry_header).reserved                = GUINT16_FROM_LE((_packet_entry_header).reserved); \
 136     (_packet_entry_header).packet_number           = GUINT64_FROM_LE((_packet_entry_header).packet_number); \
 137     (_packet_entry_header).original_packet_number  = GUINT64_FROM_LE((_packet_entry_header).original_packet_number); \
 138     (_packet_entry_header).nano_seconds_since_2000 = GUINT64_FROM_LE((_packet_entry_header).nano_seconds_since_2000)
 139
 140 #define PACKET_ENTRY_HEADER_TO_LE_IN_PLACE(_packet_entry_header) \
 141     (_packet_entry_header).packet_magic            = GUINT32_TO_LE((_packet_entry_header).packet_magic); \
 142     (_packet_entry_header).network_speed           = GUINT32_TO_LE((_packet_entry_header).network_speed); \
 143     (_packet_entry_header).captured_size           = GUINT16_TO_LE((_packet_entry_header).captured_size); \
 144     (_packet_entry_header).network_size            = GUINT16_TO_LE((_packet_entry_header).network_size); \
 145     (_packet_entry_header).offset_to_frame         = GUINT16_TO_LE((_packet_entry_header).offset_to_frame); \
 146     (_packet_entry_header).offset_to_next_packet   = GUINT16_TO_LE((_packet_entry_header).offset_to_next_packet); \
 147     (_packet_entry_header).errors                  = GUINT16_TO_LE((_packet_entry_header).errors); \
 148     (_packet_entry_header).reserved                = GUINT16_TO_LE((_packet_entry_header).reserved); \
 149     (_packet_entry_header).packet_number           = GUINT64_TO_LE((_packet_entry_header).packet_number); \
 150     (_packet_entry_header).original_packet_number  = GUINT64_TO_LE((_packet_entry_header).original_packet_number); \
 151     (_packet_entry_header).nano_seconds_since_2000 = GUINT64_TO_LE((_packet_entry_header).nano_seconds_since_2000)
 152
 153 /*
 154  * Network type values.
 155  */
 156 #define OBSERVER_UNDEFINED       0xFF
 157 #define OBSERVER_ETHERNET        0x00
 158 #define OBSERVER_TOKENRING       0x01
 159 #define OBSERVER_FIBRE_CHANNEL   0x08
 160 #define OBSERVER_WIRELESS_802_11 0x09
 161
 162 /*
 163  * Packet type values.
 164  */
 165 #define PACKET_TYPE_DATA_PACKET               0
 166 #define PACKET_TYPE_EXPERT_INFORMATION_PACKET 1
 167
 168 /*
 169  * The Observer document indicates that the types of expert information
 170  * packets are:
 171  *
 172  *    Network Load (markers used by Expert Time Interval and What If
 173  *    analysis modes)
 174  *
 175  *    Start/Stop Packet Capture marker frames (with time stamps when
 176  *    captures start and stop)
 177  *
 178  *    Wireless Channel Change (markers showing what channel was being
 179  *    currently listened to)
 180  *
 181  * That information appears to be contained in TLVs.
 182  */
 183
 184 /*
 185  * TLV type values.
 186  */
 187 #define INFORMATION_TYPE_NETWORK_LOAD       0x0100
 188 #define INFORMATION_TYPE_CAPTURE_START_STOP 0x0104
 189
 190 /*
 191  * Might some of these be broadcast and multicast packet counts?
 192  */
 193 typedef struct tlv_network_load
 194 {
 195     guint32 utilization;        /* network utilization, in .1% units */
 196     guint32 unknown1;
 197     guint32 unknown2;
 198     guint32 packets_per_second;
 199     guint32 unknown3;
 200     guint32 bytes_per_second;
 201     guint32 unknown4;
 202 } tlv_network_load;
 203
 204 typedef struct tlv_capture_start_stop
 205 {
 206     guint32 start_stop;
 207 } tlv_capture_start_stop;
 208
 209 #define START_STOP_TYPE_STOP   0
 210 #define START_STOP_TYPE_START  1
 211
 212 #endif
 213