wiretap/network_instruments.h

   1 /***************************************************************************
   2                           network_instruments.h  -  description
   3                              -------------------
   4     begin                : Wed Oct 29 2003
   5     copyright            : (C) 2003 by root
   6     email                : scotte[AT}netinst.com
   7  ***************************************************************************/
   8
   9 /***************************************************************************
  10  *                                                                         *
  11  *  SPDX-License-Identifier: GPL-2.0-or-later                              *
  12  *                                                                         *
  13  ***************************************************************************/
  14
  15 #ifndef __NETWORK_INSTRUMENTS_H__
  16 #define __NETWORK_INSTRUMENTS_H__
  17
  18 #include <glib.h>
  19 #include "wtap.h"
  20
  21 wtap_open_return_val network_instruments_open(wtap *wth, int *err, gchar **err_info);
  22 int network_instruments_dump_can_write_encap(int encap);
  23 gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err);
  24
  25 /*
  26  * In v15 the high_byte was added to allow a larger offset This was done by
  27  * reducing the size of observer_version by 1 byte.  Since version strings are
  28  * only 30 characters the high_byte will always be 0 in previous versions.
  29  */
  30 typedef struct capture_file_header
  31 {
  32     char    observer_version[31];
  33     guint8  offset_to_first_packet_high_byte; /* allows to extend the offset to the first packet to 256*0x10000 = 16 MB */
  34     guint16 offset_to_first_packet;
  35     char    probe_instance;
  36     guint8  number_of_information_elements;   /* number of TLVs in the header */
  37 } capture_file_header;
  38
  39 #define CAPTURE_FILE_HEADER_FROM_LE_IN_PLACE(_capture_file_header) \
  40     _capture_file_header.offset_to_first_packet = GUINT16_FROM_LE((_capture_file_header).offset_to_first_packet)
  41
  42 #define CAPTURE_FILE_HEADER_TO_LE_IN_PLACE(_capture_file_header) \
  43     _capture_file_header.offset_to_first_packet = GUINT16_TO_LE((_capture_file_header).offset_to_first_packet)
  44
  45 typedef struct tlv_header
  46 {
  47     guint16 type;
  48     guint16 length;        /* includes the length of the TLV header */
  49 } tlv_header;
  50
  51 #define TLV_HEADER_FROM_LE_IN_PLACE(_tlv_header) \
  52     (_tlv_header).type   = GUINT16_FROM_LE((_tlv_header).type); \
  53     (_tlv_header).length = GUINT16_FROM_LE((_tlv_header).length)
  54
  55 #define TLV_HEADER_TO_LE_IN_PLACE(_tlv_header) \
  56     (_tlv_header).type   = GUINT16_TO_LE((_tlv_header).type); \
  57     (_tlv_header).length = GUINT16_TO_LE((_tlv_header).length)
  58
  59 typedef struct tlv_time_info {
  60     guint16 type;
  61     guint16 length;
  62     guint32 time_format;
  63 } tlv_time_info;
  64
  65 #define TLV_TIME_INFO_FROM_LE_IN_PLACE(_tlv_time_info) \
  66     (_tlv_time_info).type   = GUINT16_FROM_LE((_tlv_time_info).type); \
  67     (_tlv_time_info).length = GUINT16_FROM_LE((_tlv_time_info).length); \
  68     (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format)
  69
  70 #define TLV_TIME_INFO_TO_LE_IN_PLACE(_tlv_time_info) \
  71     (_tlv_time_info).type   = GUINT16_TO_LE((_tlv_time_info).type); \
  72     (_tlv_time_info).length = GUINT16_TO_LE((_tlv_time_info).length); \
  73     (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format)
  74
  75 typedef struct tlv_wireless_info {
  76     guint8 quality;
  77     guint8 signalStrength;
  78     guint8 rate;
  79     guint8 frequency;
  80     guint8 qualityPercent;
  81     guint8 strengthPercent;
  82     guint8 conditions;
  83     guint8 reserved;
  84 } tlv_wireless_info;
  85
  86 /*
  87  * Wireless conditions
  88  */
  89 #define WIRELESS_WEP_SUCCESS            0x80
  90
  91 /*
  92  * TLV type values.
  93  */
  94 #define INFORMATION_TYPE_ALIAS_LIST 0x01
  95 #define INFORMATION_TYPE_COMMENT    0x02 /* ASCII text */
  96 #define INFORMATION_TYPE_TIME_INFO  0x04
  97 #define INFORMATION_TYPE_WIRELESS   0x101
  98
  99 /*
 100  * TVL TIME_INFO values.
 101  */
 102 #define TIME_INFO_LOCAL 0
 103 #define TIME_INFO_GMT   1
 104
 105 typedef struct packet_entry_header
 106 {
 107     guint32 packet_magic;
 108     guint32 network_speed;
 109     guint16 captured_size;
 110     guint16 network_size;
 111     guint16 offset_to_frame;
 112     guint16 offset_to_next_packet;
 113     guint8 network_type;
 114     guint8 flags;
 115     guint8 number_of_information_elements;    /* number of TLVs in the header */
 116     guint8 packet_type;
 117     guint16 errors;
 118     guint16 reserved;
 119     guint64 packet_number;
 120     guint64 original_packet_number;
 121     guint64 nano_seconds_since_2000;
 122 } packet_entry_header;
 123
 124 #define PACKET_ENTRY_HEADER_FROM_LE_IN_PLACE(_packet_entry_header) \
 125     (_packet_entry_header).packet_magic            = GUINT32_FROM_LE((_packet_entry_header).packet_magic); \
 126     (_packet_entry_header).network_speed           = GUINT32_FROM_LE((_packet_entry_header).network_speed); \
 127     (_packet_entry_header).captured_size           = GUINT16_FROM_LE((_packet_entry_header).captured_size); \
 128     (_packet_entry_header).network_size            = GUINT16_FROM_LE((_packet_entry_header).network_size); \
 129     (_packet_entry_header).offset_to_frame         = GUINT16_FROM_LE((_packet_entry_header).offset_to_frame); \
 130     (_packet_entry_header).offset_to_next_packet   = GUINT16_FROM_LE((_packet_entry_header).offset_to_next_packet); \
 131     (_packet_entry_header).errors                  = GUINT16_FROM_LE((_packet_entry_header).errors); \
 132     (_packet_entry_header).reserved                = GUINT16_FROM_LE((_packet_entry_header).reserved); \
 133     (_packet_entry_header).packet_number           = GUINT64_FROM_LE((_packet_entry_header).packet_number); \
 134     (_packet_entry_header).original_packet_number  = GUINT64_FROM_LE((_packet_entry_header).original_packet_number); \
 135     (_packet_entry_header).nano_seconds_since_2000 = GUINT64_FROM_LE((_packet_entry_header).nano_seconds_since_2000)
 136
 137 #define PACKET_ENTRY_HEADER_TO_LE_IN_PLACE(_packet_entry_header) \
 138     (_packet_entry_header).packet_magic            = GUINT32_TO_LE((_packet_entry_header).packet_magic); \
 139     (_packet_entry_header).network_speed           = GUINT32_TO_LE((_packet_entry_header).network_speed); \
 140     (_packet_entry_header).captured_size           = GUINT16_TO_LE((_packet_entry_header).captured_size); \
 141     (_packet_entry_header).network_size            = GUINT16_TO_LE((_packet_entry_header).network_size); \
 142     (_packet_entry_header).offset_to_frame         = GUINT16_TO_LE((_packet_entry_header).offset_to_frame); \
 143     (_packet_entry_header).offset_to_next_packet   = GUINT16_TO_LE((_packet_entry_header).offset_to_next_packet); \
 144     (_packet_entry_header).errors                  = GUINT16_TO_LE((_packet_entry_header).errors); \
 145     (_packet_entry_header).reserved                = GUINT16_TO_LE((_packet_entry_header).reserved); \
 146     (_packet_entry_header).packet_number           = GUINT64_TO_LE((_packet_entry_header).packet_number); \
 147     (_packet_entry_header).original_packet_number  = GUINT64_TO_LE((_packet_entry_header).original_packet_number); \
 148     (_packet_entry_header).nano_seconds_since_2000 = GUINT64_TO_LE((_packet_entry_header).nano_seconds_since_2000)
 149
 150 /*
 151  * Network type values.
 152  */
 153 #define OBSERVER_UNDEFINED       0xFF
 154 #define OBSERVER_ETHERNET        0x00
 155 #define OBSERVER_TOKENRING       0x01
 156 #define OBSERVER_FIBRE_CHANNEL   0x08
 157 #define OBSERVER_WIRELESS_802_11 0x09
 158
 159 /*
 160  * Packet type values.
 161  */
 162 #define PACKET_TYPE_DATA_PACKET               0
 163 #define PACKET_TYPE_EXPERT_INFORMATION_PACKET 1
 164
 165 /*
 166  * The Observer document indicates that the types of expert information
 167  * packets are:
 168  *
 169  *    Network Load (markers used by Expert Time Interval and What If
 170  *    analysis modes)
 171  *
 172  *    Start/Stop Packet Capture marker frames (with time stamps when
 173  *    captures start and stop)
 174  *
 175  *    Wireless Channel Change (markers showing what channel was being
 176  *    currently listened to)
 177  *
 178  * That information appears to be contained in TLVs.
 179  */
 180
 181 /*
 182  * TLV type values.
 183  */
 184 #define INFORMATION_TYPE_NETWORK_LOAD       0x0100
 185 #define INFORMATION_TYPE_CAPTURE_START_STOP 0x0104
 186
 187 /*
 188  * Might some of these be broadcast and multicast packet counts?
 189  */
 190 typedef struct tlv_network_load
 191 {
 192     guint32 utilization;        /* network utilization, in .1% units */
 193     guint32 unknown1;
 194     guint32 unknown2;
 195     guint32 packets_per_second;
 196     guint32 unknown3;
 197     guint32 bytes_per_second;
 198     guint32 unknown4;
 199 } tlv_network_load;
 200
 201 typedef struct tlv_capture_start_stop
 202 {
 203     guint32 start_stop;
 204 } tlv_capture_start_stop;
 205
 206 #define START_STOP_TYPE_STOP   0
 207 #define START_STOP_TYPE_START  1
 208
 209 #endif
 210