4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 #ifndef __W_PCAPNG_H__
22 #define __W_PCAPNG_H__
26 #include "ws_symbol_export.h"
28 /* Option codes: 16-bit field */
29 #define OPT_EOFOPT 0x0000
30 #define OPT_COMMENT 0x0001 /**< NULL if not available */
32 /* Section Header block (SHB) */
33 #define OPT_SHB_HARDWARE 0x0002 /**< NULL if not available
34 * UTF-8 string containing the description of the
35 * hardware used to create this section.
37 #define OPT_SHB_OS 0x0003 /**< NULL if not available, UTF-8 string containing the
38 * name of the operating system used to create this section.
40 #define OPT_SHB_USERAPPL 0x0004 /**< NULL if not available, UTF-8 string containing the
41 * name of the application used to create this section.
44 /* Interface Description block (IDB) */
45 #define OPT_IDB_NAME 0x0002 /**< NULL if not available, A UTF-8 string containing the name
46 * of the device used to capture data.
47 * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}"
49 #define OPT_IDB_DESCR 0x0003 /**< NULL if not available, A UTF-8 string containing the description
50 * of the device used to capture data.
51 * "Broadcom NetXtreme" / "First Ethernet Interface"
53 #define OPT_IDB_IP4ADDR 0x0004 /**< XXX: if_IPv4addr Interface network address and netmask.
54 * This option can be repeated multiple times within the same Interface Description Block
55 * when multiple IPv4 addresses are assigned to the interface.
56 * 192 168 1 1 255 255 255 0
58 #define OPT_IDB_IP6ADDR 0x0005 /* XXX: if_IPv6addr Interface network address and prefix length (stored in the last byte).
59 * This option can be repeated multiple times within the same Interface
60 * Description Block when multiple IPv6 addresses are assigned to the interface.
61 * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
62 * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"*/
63 #define OPT_IDB_MACADDR 0x0006 /* XXX: if_MACaddr Interface Hardware MAC address (48 bits). */
64 #define OPT_IDB_EUIADDR 0x0007 /* XXX: if_EUIaddr Interface Hardware EUI address (64 bits) */
65 #define OPT_IDB_SPEED 0x0008 /**< 0xFFFFFFFF if unknown
66 * Interface speed (in bps). 100000000 for 100Mbps
68 #define OPT_IDB_TSRESOL 0x0009 /**< Resolution of timestamps. If the Most Significant Bit is equal to zero,
69 * the remaining bits indicates the resolution of the timestamp as as a
70 * negative power of 10 (e.g. 6 means microsecond resolution, timestamps
71 * are the number of microseconds since 1/1/1970). If the Most Significant Bit
72 * is equal to one, the remaining bits indicates the resolution has a
73 * negative power of 2 (e.g. 10 means 1/1024 of second).
74 * If this option is not present, a resolution of 10^-6 is assumed
75 * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps).
77 #define OPT_IDB_TZONE 0x000A /* XXX: if_tzone Time zone for GMT support (TODO: specify better). */
78 #define OPT_IDB_FILTER 0x000B /**< The filter (e.g. "capture only TCP traffic") used to capture traffic.
79 * The first byte of the Option Data keeps a code of the filter used
80 * (e.g. if this is a libpcap string, or BPF bytecode, and more).
81 * More details about this format will be presented in Appendix XXX (TODO).
82 * (TODO: better use different options for different fields?
83 * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
85 #define OPT_IDB_OS 0x000C /**< NULL if not available, A UTF-8 string containing the name of the operating system of the
86 * machine in which this interface is installed.
87 * This can be different from the same information that can be
88 * contained by the Section Header Block
89 * (Section 3.1 (Section Header Block (mandatory))) because
90 * the capture can have been done on a remote machine.
91 * "Windows XP SP2" / "openSUSE 10.2"
93 #define OPT_IDB_FCSLEN 0x000D /**< An integer value that specified the length of the
94 * Frame Check Sequence (in bits) for this interface.
95 * For link layers whose FCS length can change during time,
96 * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word))
98 #define OPT_IDB_TSOFFSET 0x000E /**< XXX: A 64 bits integer value that specifies an offset (in seconds)
99 * that must be added to the timestamp of each packet to obtain
100 * the absolute timestamp of a packet. If the option is missing,
101 * the timestamps stored in the packet must be considered absolute
102 * timestamps. The time zone of the offset can be specified with the
103 * option if_tzone. TODO: won't a if_tsoffset_low for fractional
104 * second offsets be useful for highly syncronized capture systems?
107 #define OPT_ISB_STARTTIME 0x0002
108 #define OPT_ISB_ENDTIME 0x0003
109 #define OPT_ISB_IFRECV 0x0004
110 #define OPT_ISB_IFDROP 0x0005
111 #define OPT_ISB_FILTERACCEPT 0x0006
112 #define OPT_ISB_OSDROP 0x0007
113 #define OPT_ISB_USRDELIV 0x0008
115 /* pcapng: common block header file encoding for every block type */
116 typedef struct pcapng_block_header_s {
118 guint32 block_total_length;
119 /* x bytes block_body */
120 /* guint32 block_total_length */
121 } pcapng_block_header_t;
123 /* pcapng: section header block file encoding */
124 typedef struct pcapng_section_header_block_s {
125 /* pcapng_block_header_t */
127 guint16 version_major;
128 guint16 version_minor;
129 guint64 section_length; /* might be -1 for unknown */
130 /* ... Options ... */
131 } pcapng_section_header_block_t;
133 /* pcapng: interface description block file encoding */
134 typedef struct pcapng_interface_description_block_s {
138 /* ... Options ... */
139 } pcapng_interface_description_block_t;
141 /* pcapng: interface statistics block file encoding */
142 typedef struct pcapng_interface_statistics_block_s {
143 guint32 interface_id;
144 guint32 timestamp_high;
145 guint32 timestamp_low;
146 /* ... Options ... */
147 } pcapng_interface_statistics_block_t;
149 struct pcapng_option_header {
151 guint16 value_length;
155 * Minimum IDB size = minimum block size + size of fixed length portion of IDB.
157 #define MIN_IDB_SIZE ((guint32)(MIN_BLOCK_SIZE + sizeof(pcapng_interface_description_block_t)))
159 wtap_open_return_val pcapng_open(wtap *wth, int *err, gchar **err_info);
160 gboolean pcapng_dump_open(wtap_dumper *wdh, int *err);
161 int pcapng_dump_can_write_encap(int encap);