4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26 #ifdef HAVE_SYS_TYPES_H
27 #include <sys/types.h>
31 #include "wtap_opttypes.h"
34 #include "file_wrappers.h"
35 #include <wsutil/file_util.h>
36 #include <wsutil/buffer.h>
41 static plugins_t *libwiretap_plugins;
42 static GSList *wtap_plugins = NULL;
45 wtap_register_plugin(const wtap_plugin *plug)
47 wtap_plugins = g_slist_prepend(wtap_plugins, (wtap_plugin *)plug);
51 call_plugin_register_wtap_module(gpointer data, gpointer user_data _U_)
53 wtap_plugin *plug = (wtap_plugin *)data;
55 if (plug->register_wtap_module) {
56 plug->register_wtap_module();
59 #endif /* HAVE_PLUGINS */
62 * Return the size of the file, as reported by the OS.
63 * (gint64, in case that's 64 bits.)
66 wtap_file_size(wtap *wth, int *err)
70 if (file_fstat((wth->fh == NULL) ? wth->random_fh : wth->fh,
77 * Do an fstat on the file.
80 wtap_fstat(wtap *wth, ws_statb64 *statb, int *err)
82 if (file_fstat((wth->fh == NULL) ? wth->random_fh : wth->fh,
89 wtap_file_type_subtype(wtap *wth)
91 return wth->file_type_subtype;
95 wtap_iscompressed(wtap *wth)
97 return file_iscompressed((wth->fh == NULL) ? wth->random_fh : wth->fh);
101 wtap_snapshot_length(wtap *wth)
103 return wth->snapshot_length;
107 wtap_file_encap(wtap *wth)
109 return wth->file_encap;
113 wtap_file_tsprec(wtap *wth)
115 return wth->file_tsprec;
119 wtap_file_get_shb(wtap *wth)
121 if ((wth == NULL) || (wth->shb_hdrs == NULL) || (wth->shb_hdrs->len == 0))
124 return g_array_index(wth->shb_hdrs, wtap_block_t, 0);
128 wtap_file_get_shb_for_new_file(wtap *wth)
131 wtap_block_t shb_hdr_src, shb_hdr_dest;
134 if ((wth == NULL) || (wth->shb_hdrs == NULL) || (wth->shb_hdrs->len == 0))
137 shb_hdrs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
139 for (shb_count = 0; shb_count < wth->shb_hdrs->len; shb_count++) {
140 shb_hdr_src = g_array_index(wth->shb_hdrs, wtap_block_t, shb_count);
141 shb_hdr_dest = wtap_block_create(WTAP_BLOCK_NG_SECTION);
142 wtap_block_copy(shb_hdr_dest, shb_hdr_src);
143 g_array_append_val(shb_hdrs, shb_hdr_dest);
150 * XXX - replace with APIs that let us handle multiple comments.
153 wtap_write_shb_comment(wtap *wth, gchar *comment)
155 if ((wth != NULL) && (wth->shb_hdrs != NULL) && (wth->shb_hdrs->len > 0)) {
156 wtap_block_set_nth_string_option_value(g_array_index(wth->shb_hdrs, wtap_block_t, 0), OPT_COMMENT, 0, comment, (gsize)(comment ? strlen(comment) : 0));
160 wtapng_iface_descriptions_t *
161 wtap_file_get_idb_info(wtap *wth)
163 wtapng_iface_descriptions_t *idb_info;
165 idb_info = g_new(wtapng_iface_descriptions_t,1);
167 idb_info->interface_data = wth->interface_data;
174 wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info)
176 if (idb_info == NULL)
179 wtap_block_array_free(idb_info->interface_data);
184 wtap_get_debug_if_descr(const wtap_block_t if_descr,
186 const char* line_end)
189 wtapng_if_descr_mandatory_t* if_descr_mand;
190 GString *info = g_string_new("");
194 wtapng_if_descr_filter_t* if_filter;
198 if_descr_mand = (wtapng_if_descr_mandatory_t*)wtap_block_get_mandatory_data(if_descr);
199 if (wtap_block_get_string_option_value(if_descr, OPT_IDB_NAME, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
200 g_string_printf(info,
201 "%*cName = %s%s", indent, ' ',
202 tmp_content ? tmp_content : "UNKNOWN",
206 if (wtap_block_get_string_option_value(if_descr, OPT_IDB_DESCR, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
207 g_string_append_printf(info,
208 "%*cDescription = %s%s", indent, ' ',
209 tmp_content ? tmp_content : "NONE",
213 g_string_append_printf(info,
214 "%*cEncapsulation = %s (%d - %s)%s", indent, ' ',
215 wtap_encap_string(if_descr_mand->wtap_encap),
216 if_descr_mand->wtap_encap,
217 wtap_encap_short_string(if_descr_mand->wtap_encap),
220 if (wtap_block_get_uint64_option_value(if_descr, OPT_IDB_SPEED, &tmp64) == WTAP_OPTTYPE_SUCCESS) {
221 g_string_append_printf(info,
222 "%*cSpeed = %" G_GINT64_MODIFIER "u%s", indent, ' ',
227 g_string_append_printf(info,
228 "%*cCapture length = %u%s", indent, ' ',
229 if_descr_mand->snap_len,
232 if (wtap_block_get_uint8_option_value(if_descr, OPT_IDB_FCSLEN, &itmp8) == WTAP_OPTTYPE_SUCCESS) {
233 g_string_append_printf(info,
234 "%*cFCS length = %d%s", indent, ' ',
239 g_string_append_printf(info,
240 "%*cTime precision = %s (%d)%s", indent, ' ',
241 wtap_tsprec_string(if_descr_mand->tsprecision),
242 if_descr_mand->tsprecision,
245 g_string_append_printf(info,
246 "%*cTime ticks per second = %" G_GINT64_MODIFIER "u%s", indent, ' ',
247 if_descr_mand->time_units_per_second,
250 if (wtap_block_get_uint8_option_value(if_descr, OPT_IDB_TSRESOL, &tmp8) == WTAP_OPTTYPE_SUCCESS) {
251 g_string_append_printf(info,
252 "%*cTime resolution = 0x%.2x%s", indent, ' ',
257 if (wtap_block_get_custom_option_value(if_descr, OPT_IDB_FILTER, (void**)&if_filter) == WTAP_OPTTYPE_SUCCESS) {
258 g_string_append_printf(info,
259 "%*cFilter string = %s%s", indent, ' ',
260 if_filter->if_filter_str ? if_filter->if_filter_str : "NONE",
263 g_string_append_printf(info,
264 "%*cBPF filter length = %u%s", indent, ' ',
265 if_filter->bpf_filter_len,
269 if (wtap_block_get_string_option_value(if_descr, OPT_IDB_OS, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
270 g_string_append_printf(info,
271 "%*cOperating system = %s%s", indent, ' ',
272 tmp_content ? tmp_content : "UNKNOWN",
277 * XXX - support multiple comments.
279 if (wtap_block_get_nth_string_option_value(if_descr, OPT_COMMENT, 0, &tmp_content) == WTAP_OPTTYPE_SUCCESS) {
280 g_string_append_printf(info,
281 "%*cComment = %s%s", indent, ' ',
282 tmp_content ? tmp_content : "NONE",
286 g_string_append_printf(info,
287 "%*cNumber of stat entries = %u%s", indent, ' ',
288 if_descr_mand->num_stat_entries,
291 return g_string_free(info, FALSE);
295 wtap_file_get_nrb(wtap *wth)
297 if ((wth == NULL) || (wth->nrb_hdrs == NULL) || (wth->nrb_hdrs->len == 0))
300 return g_array_index(wth->nrb_hdrs, wtap_block_t, 0);
304 wtap_file_get_nrb_for_new_file(wtap *wth)
307 wtap_block_t nrb_hdr_src, nrb_hdr_dest;
310 if ((wth == NULL || wth->nrb_hdrs == NULL) || (wth->nrb_hdrs->len == 0))
313 nrb_hdrs = g_array_new(FALSE, FALSE, sizeof(wtap_block_t));
315 for (nrb_count = 0; nrb_count < wth->nrb_hdrs->len; nrb_count++) {
316 nrb_hdr_src = g_array_index(wth->nrb_hdrs, wtap_block_t, nrb_count);
317 nrb_hdr_dest = wtap_block_create(WTAP_BLOCK_NG_NRB);
318 wtap_block_copy(nrb_hdr_dest, nrb_hdr_src);
319 g_array_append_val(nrb_hdrs, nrb_hdr_dest);
325 /* Table of the encapsulation types we know about. */
326 struct encap_type_info {
328 const char *short_name;
331 static struct encap_type_info encap_table_base[] = {
332 /* WTAP_ENCAP_UNKNOWN */
333 { "Unknown", "unknown" },
335 /* WTAP_ENCAP_ETHERNET */
336 { "Ethernet", "ether" },
338 /* WTAP_ENCAP_TOKEN_RING */
339 { "Token Ring", "tr" },
341 /* WTAP_ENCAP_SLIP */
347 /* WTAP_ENCAP_FDDI */
350 /* WTAP_ENCAP_FDDI_BITSWAPPED */
351 { "FDDI with bit-swapped MAC addresses", "fddi-swapped" },
353 /* WTAP_ENCAP_RAW_IP */
354 { "Raw IP", "rawip" },
356 /* WTAP_ENCAP_ARCNET */
357 { "ARCNET", "arcnet" },
359 /* WTAP_ENCAP_ARCNET_LINUX */
360 { "Linux ARCNET", "arcnet_linux" },
362 /* WTAP_ENCAP_ATM_RFC1483 */
363 { "RFC 1483 ATM", "atm-rfc1483" },
365 /* WTAP_ENCAP_LINUX_ATM_CLIP */
366 { "Linux ATM CLIP", "linux-atm-clip" },
368 /* WTAP_ENCAP_LAPB */
371 /* WTAP_ENCAP_ATM_PDUS */
372 { "ATM PDUs", "atm-pdus" },
374 /* WTAP_ENCAP_ATM_PDUS_UNTRUNCATED */
375 { "ATM PDUs - untruncated", "atm-pdus-untruncated" },
377 /* WTAP_ENCAP_NULL */
378 { "NULL/Loopback", "null" },
380 /* WTAP_ENCAP_ASCEND */
381 { "Lucent/Ascend access equipment", "ascend" },
383 /* WTAP_ENCAP_ISDN */
386 /* WTAP_ENCAP_IP_OVER_FC */
387 { "RFC 2625 IP-over-Fibre Channel", "ip-over-fc" },
389 /* WTAP_ENCAP_PPP_WITH_PHDR */
390 { "PPP with Directional Info", "ppp-with-direction" },
392 /* WTAP_ENCAP_IEEE_802_11 */
393 { "IEEE 802.11 Wireless LAN", "ieee-802-11" },
395 /* WTAP_ENCAP_IEEE_802_11_PRISM */
396 { "IEEE 802.11 plus Prism II monitor mode radio header", "ieee-802-11-prism" },
398 /* WTAP_ENCAP_IEEE_802_11_WITH_RADIO */
399 { "IEEE 802.11 Wireless LAN with radio information", "ieee-802-11-radio" },
401 /* WTAP_ENCAP_IEEE_802_11_RADIOTAP */
402 { "IEEE 802.11 plus radiotap radio header", "ieee-802-11-radiotap" },
404 /* WTAP_ENCAP_IEEE_802_11_AVS */
405 { "IEEE 802.11 plus AVS radio header", "ieee-802-11-avs" },
408 { "Linux cooked-mode capture", "linux-sll" },
410 /* WTAP_ENCAP_FRELAY */
411 { "Frame Relay", "frelay" },
413 /* WTAP_ENCAP_FRELAY_WITH_PHDR */
414 { "Frame Relay with Directional Info", "frelay-with-direction" },
416 /* WTAP_ENCAP_CHDLC */
417 { "Cisco HDLC", "chdlc" },
419 /* WTAP_ENCAP_CISCO_IOS */
420 { "Cisco IOS internal", "ios" },
422 /* WTAP_ENCAP_LOCALTALK */
423 { "Localtalk", "ltalk" },
425 /* WTAP_ENCAP_OLD_PFLOG */
426 { "OpenBSD PF Firewall logs, pre-3.4", "pflog-old" },
428 /* WTAP_ENCAP_HHDLC */
429 { "HiPath HDLC", "hhdlc" },
431 /* WTAP_ENCAP_DOCSIS */
432 { "Data Over Cable Service Interface Specification", "docsis" },
434 /* WTAP_ENCAP_COSINE */
435 { "CoSine L2 debug log", "cosine" },
437 /* WTAP_ENCAP_WFLEET_HDLC */
438 { "Wellfleet HDLC", "whdlc" },
440 /* WTAP_ENCAP_SDLC */
443 /* WTAP_ENCAP_TZSP */
444 { "Tazmen sniffer protocol", "tzsp" },
447 { "OpenBSD enc(4) encapsulating interface", "enc" },
449 /* WTAP_ENCAP_PFLOG */
450 { "OpenBSD PF Firewall logs", "pflog" },
452 /* WTAP_ENCAP_CHDLC_WITH_PHDR */
453 { "Cisco HDLC with Directional Info", "chdlc-with-direction" },
455 /* WTAP_ENCAP_BLUETOOTH_H4 */
456 { "Bluetooth H4", "bluetooth-h4" },
458 /* WTAP_ENCAP_MTP2 */
459 { "SS7 MTP2", "mtp2" },
461 /* WTAP_ENCAP_MTP3 */
462 { "SS7 MTP3", "mtp3" },
464 /* WTAP_ENCAP_IRDA */
467 /* WTAP_ENCAP_USER0 */
468 { "USER 0", "user0" },
470 /* WTAP_ENCAP_USER1 */
471 { "USER 1", "user1" },
473 /* WTAP_ENCAP_USER2 */
474 { "USER 2", "user2" },
476 /* WTAP_ENCAP_USER3 */
477 { "USER 3", "user3" },
479 /* WTAP_ENCAP_USER4 */
480 { "USER 4", "user4" },
482 /* WTAP_ENCAP_USER5 */
483 { "USER 5", "user5" },
485 /* WTAP_ENCAP_USER6 */
486 { "USER 6", "user6" },
488 /* WTAP_ENCAP_USER7 */
489 { "USER 7", "user7" },
491 /* WTAP_ENCAP_USER8 */
492 { "USER 8", "user8" },
494 /* WTAP_ENCAP_USER9 */
495 { "USER 9", "user9" },
497 /* WTAP_ENCAP_USER10 */
498 { "USER 10", "user10" },
500 /* WTAP_ENCAP_USER11 */
501 { "USER 11", "user11" },
503 /* WTAP_ENCAP_USER12 */
504 { "USER 12", "user12" },
506 /* WTAP_ENCAP_USER13 */
507 { "USER 13", "user13" },
509 /* WTAP_ENCAP_USER14 */
510 { "USER 14", "user14" },
512 /* WTAP_ENCAP_USER15 */
513 { "USER 15", "user15" },
515 /* WTAP_ENCAP_SYMANTEC */
516 { "Symantec Enterprise Firewall", "symantec" },
518 /* WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 */
519 { "Apple IP-over-IEEE 1394", "ap1394" },
521 /* WTAP_ENCAP_BACNET_MS_TP */
522 { "BACnet MS/TP", "bacnet-ms-tp" },
524 /* WTAP_ENCAP_NETTL_RAW_ICMP */
525 { "Raw ICMP with nettl headers", "raw-icmp-nettl" },
527 /* WTAP_ENCAP_NETTL_RAW_ICMPV6 */
528 { "Raw ICMPv6 with nettl headers", "raw-icmpv6-nettl" },
530 /* WTAP_ENCAP_GPRS_LLC */
531 { "GPRS LLC", "gprs-llc" },
533 /* WTAP_ENCAP_JUNIPER_ATM1 */
534 { "Juniper ATM1", "juniper-atm1" },
536 /* WTAP_ENCAP_JUNIPER_ATM2 */
537 { "Juniper ATM2", "juniper-atm2" },
539 /* WTAP_ENCAP_REDBACK */
540 { "Redback SmartEdge", "redback" },
542 /* WTAP_ENCAP_NETTL_RAW_IP */
543 { "Raw IP with nettl headers", "rawip-nettl" },
545 /* WTAP_ENCAP_NETTL_ETHERNET */
546 { "Ethernet with nettl headers", "ether-nettl" },
548 /* WTAP_ENCAP_NETTL_TOKEN_RING */
549 { "Token Ring with nettl headers", "tr-nettl" },
551 /* WTAP_ENCAP_NETTL_FDDI */
552 { "FDDI with nettl headers", "fddi-nettl" },
554 /* WTAP_ENCAP_NETTL_UNKNOWN */
555 { "Unknown link-layer type with nettl headers", "unknown-nettl" },
557 /* WTAP_ENCAP_MTP2_WITH_PHDR */
558 { "MTP2 with pseudoheader", "mtp2-with-phdr" },
560 /* WTAP_ENCAP_JUNIPER_PPPOE */
561 { "Juniper PPPoE", "juniper-pppoe" },
563 /* WTAP_ENCAP_GCOM_TIE1 */
564 { "GCOM TIE1", "gcom-tie1" },
566 /* WTAP_ENCAP_GCOM_SERIAL */
567 { "GCOM Serial", "gcom-serial" },
569 /* WTAP_ENCAP_NETTL_X25 */
570 { "X.25 with nettl headers", "x25-nettl" },
573 { "K12 protocol analyzer", "k12" },
575 /* WTAP_ENCAP_JUNIPER_MLPPP */
576 { "Juniper MLPPP", "juniper-mlppp" },
578 /* WTAP_ENCAP_JUNIPER_MLFR */
579 { "Juniper MLFR", "juniper-mlfr" },
581 /* WTAP_ENCAP_JUNIPER_ETHER */
582 { "Juniper Ethernet", "juniper-ether" },
584 /* WTAP_ENCAP_JUNIPER_PPP */
585 { "Juniper PPP", "juniper-ppp" },
587 /* WTAP_ENCAP_JUNIPER_FRELAY */
588 { "Juniper Frame-Relay", "juniper-frelay" },
590 /* WTAP_ENCAP_JUNIPER_CHDLC */
591 { "Juniper C-HDLC", "juniper-chdlc" },
593 /* WTAP_ENCAP_JUNIPER_GGSN */
594 { "Juniper GGSN", "juniper-ggsn" },
596 /* WTAP_ENCAP_LINUX_LAPD */
597 { "LAPD with Linux pseudo-header", "linux-lapd" },
599 /* WTAP_ENCAP_CATAPULT_DCT2000 */
600 { "Catapult DCT2000", "dct2000" },
603 { "ASN.1 Basic Encoding Rules", "ber" },
605 /* WTAP_ENCAP_JUNIPER_VP */
606 { "Juniper Voice PIC", "juniper-vp" },
608 /* WTAP_ENCAP_USB_FREEBSD */
609 { "USB packets with FreeBSD header", "usb-freebsd" },
611 /* WTAP_ENCAP_IEEE802_16_MAC_CPS */
612 { "IEEE 802.16 MAC Common Part Sublayer", "ieee-802-16-mac-cps" },
614 /* WTAP_ENCAP_NETTL_RAW_TELNET */
615 { "Raw telnet with nettl headers", "raw-telnet-nettl" },
617 /* WTAP_ENCAP_USB_LINUX */
618 { "USB packets with Linux header", "usb-linux" },
620 /* WTAP_ENCAP_MPEG */
624 { "Per-Packet Information header", "ppi" },
627 { "Extensible Record Format", "erf" },
629 /* WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR */
630 { "Bluetooth H4 with linux header", "bluetooth-h4-linux" },
632 /* WTAP_ENCAP_SITA */
633 { "SITA WAN packets", "sita-wan" },
635 /* WTAP_ENCAP_SCCP */
636 { "SS7 SCCP", "sccp" },
638 /* WTAP_ENCAP_BLUETOOTH_HCI */
639 { "Bluetooth without transport layer", "bluetooth-hci" },
641 /* WTAP_ENCAP_IPMB */
642 { "Intelligent Platform Management Bus", "ipmb" },
644 /* WTAP_ENCAP_IEEE802_15_4 */
645 { "IEEE 802.15.4 Wireless PAN", "wpan" },
647 /* WTAP_ENCAP_X2E_XORAYA */
648 { "X2E Xoraya", "x2e-xoraya" },
650 /* WTAP_ENCAP_FLEXRAY */
651 { "FlexRay", "flexray" },
654 { "Local Interconnect Network", "lin" },
656 /* WTAP_ENCAP_MOST */
657 { "Media Oriented Systems Transport", "most" },
659 /* WTAP_ENCAP_CAN20B */
660 { "Controller Area Network 2.0B", "can20b" },
662 /* WTAP_ENCAP_LAYER1_EVENT */
663 { "EyeSDN Layer 1 event", "layer1-event" },
665 /* WTAP_ENCAP_X2E_SERIAL */
666 { "X2E serial line capture", "x2e-serial" },
671 /* WTAP_ENCAP_IEEE802_15_4_NONASK_PHY */
672 { "IEEE 802.15.4 Wireless PAN non-ASK PHY", "wpan-nonask-phy" },
674 /* WTAP_ENCAP_TNEF */
675 { "Transport-Neutral Encapsulation Format", "tnef" },
677 /* WTAP_ENCAP_USB_LINUX_MMAPPED */
678 { "USB packets with Linux header and padding", "usb-linux-mmap" },
680 /* WTAP_ENCAP_GSM_UM */
681 { "GSM Um Interface", "gsm_um" },
683 /* WTAP_ENCAP_DPNSS */
684 { "Digital Private Signalling System No 1 Link Layer", "dpnss_link" },
686 /* WTAP_ENCAP_PACKETLOGGER */
687 { "PacketLogger", "packetlogger" },
689 /* WTAP_ENCAP_NSTRACE_1_0 */
690 { "NetScaler Encapsulation 1.0 of Ethernet", "nstrace10" },
692 /* WTAP_ENCAP_NSTRACE_2_0 */
693 { "NetScaler Encapsulation 2.0 of Ethernet", "nstrace20" },
695 /* WTAP_ENCAP_FIBRE_CHANNEL_FC2 */
696 { "Fibre Channel FC-2", "fc2" },
698 /* WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS */
699 { "Fibre Channel FC-2 With Frame Delimiter", "fc2sof"},
701 /* WTAP_ENCAP_JPEG_JFIF */
702 { "JPEG/JFIF", "jfif" },
704 /* WTAP_ENCAP_IPNET */
705 { "Solaris IPNET", "ipnet" },
707 /* WTAP_ENCAP_SOCKETCAN */
708 { "SocketCAN", "socketcan" },
710 /* WTAP_ENCAP_IEEE_802_11_NETMON */
711 { "IEEE 802.11 plus Network Monitor radio header", "ieee-802-11-netmon" },
713 /* WTAP_ENCAP_IEEE802_15_4_NOFCS */
714 { "IEEE 802.15.4 Wireless PAN with FCS not present", "wpan-nofcs" },
716 /* WTAP_ENCAP_RAW_IPFIX */
717 { "IPFIX", "ipfix" },
719 /* WTAP_ENCAP_RAW_IP4 */
720 { "Raw IPv4", "rawip4" },
722 /* WTAP_ENCAP_RAW_IP6 */
723 { "Raw IPv6", "rawip6" },
725 /* WTAP_ENCAP_LAPD */
728 /* WTAP_ENCAP_DVBCI */
729 { "DVB-CI (Common Interface)", "dvbci"},
731 /* WTAP_ENCAP_MUX27010 */
732 { "MUX27010", "mux27010"},
734 /* WTAP_ENCAP_MIME */
737 /* WTAP_ENCAP_NETANALYZER */
738 { "netANALYZER", "netanalyzer" },
740 /* WTAP_ENCAP_NETANALYZER_TRANSPARENT */
741 { "netANALYZER-Transparent", "netanalyzer-transparent" },
743 /* WTAP_ENCAP_IP_OVER_IB */
744 { "IP over Infiniband", "ip-over-ib" },
746 /* WTAP_ENCAP_MPEG_2_TS */
747 { "ISO/IEC 13818-1 MPEG2-TS", "mp2ts" },
749 /* WTAP_ENCAP_PPP_ETHER */
750 { "PPP-over-Ethernet session", "pppoes" },
752 /* WTAP_ENCAP_NFC_LLCP */
753 { "NFC LLCP", "nfc-llcp" },
755 /* WTAP_ENCAP_NFLOG */
756 { "NFLOG", "nflog" },
758 /* WTAP_ENCAP_V5_EF */
759 { "V5 Envelope Function", "v5-ef" },
761 /* WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR */
762 { "BACnet MS/TP with Directional Info", "bacnet-ms-tp-with-direction" },
764 /* WTAP_ENCAP_IXVERIWAVE */
765 { "IxVeriWave header and stats block", "ixveriwave" },
770 /* WTAP_ENCAP_DBUS */
773 /* WTAP_ENCAP_AX25_KISS */
774 { "AX.25 with KISS header", "ax25-kiss" },
776 /* WTAP_ENCAP_AX25 */
777 { "Amateur Radio AX.25", "ax25" },
779 /* WTAP_ENCAP_SCTP */
782 /* WTAP_ENCAP_INFINIBAND */
783 { "InfiniBand", "infiniband" },
785 /* WTAP_ENCAP_JUNIPER_SVCS */
786 { "Juniper Services", "juniper-svcs" },
788 /* WTAP_ENCAP_USBPCAP */
789 { "USB packets with USBPcap header", "usb-usbpcap" },
791 /* WTAP_ENCAP_RTAC_SERIAL */
792 { "RTAC serial-line", "rtac-serial" },
794 /* WTAP_ENCAP_BLUETOOTH_LE_LL */
795 { "Bluetooth Low Energy Link Layer", "bluetooth-le-ll" },
797 /* WTAP_ENCAP_WIRESHARK_UPPER_PDU */
798 { "Wireshark Upper PDU export", "wireshark-upper-pdu" },
800 /* WTAP_ENCAP_STANAG_4607 */
801 { "STANAG 4607", "s4607" },
803 /* WTAP_ENCAP_STANAG_5066_D_PDU */
804 { "STANAG 5066 Data Transfer Sublayer PDUs(D_PDU)", "s5066-dpdu"},
806 /* WTAP_ENCAP_NETLINK */
807 { "Linux Netlink", "netlink" },
809 /* WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
810 { "Bluetooth Linux Monitor", "bluetooth-linux-monitor" },
812 /* WTAP_ENCAP_BLUETOOTH_BREDR_BB */
813 { "Bluetooth BR/EDR Baseband RF", "bluetooth-bredr-bb-rf" },
815 /* WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR */
816 { "Bluetooth Low Energy Link Layer RF", "bluetooth-le-ll-rf" },
818 /* WTAP_ENCAP_NSTRACE_3_0 */
819 { "NetScaler Encapsulation 3.0 of Ethernet", "nstrace30" },
821 /* WTAP_ENCAP_LOGCAT */
822 { "Android Logcat Binary format", "logcat" },
824 /* WTAP_ENCAP_LOGCAT_BRIEF */
825 { "Android Logcat Brief text format", "logcat_brief" },
827 /* WTAP_ENCAP_LOGCAT_PROCESS */
828 { "Android Logcat Process text format", "logcat_process" },
830 /* WTAP_ENCAP_LOGCAT_TAG */
831 { "Android Logcat Tag text format", "logcat_tag" },
833 /* WTAP_ENCAP_LOGCAT_THREAD */
834 { "Android Logcat Thread text format", "logcat_thread" },
836 /* WTAP_ENCAP_LOGCAT_TIME */
837 { "Android Logcat Time text format", "logcat_time" },
839 /* WTAP_ENCAP_LOGCAT_THREADTIME */
840 { "Android Logcat Threadtime text format", "logcat_threadtime" },
842 /* WTAP_ENCAP_LOGCAT_LONG */
843 { "Android Logcat Long text format", "logcat_long" },
845 /* WTAP_ENCAP_PKTAP */
846 { "Apple PKTAP", "pktap" },
848 /* WTAP_ENCAP_EPON */
849 { "Ethernet Passive Optical Network", "epon" },
851 /* WTAP_ENCAP_IPMI_TRACE */
852 { "IPMI Trace Data Collection", "ipmi-trace" },
854 /* WTAP_ENCAP_LOOP */
855 { "OpenBSD loopback", "loop" },
857 /* WTAP_ENCAP_JSON */
858 { "JavaScript Object Notation", "json" },
860 /* WTAP_ENCAP_NSTRACE_3_5 */
861 { "NetScaler Encapsulation 3.5 of Ethernet", "nstrace35" },
863 /* WTAP_ENCAP_ISO14443 */
864 { "ISO 14443 contactless smartcard standards", "iso14443" },
866 /* WTAP_ENCAP_GFP_T */
867 { "ITU-T G.7041/Y.1303 Generic Framing Procedure Transparent mode", "gfp-t" },
869 /* WTAP_ENCAP_GFP_F */
870 { "ITU-T G.7041/Y.1303 Generic Framing Procedure Frame-mapped mode", "gfp-f" },
872 /* WTAP_ENCAP_IP_OVER_IB_PCAP */
873 { "IP over IB", "ip-ib" },
875 /* WTAP_ENCAP_JUNIPER_VN */
876 { "Juniper VN", "juniper-vn" },
878 /* WTAP_ENCAP_USB_DARWIN */
879 { "USB packets with Darwin (macOS, etc.) headers", "usb-darwin" },
881 /* WTAP_ENCAP_LORATAP */
882 { "LoRaTap", "loratap"},
884 /* WTAP_ENCAP_3MB_ETHERNET */
885 { "Xerox 3MB Ethernet", "xeth"},
887 /* WTAP_ENCAP_VSOCK */
888 { "Linux vsock", "vsock" },
890 /* WTAP_ENCAP_NORDIC_BLE */
891 { "Nordic BLE Sniffer", "nordic_ble" },
893 /* WTAP_ENCAP_NETMON_NET_NETEVENT */
894 { "Network Monitor Network Event", "netmon_event" },
896 /* WTAP_ENCAP_NETMON_HEADER */
897 { "Network Monitor Header", "netmon_header" },
899 /* WTAP_ENCAP_NETMON_NET_FILTER */
900 { "Network Monitor Filter", "netmon_filter" },
902 /* WTAP_ENCAP_NETMON_NETWORK_INFO_EX */
903 { "Network Monitor Network Info", "netmon_network_info" },
905 /* WTAP_ENCAP_MA_WFP_CAPTURE_V4 */
906 { "Message Analyzer WFP Capture v4", "message_analyzer_wfp_capture_v4" },
908 /* WTAP_ENCAP_MA_WFP_CAPTURE_V6 */
909 { "Message Analyzer WFP Capture v6", "message_analyzer_wfp_capture_v6" },
911 /* WTAP_ENCAP_MA_WFP_CAPTURE_2V4 */
912 { "Message Analyzer WFP Capture2 v4", "message_analyzer_wfp_capture2_v4" },
914 /* WTAP_ENCAP_MA_WFP_CAPTURE_2V6 */
915 { "Message Analyzer WFP Capture2 v6", "message_analyzer_wfp_capture2_v6" },
917 /* WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 */
918 { "Message Analyzer WFP Capture Auth v4", "message_analyzer_wfp_capture_auth_v4" },
920 /* WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 */
921 { "Message Analyzer WFP Capture Auth v6", "message_analyzer_wfp_capture_auth_v6" },
925 gint wtap_num_encap_types = sizeof(encap_table_base) / sizeof(struct encap_type_info);
926 static GArray* encap_table_arr = NULL;
928 #define encap_table_entry(encap) \
929 g_array_index(encap_table_arr, struct encap_type_info, encap)
931 static void wtap_init_encap_types(void) {
933 if (encap_table_arr) return;
935 encap_table_arr = g_array_new(FALSE,TRUE,sizeof(struct encap_type_info));
937 g_array_append_vals(encap_table_arr,encap_table_base,wtap_num_encap_types);
940 static void wtap_cleanup_encap_types(void) {
941 if (encap_table_arr) {
942 g_array_free(encap_table_arr, TRUE);
943 encap_table_arr = NULL;
947 int wtap_get_num_encap_types(void) {
948 return wtap_num_encap_types;
952 int wtap_register_encap_type(const char* name, const char* short_name) {
953 struct encap_type_info e;
955 e.name = g_strdup(name);
956 e.short_name = g_strdup(short_name);
958 g_array_append_val(encap_table_arr,e);
960 return wtap_num_encap_types++;
964 /* Name that should be somewhat descriptive. */
966 wtap_encap_string(int encap)
968 if (encap < WTAP_ENCAP_PER_PACKET || encap >= WTAP_NUM_ENCAP_TYPES)
970 else if (encap == WTAP_ENCAP_PER_PACKET)
973 return encap_table_entry(encap).name;
976 /* Name to use in, say, a command-line flag specifying the type. */
978 wtap_encap_short_string(int encap)
980 if (encap < WTAP_ENCAP_PER_PACKET || encap >= WTAP_NUM_ENCAP_TYPES)
982 else if (encap == WTAP_ENCAP_PER_PACKET)
985 return encap_table_entry(encap).short_name;
988 /* Translate a short name to a capture file type. */
990 wtap_short_string_to_encap(const char *short_name)
994 for (encap = 0; encap < WTAP_NUM_ENCAP_TYPES; encap++) {
995 if (encap_table_entry(encap).short_name != NULL &&
996 strcmp(short_name, encap_table_entry(encap).short_name) == 0)
999 return -1; /* no such encapsulation type */
1003 wtap_tsprec_string(int tsprec)
1007 case WTAP_TSPREC_PER_PACKET:
1010 case WTAP_TSPREC_SEC:
1013 case WTAP_TSPREC_DSEC:
1016 case WTAP_TSPREC_CSEC:
1019 case WTAP_TSPREC_MSEC:
1022 case WTAP_TSPREC_USEC:
1025 case WTAP_TSPREC_NSEC:
1028 case WTAP_TSPREC_UNKNOWN:
1036 static const char *wtap_errlist[] = {
1037 /* WTAP_ERR_NOT_REGULAR_FILE */
1038 "The file isn't a plain file or pipe",
1040 /* WTAP_ERR_RANDOM_OPEN_PIPE */
1041 "The file is being opened for random access but is a pipe",
1043 /* WTAP_ERR_FILE_UNKNOWN_FORMAT */
1044 "The file isn't a capture file in a known format",
1046 /* WTAP_ERR_UNSUPPORTED */
1047 "File contains record data we don't support",
1049 /* WTAP_ERR_CANT_WRITE_TO_PIPE */
1050 "That file format cannot be written to a pipe",
1052 /* WTAP_ERR_CANT_OPEN */
1055 /* WTAP_ERR_UNWRITABLE_FILE_TYPE */
1056 "Files can't be saved in that format",
1058 /* WTAP_ERR_UNWRITABLE_ENCAP */
1059 "Packets with that network type can't be saved in that format",
1061 /* WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED */
1062 "That file format doesn't support per-packet encapsulations",
1064 /* WTAP_ERR_CANT_WRITE */
1065 "A write failed for some unknown reason",
1067 /* WTAP_ERR_CANT_CLOSE */
1070 /* WTAP_ERR_SHORT_READ */
1071 "Less data was read than was expected",
1073 /* WTAP_ERR_BAD_FILE */
1074 "The file appears to be damaged or corrupt",
1076 /* WTAP_ERR_SHORT_WRITE */
1077 "Less data was written than was requested",
1079 /* WTAP_ERR_UNC_OVERFLOW */
1080 "Uncompression error: data would overflow buffer",
1082 /* WTAP_ERR_RANDOM_OPEN_STDIN */
1083 "The standard input cannot be opened for random access",
1085 /* WTAP_ERR_COMPRESSION_NOT_SUPPORTED */
1086 "That file format doesn't support compression",
1088 /* WTAP_ERR_CANT_SEEK */
1091 /* WTAP_ERR_CANT_SEEK_COMPRESSED */
1094 /* WTAP_ERR_DECOMPRESS */
1095 "Uncompression error",
1097 /* WTAP_ERR_INTERNAL */
1100 /* WTAP_ERR_PACKET_TOO_LARGE */
1101 "The packet being written is too large for that format",
1103 /* WTAP_ERR_CHECK_WSLUA */
1106 /* WTAP_ERR_UNWRITABLE_REC_TYPE */
1107 "That record type cannot be written in that format",
1109 /* WTAP_ERR_UNWRITABLE_REC_DATA */
1110 "That record can't be written in that format"
1112 #define WTAP_ERRLIST_SIZE (sizeof wtap_errlist / sizeof wtap_errlist[0])
1115 wtap_strerror(int err)
1117 static char errbuf[128];
1118 unsigned int wtap_errlist_index;
1121 wtap_errlist_index = -1 - err;
1122 if (wtap_errlist_index >= WTAP_ERRLIST_SIZE) {
1123 g_snprintf(errbuf, 128, "Error %d", err);
1126 if (wtap_errlist[wtap_errlist_index] == NULL)
1127 return "Unknown reason";
1128 return wtap_errlist[wtap_errlist_index];
1130 return g_strerror(err);
1133 /* Close only the sequential side, freeing up memory it uses.
1135 Note that we do *not* want to call the subtype's close function,
1136 as it would free any per-subtype data, and that data may be
1137 needed by the random-access side.
1139 Instead, if the subtype has a "sequential close" function, we call it,
1140 to free up stuff used only by the sequential side. */
1142 wtap_sequential_close(wtap *wth)
1144 if (wth->subtype_sequential_close != NULL)
1145 (*wth->subtype_sequential_close)(wth);
1147 if (wth->fh != NULL) {
1148 file_close(wth->fh);
1152 if (wth->frame_buffer) {
1153 ws_buffer_free(wth->frame_buffer);
1154 g_free(wth->frame_buffer);
1155 wth->frame_buffer = NULL;
1160 g_fast_seek_item_free(gpointer data, gpointer user_data _U_)
1166 * Close the file descriptors for the sequential and random streams, but
1167 * don't discard any information about those streams. Used on Windows if
1168 * we need to rename a file that we have open or if we need to rename on
1169 * top of a file we have open.
1172 wtap_fdclose(wtap *wth)
1174 if (wth->fh != NULL)
1175 file_fdclose(wth->fh);
1176 if (wth->random_fh != NULL)
1177 file_fdclose(wth->random_fh);
1181 wtap_close(wtap *wth)
1183 wtap_sequential_close(wth);
1185 if (wth->subtype_close != NULL)
1186 (*wth->subtype_close)(wth);
1188 if (wth->random_fh != NULL)
1189 file_close(wth->random_fh);
1193 if (wth->fast_seek != NULL) {
1194 g_ptr_array_foreach(wth->fast_seek, g_fast_seek_item_free, NULL);
1195 g_ptr_array_free(wth->fast_seek, TRUE);
1198 wtap_block_array_free(wth->shb_hdrs);
1199 wtap_block_array_free(wth->nrb_hdrs);
1200 wtap_block_array_free(wth->interface_data);
1206 wtap_cleareof(wtap *wth) {
1208 file_clearerr(wth->fh);
1211 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4) {
1213 wth->add_new_ipv4 = add_new_ipv4;
1216 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6) {
1218 wth->add_new_ipv6 = add_new_ipv6;
1222 wtap_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
1225 * Set the packet encapsulation to the file's encapsulation
1226 * value; if that's not WTAP_ENCAP_PER_PACKET, it's the
1227 * right answer (and means that the read routine for this
1228 * capture file type doesn't have to set it), and if it
1229 * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
1232 * Do the same for the packet time stamp resolution.
1234 wth->phdr.pkt_encap = wth->file_encap;
1235 wth->phdr.pkt_tsprec = wth->file_tsprec;
1239 if (!wth->subtype_read(wth, err, err_info, data_offset)) {
1241 * If we didn't get an error indication, we read
1242 * the last packet. See if there's any deferred
1243 * error, as might, for example, occur if we're
1244 * reading a compressed file, and we got an error
1245 * reading compressed data from the file, but
1246 * got enough compressed data to decompress the
1247 * last packet of the file.
1250 *err = file_error(wth->fh, err_info);
1251 return FALSE; /* failure */
1255 * It makes no sense for the captured data length to be bigger
1256 * than the actual data length.
1258 if (wth->phdr.caplen > wth->phdr.len)
1259 wth->phdr.caplen = wth->phdr.len;
1262 * Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
1263 * probably means the file has that encapsulation type
1264 * but the read routine didn't set this packet's
1265 * encapsulation type.
1267 g_assert(wth->phdr.pkt_encap != WTAP_ENCAP_PER_PACKET);
1269 return TRUE; /* success */
1273 * Read a given number of bytes from a file into a buffer or, if
1274 * buf is NULL, just discard them.
1276 * If we succeed, return TRUE.
1278 * If we get an EOF, return FALSE with *err set to 0, reporting this
1281 * If we get fewer bytes than the specified number, return FALSE with
1282 * *err set to WTAP_ERR_SHORT_READ, reporting this as a short read
1285 * If we get a read error, return FALSE with *err and *err_info set
1289 wtap_read_bytes_or_eof(FILE_T fh, void *buf, unsigned int count, int *err,
1294 bytes_read = file_read(buf, count, fh);
1295 if (bytes_read < 0 || (guint)bytes_read != count) {
1296 *err = file_error(fh, err_info);
1297 if (*err == 0 && bytes_read > 0)
1298 *err = WTAP_ERR_SHORT_READ;
1305 * Read a given number of bytes from a file into a buffer or, if
1306 * buf is NULL, just discard them.
1308 * If we succeed, return TRUE.
1310 * If we get fewer bytes than the specified number, including getting
1311 * an EOF, return FALSE with *err set to WTAP_ERR_SHORT_READ, reporting
1312 * this as a short read error.
1314 * If we get a read error, return FALSE with *err and *err_info set
1318 wtap_read_bytes(FILE_T fh, void *buf, unsigned int count, int *err,
1323 bytes_read = file_read(buf, count, fh);
1324 if (bytes_read < 0 || (guint)bytes_read != count) {
1325 *err = file_error(fh, err_info);
1327 *err = WTAP_ERR_SHORT_READ;
1334 * Read packet data into a Buffer, growing the buffer as necessary.
1336 * This returns an error on a short read, even if the short read hit
1337 * the EOF immediately. (The assumption is that each packet has a
1338 * header followed by raw packet data, and that we've already read the
1339 * header, so if we get an EOF trying to read the packet data, the file
1340 * has been cut short, even if the read didn't read any data at all.)
1343 wtap_read_packet_bytes(FILE_T fh, Buffer *buf, guint length, int *err,
1346 ws_buffer_assure_space(buf, length);
1347 return wtap_read_bytes(fh, ws_buffer_start_ptr(buf), length, err,
1352 * Return an approximation of the amount of data we've read sequentially
1353 * from the file so far. (gint64, in case that's 64 bits.)
1356 wtap_read_so_far(wtap *wth)
1358 return file_tell_raw(wth->fh);
1361 struct wtap_pkthdr *
1362 wtap_phdr(wtap *wth)
1368 wtap_buf_ptr(wtap *wth)
1370 return ws_buffer_start_ptr(wth->frame_buffer);
1374 wtap_phdr_init(struct wtap_pkthdr *phdr)
1376 memset(phdr, 0, sizeof(struct wtap_pkthdr));
1377 ws_buffer_init(&phdr->ft_specific_data, 0);
1381 wtap_phdr_cleanup(struct wtap_pkthdr *phdr)
1383 ws_buffer_free(&phdr->ft_specific_data);
1387 wtap_seek_read(wtap *wth, gint64 seek_off,
1388 struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
1391 * Set the packet encapsulation to the file's encapsulation
1392 * value; if that's not WTAP_ENCAP_PER_PACKET, it's the
1393 * right answer (and means that the read routine for this
1394 * capture file type doesn't have to set it), and if it
1395 * *is* WTAP_ENCAP_PER_PACKET, the caller needs to set it
1398 * Do the same for the packet time stamp resolution.
1400 phdr->pkt_encap = wth->file_encap;
1401 phdr->pkt_tsprec = wth->file_tsprec;
1405 if (!wth->subtype_seek_read(wth, seek_off, phdr, buf, err, err_info))
1409 * It makes no sense for the captured data length to be bigger
1410 * than the actual data length.
1412 if (phdr->caplen > phdr->len)
1413 phdr->caplen = phdr->len;
1416 * Make sure that it's not WTAP_ENCAP_PER_PACKET, as that
1417 * probably means the file has that encapsulation type
1418 * but the read routine didn't set this packet's
1419 * encapsulation type.
1421 g_assert(phdr->pkt_encap != WTAP_ENCAP_PER_PACKET);
1427 * Initialize the library.
1432 init_open_routines();
1433 wtap_opttypes_initialize();
1434 wtap_init_encap_types();
1436 libwiretap_plugins = plugins_init("wiretap");
1437 g_slist_foreach(wtap_plugins, call_plugin_register_wtap_module, NULL);
1442 * Cleanup the library
1447 wtap_cleanup_encap_types();
1448 wtap_opttypes_cleanup();
1449 ws_buffer_cleanup();
1450 cleanup_open_routines();
1452 g_slist_free(wtap_plugins);
1453 wtap_plugins = NULL;
1454 plugins_cleanup(libwiretap_plugins);
1455 libwiretap_plugins = NULL;
1460 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1465 * indent-tabs-mode: t
1468 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1469 * :indentSize=8:tabSize=8:noTabs=false: