6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26 #ifdef HAVE_SYS_TIME_H
32 #include "ws_symbol_export.h"
36 #endif /* __cplusplus */
38 /* Encapsulation types. Choose names that truly reflect
39 * what is contained in the packet trace file.
41 * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
42 * "wtap_dump_fd_open()" to indicate that there is no single encapsulation
43 * type for all packets in the file; this may cause those routines to
44 * fail if the capture file format being written can't support that.
45 * It's also returned by "wtap_file_encap()" for capture files that
46 * don't have a single encapsulation type for all packets in the file.
48 * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
49 * if it's handed an unknown encapsulation.
51 * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
52 * MAC addresses you get from the hardware are bit-swapped. Ideally,
53 * the driver would tell us that, but I know of none that do, so, for
54 * now, we base it on the machine on which we're *reading* the
55 * capture, rather than on the machine on which the capture was taken
56 * (they're probably likely to be the same). We assume that they're
57 * bit-swapped on everything except for systems running Ultrix, Alpha
58 * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
59 * Digital decided to bit-swap addresses in the hardware or in the
60 * driver, and I guess BSDI bit-swapped them in the driver, given that
61 * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
62 * save file format, we'd use the WTAP_ENCAP values to flag the
63 * encapsulation of a packet, so there we'd at least be able to base
64 * it on the machine on which the capture was taken.
66 * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
67 * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
68 * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
69 * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
70 * presumably used on some BSD systems, which we turn into
71 * WTAP_ENCAP_ATM_RFC1483.
73 * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
76 * 1) PPP-over-HDLC encapsulation, at least with some versions
77 * of ISDN4BSD (but not the current ones, it appears, unless
78 * I've missed something);
80 * 2) a 4-byte header containing the AF_ address family, in
81 * the byte order of the machine that saved the capture,
82 * for the packet, as used on many BSD systems for the
83 * loopback device and some other devices, or a 4-byte header
84 * containing the AF_ address family in network byte order,
85 * as used on recent OpenBSD systems for the loopback device;
87 * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
88 * type in the byte order from an Ethernet header, that being
89 * what older versions of "libpcap" on Linux turn the Ethernet
90 * header for loopback interfaces into (0.6.0 and later versions
91 * leave the Ethernet header alone and make it DLT_EN10MB). */
92 #define WTAP_ENCAP_PER_PACKET -1
93 #define WTAP_ENCAP_UNKNOWN 0
94 #define WTAP_ENCAP_ETHERNET 1
95 #define WTAP_ENCAP_TOKEN_RING 2
96 #define WTAP_ENCAP_SLIP 3
97 #define WTAP_ENCAP_PPP 4
98 #define WTAP_ENCAP_FDDI 5
99 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
100 #define WTAP_ENCAP_RAW_IP 7
101 #define WTAP_ENCAP_ARCNET 8
102 #define WTAP_ENCAP_ARCNET_LINUX 9
103 #define WTAP_ENCAP_ATM_RFC1483 10
104 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
105 #define WTAP_ENCAP_LAPB 12
106 #define WTAP_ENCAP_ATM_PDUS 13
107 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
108 #define WTAP_ENCAP_NULL 15
109 #define WTAP_ENCAP_ASCEND 16
110 #define WTAP_ENCAP_ISDN 17
111 #define WTAP_ENCAP_IP_OVER_FC 18
112 #define WTAP_ENCAP_PPP_WITH_PHDR 19
113 #define WTAP_ENCAP_IEEE_802_11 20
114 #define WTAP_ENCAP_IEEE_802_11_PRISM 21
115 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
116 #define WTAP_ENCAP_IEEE_802_11_RADIOTAP 23
117 #define WTAP_ENCAP_IEEE_802_11_AVS 24
118 #define WTAP_ENCAP_SLL 25
119 #define WTAP_ENCAP_FRELAY 26
120 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
121 #define WTAP_ENCAP_CHDLC 28
122 #define WTAP_ENCAP_CISCO_IOS 29
123 #define WTAP_ENCAP_LOCALTALK 30
124 #define WTAP_ENCAP_OLD_PFLOG 31
125 #define WTAP_ENCAP_HHDLC 32
126 #define WTAP_ENCAP_DOCSIS 33
127 #define WTAP_ENCAP_COSINE 34
128 #define WTAP_ENCAP_WFLEET_HDLC 35
129 #define WTAP_ENCAP_SDLC 36
130 #define WTAP_ENCAP_TZSP 37
131 #define WTAP_ENCAP_ENC 38
132 #define WTAP_ENCAP_PFLOG 39
133 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
134 #define WTAP_ENCAP_BLUETOOTH_H4 41
135 #define WTAP_ENCAP_MTP2 42
136 #define WTAP_ENCAP_MTP3 43
137 #define WTAP_ENCAP_IRDA 44
138 #define WTAP_ENCAP_USER0 45
139 #define WTAP_ENCAP_USER1 46
140 #define WTAP_ENCAP_USER2 47
141 #define WTAP_ENCAP_USER3 48
142 #define WTAP_ENCAP_USER4 49
143 #define WTAP_ENCAP_USER5 50
144 #define WTAP_ENCAP_USER6 51
145 #define WTAP_ENCAP_USER7 52
146 #define WTAP_ENCAP_USER8 53
147 #define WTAP_ENCAP_USER9 54
148 #define WTAP_ENCAP_USER10 55
149 #define WTAP_ENCAP_USER11 56
150 #define WTAP_ENCAP_USER12 57
151 #define WTAP_ENCAP_USER13 58
152 #define WTAP_ENCAP_USER14 59
153 #define WTAP_ENCAP_USER15 60
154 #define WTAP_ENCAP_SYMANTEC 61
155 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
156 #define WTAP_ENCAP_BACNET_MS_TP 63
157 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
158 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
159 #define WTAP_ENCAP_GPRS_LLC 66
160 #define WTAP_ENCAP_JUNIPER_ATM1 67
161 #define WTAP_ENCAP_JUNIPER_ATM2 68
162 #define WTAP_ENCAP_REDBACK 69
163 #define WTAP_ENCAP_NETTL_RAW_IP 70
164 #define WTAP_ENCAP_NETTL_ETHERNET 71
165 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
166 #define WTAP_ENCAP_NETTL_FDDI 73
167 #define WTAP_ENCAP_NETTL_UNKNOWN 74
168 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
169 #define WTAP_ENCAP_JUNIPER_PPPOE 76
170 #define WTAP_ENCAP_GCOM_TIE1 77
171 #define WTAP_ENCAP_GCOM_SERIAL 78
172 #define WTAP_ENCAP_NETTL_X25 79
173 #define WTAP_ENCAP_K12 80
174 #define WTAP_ENCAP_JUNIPER_MLPPP 81
175 #define WTAP_ENCAP_JUNIPER_MLFR 82
176 #define WTAP_ENCAP_JUNIPER_ETHER 83
177 #define WTAP_ENCAP_JUNIPER_PPP 84
178 #define WTAP_ENCAP_JUNIPER_FRELAY 85
179 #define WTAP_ENCAP_JUNIPER_CHDLC 86
180 #define WTAP_ENCAP_JUNIPER_GGSN 87
181 #define WTAP_ENCAP_LINUX_LAPD 88
182 #define WTAP_ENCAP_CATAPULT_DCT2000 89
183 #define WTAP_ENCAP_BER 90
184 #define WTAP_ENCAP_JUNIPER_VP 91
185 #define WTAP_ENCAP_USB 92
186 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
187 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
188 #define WTAP_ENCAP_USB_LINUX 95
189 #define WTAP_ENCAP_MPEG 96
190 #define WTAP_ENCAP_PPI 97
191 #define WTAP_ENCAP_ERF 98
192 #define WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99
193 #define WTAP_ENCAP_SITA 100
194 #define WTAP_ENCAP_SCCP 101
195 #define WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/
196 #define WTAP_ENCAP_IPMB 103
197 #define WTAP_ENCAP_IEEE802_15_4 104
198 #define WTAP_ENCAP_X2E_XORAYA 105
199 #define WTAP_ENCAP_FLEXRAY 106
200 #define WTAP_ENCAP_LIN 107
201 #define WTAP_ENCAP_MOST 108
202 #define WTAP_ENCAP_CAN20B 109
203 #define WTAP_ENCAP_LAYER1_EVENT 110
204 #define WTAP_ENCAP_X2E_SERIAL 111
205 #define WTAP_ENCAP_I2C 112
206 #define WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113
207 #define WTAP_ENCAP_TNEF 114
208 #define WTAP_ENCAP_USB_LINUX_MMAPPED 115
209 #define WTAP_ENCAP_GSM_UM 116
210 #define WTAP_ENCAP_DPNSS 117
211 #define WTAP_ENCAP_PACKETLOGGER 118
212 #define WTAP_ENCAP_NSTRACE_1_0 119
213 #define WTAP_ENCAP_NSTRACE_2_0 120
214 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
215 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
216 #define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
217 #define WTAP_ENCAP_IPNET 124
218 #define WTAP_ENCAP_SOCKETCAN 125
219 #define WTAP_ENCAP_IEEE_802_11_NETMON 126
220 #define WTAP_ENCAP_IEEE802_15_4_NOFCS 127
221 #define WTAP_ENCAP_RAW_IPFIX 128
222 #define WTAP_ENCAP_RAW_IP4 129
223 #define WTAP_ENCAP_RAW_IP6 130
224 #define WTAP_ENCAP_LAPD 131
225 #define WTAP_ENCAP_DVBCI 132
226 #define WTAP_ENCAP_MUX27010 133
227 #define WTAP_ENCAP_MIME 134
228 #define WTAP_ENCAP_NETANALYZER 135
229 #define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
230 #define WTAP_ENCAP_IP_OVER_IB 137
231 #define WTAP_ENCAP_MPEG_2_TS 138
232 #define WTAP_ENCAP_PPP_ETHER 139
233 #define WTAP_ENCAP_NFC_LLCP 140
234 #define WTAP_ENCAP_NFLOG 141
235 #define WTAP_ENCAP_V5_EF 142
236 #define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
237 #define WTAP_ENCAP_IXVERIWAVE 144
238 #define WTAP_ENCAP_IEEE_802_11_AIROPEEK 145
239 #define WTAP_ENCAP_SDH 146
240 #define WTAP_ENCAP_DBUS 147
241 #define WTAP_ENCAP_AX25_KISS 148
242 #define WTAP_ENCAP_AX25 149
243 #define WTAP_ENCAP_SCTP 150
244 #define WTAP_ENCAP_INFINIBAND 151
245 #define WTAP_ENCAP_JUNIPER_SVCS 152
246 #define WTAP_ENCAP_USBPCAP 153
248 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
250 /* File types that can be read by wiretap.
251 We support writing many of these file types, too, so we
252 distinguish between different versions of them. */
253 #define WTAP_FILE_UNKNOWN 0
254 #define WTAP_FILE_PCAP 1
255 #define WTAP_FILE_PCAPNG 2
256 #define WTAP_FILE_PCAP_NSEC 3
257 #define WTAP_FILE_PCAP_AIX 4
258 #define WTAP_FILE_PCAP_SS991029 5
259 #define WTAP_FILE_PCAP_NOKIA 6
260 #define WTAP_FILE_PCAP_SS990417 7
261 #define WTAP_FILE_PCAP_SS990915 8
262 #define WTAP_FILE_5VIEWS 9
263 #define WTAP_FILE_IPTRACE_1_0 10
264 #define WTAP_FILE_IPTRACE_2_0 11
265 #define WTAP_FILE_BER 12
266 #define WTAP_FILE_HCIDUMP 13
267 #define WTAP_FILE_CATAPULT_DCT2000 14
268 #define WTAP_FILE_NETXRAY_OLD 15
269 #define WTAP_FILE_NETXRAY_1_0 16
270 #define WTAP_FILE_COSINE 17
271 #define WTAP_FILE_CSIDS 18
272 #define WTAP_FILE_DBS_ETHERWATCH 19
273 #define WTAP_FILE_ERF 20
274 #define WTAP_FILE_EYESDN 21
275 #define WTAP_FILE_NETTL 22
276 #define WTAP_FILE_ISERIES 23
277 #define WTAP_FILE_ISERIES_UNICODE 24
278 #define WTAP_FILE_I4BTRACE 25
279 #define WTAP_FILE_ASCEND 26
280 #define WTAP_FILE_NETMON_1_x 27
281 #define WTAP_FILE_NETMON_2_x 28
282 #define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 29
283 #define WTAP_FILE_NGSNIFFER_COMPRESSED 30
284 #define WTAP_FILE_NETXRAY_1_1 31
285 #define WTAP_FILE_NETXRAY_2_00x 32
286 #define WTAP_FILE_NETWORK_INSTRUMENTS 33
287 #define WTAP_FILE_LANALYZER 34
288 #define WTAP_FILE_PPPDUMP 35
289 #define WTAP_FILE_RADCOM 36
290 #define WTAP_FILE_SNOOP 37
291 #define WTAP_FILE_SHOMITI 38
292 #define WTAP_FILE_VMS 39
293 #define WTAP_FILE_K12 40
294 #define WTAP_FILE_TOSHIBA 41
295 #define WTAP_FILE_VISUAL_NETWORKS 42
296 #define WTAP_FILE_PEEKCLASSIC_V56 43
297 #define WTAP_FILE_PEEKCLASSIC_V7 44
298 #define WTAP_FILE_PEEKTAGGED 45
299 #define WTAP_FILE_MPEG 46
300 #define WTAP_FILE_K12TEXT 47
301 #define WTAP_FILE_NETSCREEN 48
302 #define WTAP_FILE_COMMVIEW 49
303 #define WTAP_FILE_BTSNOOP 50
304 #define WTAP_FILE_TNEF 51
305 #define WTAP_FILE_DCT3TRACE 52
306 #define WTAP_FILE_PACKETLOGGER 53
307 #define WTAP_FILE_DAINTREE_SNA 54
308 #define WTAP_FILE_NETSCALER_1_0 55
309 #define WTAP_FILE_NETSCALER_2_0 56
310 #define WTAP_FILE_JPEG_JFIF 57 /* obsoleted by WTAP_FILE_MIME */
311 #define WTAP_FILE_IPFIX 58
312 #define WTAP_FILE_MIME 59
313 #define WTAP_FILE_AETHRA 60
314 #define WTAP_FILE_MPEG_2_TS 61
315 #define WTAP_FILE_VWR_80211 62
316 #define WTAP_FILE_VWR_ETH 63
317 #define WTAP_FILE_CAMINS 64
319 #define WTAP_NUM_FILE_TYPES wtap_get_num_file_types()
321 /* timestamp precision (currently only these values are supported) */
322 #define WTAP_FILE_TSPREC_SEC 0
323 #define WTAP_FILE_TSPREC_DSEC 1
324 #define WTAP_FILE_TSPREC_CSEC 2
325 #define WTAP_FILE_TSPREC_MSEC 3
326 #define WTAP_FILE_TSPREC_USEC 6
327 #define WTAP_FILE_TSPREC_NSEC 9
330 * Maximum packet size we'll support.
331 * 65535 is the largest snapshot length that libpcap supports, so we
334 #define WTAP_MAX_PACKET_SIZE 65535
337 * "Pseudo-headers" are used to supply to the clients of wiretap
338 * per-packet information that's not part of the packet payload
341 * NOTE: do not use pseudo-header structures to hold information
342 * used by the code to read a particular capture file type; to
343 * keep that sort of state information, add a new structure for
344 * that private information to "wtap-int.h", add a pointer to that
345 * type of structure to the "capture" member of the "struct wtap"
346 * structure, and allocate one of those structures and set that member
347 * in the "open" routine for that capture file type if the open
348 * succeeds. See various other capture file type handlers for examples
364 guint8 vlantag_offset;
365 guint8 coreid_offset;
366 guint8 srcnodeid_offset;
367 guint8 destnodeid_offset;
368 guint8 clflags_offset;
369 guint8 src_vmname_len_offset;
370 guint8 dst_vmname_len_offset;
374 /* Packet "pseudo-header" information for Ethernet capture files. */
376 gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
379 /* Packet "pseudo-header" information for X.25 capture files. */
380 #define FROM_DCE 0x80
382 guint8 flags; /* ENCAP_LAPB, ENCAP_V120 : 1st bit means From DCE */
385 /* Packet "pseudo-header" information for ISDN capture files. */
390 guint8 channel; /* 0 = D-channel; n = B-channel n */
393 /* Packet "pseudo-header" for ATM capture files.
394 Not all of this information is supplied by all capture types. */
399 #define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
400 #define ATM_NO_HEC 0x02 /* TRUE if the cell has HEC stripped out */
401 #define ATM_AAL2_NOPHDR 0x04 /* TRUE if the AAL2 PDU has no pseudo-header */
406 #define AAL_UNKNOWN 0 /* AAL unknown */
407 #define AAL_1 1 /* AAL1 */
408 #define AAL_2 2 /* AAL2 */
409 #define AAL_3_4 3 /* AAL3/4 */
410 #define AAL_5 4 /* AAL5 */
411 #define AAL_USER 5 /* User AAL */
412 #define AAL_SIGNALLING 6 /* Signaling AAL */
413 #define AAL_OAMCELL 7 /* OAM cell */
418 #define TRAF_UNKNOWN 0 /* Unknown */
419 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
420 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
421 #define TRAF_LANE 3 /* LAN Emulation */
422 #define TRAF_ILMI 4 /* ILMI */
423 #define TRAF_FR 5 /* Frame Relay */
424 #define TRAF_SPANS 6 /* FORE SPANS */
425 #define TRAF_IPSILON 7 /* Ipsilon */
426 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
427 #define TRAF_GPRS_NS 9 /* GPRS Network Services */
428 #define TRAF_SSCOP 10 /* SSCOP */
433 #define TRAF_ST_UNKNOWN 0 /* Unknown */
438 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
439 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
440 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
441 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
442 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
443 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
444 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
445 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
446 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
447 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
448 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
449 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
454 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
455 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
456 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
457 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
458 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
463 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
464 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
465 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
468 guint32 flags; /* status flags */
469 guint8 aal; /* AAL of the traffic */
470 guint8 type; /* traffic type */
471 guint8 subtype; /* traffic subtype */
472 guint16 vpi; /* virtual path identifier */
473 guint16 vci; /* virtual circuit identifier */
474 guint8 aal2_cid; /* channel id */
475 guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
476 guint16 cells; /* number of cells */
477 guint16 aal5t_u2u; /* user-to-user indicator */
478 guint16 aal5t_len; /* length of the packet */
479 guint32 aal5t_chksum; /* checksum for AAL5 packet */
482 /* Packet "pseudo-header" for Nokia output */
485 guint8 stuff[4]; /* mysterious stuff */
488 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
489 "wandisplay", and similar commands on Lucent/Ascend access equipment. */
491 #define ASCEND_MAX_STR_LEN 64
493 #define ASCEND_PFX_WDS_X 1
494 #define ASCEND_PFX_WDS_R 2
495 #define ASCEND_PFX_WDD 3
496 #define ASCEND_PFX_ISDN_X 4
497 #define ASCEND_PFX_ISDN_R 5
498 #define ASCEND_PFX_ETHER 6
501 guint16 type; /* ASCEND_PFX_*, as defined above */
502 char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
503 guint32 sess; /* Session number, from wandsession header */
504 char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
505 guint32 chunk; /* Chunk number, from WDD header */
506 guint32 task; /* Task number */
509 /* Also defined in epan/packet_info.h */
510 #define P2P_DIR_UNKNOWN -1
511 #define P2P_DIR_SENT 0
512 #define P2P_DIR_RECV 1
514 /* Packet "pseudo-header" for point-to-point links with direction flags. */
516 int sent; /* TRUE=sent, FALSE=received, -1=unknown*/
520 * Packet "pseudo-header" information for 802.11.
521 * Radio information is only present for WTAP_ENCAP_IEEE_802_11_WITH_RADIO.
523 * Signal strength, etc. information:
525 * Raw signal strength can be measured in milliwatts.
526 * It can also be represented as dBm, which is 10 times the log base 10
527 * of the signal strength in mW.
529 * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
530 * The actual RSSI value for a given signal strength is dependent on the
531 * vendor (and perhaps on the adapter). The maximum possible RSSI value
532 * is also dependent on the vendor and perhaps the adapter.
534 * The signal strength can be represented as a percentage, which is 100
535 * times the ratio of the RSSI and the maximum RSSI.
537 struct ieee_802_11_phdr {
538 gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
539 gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
540 guint8 channel; /* Channel number */
541 guint16 data_rate; /* in .5 Mb/s units */
542 guint8 signal_level; /* percentage */
545 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
547 #define COSINE_MAX_IF_NAME_LEN 128
549 #define COSINE_ENCAP_TEST 1
550 #define COSINE_ENCAP_PPoATM 2
551 #define COSINE_ENCAP_PPoFR 3
552 #define COSINE_ENCAP_ATM 4
553 #define COSINE_ENCAP_FR 5
554 #define COSINE_ENCAP_HDLC 6
555 #define COSINE_ENCAP_PPP 7
556 #define COSINE_ENCAP_ETH 8
557 #define COSINE_ENCAP_UNKNOWN 99
559 #define COSINE_DIR_TX 1
560 #define COSINE_DIR_RX 2
563 guint8 encap; /* COSINE_ENCAP_* as defined above */
564 guint8 direction; /* COSINE_DIR_*, as defined above */
565 char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
566 guint16 pro; /* Protocol */
567 guint16 off; /* Offset */
568 guint16 pri; /* Priority */
569 guint16 rm; /* Rate Marking */
570 guint16 err; /* Error Code */
573 /* Packet "pseudo-header" for IrDA capture files. */
576 * Direction of the packet
578 #define IRDA_INCOMING 0x0000
579 #define IRDA_OUTGOING 0x0004
582 * "Inline" log messages produced by IrCOMM2k on Windows
584 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
585 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
588 * Differentiate between frames and log messages
590 #define IRDA_CLASS_FRAME 0x0000
591 #define IRDA_CLASS_LOG 0x0100
592 #define IRDA_CLASS_MASK 0xFF00
595 guint16 pkttype; /* packet type */
598 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
608 /* Packet "pseudo-header" for MTP2 files. */
610 #define MTP2_ANNEX_A_NOT_USED 0
611 #define MTP2_ANNEX_A_USED 1
612 #define MTP2_ANNEX_A_USED_UNKNOWN 2
620 /* Packet "pseudo-header" for K12 files. */
634 const gchar *input_name;
635 const gchar *stack_file;
637 k12_input_info_t input_info;
639 guint32 extra_length;
643 #define K12_PORT_DS0S 0x00010008
644 #define K12_PORT_DS1 0x00100008
645 #define K12_PORT_ATMPVC 0x01020000
648 guint16 pkttype; /* packet type */
653 struct catapult_dct2000_phdr
657 struct isdn_phdr isdn;
660 } inner_pseudo_header;
665 #define LIBPCAP_BT_PHDR_SENT 0
666 #define LIBPCAP_BT_PHDR_RECV 1
669 * Header prepended by libpcap to each bluetooth hci h:4 frame.
670 * Values in network byte order
672 struct libpcap_bt_phdr {
673 guint32 direction; /* Bit 0 hold the frame direction. */
676 #define LIBPCAP_PPP_PHDR_RECV 0
677 #define LIBPCAP_PPP_PHDR_SENT 1
680 * Header prepended by libpcap to each ppp frame.
682 struct libpcap_ppp_phdr {
687 * Endace Record Format pseudo header
690 guint64 ts; /* Time stamp */
703 * ERF pseudo header with optional subheader
704 * (Multichannel or Ethernet)
707 #define MAX_ERF_EHDR 8
710 struct erf_phdr phdr;
711 struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
719 #define LLCP_PHDR_FLAG_SENT 0
725 #define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
726 #define SITA_FRAME_DIR_RXED (0x01)
727 #define SITA_FRAME_DIR (0x01) /* mask */
728 #define SITA_ERROR_NO_BUFFER (0x80)
730 #define SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */
731 #define SITA_SIG_DTR (0x02)
732 #define SITA_SIG_CTS (0x04)
733 #define SITA_SIG_RTS (0x08)
734 #define SITA_SIG_DCD (0x10)
735 #define SITA_SIG_UNDEF1 (0x20)
736 #define SITA_SIG_UNDEF2 (0x40)
737 #define SITA_SIG_UNDEF3 (0x80)
739 #define SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */
740 #define SITA_ERROR_TX_CTS_LOST (0x02)
741 #define SITA_ERROR_TX_UART_ERROR (0x04)
742 #define SITA_ERROR_TX_RETX_LIMIT (0x08)
743 #define SITA_ERROR_TX_UNDEF1 (0x10)
744 #define SITA_ERROR_TX_UNDEF2 (0x20)
745 #define SITA_ERROR_TX_UNDEF3 (0x40)
746 #define SITA_ERROR_TX_UNDEF4 (0x80)
748 #define SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */
749 #define SITA_ERROR_RX_PARITY (0x02)
750 #define SITA_ERROR_RX_COLLISION (0x04)
751 #define SITA_ERROR_RX_FRAME_LONG (0x08)
752 #define SITA_ERROR_RX_FRAME_SHORT (0x10)
753 #define SITA_ERROR_RX_UNDEF1 (0x20)
754 #define SITA_ERROR_RX_UNDEF2 (0x40)
755 #define SITA_ERROR_RX_UNDEF3 (0x80)
757 #define SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */
758 #define SITA_ERROR_RX_ABORT (0x02)
759 #define SITA_ERROR_RX_CD_LOST (0x04)
760 #define SITA_ERROR_RX_DPLL (0x08)
761 #define SITA_ERROR_RX_OVERRUN (0x10)
762 #define SITA_ERROR_RX_FRAME_LEN_VIOL (0x20)
763 #define SITA_ERROR_RX_CRC (0x40)
764 #define SITA_ERROR_RX_BREAK (0x80)
766 #define SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */
767 #define SITA_PROTO_BOP_LAPB (0x01)
768 #define SITA_PROTO_ETHERNET (0x02)
769 #define SITA_PROTO_ASYNC_INTIO (0x03)
770 #define SITA_PROTO_ASYNC_BLKIO (0x04)
771 #define SITA_PROTO_ALC (0x05)
772 #define SITA_PROTO_UTS (0x06)
773 #define SITA_PROTO_PPP_HDLC (0x07)
774 #define SITA_PROTO_SDLC (0x08)
775 #define SITA_PROTO_TOKENRING (0x09)
776 #define SITA_PROTO_I2C (0x10)
777 #define SITA_PROTO_DPM_LINK (0x11)
778 #define SITA_PROTO_BOP_FRL (0x12)
788 /*pseudo header for Bluetooth HCI*/
794 #define BTHCI_CHANNEL_COMMAND 1
795 #define BTHCI_CHANNEL_ACL 2
796 #define BTHCI_CHANNEL_SCO 3
797 #define BTHCI_CHANNEL_EVENT 4
799 /* pseudo header for WTAP_ENCAP_LAYER1_EVENT */
800 struct l1event_phdr {
804 /* * I2C pseudo header */
811 /* pseudo header for WTAP_ENCAP_GSM_UM */
815 /* The following are only populated for downlink */
823 #define GSM_UM_CHANNEL_UNKNOWN 0
824 #define GSM_UM_CHANNEL_BCCH 1
825 #define GSM_UM_CHANNEL_SDCCH 2
826 #define GSM_UM_CHANNEL_SACCH 3
827 #define GSM_UM_CHANNEL_FACCH 4
828 #define GSM_UM_CHANNEL_CCCH 5
829 #define GSM_UM_CHANNEL_RACH 6
830 #define GSM_UM_CHANNEL_AGCH 7
831 #define GSM_UM_CHANNEL_PCH 8
833 union wtap_pseudo_header {
836 struct isdn_phdr isdn;
838 struct ascend_phdr ascend;
840 struct ieee_802_11_phdr ieee_802_11;
841 struct cosine_phdr cosine;
842 struct irda_phdr irda;
843 struct nettl_phdr nettl;
844 struct mtp2_phdr mtp2;
846 struct lapd_phdr lapd;
847 struct catapult_dct2000_phdr dct2000;
848 struct erf_mc_phdr erf;
849 struct sita_phdr sita;
850 struct bthci_phdr bthci;
851 struct l1event_phdr l1event;
853 struct gsm_um_phdr gsm_um;
854 struct nstr_phdr nstr;
855 struct nokia_phdr nokia;
856 struct llcp_phdr llcp;
865 guint32 presence_flags; /* what stuff do we have? */
866 struct wtap_nstime ts;
867 guint32 caplen; /* data length in the file */
868 guint32 len; /* data length on the wire */
870 /* pcapng variables */
871 guint32 interface_id; /* identifier of the interface. */
873 gchar *opt_comment; /* NULL if not available */
874 guint64 drop_count; /* number of packets lost (by the interface and the
875 operating system) between this packet and the preceding one. */
876 guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
878 union wtap_pseudo_header pseudo_header;
882 * Bits in presence_flags, indicating which of the fields we have.
884 * For the time stamp, we may need some more flags to indicate
885 * whether the time stamp is an absolute date-and-time stamp, an
886 * absolute time-only stamp (which can make relative time
887 * calculations tricky, as you could in theory have two time
888 * stamps separated by an unknown number of days), or a time stamp
889 * relative to some unspecified time in the past (see mpeg.c).
891 * There is no presence flag for len - there has to be *some* length
892 * value for the packet. (The "captured length" can be missing if
893 * the file format doesn't report a captured length distinct from
894 * the on-the-network length because the application(s) producing those
895 * files don't support slicing packets.)
897 * There could be a presence flag for the packet encapsulation - if it's
898 * absent, use the file encapsulation - but it's not clear that's useful;
899 * we currently do that in the module for the file format.
901 #define WTAP_HAS_TS 0x00000001 /**< time stamp */
902 #define WTAP_HAS_CAP_LEN 0x00000002 /**< captured length separate from on-the-network length */
903 #define WTAP_HAS_INTERFACE_ID 0x00000004 /**< interface ID */
904 #define WTAP_HAS_COMMENTS 0x00000008 /**< comments */
905 #define WTAP_HAS_DROP_COUNT 0x00000010 /**< drop count */
906 #define WTAP_HAS_PACK_FLAGS 0x00000020 /**< packet flags */
909 * Holds the option strings from pcapng:s Section Header block(SHB).
911 typedef struct wtapng_section_s {
913 guint64 section_length; /**< 64-bit value specifying the length in bytes of the
915 * Section Length equal -1 (0xFFFFFFFFFFFFFFFF) means
916 * that the size of the section is not specified
919 gchar *opt_comment; /**< NULL if not available */
920 gchar *shb_hardware; /**< NULL if not available
921 * UTF-8 string containing the description of the
922 * hardware used to create this section.
924 gchar *shb_os; /**< NULL if not available, UTF-8 string containing the
925 * name of the operating system used to create this section.
927 const gchar *shb_user_appl; /**< NULL if not available, UTF-8 string containing the
928 * name of the application used to create this section.
933 /** struct holding the information to build IDB:s
934 * the interface_data array holds an array of wtapng_if_descr_t
937 typedef struct wtapng_iface_descriptions_s {
938 guint number_of_interfaces;
939 GArray *interface_data;
940 } wtapng_iface_descriptions_t;
942 /* Interface Description
946 * if_name 2 A UTF-8 string containing the name of the device used to capture data.
947 * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
949 * if_description 3 A UTF-8 string containing the description of the device used
950 * to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
952 * if_IPv4addr 4 Interface network address and netmask. This option can be
953 * repeated multiple times within the same Interface Description Block
954 * when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
956 * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte).
957 * This option can be repeated multiple times within the same Interface
958 * Description Block when multiple IPv6 addresses are assigned to the interface.
959 * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
960 * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
962 * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
964 * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
966 * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
968 * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero,
969 * the remaining bits indicates the resolution of the timestamp as as a
970 * negative power of 10 (e.g. 6 means microsecond resolution, timestamps
971 * are the number of microseconds since 1/1/1970). If the Most Significant Bit
972 * is equal to one, the remaining bits indicates the resolution has a
973 * negative power of 2 (e.g. 10 means 1/1024 of second).
974 * If this option is not present, a resolution of 10^-6 is assumed
975 * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
977 * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
979 * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
980 * The first byte of the Option Data keeps a code of the filter used
981 * (e.g. if this is a libpcap string, or BPF bytecode, and more).
982 * More details about this format will be presented in Appendix XXX (TODO).
983 * (TODO: better use different options for different fields?
984 * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
986 * if_os 12 A UTF-8 string containing the name of the operating system of the
987 * machine in which this interface is installed.
988 * This can be different from the same information that can be
989 * contained by the Section Header Block
990 * (Section 3.1 (Section Header Block (mandatory))) because
991 * the capture can have been done on a remote machine.
992 * "Windows XP SP2" / "openSUSE 10.2" / ...
994 * if_fcslen 13 An integer value that specified the length of the
995 * Frame Check Sequence (in bits) for this interface.
996 * For link layers whose FCS length can change during time,
997 * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
999 * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds)
1000 * that must be added to the timestamp of each packet to obtain
1001 * the absolute timestamp of a packet. If the option is missing,
1002 * the timestamps stored in the packet must be considered absolute
1003 * timestamps. The time zone of the offset can be specified with the
1004 * option if_tzone. TODO: won't a if_tsoffset_low for fractional
1005 * second offsets be useful for highly syncronized capture systems? 1234
1008 * Interface description data
1010 typedef struct wtapng_if_descr_s {
1011 int wtap_encap; /**< link_type translated to wtap_encap */
1012 guint64 time_units_per_second;
1019 gchar *opt_comment; /**< NULL if not available */
1020 gchar *if_name; /**< NULL if not available
1022 * A UTF-8 string containing the name of the
1023 * device used to capture data.
1025 gchar *if_description; /**< NULL if not available
1027 * A UTF-8 string containing the description
1028 * of the device used to capture data.
1031 /* XXX: if_IPv4addr opt 4 Interface network address and netmask. */
1032 /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
1033 /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits). */
1034 /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits) */
1036 guint64 if_speed; /**< 0xFFFFFFFF if unknown
1038 * Interface speed (in bps). 100000000 for 100Mbps
1040 guint8 if_tsresol; /**< default is 6 for microsecond resolution
1042 * Resolution of timestamps.
1043 * If the Most Significant Bit is equal to zero,
1044 * the remaining bits indicates the resolution of the
1045 * timestamp as as a negative power of 10
1048 /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
1050 gchar *if_filter_str; /**< NULL if not available
1051 * opt 11 libpcap string.
1053 guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
1054 gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
1055 gchar *if_os; /**< NULL if not available
1056 * 12 A UTF-8 string containing the name of the
1057 * operating system of the machine in which this
1058 * interface is installed.
1060 gint8 if_fcslen; /**< -1 if unknown or changes between packets,
1062 * An integer value that specified the length of
1063 * the Frame Check Sequence (in bits) for this interface. */
1064 /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
1065 guint8 num_stat_entries;
1066 GArray *interface_statistics; /**< An array holding the interface statistics from
1067 * pcapng ISB:s or equivalent(?)*/
1068 } wtapng_if_descr_t;
1072 * Interface Statistics. pcap-ng Interface Statistics Block (ISB).
1074 typedef struct wtapng_if_stats_s {
1076 guint32 interface_id;
1080 gchar *opt_comment; /**< NULL if not available */
1081 guint64 isb_starttime;
1082 guint64 isb_endtime;
1085 guint64 isb_filteraccept;
1087 guint64 isb_usrdeliv;
1088 } wtapng_if_stats_t;
1093 typedef struct wtap wtap;
1094 typedef struct wtap_dumper wtap_dumper;
1096 typedef struct wtap_reader *FILE_T;
1099 * Types of comments.
1101 #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
1102 #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
1103 #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
1105 struct file_type_info {
1106 /* the file type name */
1107 /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
1110 /* the file type short name, used as a shortcut for the command line tools */
1111 /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
1112 const char *short_name;
1114 /* the default file extension, used to save this type */
1115 /* should be NULL if no default extension is known */
1116 const char *default_file_extension;
1118 /* a semicolon-separated list of additional file extensions */
1119 /* used for this type */
1120 /* should be NULL if no extensions, or no extensions other */
1121 /* than the default extension, are known */
1122 const char *additional_file_extensions;
1124 /* when writing this file format, is seeking required? */
1125 gboolean writing_must_seek;
1127 /* does this type support name resolution records? */
1128 /* should be FALSE is this file type doesn't support name resolution records */
1129 gboolean has_name_resolution;
1131 /* what types of comment does this file support? */
1132 guint32 supported_comment_types;
1134 /* can this type write this encapsulation format? */
1135 /* should be NULL is this file type doesn't have write support */
1136 int (*can_write_encap)(int);
1138 /* the function to open the capture file for writing */
1139 /* should be NULL is this file type don't have write support */
1140 int (*dump_open)(wtap_dumper *, int *);
1144 typedef int (*wtap_open_routine_t)(struct wtap*, int *, char **);
1147 /** On failure, "wtap_open_offline()" returns NULL, and puts into the
1148 * "int" pointed to by its second argument:
1150 * @param filename Name of the file to open
1151 * @param err a positive "errno" value if the capture file can't be opened;
1152 * a negative number, indicating the type of error, on other failures.
1153 * @param err_info for some errors, a string giving more details of
1155 * @param do_random TRUE if random access to the file will be done,
1159 struct wtap* wtap_open_offline(const char *filename, int *err,
1160 gchar **err_info, gboolean do_random);
1163 * If we were compiled with zlib and we're at EOF, unset EOF so that
1164 * wtap_read/gzread has a chance to succeed. This is necessary if
1165 * we're tailing a file.
1168 void wtap_cleareof(wtap *wth);
1171 * Set callback functions to add new hostnames. Currently pcapng-only.
1172 * MUST match add_ipv4_name and add_ipv6_name in addr_resolv.c.
1174 typedef void (*wtap_new_ipv4_callback_t) (const guint addr, const gchar *name);
1176 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
1178 typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const gchar *name);
1180 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
1182 /** Returns TRUE if read was successful. FALSE if failure. data_offset is
1183 * set to the offset in the file where the data for the read packet is
1186 gboolean wtap_read(wtap *wth, int *err, gchar **err_info,
1187 gint64 *data_offset);
1190 gboolean wtap_seek_read (wtap *wth, gint64 seek_off,
1191 struct wtap_pkthdr *phdr, guint8 *pd, int len,
1192 int *err, gchar **err_info);
1194 /*** get various information snippets about the current packet ***/
1196 struct wtap_pkthdr *wtap_phdr(wtap *wth);
1198 guint8 *wtap_buf_ptr(wtap *wth);
1200 /*** get various information snippets about the current file ***/
1202 /** Return an approximation of the amount of data we've read sequentially
1203 * from the file so far. */
1205 gint64 wtap_read_so_far(wtap *wth);
1207 gint64 wtap_file_size(wtap *wth, int *err);
1209 gboolean wtap_iscompressed(wtap *wth);
1211 guint wtap_snapshot_length(wtap *wth); /* per file */
1213 int wtap_file_type(wtap *wth);
1215 int wtap_file_encap(wtap *wth);
1217 int wtap_file_tsprecision(wtap *wth);
1219 wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
1221 wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
1223 void wtap_write_shb_comment(wtap *wth, gchar *comment);
1225 /*** close the file descriptors for the current file ***/
1227 void wtap_fdclose(wtap *wth);
1229 /*** reopen the random file descriptor for the current file ***/
1231 gboolean wtap_fdreopen(wtap *wth, const char *filename, int *err);
1233 /*** close the current file ***/
1235 void wtap_sequential_close(wtap *wth);
1237 void wtap_close(wtap *wth);
1239 /*** dump packets into a capture file ***/
1241 gboolean wtap_dump_can_open(int filetype);
1244 * Given a GArray of WTAP_ENCAP_ types, return the per-file encapsulation
1245 * type that would be needed to write out a file with those types.
1248 int wtap_dump_file_encap_type(const GArray *file_encaps);
1251 * Return TRUE if we can write this capture file format out in
1252 * compressed form, FALSE if not.
1255 gboolean wtap_dump_can_compress(int filetype);
1258 * Return TRUE if this capture file format supports storing name
1259 * resolution information in it, FALSE if not.
1262 gboolean wtap_dump_has_name_resolution(int filetype);
1265 * Return TRUE if this capture file format supports all the comment
1266 * types specified, FALSE if not.
1269 gboolean wtap_dump_supports_comment_types(int filetype, guint32 comment_types);
1272 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
1273 int snaplen, gboolean compressed, int *err);
1276 wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
1277 int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
1280 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
1281 gboolean compressed, int *err);
1284 wtap_dumper* wtap_dump_fdopen_ng(int fd, int filetype, int encap, int snaplen,
1285 gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
1289 gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const guint8 *, int *err);
1291 void wtap_dump_flush(wtap_dumper *);
1293 gint64 wtap_get_bytes_dumped(wtap_dumper *);
1295 void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped);
1298 gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, struct addrinfo *addrinfo_list);
1300 gboolean wtap_dump_close(wtap_dumper *, int *);
1303 * Return TRUE if we can write a file out with the given GArray of file
1304 * encapsulations and the given bitmask of comment types.
1307 gboolean wtap_dump_can_write(const GArray *file_encaps, guint32 required_comment_types);
1310 * Get a GArray of WTAP_FILE_ values for file types that can be used
1311 * to save a file of a given type with a given GArray of WTAP_ENCAP_
1312 * types and the given bitmask of comment types.
1315 GArray *wtap_get_savable_file_types(int file_type, const GArray *file_encaps,
1316 guint32 required_comment_types);
1318 /*** various string converter functions ***/
1320 const char *wtap_file_type_string(int filetype);
1322 const char *wtap_file_type_short_string(int filetype);
1324 int wtap_short_string_to_file_type(const char *short_name);
1326 /*** various file extension functions ***/
1328 const char *wtap_default_file_extension(int filetype);
1330 GSList *wtap_get_file_extensions_list(int filetype, gboolean include_compressed);
1332 void wtap_free_file_extensions_list(GSList *extensions);
1335 const char *wtap_encap_string(int encap);
1337 const char *wtap_encap_short_string(int encap);
1339 int wtap_short_string_to_encap(const char *short_name);
1342 const char *wtap_strerror(int err);
1344 /*** get available number of file types and encapsulations ***/
1346 int wtap_get_num_encap_types(void);
1348 int wtap_get_num_file_types(void);
1350 /*** dynamically register new file types and encapsulations ***/
1352 void wtap_register_open_routine(wtap_open_routine_t, gboolean has_magic);
1354 int wtap_register_file_type(const struct file_type_info* fi);
1356 int wtap_register_encap_type(const char* name, const char* short_name);
1360 * Wiretap error codes.
1362 #define WTAP_ERR_NOT_REGULAR_FILE -1
1363 /** The file being opened for reading isn't a plain file (or pipe) */
1365 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
1366 /** The file is being opened for random access and it's a pipe */
1368 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
1369 /** The file being opened is not a capture file in a known format */
1371 #define WTAP_ERR_UNSUPPORTED -4
1372 /** Supported file type, but there's something in the file we
1375 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
1376 /** Wiretap can't save to a pipe in the specified format */
1378 #define WTAP_ERR_CANT_OPEN -6
1379 /** The file couldn't be opened, reason unknown */
1381 #define WTAP_ERR_UNSUPPORTED_FILE_TYPE -7
1382 /** Wiretap can't save files in the specified format */
1384 #define WTAP_ERR_UNSUPPORTED_ENCAP -8
1385 /** Wiretap can't read or save files in the specified format with the
1386 specified encapsulation */
1388 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
1389 /** The specified format doesn't support per-packet encapsulations */
1391 #define WTAP_ERR_CANT_CLOSE -10
1392 /** The file couldn't be closed, reason unknown */
1394 #define WTAP_ERR_CANT_READ -11
1395 /** An attempt to read failed, reason unknown */
1397 #define WTAP_ERR_SHORT_READ -12
1398 /** An attempt to read read less data than it should have */
1400 #define WTAP_ERR_BAD_FILE -13
1401 /** The file appears to be damaged or corrupted or otherwise bogus */
1403 #define WTAP_ERR_SHORT_WRITE -14
1404 /** An attempt to write wrote less data than it should have */
1406 #define WTAP_ERR_UNC_TRUNCATED -15
1407 /** Sniffer compressed data was oddly truncated */
1409 #define WTAP_ERR_UNC_OVERFLOW -16
1410 /** Uncompressing Sniffer data would overflow buffer */
1412 #define WTAP_ERR_UNC_BAD_OFFSET -17
1413 /** LZ77 compressed data has bad offset to string */
1415 #define WTAP_ERR_RANDOM_OPEN_STDIN -18
1416 /** We're trying to open the standard input for random access */
1418 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -19
1419 /* The filetype doesn't support output compression */
1421 #define WTAP_ERR_CANT_SEEK -20
1422 /** An attempt to seek failed, reason unknown */
1424 #define WTAP_ERR_CANT_SEEK_COMPRESSED -21
1425 /** An attempt to seek on a compressed stream */
1427 #define WTAP_ERR_DECOMPRESS -22
1428 /** Error decompressing */
1430 #define WTAP_ERR_INTERNAL -23
1431 /** "Shouldn't happen" internal errors */
1435 #endif /* __cplusplus */
1437 #endif /* __WTAP_H__ */
1440 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1445 * indent-tabs-mode: nil
1448 * vi: set shiftwidth=4 tabstop=8 expandtab:
1449 * :indentSize=4:tabSize=8:noTabs=true: