6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26 #ifdef HAVE_SYS_TIME_H
32 #include <wiretap/buffer.h>
33 #include "ws_symbol_export.h"
37 #endif /* __cplusplus */
39 /* Encapsulation types. Choose names that truly reflect
40 * what is contained in the packet trace file.
42 * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
43 * "wtap_dump_fd_open()" to indicate that there is no single encapsulation
44 * type for all packets in the file; this may cause those routines to
45 * fail if the capture file format being written can't support that.
46 * It's also returned by "wtap_file_encap()" for capture files that
47 * don't have a single encapsulation type for all packets in the file.
49 * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
50 * if it's handed an unknown encapsulation.
52 * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
53 * MAC addresses you get from the hardware are bit-swapped. Ideally,
54 * the driver would tell us that, but I know of none that do, so, for
55 * now, we base it on the machine on which we're *reading* the
56 * capture, rather than on the machine on which the capture was taken
57 * (they're probably likely to be the same). We assume that they're
58 * bit-swapped on everything except for systems running Ultrix, Alpha
59 * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
60 * Digital decided to bit-swap addresses in the hardware or in the
61 * driver, and I guess BSDI bit-swapped them in the driver, given that
62 * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
63 * save file format, we'd use the WTAP_ENCAP values to flag the
64 * encapsulation of a packet, so there we'd at least be able to base
65 * it on the machine on which the capture was taken.
67 * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
68 * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
69 * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
70 * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
71 * presumably used on some BSD systems, which we turn into
72 * WTAP_ENCAP_ATM_RFC1483.
74 * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
77 * 1) PPP-over-HDLC encapsulation, at least with some versions
78 * of ISDN4BSD (but not the current ones, it appears, unless
79 * I've missed something);
81 * 2) a 4-byte header containing the AF_ address family, in
82 * the byte order of the machine that saved the capture,
83 * for the packet, as used on many BSD systems for the
84 * loopback device and some other devices, or a 4-byte header
85 * containing the AF_ address family in network byte order,
86 * as used on recent OpenBSD systems for the loopback device;
88 * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
89 * type in the byte order from an Ethernet header, that being
90 * what older versions of "libpcap" on Linux turn the Ethernet
91 * header for loopback interfaces into (0.6.0 and later versions
92 * leave the Ethernet header alone and make it DLT_EN10MB). */
93 #define WTAP_ENCAP_PER_PACKET -1
94 #define WTAP_ENCAP_UNKNOWN 0
95 #define WTAP_ENCAP_ETHERNET 1
96 #define WTAP_ENCAP_TOKEN_RING 2
97 #define WTAP_ENCAP_SLIP 3
98 #define WTAP_ENCAP_PPP 4
99 #define WTAP_ENCAP_FDDI 5
100 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
101 #define WTAP_ENCAP_RAW_IP 7
102 #define WTAP_ENCAP_ARCNET 8
103 #define WTAP_ENCAP_ARCNET_LINUX 9
104 #define WTAP_ENCAP_ATM_RFC1483 10
105 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
106 #define WTAP_ENCAP_LAPB 12
107 #define WTAP_ENCAP_ATM_PDUS 13
108 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
109 #define WTAP_ENCAP_NULL 15
110 #define WTAP_ENCAP_ASCEND 16
111 #define WTAP_ENCAP_ISDN 17
112 #define WTAP_ENCAP_IP_OVER_FC 18
113 #define WTAP_ENCAP_PPP_WITH_PHDR 19
114 #define WTAP_ENCAP_IEEE_802_11 20
115 #define WTAP_ENCAP_IEEE_802_11_PRISM 21
116 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
117 #define WTAP_ENCAP_IEEE_802_11_RADIOTAP 23
118 #define WTAP_ENCAP_IEEE_802_11_AVS 24
119 #define WTAP_ENCAP_SLL 25
120 #define WTAP_ENCAP_FRELAY 26
121 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
122 #define WTAP_ENCAP_CHDLC 28
123 #define WTAP_ENCAP_CISCO_IOS 29
124 #define WTAP_ENCAP_LOCALTALK 30
125 #define WTAP_ENCAP_OLD_PFLOG 31
126 #define WTAP_ENCAP_HHDLC 32
127 #define WTAP_ENCAP_DOCSIS 33
128 #define WTAP_ENCAP_COSINE 34
129 #define WTAP_ENCAP_WFLEET_HDLC 35
130 #define WTAP_ENCAP_SDLC 36
131 #define WTAP_ENCAP_TZSP 37
132 #define WTAP_ENCAP_ENC 38
133 #define WTAP_ENCAP_PFLOG 39
134 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
135 #define WTAP_ENCAP_BLUETOOTH_H4 41
136 #define WTAP_ENCAP_MTP2 42
137 #define WTAP_ENCAP_MTP3 43
138 #define WTAP_ENCAP_IRDA 44
139 #define WTAP_ENCAP_USER0 45
140 #define WTAP_ENCAP_USER1 46
141 #define WTAP_ENCAP_USER2 47
142 #define WTAP_ENCAP_USER3 48
143 #define WTAP_ENCAP_USER4 49
144 #define WTAP_ENCAP_USER5 50
145 #define WTAP_ENCAP_USER6 51
146 #define WTAP_ENCAP_USER7 52
147 #define WTAP_ENCAP_USER8 53
148 #define WTAP_ENCAP_USER9 54
149 #define WTAP_ENCAP_USER10 55
150 #define WTAP_ENCAP_USER11 56
151 #define WTAP_ENCAP_USER12 57
152 #define WTAP_ENCAP_USER13 58
153 #define WTAP_ENCAP_USER14 59
154 #define WTAP_ENCAP_USER15 60
155 #define WTAP_ENCAP_SYMANTEC 61
156 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
157 #define WTAP_ENCAP_BACNET_MS_TP 63
158 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
159 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
160 #define WTAP_ENCAP_GPRS_LLC 66
161 #define WTAP_ENCAP_JUNIPER_ATM1 67
162 #define WTAP_ENCAP_JUNIPER_ATM2 68
163 #define WTAP_ENCAP_REDBACK 69
164 #define WTAP_ENCAP_NETTL_RAW_IP 70
165 #define WTAP_ENCAP_NETTL_ETHERNET 71
166 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
167 #define WTAP_ENCAP_NETTL_FDDI 73
168 #define WTAP_ENCAP_NETTL_UNKNOWN 74
169 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
170 #define WTAP_ENCAP_JUNIPER_PPPOE 76
171 #define WTAP_ENCAP_GCOM_TIE1 77
172 #define WTAP_ENCAP_GCOM_SERIAL 78
173 #define WTAP_ENCAP_NETTL_X25 79
174 #define WTAP_ENCAP_K12 80
175 #define WTAP_ENCAP_JUNIPER_MLPPP 81
176 #define WTAP_ENCAP_JUNIPER_MLFR 82
177 #define WTAP_ENCAP_JUNIPER_ETHER 83
178 #define WTAP_ENCAP_JUNIPER_PPP 84
179 #define WTAP_ENCAP_JUNIPER_FRELAY 85
180 #define WTAP_ENCAP_JUNIPER_CHDLC 86
181 #define WTAP_ENCAP_JUNIPER_GGSN 87
182 #define WTAP_ENCAP_LINUX_LAPD 88
183 #define WTAP_ENCAP_CATAPULT_DCT2000 89
184 #define WTAP_ENCAP_BER 90
185 #define WTAP_ENCAP_JUNIPER_VP 91
186 #define WTAP_ENCAP_USB 92
187 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
188 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
189 #define WTAP_ENCAP_USB_LINUX 95
190 #define WTAP_ENCAP_MPEG 96
191 #define WTAP_ENCAP_PPI 97
192 #define WTAP_ENCAP_ERF 98
193 #define WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99
194 #define WTAP_ENCAP_SITA 100
195 #define WTAP_ENCAP_SCCP 101
196 #define WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/
197 #define WTAP_ENCAP_IPMB 103
198 #define WTAP_ENCAP_IEEE802_15_4 104
199 #define WTAP_ENCAP_X2E_XORAYA 105
200 #define WTAP_ENCAP_FLEXRAY 106
201 #define WTAP_ENCAP_LIN 107
202 #define WTAP_ENCAP_MOST 108
203 #define WTAP_ENCAP_CAN20B 109
204 #define WTAP_ENCAP_LAYER1_EVENT 110
205 #define WTAP_ENCAP_X2E_SERIAL 111
206 #define WTAP_ENCAP_I2C 112
207 #define WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113
208 #define WTAP_ENCAP_TNEF 114
209 #define WTAP_ENCAP_USB_LINUX_MMAPPED 115
210 #define WTAP_ENCAP_GSM_UM 116
211 #define WTAP_ENCAP_DPNSS 117
212 #define WTAP_ENCAP_PACKETLOGGER 118
213 #define WTAP_ENCAP_NSTRACE_1_0 119
214 #define WTAP_ENCAP_NSTRACE_2_0 120
215 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
216 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
217 #define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
218 #define WTAP_ENCAP_IPNET 124
219 #define WTAP_ENCAP_SOCKETCAN 125
220 #define WTAP_ENCAP_IEEE_802_11_NETMON 126
221 #define WTAP_ENCAP_IEEE802_15_4_NOFCS 127
222 #define WTAP_ENCAP_RAW_IPFIX 128
223 #define WTAP_ENCAP_RAW_IP4 129
224 #define WTAP_ENCAP_RAW_IP6 130
225 #define WTAP_ENCAP_LAPD 131
226 #define WTAP_ENCAP_DVBCI 132
227 #define WTAP_ENCAP_MUX27010 133
228 #define WTAP_ENCAP_MIME 134
229 #define WTAP_ENCAP_NETANALYZER 135
230 #define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
231 #define WTAP_ENCAP_IP_OVER_IB 137
232 #define WTAP_ENCAP_MPEG_2_TS 138
233 #define WTAP_ENCAP_PPP_ETHER 139
234 #define WTAP_ENCAP_NFC_LLCP 140
235 #define WTAP_ENCAP_NFLOG 141
236 #define WTAP_ENCAP_V5_EF 142
237 #define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
238 #define WTAP_ENCAP_IXVERIWAVE 144
239 #define WTAP_ENCAP_IEEE_802_11_AIROPEEK 145
240 #define WTAP_ENCAP_SDH 146
241 #define WTAP_ENCAP_DBUS 147
242 #define WTAP_ENCAP_AX25_KISS 148
243 #define WTAP_ENCAP_AX25 149
244 #define WTAP_ENCAP_SCTP 150
245 #define WTAP_ENCAP_INFINIBAND 151
246 #define WTAP_ENCAP_JUNIPER_SVCS 152
247 #define WTAP_ENCAP_USBPCAP 153
248 #define WTAP_ENCAP_RTAC_SERIAL 154
249 #define WTAP_ENCAP_BLUETOOTH_LE_LL 155
250 #define WTAP_ENCAP_WIRESHARK_UPPER_PDU 156
252 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
254 /* File types that can be read by wiretap.
255 We support writing many of these file types, too, so we
256 distinguish between different versions of them. */
257 #define WTAP_FILE_UNKNOWN 0
258 #define WTAP_FILE_PCAP 1
259 #define WTAP_FILE_PCAPNG 2
260 #define WTAP_FILE_PCAP_NSEC 3
261 #define WTAP_FILE_PCAP_AIX 4
262 #define WTAP_FILE_PCAP_SS991029 5
263 #define WTAP_FILE_PCAP_NOKIA 6
264 #define WTAP_FILE_PCAP_SS990417 7
265 #define WTAP_FILE_PCAP_SS990915 8
266 #define WTAP_FILE_5VIEWS 9
267 #define WTAP_FILE_IPTRACE_1_0 10
268 #define WTAP_FILE_IPTRACE_2_0 11
269 #define WTAP_FILE_BER 12
270 #define WTAP_FILE_HCIDUMP 13
271 #define WTAP_FILE_CATAPULT_DCT2000 14
272 #define WTAP_FILE_NETXRAY_OLD 15
273 #define WTAP_FILE_NETXRAY_1_0 16
274 #define WTAP_FILE_COSINE 17
275 #define WTAP_FILE_CSIDS 18
276 #define WTAP_FILE_DBS_ETHERWATCH 19
277 #define WTAP_FILE_ERF 20
278 #define WTAP_FILE_EYESDN 21
279 #define WTAP_FILE_NETTL 22
280 #define WTAP_FILE_ISERIES 23
281 #define WTAP_FILE_ISERIES_UNICODE 24
282 #define WTAP_FILE_I4BTRACE 25
283 #define WTAP_FILE_ASCEND 26
284 #define WTAP_FILE_NETMON_1_x 27
285 #define WTAP_FILE_NETMON_2_x 28
286 #define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 29
287 #define WTAP_FILE_NGSNIFFER_COMPRESSED 30
288 #define WTAP_FILE_NETXRAY_1_1 31
289 #define WTAP_FILE_NETXRAY_2_00x 32
290 #define WTAP_FILE_NETWORK_INSTRUMENTS 33
291 #define WTAP_FILE_LANALYZER 34
292 #define WTAP_FILE_PPPDUMP 35
293 #define WTAP_FILE_RADCOM 36
294 #define WTAP_FILE_SNOOP 37
295 #define WTAP_FILE_SHOMITI 38
296 #define WTAP_FILE_VMS 39
297 #define WTAP_FILE_K12 40
298 #define WTAP_FILE_TOSHIBA 41
299 #define WTAP_FILE_VISUAL_NETWORKS 42
300 #define WTAP_FILE_PEEKCLASSIC_V56 43
301 #define WTAP_FILE_PEEKCLASSIC_V7 44
302 #define WTAP_FILE_PEEKTAGGED 45
303 #define WTAP_FILE_MPEG 46
304 #define WTAP_FILE_K12TEXT 47
305 #define WTAP_FILE_NETSCREEN 48
306 #define WTAP_FILE_COMMVIEW 49
307 #define WTAP_FILE_BTSNOOP 50
308 #define WTAP_FILE_TNEF 51
309 #define WTAP_FILE_DCT3TRACE 52
310 #define WTAP_FILE_PACKETLOGGER 53
311 #define WTAP_FILE_DAINTREE_SNA 54
312 #define WTAP_FILE_NETSCALER_1_0 55
313 #define WTAP_FILE_NETSCALER_2_0 56
314 #define WTAP_FILE_JPEG_JFIF 57 /* obsoleted by WTAP_FILE_MIME */
315 #define WTAP_FILE_IPFIX 58
316 #define WTAP_FILE_MIME 59
317 #define WTAP_FILE_AETHRA 60
318 #define WTAP_FILE_MPEG_2_TS 61
319 #define WTAP_FILE_VWR_80211 62
320 #define WTAP_FILE_VWR_ETH 63
321 #define WTAP_FILE_CAMINS 64
323 #define WTAP_NUM_FILE_TYPES wtap_get_num_file_types()
325 /* timestamp precision (currently only these values are supported) */
326 #define WTAP_FILE_TSPREC_SEC 0
327 #define WTAP_FILE_TSPREC_DSEC 1
328 #define WTAP_FILE_TSPREC_CSEC 2
329 #define WTAP_FILE_TSPREC_MSEC 3
330 #define WTAP_FILE_TSPREC_USEC 6
331 #define WTAP_FILE_TSPREC_NSEC 9
334 * Maximum packet size we'll support.
335 * 65535 is the largest snapshot length that libpcap supports, so we
338 #define WTAP_MAX_PACKET_SIZE 65535
341 * "Pseudo-headers" are used to supply to the clients of wiretap
342 * per-packet information that's not part of the packet payload
345 * NOTE: do not use pseudo-header structures to hold information
346 * used by the code to read a particular capture file type; to
347 * keep that sort of state information, add a new structure for
348 * that private information to "wtap-int.h", add a pointer to that
349 * type of structure to the "capture" member of the "struct wtap"
350 * structure, and allocate one of those structures and set that member
351 * in the "open" routine for that capture file type if the open
352 * succeeds. See various other capture file type handlers for examples
368 guint8 vlantag_offset;
369 guint8 coreid_offset;
370 guint8 srcnodeid_offset;
371 guint8 destnodeid_offset;
372 guint8 clflags_offset;
373 guint8 src_vmname_len_offset;
374 guint8 dst_vmname_len_offset;
375 guint8 ns_activity_offset;
379 /* Packet "pseudo-header" information for Ethernet capture files. */
381 gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
384 /* Packet "pseudo-header" information for X.25 capture files. */
385 #define FROM_DCE 0x80
387 guint8 flags; /* ENCAP_LAPB, ENCAP_V120 : 1st bit means From DCE */
390 /* Packet "pseudo-header" information for ISDN capture files. */
395 guint8 channel; /* 0 = D-channel; n = B-channel n */
398 /* Packet "pseudo-header" for ATM capture files.
399 Not all of this information is supplied by all capture types. */
404 #define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
405 #define ATM_NO_HEC 0x02 /* TRUE if the cell has HEC stripped out */
406 #define ATM_AAL2_NOPHDR 0x04 /* TRUE if the AAL2 PDU has no pseudo-header */
411 #define AAL_UNKNOWN 0 /* AAL unknown */
412 #define AAL_1 1 /* AAL1 */
413 #define AAL_2 2 /* AAL2 */
414 #define AAL_3_4 3 /* AAL3/4 */
415 #define AAL_5 4 /* AAL5 */
416 #define AAL_USER 5 /* User AAL */
417 #define AAL_SIGNALLING 6 /* Signaling AAL */
418 #define AAL_OAMCELL 7 /* OAM cell */
423 #define TRAF_UNKNOWN 0 /* Unknown */
424 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
425 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
426 #define TRAF_LANE 3 /* LAN Emulation */
427 #define TRAF_ILMI 4 /* ILMI */
428 #define TRAF_FR 5 /* Frame Relay */
429 #define TRAF_SPANS 6 /* FORE SPANS */
430 #define TRAF_IPSILON 7 /* Ipsilon */
431 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
432 #define TRAF_GPRS_NS 9 /* GPRS Network Services */
433 #define TRAF_SSCOP 10 /* SSCOP */
438 #define TRAF_ST_UNKNOWN 0 /* Unknown */
443 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
444 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
445 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
446 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
447 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
448 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
449 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
450 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
451 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
452 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
453 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
454 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
459 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
460 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
461 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
462 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
463 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
468 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
469 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
470 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
473 guint32 flags; /* status flags */
474 guint8 aal; /* AAL of the traffic */
475 guint8 type; /* traffic type */
476 guint8 subtype; /* traffic subtype */
477 guint16 vpi; /* virtual path identifier */
478 guint16 vci; /* virtual circuit identifier */
479 guint8 aal2_cid; /* channel id */
480 guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
481 guint16 cells; /* number of cells */
482 guint16 aal5t_u2u; /* user-to-user indicator */
483 guint16 aal5t_len; /* length of the packet */
484 guint32 aal5t_chksum; /* checksum for AAL5 packet */
487 /* Packet "pseudo-header" for Nokia output */
490 guint8 stuff[4]; /* mysterious stuff */
493 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
494 "wandisplay", and similar commands on Lucent/Ascend access equipment. */
496 #define ASCEND_MAX_STR_LEN 64
498 #define ASCEND_PFX_WDS_X 1
499 #define ASCEND_PFX_WDS_R 2
500 #define ASCEND_PFX_WDD 3
501 #define ASCEND_PFX_ISDN_X 4
502 #define ASCEND_PFX_ISDN_R 5
503 #define ASCEND_PFX_ETHER 6
506 guint16 type; /* ASCEND_PFX_*, as defined above */
507 char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
508 guint32 sess; /* Session number, from wandsession header */
509 char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
510 guint32 chunk; /* Chunk number, from WDD header */
511 guint32 task; /* Task number */
514 /* Also defined in epan/packet_info.h */
515 #define P2P_DIR_UNKNOWN -1
516 #define P2P_DIR_SENT 0
517 #define P2P_DIR_RECV 1
519 /* Packet "pseudo-header" for point-to-point links with direction flags. */
521 int sent; /* TRUE=sent, FALSE=received, -1=unknown*/
525 * Packet "pseudo-header" information for 802.11.
526 * Radio information is only present for WTAP_ENCAP_IEEE_802_11_WITH_RADIO.
528 * Signal strength, etc. information:
530 * Raw signal strength can be measured in milliwatts.
531 * It can also be represented as dBm, which is 10 times the log base 10
532 * of the signal strength in mW.
534 * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
535 * The actual RSSI value for a given signal strength is dependent on the
536 * vendor (and perhaps on the adapter). The maximum possible RSSI value
537 * is also dependent on the vendor and perhaps the adapter.
539 * The signal strength can be represented as a percentage, which is 100
540 * times the ratio of the RSSI and the maximum RSSI.
542 struct ieee_802_11_phdr {
543 gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
544 gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
545 guint8 channel; /* Channel number */
546 guint16 data_rate; /* in .5 Mb/s units */
547 guint8 signal_level; /* percentage */
550 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
552 #define COSINE_MAX_IF_NAME_LEN 128
554 #define COSINE_ENCAP_TEST 1
555 #define COSINE_ENCAP_PPoATM 2
556 #define COSINE_ENCAP_PPoFR 3
557 #define COSINE_ENCAP_ATM 4
558 #define COSINE_ENCAP_FR 5
559 #define COSINE_ENCAP_HDLC 6
560 #define COSINE_ENCAP_PPP 7
561 #define COSINE_ENCAP_ETH 8
562 #define COSINE_ENCAP_UNKNOWN 99
564 #define COSINE_DIR_TX 1
565 #define COSINE_DIR_RX 2
568 guint8 encap; /* COSINE_ENCAP_* as defined above */
569 guint8 direction; /* COSINE_DIR_*, as defined above */
570 char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
571 guint16 pro; /* Protocol */
572 guint16 off; /* Offset */
573 guint16 pri; /* Priority */
574 guint16 rm; /* Rate Marking */
575 guint16 err; /* Error Code */
578 /* Packet "pseudo-header" for IrDA capture files. */
581 * Direction of the packet
583 #define IRDA_INCOMING 0x0000
584 #define IRDA_OUTGOING 0x0004
587 * "Inline" log messages produced by IrCOMM2k on Windows
589 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
590 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
593 * Differentiate between frames and log messages
595 #define IRDA_CLASS_FRAME 0x0000
596 #define IRDA_CLASS_LOG 0x0100
597 #define IRDA_CLASS_MASK 0xFF00
600 guint16 pkttype; /* packet type */
603 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
613 /* Packet "pseudo-header" for MTP2 files. */
615 #define MTP2_ANNEX_A_NOT_USED 0
616 #define MTP2_ANNEX_A_USED 1
617 #define MTP2_ANNEX_A_USED_UNKNOWN 2
625 /* Packet "pseudo-header" for K12 files. */
639 const gchar *input_name;
640 const gchar *stack_file;
642 k12_input_info_t input_info;
644 guint32 extra_length;
648 #define K12_PORT_DS0S 0x00010008
649 #define K12_PORT_DS1 0x00100008
650 #define K12_PORT_ATMPVC 0x01020000
653 guint16 pkttype; /* packet type */
658 struct catapult_dct2000_phdr
662 struct isdn_phdr isdn;
665 } inner_pseudo_header;
670 #define LIBPCAP_BT_PHDR_SENT 0
671 #define LIBPCAP_BT_PHDR_RECV 1
674 * Header prepended by libpcap to each bluetooth hci h:4 frame.
675 * Values in network byte order
677 struct libpcap_bt_phdr {
678 guint32 direction; /* Bit 0 hold the frame direction. */
681 #define LIBPCAP_PPP_PHDR_RECV 0
682 #define LIBPCAP_PPP_PHDR_SENT 1
685 * Header prepended by libpcap to each ppp frame.
687 struct libpcap_ppp_phdr {
692 * Endace Record Format pseudo header
695 guint64 ts; /* Time stamp */
708 * ERF pseudo header with optional subheader
709 * (Multichannel or Ethernet)
712 #define MAX_ERF_EHDR 8
715 struct erf_phdr phdr;
716 struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
724 #define LLCP_PHDR_FLAG_SENT 0
730 #define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
731 #define SITA_FRAME_DIR_RXED (0x01)
732 #define SITA_FRAME_DIR (0x01) /* mask */
733 #define SITA_ERROR_NO_BUFFER (0x80)
735 #define SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */
736 #define SITA_SIG_DTR (0x02)
737 #define SITA_SIG_CTS (0x04)
738 #define SITA_SIG_RTS (0x08)
739 #define SITA_SIG_DCD (0x10)
740 #define SITA_SIG_UNDEF1 (0x20)
741 #define SITA_SIG_UNDEF2 (0x40)
742 #define SITA_SIG_UNDEF3 (0x80)
744 #define SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */
745 #define SITA_ERROR_TX_CTS_LOST (0x02)
746 #define SITA_ERROR_TX_UART_ERROR (0x04)
747 #define SITA_ERROR_TX_RETX_LIMIT (0x08)
748 #define SITA_ERROR_TX_UNDEF1 (0x10)
749 #define SITA_ERROR_TX_UNDEF2 (0x20)
750 #define SITA_ERROR_TX_UNDEF3 (0x40)
751 #define SITA_ERROR_TX_UNDEF4 (0x80)
753 #define SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */
754 #define SITA_ERROR_RX_PARITY (0x02)
755 #define SITA_ERROR_RX_COLLISION (0x04)
756 #define SITA_ERROR_RX_FRAME_LONG (0x08)
757 #define SITA_ERROR_RX_FRAME_SHORT (0x10)
758 #define SITA_ERROR_RX_UNDEF1 (0x20)
759 #define SITA_ERROR_RX_UNDEF2 (0x40)
760 #define SITA_ERROR_RX_UNDEF3 (0x80)
762 #define SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */
763 #define SITA_ERROR_RX_ABORT (0x02)
764 #define SITA_ERROR_RX_CD_LOST (0x04)
765 #define SITA_ERROR_RX_DPLL (0x08)
766 #define SITA_ERROR_RX_OVERRUN (0x10)
767 #define SITA_ERROR_RX_FRAME_LEN_VIOL (0x20)
768 #define SITA_ERROR_RX_CRC (0x40)
769 #define SITA_ERROR_RX_BREAK (0x80)
771 #define SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */
772 #define SITA_PROTO_BOP_LAPB (0x01)
773 #define SITA_PROTO_ETHERNET (0x02)
774 #define SITA_PROTO_ASYNC_INTIO (0x03)
775 #define SITA_PROTO_ASYNC_BLKIO (0x04)
776 #define SITA_PROTO_ALC (0x05)
777 #define SITA_PROTO_UTS (0x06)
778 #define SITA_PROTO_PPP_HDLC (0x07)
779 #define SITA_PROTO_SDLC (0x08)
780 #define SITA_PROTO_TOKENRING (0x09)
781 #define SITA_PROTO_I2C (0x10)
782 #define SITA_PROTO_DPM_LINK (0x11)
783 #define SITA_PROTO_BOP_FRL (0x12)
793 /*pseudo header for Bluetooth HCI*/
799 #define BTHCI_CHANNEL_COMMAND 1
800 #define BTHCI_CHANNEL_ACL 2
801 #define BTHCI_CHANNEL_SCO 3
802 #define BTHCI_CHANNEL_EVENT 4
804 /* pseudo header for WTAP_ENCAP_LAYER1_EVENT */
805 struct l1event_phdr {
809 /* * I2C pseudo header */
816 /* pseudo header for WTAP_ENCAP_GSM_UM */
820 /* The following are only populated for downlink */
828 #define GSM_UM_CHANNEL_UNKNOWN 0
829 #define GSM_UM_CHANNEL_BCCH 1
830 #define GSM_UM_CHANNEL_SDCCH 2
831 #define GSM_UM_CHANNEL_SACCH 3
832 #define GSM_UM_CHANNEL_FACCH 4
833 #define GSM_UM_CHANNEL_CCCH 5
834 #define GSM_UM_CHANNEL_RACH 6
835 #define GSM_UM_CHANNEL_AGCH 7
836 #define GSM_UM_CHANNEL_PCH 8
838 union wtap_pseudo_header {
841 struct isdn_phdr isdn;
843 struct ascend_phdr ascend;
845 struct ieee_802_11_phdr ieee_802_11;
846 struct cosine_phdr cosine;
847 struct irda_phdr irda;
848 struct nettl_phdr nettl;
849 struct mtp2_phdr mtp2;
851 struct lapd_phdr lapd;
852 struct catapult_dct2000_phdr dct2000;
853 struct erf_mc_phdr erf;
854 struct sita_phdr sita;
855 struct bthci_phdr bthci;
856 struct l1event_phdr l1event;
858 struct gsm_um_phdr gsm_um;
859 struct nstr_phdr nstr;
860 struct nokia_phdr nokia;
861 struct llcp_phdr llcp;
870 guint32 presence_flags; /* what stuff do we have? */
871 struct wtap_nstime ts;
872 guint32 caplen; /* data length in the file */
873 guint32 len; /* data length on the wire */
875 /* pcapng variables */
876 guint32 interface_id; /* identifier of the interface. */
878 gchar *opt_comment; /* NULL if not available */
879 guint64 drop_count; /* number of packets lost (by the interface and the
880 operating system) between this packet and the preceding one. */
881 guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
883 union wtap_pseudo_header pseudo_header;
887 * Bits in presence_flags, indicating which of the fields we have.
889 * For the time stamp, we may need some more flags to indicate
890 * whether the time stamp is an absolute date-and-time stamp, an
891 * absolute time-only stamp (which can make relative time
892 * calculations tricky, as you could in theory have two time
893 * stamps separated by an unknown number of days), or a time stamp
894 * relative to some unspecified time in the past (see mpeg.c).
896 * There is no presence flag for len - there has to be *some* length
897 * value for the packet. (The "captured length" can be missing if
898 * the file format doesn't report a captured length distinct from
899 * the on-the-network length because the application(s) producing those
900 * files don't support slicing packets.)
902 * There could be a presence flag for the packet encapsulation - if it's
903 * absent, use the file encapsulation - but it's not clear that's useful;
904 * we currently do that in the module for the file format.
906 #define WTAP_HAS_TS 0x00000001 /**< time stamp */
907 #define WTAP_HAS_CAP_LEN 0x00000002 /**< captured length separate from on-the-network length */
908 #define WTAP_HAS_INTERFACE_ID 0x00000004 /**< interface ID */
909 #define WTAP_HAS_COMMENTS 0x00000008 /**< comments */
910 #define WTAP_HAS_DROP_COUNT 0x00000010 /**< drop count */
911 #define WTAP_HAS_PACK_FLAGS 0x00000020 /**< packet flags */
914 * Holds the option strings from pcapng:s Section Header block(SHB).
916 typedef struct wtapng_section_s {
918 guint64 section_length; /**< 64-bit value specifying the length in bytes of the
920 * Section Length equal -1 (0xFFFFFFFFFFFFFFFF) means
921 * that the size of the section is not specified
924 gchar *opt_comment; /**< NULL if not available */
925 gchar *shb_hardware; /**< NULL if not available
926 * UTF-8 string containing the description of the
927 * hardware used to create this section.
929 gchar *shb_os; /**< NULL if not available, UTF-8 string containing the
930 * name of the operating system used to create this section.
932 const gchar *shb_user_appl; /**< NULL if not available, UTF-8 string containing the
933 * name of the application used to create this section.
938 /** struct holding the information to build IDB:s
939 * the interface_data array holds an array of wtapng_if_descr_t
942 typedef struct wtapng_iface_descriptions_s {
943 guint number_of_interfaces;
944 GArray *interface_data;
945 } wtapng_iface_descriptions_t;
947 /* Interface Description
951 * if_name 2 A UTF-8 string containing the name of the device used to capture data.
952 * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
954 * if_description 3 A UTF-8 string containing the description of the device used
955 * to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
957 * if_IPv4addr 4 Interface network address and netmask. This option can be
958 * repeated multiple times within the same Interface Description Block
959 * when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
961 * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte).
962 * This option can be repeated multiple times within the same Interface
963 * Description Block when multiple IPv6 addresses are assigned to the interface.
964 * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
965 * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
967 * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
969 * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
971 * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
973 * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero,
974 * the remaining bits indicates the resolution of the timestamp as as a
975 * negative power of 10 (e.g. 6 means microsecond resolution, timestamps
976 * are the number of microseconds since 1/1/1970). If the Most Significant Bit
977 * is equal to one, the remaining bits indicates the resolution has a
978 * negative power of 2 (e.g. 10 means 1/1024 of second).
979 * If this option is not present, a resolution of 10^-6 is assumed
980 * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
982 * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
984 * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
985 * The first byte of the Option Data keeps a code of the filter used
986 * (e.g. if this is a libpcap string, or BPF bytecode, and more).
987 * More details about this format will be presented in Appendix XXX (TODO).
988 * (TODO: better use different options for different fields?
989 * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
991 * if_os 12 A UTF-8 string containing the name of the operating system of the
992 * machine in which this interface is installed.
993 * This can be different from the same information that can be
994 * contained by the Section Header Block
995 * (Section 3.1 (Section Header Block (mandatory))) because
996 * the capture can have been done on a remote machine.
997 * "Windows XP SP2" / "openSUSE 10.2" / ...
999 * if_fcslen 13 An integer value that specified the length of the
1000 * Frame Check Sequence (in bits) for this interface.
1001 * For link layers whose FCS length can change during time,
1002 * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
1004 * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds)
1005 * that must be added to the timestamp of each packet to obtain
1006 * the absolute timestamp of a packet. If the option is missing,
1007 * the timestamps stored in the packet must be considered absolute
1008 * timestamps. The time zone of the offset can be specified with the
1009 * option if_tzone. TODO: won't a if_tsoffset_low for fractional
1010 * second offsets be useful for highly syncronized capture systems? 1234
1013 * Interface description data
1015 typedef struct wtapng_if_descr_s {
1016 int wtap_encap; /**< link_type translated to wtap_encap */
1017 guint64 time_units_per_second;
1024 gchar *opt_comment; /**< NULL if not available */
1025 gchar *if_name; /**< NULL if not available
1027 * A UTF-8 string containing the name of the
1028 * device used to capture data.
1030 gchar *if_description; /**< NULL if not available
1032 * A UTF-8 string containing the description
1033 * of the device used to capture data.
1036 /* XXX: if_IPv4addr opt 4 Interface network address and netmask. */
1037 /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
1038 /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits). */
1039 /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits) */
1041 guint64 if_speed; /**< 0xFFFFFFFF if unknown
1043 * Interface speed (in bps). 100000000 for 100Mbps
1045 guint8 if_tsresol; /**< default is 6 for microsecond resolution
1047 * Resolution of timestamps.
1048 * If the Most Significant Bit is equal to zero,
1049 * the remaining bits indicates the resolution of the
1050 * timestamp as as a negative power of 10
1053 /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
1055 gchar *if_filter_str; /**< NULL if not available
1056 * opt 11 libpcap string.
1058 guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
1059 gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
1060 gchar *if_os; /**< NULL if not available
1061 * 12 A UTF-8 string containing the name of the
1062 * operating system of the machine in which this
1063 * interface is installed.
1065 gint8 if_fcslen; /**< -1 if unknown or changes between packets,
1067 * An integer value that specified the length of
1068 * the Frame Check Sequence (in bits) for this interface. */
1069 /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
1070 guint8 num_stat_entries;
1071 GArray *interface_statistics; /**< An array holding the interface statistics from
1072 * pcapng ISB:s or equivalent(?)*/
1073 } wtapng_if_descr_t;
1077 * Interface Statistics. pcap-ng Interface Statistics Block (ISB).
1079 typedef struct wtapng_if_stats_s {
1081 guint32 interface_id;
1085 gchar *opt_comment; /**< NULL if not available */
1086 guint64 isb_starttime;
1087 guint64 isb_endtime;
1090 guint64 isb_filteraccept;
1092 guint64 isb_usrdeliv;
1093 } wtapng_if_stats_t;
1097 typedef struct wtap wtap;
1098 typedef struct wtap_dumper wtap_dumper;
1100 typedef struct wtap_reader *FILE_T;
1103 * Types of comments.
1105 #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
1106 #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
1107 #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
1109 struct file_type_info {
1110 /* the file type name */
1111 /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
1114 /* the file type short name, used as a shortcut for the command line tools */
1115 /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
1116 const char *short_name;
1118 /* the default file extension, used to save this type */
1119 /* should be NULL if no default extension is known */
1120 const char *default_file_extension;
1122 /* a semicolon-separated list of additional file extensions */
1123 /* used for this type */
1124 /* should be NULL if no extensions, or no extensions other */
1125 /* than the default extension, are known */
1126 const char *additional_file_extensions;
1128 /* when writing this file format, is seeking required? */
1129 gboolean writing_must_seek;
1131 /* does this type support name resolution records? */
1132 /* should be FALSE is this file type doesn't support name resolution records */
1133 gboolean has_name_resolution;
1135 /* what types of comment does this file support? */
1136 guint32 supported_comment_types;
1138 /* can this type write this encapsulation format? */
1139 /* should be NULL is this file type doesn't have write support */
1140 int (*can_write_encap)(int);
1142 /* the function to open the capture file for writing */
1143 /* should be NULL is this file type don't have write support */
1144 int (*dump_open)(wtap_dumper *, int *);
1148 typedef int (*wtap_open_routine_t)(struct wtap*, int *, char **);
1151 /** On failure, "wtap_open_offline()" returns NULL, and puts into the
1152 * "int" pointed to by its second argument:
1154 * @param filename Name of the file to open
1155 * @param err a positive "errno" value if the capture file can't be opened;
1156 * a negative number, indicating the type of error, on other failures.
1157 * @param err_info for some errors, a string giving more details of
1159 * @param do_random TRUE if random access to the file will be done,
1163 struct wtap* wtap_open_offline(const char *filename, int *err,
1164 gchar **err_info, gboolean do_random);
1167 * If we were compiled with zlib and we're at EOF, unset EOF so that
1168 * wtap_read/gzread has a chance to succeed. This is necessary if
1169 * we're tailing a file.
1172 void wtap_cleareof(wtap *wth);
1175 * Set callback functions to add new hostnames. Currently pcapng-only.
1176 * MUST match add_ipv4_name and add_ipv6_name in addr_resolv.c.
1178 typedef void (*wtap_new_ipv4_callback_t) (const guint addr, const gchar *name);
1180 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
1182 typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const gchar *name);
1184 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
1186 /** Returns TRUE if read was successful. FALSE if failure. data_offset is
1187 * set to the offset in the file where the data for the read packet is
1190 gboolean wtap_read(wtap *wth, int *err, gchar **err_info,
1191 gint64 *data_offset);
1194 gboolean wtap_seek_read (wtap *wth, gint64 seek_off,
1195 struct wtap_pkthdr *phdr, Buffer *buf, int len,
1196 int *err, gchar **err_info);
1198 /*** get various information snippets about the current packet ***/
1200 struct wtap_pkthdr *wtap_phdr(wtap *wth);
1202 guint8 *wtap_buf_ptr(wtap *wth);
1204 /*** get various information snippets about the current file ***/
1206 /** Return an approximation of the amount of data we've read sequentially
1207 * from the file so far. */
1209 gint64 wtap_read_so_far(wtap *wth);
1211 gint64 wtap_file_size(wtap *wth, int *err);
1213 gboolean wtap_iscompressed(wtap *wth);
1215 guint wtap_snapshot_length(wtap *wth); /* per file */
1217 int wtap_file_type(wtap *wth);
1219 int wtap_file_encap(wtap *wth);
1221 int wtap_file_tsprecision(wtap *wth);
1223 wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
1225 wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
1227 void wtap_write_shb_comment(wtap *wth, gchar *comment);
1229 /*** close the file descriptors for the current file ***/
1231 void wtap_fdclose(wtap *wth);
1233 /*** reopen the random file descriptor for the current file ***/
1235 gboolean wtap_fdreopen(wtap *wth, const char *filename, int *err);
1237 /*** close the current file ***/
1239 void wtap_sequential_close(wtap *wth);
1241 void wtap_close(wtap *wth);
1243 /*** dump packets into a capture file ***/
1245 gboolean wtap_dump_can_open(int filetype);
1248 * Given a GArray of WTAP_ENCAP_ types, return the per-file encapsulation
1249 * type that would be needed to write out a file with those types.
1252 int wtap_dump_file_encap_type(const GArray *file_encaps);
1255 * Return TRUE if we can write this capture file format out in
1256 * compressed form, FALSE if not.
1259 gboolean wtap_dump_can_compress(int filetype);
1262 * Return TRUE if this capture file format supports storing name
1263 * resolution information in it, FALSE if not.
1266 gboolean wtap_dump_has_name_resolution(int filetype);
1269 * Return TRUE if this capture file format supports all the comment
1270 * types specified, FALSE if not.
1273 gboolean wtap_dump_supports_comment_types(int filetype, guint32 comment_types);
1276 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
1277 int snaplen, gboolean compressed, int *err);
1280 wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
1281 int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
1284 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
1285 gboolean compressed, int *err);
1288 wtap_dumper* wtap_dump_fdopen_ng(int fd, int filetype, int encap, int snaplen,
1289 gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
1293 gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const guint8 *, int *err);
1295 void wtap_dump_flush(wtap_dumper *);
1297 gint64 wtap_get_bytes_dumped(wtap_dumper *);
1299 void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped);
1302 gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, struct addrinfo *addrinfo_list);
1304 gboolean wtap_dump_close(wtap_dumper *, int *);
1307 * Return TRUE if we can write a file out with the given GArray of file
1308 * encapsulations and the given bitmask of comment types.
1311 gboolean wtap_dump_can_write(const GArray *file_encaps, guint32 required_comment_types);
1314 * Get a GArray of WTAP_FILE_ values for file types that can be used
1315 * to save a file of a given type with a given GArray of WTAP_ENCAP_
1316 * types and the given bitmask of comment types.
1319 GArray *wtap_get_savable_file_types(int file_type, const GArray *file_encaps,
1320 guint32 required_comment_types);
1322 /*** various string converter functions ***/
1324 const char *wtap_file_type_string(int filetype);
1326 const char *wtap_file_type_short_string(int filetype);
1328 int wtap_short_string_to_file_type(const char *short_name);
1330 /*** various file extension functions ***/
1332 const char *wtap_default_file_extension(int filetype);
1334 GSList *wtap_get_file_extensions_list(int filetype, gboolean include_compressed);
1336 void wtap_free_file_extensions_list(GSList *extensions);
1339 const char *wtap_encap_string(int encap);
1341 const char *wtap_encap_short_string(int encap);
1343 int wtap_short_string_to_encap(const char *short_name);
1346 const char *wtap_strerror(int err);
1348 /*** get available number of file types and encapsulations ***/
1350 int wtap_get_num_encap_types(void);
1352 int wtap_get_num_file_types(void);
1354 /*** dynamically register new file types and encapsulations ***/
1356 void wtap_register_open_routine(wtap_open_routine_t, gboolean has_magic);
1358 int wtap_register_file_type(const struct file_type_info* fi);
1360 int wtap_register_encap_type(const char* name, const char* short_name);
1364 * Wiretap error codes.
1366 #define WTAP_ERR_NOT_REGULAR_FILE -1
1367 /** The file being opened for reading isn't a plain file (or pipe) */
1369 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
1370 /** The file is being opened for random access and it's a pipe */
1372 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
1373 /** The file being opened is not a capture file in a known format */
1375 #define WTAP_ERR_UNSUPPORTED -4
1376 /** Supported file type, but there's something in the file we
1379 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
1380 /** Wiretap can't save to a pipe in the specified format */
1382 #define WTAP_ERR_CANT_OPEN -6
1383 /** The file couldn't be opened, reason unknown */
1385 #define WTAP_ERR_UNSUPPORTED_FILE_TYPE -7
1386 /** Wiretap can't save files in the specified format */
1388 #define WTAP_ERR_UNSUPPORTED_ENCAP -8
1389 /** Wiretap can't read or save files in the specified format with the
1390 specified encapsulation */
1392 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
1393 /** The specified format doesn't support per-packet encapsulations */
1395 #define WTAP_ERR_CANT_CLOSE -10
1396 /** The file couldn't be closed, reason unknown */
1398 #define WTAP_ERR_CANT_READ -11
1399 /** An attempt to read failed, reason unknown */
1401 #define WTAP_ERR_SHORT_READ -12
1402 /** An attempt to read read less data than it should have */
1404 #define WTAP_ERR_BAD_FILE -13
1405 /** The file appears to be damaged or corrupted or otherwise bogus */
1407 #define WTAP_ERR_SHORT_WRITE -14
1408 /** An attempt to write wrote less data than it should have */
1410 #define WTAP_ERR_UNC_TRUNCATED -15
1411 /** Sniffer compressed data was oddly truncated */
1413 #define WTAP_ERR_UNC_OVERFLOW -16
1414 /** Uncompressing Sniffer data would overflow buffer */
1416 #define WTAP_ERR_UNC_BAD_OFFSET -17
1417 /** LZ77 compressed data has bad offset to string */
1419 #define WTAP_ERR_RANDOM_OPEN_STDIN -18
1420 /** We're trying to open the standard input for random access */
1422 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -19
1423 /* The filetype doesn't support output compression */
1425 #define WTAP_ERR_CANT_SEEK -20
1426 /** An attempt to seek failed, reason unknown */
1428 #define WTAP_ERR_CANT_SEEK_COMPRESSED -21
1429 /** An attempt to seek on a compressed stream */
1431 #define WTAP_ERR_DECOMPRESS -22
1432 /** Error decompressing */
1434 #define WTAP_ERR_INTERNAL -23
1435 /** "Shouldn't happen" internal errors */
1439 #endif /* __cplusplus */
1441 #endif /* __WTAP_H__ */
1444 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1449 * indent-tabs-mode: nil
1452 * vi: set shiftwidth=4 tabstop=8 expandtab:
1453 * :indentSize=4:tabSize=8:noTabs=true: