#include <time.h>
#include <wsutil/buffer.h>
#include <wsutil/nstime.h>
+#include "wtap_opttypes.h"
#include "ws_symbol_export.h"
#ifdef __cplusplus
#define WTAP_ENCAP_CATAPULT_DCT2000 89
#define WTAP_ENCAP_BER 90
#define WTAP_ENCAP_JUNIPER_VP 91
-#define WTAP_ENCAP_USB 92
+#define WTAP_ENCAP_USB_FREEBSD 92
#define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
#define WTAP_ENCAP_NETTL_RAW_TELNET 94
#define WTAP_ENCAP_USB_LINUX 95
#define WTAP_ENCAP_MIME 134
#define WTAP_ENCAP_NETANALYZER 135
#define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
-#define WTAP_ENCAP_IP_OVER_IB 137
+#define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
#define WTAP_ENCAP_MPEG_2_TS 138
#define WTAP_ENCAP_PPP_ETHER 139
#define WTAP_ENCAP_NFC_LLCP 140
#define WTAP_ENCAP_V5_EF 142
#define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
#define WTAP_ENCAP_IXVERIWAVE 144
-#define WTAP_ENCAP_IEEE_802_11_AIROPEEK 145
-#define WTAP_ENCAP_SDH 146
-#define WTAP_ENCAP_DBUS 147
-#define WTAP_ENCAP_AX25_KISS 148
-#define WTAP_ENCAP_AX25 149
-#define WTAP_ENCAP_SCTP 150
-#define WTAP_ENCAP_INFINIBAND 151
-#define WTAP_ENCAP_JUNIPER_SVCS 152
-#define WTAP_ENCAP_USBPCAP 153
-#define WTAP_ENCAP_RTAC_SERIAL 154
-#define WTAP_ENCAP_BLUETOOTH_LE_LL 155
-#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 156
-#define WTAP_ENCAP_STANAG_4607 157
-#define WTAP_ENCAP_STANAG_5066_D_PDU 158
-#define WTAP_ENCAP_NETLINK 159
-#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 160
-#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 161
-#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 162
-#define WTAP_ENCAP_NSTRACE_3_0 163
-#define WTAP_ENCAP_LOGCAT 164
-#define WTAP_ENCAP_LOGCAT_BRIEF 165
-#define WTAP_ENCAP_LOGCAT_PROCESS 166
-#define WTAP_ENCAP_LOGCAT_TAG 167
-#define WTAP_ENCAP_LOGCAT_THREAD 168
-#define WTAP_ENCAP_LOGCAT_TIME 169
-#define WTAP_ENCAP_LOGCAT_THREADTIME 170
-#define WTAP_ENCAP_LOGCAT_LONG 171
-#define WTAP_ENCAP_PKTAP 172
-#define WTAP_ENCAP_EPON 173
-#define WTAP_ENCAP_IPMI_TRACE 174
-#define WTAP_ENCAP_LOOP 175
-#define WTAP_ENCAP_JSON 176
-#define WTAP_ENCAP_NSTRACE_3_5 177
+#define WTAP_ENCAP_SDH 145
+#define WTAP_ENCAP_DBUS 146
+#define WTAP_ENCAP_AX25_KISS 147
+#define WTAP_ENCAP_AX25 148
+#define WTAP_ENCAP_SCTP 149
+#define WTAP_ENCAP_INFINIBAND 150
+#define WTAP_ENCAP_JUNIPER_SVCS 151
+#define WTAP_ENCAP_USBPCAP 152
+#define WTAP_ENCAP_RTAC_SERIAL 153
+#define WTAP_ENCAP_BLUETOOTH_LE_LL 154
+#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
+#define WTAP_ENCAP_STANAG_4607 156
+#define WTAP_ENCAP_STANAG_5066_D_PDU 157
+#define WTAP_ENCAP_NETLINK 158
+#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
+#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
+#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
+#define WTAP_ENCAP_NSTRACE_3_0 162
+#define WTAP_ENCAP_LOGCAT 163
+#define WTAP_ENCAP_LOGCAT_BRIEF 164
+#define WTAP_ENCAP_LOGCAT_PROCESS 165
+#define WTAP_ENCAP_LOGCAT_TAG 166
+#define WTAP_ENCAP_LOGCAT_THREAD 167
+#define WTAP_ENCAP_LOGCAT_TIME 168
+#define WTAP_ENCAP_LOGCAT_THREADTIME 169
+#define WTAP_ENCAP_LOGCAT_LONG 170
+#define WTAP_ENCAP_PKTAP 171
+#define WTAP_ENCAP_EPON 172
+#define WTAP_ENCAP_IPMI_TRACE 173
+#define WTAP_ENCAP_LOOP 174
+#define WTAP_ENCAP_JSON 175
+#define WTAP_ENCAP_NSTRACE_3_5 176
+#define WTAP_ENCAP_ISO14443 177
+#define WTAP_ENCAP_GFP_T 178
+#define WTAP_ENCAP_GFP_F 179
+#define WTAP_ENCAP_IP_OVER_IB_PCAP 180
/* After adding new item here, please also add new item to encap_table_base array */
#define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
#define WTAP_FILE_TYPE_SUBTYPE_JSON 77
#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 78
#define WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 79
+#define WTAP_FILE_TYPE_SUBTYPE_MPLOG 80
#define WTAP_NUM_FILE_TYPES_SUBTYPES wtap_get_num_file_types_subtypes()
#define PHDR_802_11_PHY_11G 6 /* 802.11g */
#define PHDR_802_11_PHY_11N 7 /* 802.11n */
#define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
+#define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
/*
* PHY-specific information.
* 802.11 legacy FHSS.
*/
struct ieee_802_11_fhss {
- guint32 presence_flags; /* Which of this information is present? */
+ guint has_hop_set:1;
+ guint has_hop_pattern:1;
+ guint has_hop_index:1;
+
guint8 hop_set; /* Hop set */
guint8 hop_pattern; /* Hop pattern */
guint8 hop_index; /* Hop index */
};
-/*
- * Presence flags.
- */
-#define PHDR_802_11_FHSS_HAS_HOP_SET 0x0000001
-#define PHDR_802_11_FHSS_HAS_HOP_PATTERN 0x0000002
-#define PHDR_802_11_FHSS_HAS_HOP_INDEX 0x0000004
-
/*
* 802.11b.
*/
struct ieee_802_11b {
- guint32 presence_flags; /* Which of this information is present? */
+ /* Which of this information is present? */
+ guint has_short_preamble:1;
+
gboolean short_preamble; /* Short preamble */
};
-/*
- * Presence flags.
- */
-#define PHDR_802_11B_HAS_SHORT_PREAMBLE 0x0000001 /* Short preamble */
-
/*
* 802.11a.
*/
struct ieee_802_11a {
- guint32 presence_flags; /* Which of this information is present? */
+ /* Which of this information is present? */
+ guint has_channel_type:1;
+ guint has_turbo_type:1;
+
guint channel_type:2;
guint turbo_type:2;
};
-/*
- * Presence flags.
- */
-#define PHDR_802_11A_HAS_CHANNEL_TYPE 0x0000001 /* Normal, half-clocked, quarter-clocked */
-#define PHDR_802_11A_HAS_TURBO_TYPE 0x0000002 /* Normal, turbo, "static turbo" */
-
/*
* Channel type values.
*/
* 802.11g.
*/
struct ieee_802_11g {
- guint32 presence_flags; /* Which of this information is present? */
+ /* Which of this information is present? */
+ guint has_short_preamble:1;
+ guint has_mode:1;
+
gboolean short_preamble; /* Short preamble */
guint32 mode; /* Various proprietary extensions */
};
-/*
- * Presence flags.
- */
-#define PHDR_802_11G_HAS_SHORT_PREAMBLE 0x0000001 /* Short preamble */
-#define PHDR_802_11G_HAS_MODE 0x0000002 /* Proprietary extensions */
-
/*
* Mode values.
*/
* 802.11n.
*/
struct ieee_802_11n {
- guint32 presence_flags; /* Which of this information is present? */
+ /* Which of this information is present? */
+ guint has_mcs_index:1;
+ guint has_bandwidth:1;
+ guint has_short_gi:1;
+ guint has_greenfield:1;
+ guint has_fec:1;
+ guint has_stbc_streams:1;
+ guint has_ness:1;
+
guint16 mcs_index; /* MCS index */
guint bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
guint short_gi:1; /* True for short guard interval */
guint ness; /* Number of extension spatial streams */
};
-/*
- * Presence flags.
- */
-#define PHDR_802_11N_HAS_MCS_INDEX 0x00000001 /* mcs */
-#define PHDR_802_11N_HAS_BANDWIDTH 0x00000002 /* bandwidth */
-#define PHDR_802_11N_HAS_SHORT_GI 0x00000004 /* short_gi */
-#define PHDR_802_11N_HAS_GREENFIELD 0x00000008 /* greenfield */
-#define PHDR_802_11N_HAS_FEC 0x00000010 /* fec */
-#define PHDR_802_11N_HAS_STBC_STREAMS 0x00000020 /* stbc_streams */
-#define PHDR_802_11N_HAS_NESS 0x00000040 /* ness */
-
/*
* Bandwidth values; used for both 11n and 11ac.
*/
* 802.11ac.
*/
struct ieee_802_11ac {
- guint32 presence_flags; /* Which of this information is present? */
+ /* Which of this information is present? */
+ guint has_stbc:1;
+ guint has_txop_ps_not_allowed:1;
+ guint has_short_gi:1;
+ guint has_short_gi_nsym_disambig:1;
+ guint has_ldpc_extra_ofdm_symbol:1;
+ guint has_beamformed:1;
+ guint has_bandwidth:1;
+ guint has_fec:1;
+ guint has_group_id:1;
+ guint has_partial_aid:1;
+
guint stbc:1; /* 1 if all spatial streams have STBC */
guint txop_ps_not_allowed:1;
guint short_gi:1; /* True for short guard interval */
};
/*
- * Presence flags.
- */
-#define PHDR_802_11AC_HAS_STBC 0x00000001 /* stbc */
-#define PHDR_802_11AC_HAS_TXOP_PS_NOT_ALLOWED 0x00000002 /* txop_ps_not_allowed */
-#define PHDR_802_11AC_HAS_SHORT_GI 0x00000004 /* short_gi */
-#define PHDR_802_11AC_HAS_SHORT_GI_NSYM_DISAMBIG 0x00000008 /* short_gi_nsym_disambig */
-#define PHDR_802_11AC_HAS_LDPC_EXTRA_OFDM_SYMBOL 0x00000010 /* ldpc_extra_ofdm_symbol */
-#define PHDR_802_11AC_HAS_BEAMFORMED 0x00000020 /* beamformed */
-#define PHDR_802_11AC_HAS_BANDWIDTH 0x00000040 /* bandwidth */
-#define PHDR_802_11AC_HAS_FEC 0x00000080 /* fec */
-#define PHDR_802_11AC_HAS_GROUP_ID 0x00000100 /* group_id */
-#define PHDR_802_11AC_HAS_PARTIAL_AID 0x00000200 /* partial_aid */
+ * 802.11ad.
+ */
+
+/*
+ * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
+ */
+
+#define PHDR_802_11AD_MIN_FREQUENCY 57000
+#define PHDR_802_11AD_MAX_FREQUENCY 66000
+
+#define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
+ ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
+
+struct ieee_802_11ad {
+ /* Which of this information is present? */
+ guint has_mcs_index:1;
+
+ guint8 mcs; /* MCS index */
+};
struct ieee_802_11_phdr {
gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
struct ieee_802_11g info_11g;
struct ieee_802_11n info_11n;
struct ieee_802_11ac info_11ac;
+ struct ieee_802_11ad info_11ad;
} phy_info;
- guint32 presence_flags; /* Flags indicating presence of fields below */
+
+ /* Which of this information is present? */
+ guint has_channel:1;
+ guint has_frequency:1;
+ guint has_data_rate:1;
+ guint has_signal_percent:1;
+ guint has_noise_percent:1;
+ guint has_signal_dbm:1;
+ guint has_noise_dbm:1;
+ guint has_tsf_timestamp:1;
+ guint has_aggregate_info:1; /* aggregate flags and ID */
+
guint16 channel; /* Channel number */
guint32 frequency; /* Channel center frequency */
guint16 data_rate; /* Data rate, in .5 Mb/s units */
gint8 signal_dbm; /* Signal level, in dBm */
gint8 noise_dbm; /* Noise level, in dBm */
guint64 tsf_timestamp;
+ guint32 aggregate_flags; /* A-MPDU flags */
+ guint32 aggregate_id; /* ID for A-MPDU reassembly */
};
/*
- * Presence bits for non-PHY-specific data.
+ * A-MPDU flags.
*/
-#define PHDR_802_11_HAS_CHANNEL 0x00000001 /* channel */
-#define PHDR_802_11_HAS_FREQUENCY 0x00000002 /* frequency */
-#define PHDR_802_11_HAS_DATA_RATE 0x00000004 /* data_rate */
-#define PHDR_802_11_HAS_SIGNAL_PERCENT 0x00000008 /* signal_percent */
-#define PHDR_802_11_HAS_NOISE_PERCENT 0x00000010 /* noise_percent */
-#define PHDR_802_11_HAS_SIGNAL_DBM 0x00000020 /* signal_dbm */
-#define PHDR_802_11_HAS_NOISE_DBM 0x00000040 /* noise_dbm */
-#define PHDR_802_11_HAS_TSF_TIMESTAMP 0x00000080 /* tsf_timestamp */
+#define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
+#define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
/* Packet "pseudo-header" for the output from CoSine L2 debug output. */
#define MAX_ERF_EHDR 8
+struct wtap_erf_eth_hdr {
+ guint8 offset;
+ guint8 pad;
+};
+
struct erf_mc_phdr {
struct erf_phdr phdr;
struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
union
{
- guint16 eth_hdr;
+ struct wtap_erf_eth_hdr eth_hdr;
guint32 mc_hdr;
+ guint32 aal2_hdr;
} subhdr;
};
gint version;
};
+/* Packet "pseudo-header" information for Sysdig events. */
+
+struct sysdig_event_phdr {
+ guint record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
+ int byte_order;
+ guint16 cpu_id;
+ /* guint32 sentinel; */
+ guint64 timestamp; /* ns since epoch */
+ guint64 thread_id;
+ guint32 event_len; /* XXX dup of wtap_pkthdr.len */
+ guint16 event_type;
+ /* ... Event ... */
+};
+
/* Pseudo-header for file-type-specific records */
struct ft_specific_record_phdr {
guint record_type; /* the type of record this is */
struct nokia_phdr nokia;
struct llcp_phdr llcp;
struct logcat_phdr logcat;
+ struct sysdig_event_phdr sysdig_event;
struct ft_specific_record_phdr ftsrec;
};
#define WTAP_HAS_PACK_FLAGS 0x00000020 /**< packet flags */
/**
- * Holds the option strings from pcapng:s Section Header block(SHB).
+ * Holds the required data from pcapng:s Section Header block(SHB).
*/
-typedef struct wtapng_section_s {
- /* mandatory */
+typedef struct wtapng_section_mandatory_s {
guint64 section_length; /**< 64-bit value specifying the length in bytes of the
* following section.
* Section Length equal -1 (0xFFFFFFFFFFFFFFFF) means
* be invalid if anything changes, such as the other
* members of this struct, or the packets written.
*/
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *shb_hardware; /**< NULL if not available
- * UTF-8 string containing the description of the
- * hardware used to create this section.
- */
- gchar *shb_os; /**< NULL if not available, UTF-8 string containing the
- * name of the operating system used to create this section.
- */
- gchar *shb_user_appl; /**< NULL if not available, UTF-8 string containing the
- * name of the application used to create this section.
- */
-} wtapng_section_t;
-
+} wtapng_mandatory_section_t;
/** struct holding the information to build IDB:s
- * the interface_data array holds an array of wtapng_if_descr_t
- * one per interface.
+ * the interface_data array holds an array of wtap_optionblock_t
+ * represending IDB of one per interface.
*/
typedef struct wtapng_iface_descriptions_s {
GArray *interface_data;
} wtapng_iface_descriptions_t;
-/* Interface Description
- *
- * Options:
- *
- * if_name 2 A UTF-8 string containing the name of the device used to capture data.
- * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
- *
- * if_description 3 A UTF-8 string containing the description of the device used
- * to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
- *
- * if_IPv4addr 4 Interface network address and netmask. This option can be
- * repeated multiple times within the same Interface Description Block
- * when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
- *
- * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte).
- * This option can be repeated multiple times within the same Interface
- * Description Block when multiple IPv6 addresses are assigned to the interface.
- * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
- * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
- *
- * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
- *
- * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
- *
- * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
- *
- * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero,
- * the remaining bits indicates the resolution of the timestamp as as a
- * negative power of 10 (e.g. 6 means microsecond resolution, timestamps
- * are the number of microseconds since 1/1/1970). If the Most Significant Bit
- * is equal to one, the remaining bits indicates the resolution has a
- * negative power of 2 (e.g. 10 means 1/1024 of second).
- * If this option is not present, a resolution of 10^-6 is assumed
- * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
- *
- * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
- *
- * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
- * The first byte of the Option Data keeps a code of the filter used
- * (e.g. if this is a libpcap string, or BPF bytecode, and more).
- * More details about this format will be presented in Appendix XXX (TODO).
- * (TODO: better use different options for different fields?
- * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
- *
- * if_os 12 A UTF-8 string containing the name of the operating system of the
- * machine in which this interface is installed.
- * This can be different from the same information that can be
- * contained by the Section Header Block
- * (Section 3.1 (Section Header Block (mandatory))) because
- * the capture can have been done on a remote machine.
- * "Windows XP SP2" / "openSUSE 10.2" / ...
- *
- * if_fcslen 13 An integer value that specified the length of the
- * Frame Check Sequence (in bits) for this interface.
- * For link layers whose FCS length can change during time,
- * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
- *
- * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds)
- * that must be added to the timestamp of each packet to obtain
- * the absolute timestamp of a packet. If the option is missing,
- * the timestamps stored in the packet must be considered absolute
- * timestamps. The time zone of the offset can be specified with the
- * option if_tzone. TODO: won't a if_tsoffset_low for fractional
- * second offsets be useful for highly syncronized capture systems? 1234
- */
/**
* Interface description data
*/
-typedef struct wtapng_if_descr_s {
+typedef struct wtapng_if_descr_mandatory_s {
int wtap_encap; /**< link_type translated to wtap_encap */
guint64 time_units_per_second;
int tsprecision; /**< WTAP_TSPREC_ value for this interface */
- /* mandatory */
guint16 link_type;
guint32 snap_len;
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *if_name; /**< NULL if not available
- * opt 2
- * A UTF-8 string containing the name of the
- * device used to capture data.
- */
- gchar *if_description; /**< NULL if not available
- * opt 3
- * A UTF-8 string containing the description
- * of the device used to capture data.
- */
-
- /* XXX: if_IPv4addr opt 4 Interface network address and netmask. */
- /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
- /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits). */
- /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits) */
-
- guint64 if_speed; /**< 0xFFFFFFFF if unknown
- * opt 8
- * Interface speed (in bps). 100000000 for 100Mbps
- */
- guint8 if_tsresol; /**< default is 6 for microsecond resolution
- * opt 9
- * Resolution of timestamps.
- * If the Most Significant Bit is equal to zero,
- * the remaining bits indicates the resolution of the
- * timestamp as as a negative power of 10
- */
-
- /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
-
- gchar *if_filter_str; /**< NULL if not available
- * opt 11 libpcap string.
- */
- guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
- gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
- gchar *if_os; /**< NULL if not available
- * 12 A UTF-8 string containing the name of the
- * operating system of the machine in which this
- * interface is installed.
- */
- gint8 if_fcslen; /**< -1 if unknown or changes between packets,
- * opt 13
- * An integer value that specified the length of
- * the Frame Check Sequence (in bits) for this interface. */
- /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
guint8 num_stat_entries;
GArray *interface_statistics; /**< An array holding the interface statistics from
* pcapng ISB:s or equivalent(?)*/
-} wtapng_if_descr_t;
+} wtapng_if_descr_mandatory_t;
+/* Interface description data - Option 11 structure */
+typedef struct wtapng_if_descr_filter_s {
+ gchar *if_filter_str; /**< NULL if not available
+ * libpcap string.
+ */
+ guint16 bpf_filter_len; /** variant II BPF filter len 0 if not used*/
+ gchar *if_filter_bpf_bytes; /** BPF filter or NULL */
+} wtapng_if_descr_filter_t;
/**
- * Interface Statistics. pcap-ng Interface Statistics Block (ISB).
+ * Holds the required data for pcap-ng Interface Statistics Block (ISB).
*/
-typedef struct wtapng_if_stats_s {
- /* mandatory */
+typedef struct wtapng_if_stats_mandatory_s {
guint32 interface_id;
guint32 ts_high;
guint32 ts_low;
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- guint64 isb_starttime;
- guint64 isb_endtime;
- guint64 isb_ifrecv;
- guint64 isb_ifdrop;
- guint64 isb_filteraccept;
- guint64 isb_osdrop;
- guint64 isb_usrdeliv;
-} wtapng_if_stats_t;
-
-
-/* Name Resolution, pcap-ng Name Resolution Block (NRB). */
-typedef struct wtapng_name_res_s {
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- /* XXX */
-} wtapng_name_res_t;
-
+} wtapng_if_stats_mandatory_t;
+
+#ifndef MAXNAMELEN
+#define MAXNAMELEN 64 /* max name length (hostname and port name) */
+#endif
+
+typedef struct hashipv4 {
+ guint addr;
+ guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
+ gchar ip[16];
+ gchar name[MAXNAMELEN];
+} hashipv4_t;
+
+typedef struct hashipv6 {
+ guint8 addr[16];
+ guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
+ gchar ip6[40];
+ gchar name[MAXNAMELEN];
+} hashipv6_t;
/** A struct with lists of resolved addresses.
* Used when writing name resoultion blocks (NRB)
* @return The existing section header, which must NOT be g_free'd.
*/
WS_DLL_PUBLIC
-const wtapng_section_t* wtap_file_get_shb(wtap *wth);
+wtap_optionblock_t wtap_file_get_shb(wtap *wth);
/**
* @brief Gets new section header block for new file, based on existing info.
- * @details Creates a new wtapng_section_t section header block and only
+ * @details Creates a new wtap_optionblock_t section header block and only
* copies appropriate members of the SHB for a new file. In
* particular, the comment string is copied, and any custom options
* which should be copied are copied. The os, hardware, and
* @return The new section header, which must be wtap_free_shb'd.
*/
WS_DLL_PUBLIC
-wtapng_section_t* wtap_file_get_shb_for_new_file(wtap *wth);
-
-/**
- * Free's a section header block and all of its members.
- */
-WS_DLL_PUBLIC
-void wtap_free_shb(wtapng_section_t *shb_hdr);
+GArray* wtap_file_get_shb_for_new_file(wtap *wth);
/**
* @brief Gets the section header comment string.
WS_DLL_PUBLIC
wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+/**
+ * @brief Free's a interface description block and all of its members.
+ *
+ * @details This free's all of the interface descriptions inside the passed-in
+ * struct, including their members (e.g., comments); and then free's the
+ * passed-in struct as well.
+ *
+ * @warning Do not use this for the struct returned by
+ * wtap_file_get_idb_info(), as that one did not create the internal
+ * interface descriptions; for that case you can simply g_free() the new
+ * struct.
+ */
+WS_DLL_PUBLIC
+void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info);
+
/**
* @brief Gets a debug string of an interface description.
* @details Returns a newly allocated string of debug information about
* @return A newly allocated gcahr array string, which must be g_free'd.
*/
WS_DLL_PUBLIC
-gchar *wtap_get_debug_if_descr(const wtapng_if_descr_t *if_descr,
+gchar *wtap_get_debug_if_descr(const wtap_optionblock_t if_descr,
const int indent,
const char* line_end);
/**
* @brief Gets new name resolution info for new file, based on existing info.
- * @details Creates a new wtapng_name_res_t name resolution info and only
+ * @details Creates a new wtap_optionblock_t of name resolution info and only
* copies appropriate members for a new file.
*
* @note Use wtap_free_nrb() to free the returned pointer.
*
* @param wth The wiretap session.
- * @return The new name resolution info, which must be wtap_free_nrb'd.
- */
-WS_DLL_PUBLIC
-wtapng_name_res_t* wtap_file_get_nrb_for_new_file(wtap *wth);
-
-/**
- * Free's the name resolution info and all of its members.
+ * @return The new name resolution info, which must be wtap_optionblock_free'd.
*/
WS_DLL_PUBLIC
-void wtap_free_nrb(wtapng_name_res_t *nrb_hdr);
+wtap_optionblock_t wtap_file_get_nrb_for_new_file(wtap *wth);
/**
* @brief Gets the name resolution comment, if any.
/**
* @brief Opens a new capture file for writing.
*
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
* @param filename The new file's name.
* @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
* @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
* @param snaplen The maximum packet capture length.
* @param compressed True if file should be compressed.
- * @param shb_hdr The section header block information, or NULL.
+ * @param shb_hdrs The section header block(s) information, or NULL.
* @param idb_inf The interface description information, or NULL.
* @param nrb_hdr The name resolution comment/custom_opts information, or NULL.
* @param[out] err Will be set to an error code on failure.
*/
WS_DLL_PUBLIC
wtap_dumper* wtap_dump_open_ng(const char *filename, int file_type_subtype, int encap,
- int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf,
- wtapng_name_res_t *nrb_hdr, int *err);
+ int snaplen, gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ wtap_optionblock_t nrb_hdr, int *err);
+
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_tempfile(char **filenamep, const char *pfx,
+ int file_type_subtype, int encap, int snaplen, gboolean compressed,
+ int *err);
+
+/**
+ * @brief Creates a dumper for a temporary file.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param filenamep Points to a pointer that's set to point to the
+ * pathname of the temporary file; it's allocated with g_malloc()
+ * @param pfx A string to be used as the prefix for the temporary file name
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdr The name resolution comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_tempfile_ng(char **filenamep, const char *pfx,
+ int file_type_subtype, int encap, int snaplen, gboolean compressed,
+ GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ wtap_optionblock_t nrb_hdr, int *err);
WS_DLL_PUBLIC
wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype, int encap, int snaplen,
/**
* @brief Creates a dumper for an existing file descriptor.
*
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param fd The file descriptor for which the dumper should be created.
* @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
* @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
* @param snaplen The maximum packet capture length.
* @param compressed True if file should be compressed.
- * @param shb_hdr The section header block information, or NULL.
+ * @param shb_hdrs The section header block(s) information, or NULL.
* @param idb_inf The interface description information, or NULL.
* @param nrb_hdr The name resolution comment/custom_opts information, or NULL.
* @param[out] err Will be set to an error code on failure.
*/
WS_DLL_PUBLIC
wtap_dumper* wtap_dump_fdopen_ng(int fd, int file_type_subtype, int encap, int snaplen,
- gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf,
- wtapng_name_res_t *nrb_hdr, int *err);
+ gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ wtap_optionblock_t nrb_hdr, int *err);
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_stdout(int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, int *err);
+
+/**
+ * @brief Creates a dumper for the standard output.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdr The name resolution comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_stdout_ng(int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ wtap_optionblock_t nrb_hdr, int *err);
WS_DLL_PUBLIC
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const guint8 *,