#include <time.h>
#include <wsutil/buffer.h>
#include <wsutil/nstime.h>
+#include "wtap_opttypes.h"
#include "ws_symbol_export.h"
#ifdef __cplusplus
#define WTAP_ENCAP_CATAPULT_DCT2000 89
#define WTAP_ENCAP_BER 90
#define WTAP_ENCAP_JUNIPER_VP 91
-#define WTAP_ENCAP_USB 92
+#define WTAP_ENCAP_USB_FREEBSD 92
#define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
#define WTAP_ENCAP_NETTL_RAW_TELNET 94
#define WTAP_ENCAP_USB_LINUX 95
#define WTAP_ENCAP_MIME 134
#define WTAP_ENCAP_NETANALYZER 135
#define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
-#define WTAP_ENCAP_IP_OVER_IB 137
+#define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
#define WTAP_ENCAP_MPEG_2_TS 138
#define WTAP_ENCAP_PPP_ETHER 139
#define WTAP_ENCAP_NFC_LLCP 140
#define WTAP_ENCAP_V5_EF 142
#define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
#define WTAP_ENCAP_IXVERIWAVE 144
-#define WTAP_ENCAP_IEEE_802_11_AIROPEEK 145
-#define WTAP_ENCAP_SDH 146
-#define WTAP_ENCAP_DBUS 147
-#define WTAP_ENCAP_AX25_KISS 148
-#define WTAP_ENCAP_AX25 149
-#define WTAP_ENCAP_SCTP 150
-#define WTAP_ENCAP_INFINIBAND 151
-#define WTAP_ENCAP_JUNIPER_SVCS 152
-#define WTAP_ENCAP_USBPCAP 153
-#define WTAP_ENCAP_RTAC_SERIAL 154
-#define WTAP_ENCAP_BLUETOOTH_LE_LL 155
-#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 156
-#define WTAP_ENCAP_STANAG_4607 157
-#define WTAP_ENCAP_STANAG_5066_D_PDU 158
-#define WTAP_ENCAP_NETLINK 159
-#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 160
-#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 161
-#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 162
-#define WTAP_ENCAP_NSTRACE_3_0 163
-#define WTAP_ENCAP_LOGCAT 164
-#define WTAP_ENCAP_LOGCAT_BRIEF 165
-#define WTAP_ENCAP_LOGCAT_PROCESS 166
-#define WTAP_ENCAP_LOGCAT_TAG 167
-#define WTAP_ENCAP_LOGCAT_THREAD 168
-#define WTAP_ENCAP_LOGCAT_TIME 169
-#define WTAP_ENCAP_LOGCAT_THREADTIME 170
-#define WTAP_ENCAP_LOGCAT_LONG 171
-#define WTAP_ENCAP_PKTAP 172
-#define WTAP_ENCAP_EPON 173
-#define WTAP_ENCAP_IPMI_TRACE 174
-#define WTAP_ENCAP_LOOP 175
-#define WTAP_ENCAP_JSON 176
-#define WTAP_ENCAP_NSTRACE_3_5 177
+#define WTAP_ENCAP_SDH 145
+#define WTAP_ENCAP_DBUS 146
+#define WTAP_ENCAP_AX25_KISS 147
+#define WTAP_ENCAP_AX25 148
+#define WTAP_ENCAP_SCTP 149
+#define WTAP_ENCAP_INFINIBAND 150
+#define WTAP_ENCAP_JUNIPER_SVCS 151
+#define WTAP_ENCAP_USBPCAP 152
+#define WTAP_ENCAP_RTAC_SERIAL 153
+#define WTAP_ENCAP_BLUETOOTH_LE_LL 154
+#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
+#define WTAP_ENCAP_STANAG_4607 156
+#define WTAP_ENCAP_STANAG_5066_D_PDU 157
+#define WTAP_ENCAP_NETLINK 158
+#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
+#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
+#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
+#define WTAP_ENCAP_NSTRACE_3_0 162
+#define WTAP_ENCAP_LOGCAT 163
+#define WTAP_ENCAP_LOGCAT_BRIEF 164
+#define WTAP_ENCAP_LOGCAT_PROCESS 165
+#define WTAP_ENCAP_LOGCAT_TAG 166
+#define WTAP_ENCAP_LOGCAT_THREAD 167
+#define WTAP_ENCAP_LOGCAT_TIME 168
+#define WTAP_ENCAP_LOGCAT_THREADTIME 169
+#define WTAP_ENCAP_LOGCAT_LONG 170
+#define WTAP_ENCAP_PKTAP 171
+#define WTAP_ENCAP_EPON 172
+#define WTAP_ENCAP_IPMI_TRACE 173
+#define WTAP_ENCAP_LOOP 174
+#define WTAP_ENCAP_JSON 175
+#define WTAP_ENCAP_NSTRACE_3_5 176
+#define WTAP_ENCAP_ISO14443 177
+#define WTAP_ENCAP_GFP_T 178
+#define WTAP_ENCAP_GFP_F 179
+#define WTAP_ENCAP_IP_OVER_IB_PCAP 180
+#define WTAP_ENCAP_JUNIPER_VN 181
/* After adding new item here, please also add new item to encap_table_base array */
#define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
#define WTAP_FILE_TYPE_SUBTYPE_JSON 77
#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 78
#define WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 79
+#define WTAP_FILE_TYPE_SUBTYPE_MPLOG 80
#define WTAP_NUM_FILE_TYPES_SUBTYPES wtap_get_num_file_types_subtypes()
#define WTAP_TSPREC_MSEC 3
#define WTAP_TSPREC_USEC 6
#define WTAP_TSPREC_NSEC 9
+/* if you add to the above, update wtap_tsprec_string() */
/*
* Maximum packet size we'll support.
* Radio information is only present in this form for
* WTAP_ENCAP_IEEE_802_11_WITH_RADIO. This is used for file formats in
* which the radio information isn't provided as a pseudo-header in the
- * packet data.
+ * packet data. It is also used by the dissectors for the pseudo-headers
+ * in the packet data to supply radio information, in a form independent
+ * of the file format and pseudo-header format, to the "802.11 radio"
+ * dissector.
*
* Signal strength, etc. information:
*
* The signal strength can be represented as a percentage, which is 100
* times the ratio of the RSSI and the maximum RSSI.
*/
-struct ieee_802_11_phdr {
- gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
- gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
- guint32 presence_flags; /* Flags indicating presence of fields */
- guint16 channel; /* Channel number */
- guint16 data_rate; /* Data rate, in .5 Mb/s units */
+
+/*
+ * PHY types.
+ */
+#define PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */
+#define PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */
+#define PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */
+#define PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */
+#define PHDR_802_11_PHY_11B 4 /* 802.11b */
+#define PHDR_802_11_PHY_11A 5 /* 802.11a */
+#define PHDR_802_11_PHY_11G 6 /* 802.11g */
+#define PHDR_802_11_PHY_11N 7 /* 802.11n */
+#define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
+#define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
+
+/*
+ * PHY-specific information.
+ */
+
+/*
+ * 802.11 legacy FHSS.
+ */
+struct ieee_802_11_fhss {
+ guint has_hop_set:1;
+ guint has_hop_pattern:1;
+ guint has_hop_index:1;
+
+ guint8 hop_set; /* Hop set */
+ guint8 hop_pattern; /* Hop pattern */
+ guint8 hop_index; /* Hop index */
+};
+
+/*
+ * 802.11b.
+ */
+struct ieee_802_11b {
+ /* Which of this information is present? */
+ guint has_short_preamble:1;
+
+ gboolean short_preamble; /* Short preamble */
+};
+
+/*
+ * 802.11a.
+ */
+struct ieee_802_11a {
+ /* Which of this information is present? */
+ guint has_channel_type:1;
+ guint has_turbo_type:1;
+
+ guint channel_type:2;
+ guint turbo_type:2;
+};
+
+/*
+ * Channel type values.
+ */
+#define PHDR_802_11A_CHANNEL_TYPE_NORMAL 0
+#define PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1
+#define PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2
+
+/*
+ * "Turbo" is an Atheros proprietary extension with 40 MHz-wide channels.
+ * It can be dynamic or static.
+ *
+ * See
+ *
+ * http://wifi-insider.com/atheros/turbo.htm
+ */
+#define PHDR_802_11A_TURBO_TYPE_NORMAL 0
+#define PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know wehther it's static or dynamic */
+#define PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2
+#define PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3
+
+/*
+ * 802.11g.
+ */
+struct ieee_802_11g {
+ /* Which of this information is present? */
+ guint has_short_preamble:1;
+ guint has_mode:1;
+
+ gboolean short_preamble; /* Short preamble */
+ guint32 mode; /* Various proprietary extensions */
+};
+
+/*
+ * Mode values.
+ */
+#define PHDR_802_11G_MODE_NORMAL 0
+#define PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */
+
+/*
+ * 802.11n.
+ */
+struct ieee_802_11n {
+ /* Which of this information is present? */
+ guint has_mcs_index:1;
+ guint has_bandwidth:1;
+ guint has_short_gi:1;
+ guint has_greenfield:1;
+ guint has_fec:1;
+ guint has_stbc_streams:1;
+ guint has_ness:1;
+
guint16 mcs_index; /* MCS index */
- guint bandwidth:2; /* Bandwidth = 20 MHz, 40 MHz, 20+20L, 20+20U */
+ guint bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
guint short_gi:1; /* True for short guard interval */
guint greenfield:1; /* True for greenfield, short for mixed */
- guint ldpc:1; /* Tue for LDPC FEC */
+ guint fec:1; /* FEC: 0 = BCC, 1 = LDPC */
guint stbc_streams:2; /* Number of STBC streams */
- guint ness:1; /* Number of extension spatial streams */
+ guint ness; /* Number of extension spatial streams */
+};
+
+/*
+ * Bandwidth values; used for both 11n and 11ac.
+ */
+#define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
+#define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
+#define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */
+#define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */
+#define PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */
+#define PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */
+#define PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */
+
+/*
+ * 802.11ac.
+ */
+struct ieee_802_11ac {
+ /* Which of this information is present? */
+ guint has_stbc:1;
+ guint has_txop_ps_not_allowed:1;
+ guint has_short_gi:1;
+ guint has_short_gi_nsym_disambig:1;
+ guint has_ldpc_extra_ofdm_symbol:1;
+ guint has_beamformed:1;
+ guint has_bandwidth:1;
+ guint has_fec:1;
+ guint has_group_id:1;
+ guint has_partial_aid:1;
+
+ guint stbc:1; /* 1 if all spatial streams have STBC */
+ guint txop_ps_not_allowed:1;
+ guint short_gi:1; /* True for short guard interval */
+ guint short_gi_nsym_disambig:1;
+ guint ldpc_extra_ofdm_symbol:1;
+ guint beamformed:1;
+ guint8 bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
+ guint8 mcs[4]; /* MCS index per user */
+ guint8 nss[4]; /* NSS per user */
+ guint8 fec; /* Bit array of FEC per user: 0 = BCC, 1 = LDPC */
+ guint8 group_id;
+ guint16 partial_aid;
+};
+
+/*
+ * 802.11ad.
+ */
+
+/*
+ * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
+ */
+
+#define PHDR_802_11AD_MIN_FREQUENCY 57000
+#define PHDR_802_11AD_MAX_FREQUENCY 66000
+
+#define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
+ ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
+
+struct ieee_802_11ad {
+ /* Which of this information is present? */
+ guint has_mcs_index:1;
+
+ guint8 mcs; /* MCS index */
+};
+
+struct ieee_802_11_phdr {
+ gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
+ gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
+ gboolean datapad; /* TRUE if frame has padding between 802.11 header and payload */
+ guint phy; /* PHY type */
+ union {
+ struct ieee_802_11_fhss info_11_fhss;
+ struct ieee_802_11b info_11b;
+ struct ieee_802_11a info_11a;
+ struct ieee_802_11g info_11g;
+ struct ieee_802_11n info_11n;
+ struct ieee_802_11ac info_11ac;
+ struct ieee_802_11ad info_11ad;
+ } phy_info;
+
+ /* Which of this information is present? */
+ guint has_channel:1;
+ guint has_frequency:1;
+ guint has_data_rate:1;
+ guint has_signal_percent:1;
+ guint has_noise_percent:1;
+ guint has_signal_dbm:1;
+ guint has_noise_dbm:1;
+ guint has_tsf_timestamp:1;
+ guint has_aggregate_info:1; /* aggregate flags and ID */
+
+ guint16 channel; /* Channel number */
guint32 frequency; /* Channel center frequency */
+ guint16 data_rate; /* Data rate, in .5 Mb/s units */
guint8 signal_percent; /* Signal level, as a percentage */
guint8 noise_percent; /* Noise level, as a percentage */
gint8 signal_dbm; /* Signal level, in dBm */
gint8 noise_dbm; /* Noise level, in dBm */
guint64 tsf_timestamp;
+ guint32 aggregate_flags; /* A-MPDU flags */
+ guint32 aggregate_id; /* ID for A-MPDU reassembly */
};
-#define PHDR_802_11_HAS_CHANNEL 0x00000001 /* channel */
-#define PHDR_802_11_HAS_DATA_RATE 0x00000002 /* data_rate */
-#define PHDR_802_11_HAS_MCS_INDEX 0x00000004 /* mcs */
-#define PHDR_802_11_HAS_BANDWIDTH 0x00000008 /* bandwidth */
-#define PHDR_802_11_HAS_SHORT_GI 0x00000010 /* short_gi */
-#define PHDR_802_11_HAS_GREENFIELD 0x00000020 /* greenfield */
-#define PHDR_802_11_HAS_LDPC 0x00000040 /* ldpc */
-#define PHDR_802_11_HAS_STBC_STREAMS 0x00000080 /* stbc_streams */
-#define PHDR_802_11_HAS_NESS 0x00000100 /* ness */
-#define PHDR_802_11_HAS_FREQUENCY 0x00000200 /* frequency */
-#define PHDR_802_11_HAS_SIGNAL_PERCENT 0x00000400 /* signal_percent */
-#define PHDR_802_11_HAS_NOISE_PERCENT 0x00000800 /* noise_percent */
-#define PHDR_802_11_HAS_SIGNAL_DBM 0x00001000 /* signal_dbm */
-#define PHDR_802_11_HAS_NOISE_DBM 0x00002000 /* noise_dbm */
-#define PHDR_802_11_HAS_TSF_TIMESTAMP 0x00004000 /* tsf_timestamp */
-
-#define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
-#define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
-#define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L */
-#define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U */
+/*
+ * A-MPDU flags.
+ */
+#define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
+#define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
/* Packet "pseudo-header" for the output from CoSine L2 debug output. */
#define MAX_ERF_EHDR 8
+struct wtap_erf_eth_hdr {
+ guint8 offset;
+ guint8 pad;
+};
+
struct erf_mc_phdr {
struct erf_phdr phdr;
struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
union
{
- guint16 eth_hdr;
+ struct wtap_erf_eth_hdr eth_hdr;
guint32 mc_hdr;
+ guint32 aal2_hdr;
} subhdr;
};
gint version;
};
+/* Packet "pseudo-header" information for Sysdig events. */
+
+struct sysdig_event_phdr {
+ guint record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
+ int byte_order;
+ guint16 cpu_id;
+ /* guint32 sentinel; */
+ guint64 timestamp; /* ns since epoch */
+ guint64 thread_id;
+ guint32 event_len; /* XXX dup of wtap_pkthdr.len */
+ guint16 event_type;
+ /* ... Event ... */
+};
+
/* Pseudo-header for file-type-specific records */
struct ft_specific_record_phdr {
guint record_type; /* the type of record this is */
struct nokia_phdr nokia;
struct llcp_phdr llcp;
struct logcat_phdr logcat;
+ struct sysdig_event_phdr sysdig_event;
struct ft_specific_record_phdr ftsrec;
};
#define REC_TYPE_PACKET 0 /**< packet */
#define REC_TYPE_FT_SPECIFIC_EVENT 1 /**< file-type-specific event */
#define REC_TYPE_FT_SPECIFIC_REPORT 2 /**< file-type-specific report */
+#define REC_TYPE_SYSCALL 3 /**< system call */
struct wtap_pkthdr {
guint rec_type; /* what type of record is this? */
#define WTAP_HAS_PACK_FLAGS 0x00000020 /**< packet flags */
/**
- * Holds the option strings from pcapng:s Section Header block(SHB).
+ * Holds the required data from pcapng:s Section Header block(SHB).
*/
-typedef struct wtapng_section_s {
- /* mandatory */
+typedef struct wtapng_section_mandatory_s {
guint64 section_length; /**< 64-bit value specifying the length in bytes of the
* following section.
* Section Length equal -1 (0xFFFFFFFFFFFFFFFF) means
* that the size of the section is not specified
+ * Note: if writing to a new file, this length will
+ * be invalid if anything changes, such as the other
+ * members of this struct, or the packets written.
*/
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *shb_hardware; /**< NULL if not available
- * UTF-8 string containing the description of the
- * hardware used to create this section.
- */
- gchar *shb_os; /**< NULL if not available, UTF-8 string containing the
- * name of the operating system used to create this section.
- */
- gchar *shb_user_appl; /**< NULL if not available, UTF-8 string containing the
- * name of the application used to create this section.
- */
-} wtapng_section_t;
-
+} wtapng_mandatory_section_t;
/** struct holding the information to build IDB:s
- * the interface_data array holds an array of wtapng_if_descr_t
- * one per interface.
+ * the interface_data array holds an array of wtap_block_t
+ * represending IDB of one per interface.
*/
typedef struct wtapng_iface_descriptions_s {
GArray *interface_data;
} wtapng_iface_descriptions_t;
-/* Interface Description
- *
- * Options:
- *
- * if_name 2 A UTF-8 string containing the name of the device used to capture data.
- * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
- *
- * if_description 3 A UTF-8 string containing the description of the device used
- * to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
- *
- * if_IPv4addr 4 Interface network address and netmask. This option can be
- * repeated multiple times within the same Interface Description Block
- * when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
- *
- * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte).
- * This option can be repeated multiple times within the same Interface
- * Description Block when multiple IPv6 addresses are assigned to the interface.
- * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
- * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
- *
- * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
- *
- * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
- *
- * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
- *
- * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero,
- * the remaining bits indicates the resolution of the timestamp as as a
- * negative power of 10 (e.g. 6 means microsecond resolution, timestamps
- * are the number of microseconds since 1/1/1970). If the Most Significant Bit
- * is equal to one, the remaining bits indicates the resolution has a
- * negative power of 2 (e.g. 10 means 1/1024 of second).
- * If this option is not present, a resolution of 10^-6 is assumed
- * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
- *
- * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
- *
- * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
- * The first byte of the Option Data keeps a code of the filter used
- * (e.g. if this is a libpcap string, or BPF bytecode, and more).
- * More details about this format will be presented in Appendix XXX (TODO).
- * (TODO: better use different options for different fields?
- * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
- *
- * if_os 12 A UTF-8 string containing the name of the operating system of the
- * machine in which this interface is installed.
- * This can be different from the same information that can be
- * contained by the Section Header Block
- * (Section 3.1 (Section Header Block (mandatory))) because
- * the capture can have been done on a remote machine.
- * "Windows XP SP2" / "openSUSE 10.2" / ...
- *
- * if_fcslen 13 An integer value that specified the length of the
- * Frame Check Sequence (in bits) for this interface.
- * For link layers whose FCS length can change during time,
- * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
- *
- * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds)
- * that must be added to the timestamp of each packet to obtain
- * the absolute timestamp of a packet. If the option is missing,
- * the timestamps stored in the packet must be considered absolute
- * timestamps. The time zone of the offset can be specified with the
- * option if_tzone. TODO: won't a if_tsoffset_low for fractional
- * second offsets be useful for highly syncronized capture systems? 1234
- */
/**
* Interface description data
*/
-typedef struct wtapng_if_descr_s {
+typedef struct wtapng_if_descr_mandatory_s {
int wtap_encap; /**< link_type translated to wtap_encap */
guint64 time_units_per_second;
int tsprecision; /**< WTAP_TSPREC_ value for this interface */
- /* mandatory */
guint16 link_type;
guint32 snap_len;
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *if_name; /**< NULL if not available
- * opt 2
- * A UTF-8 string containing the name of the
- * device used to capture data.
- */
- gchar *if_description; /**< NULL if not available
- * opt 3
- * A UTF-8 string containing the description
- * of the device used to capture data.
- */
-
- /* XXX: if_IPv4addr opt 4 Interface network address and netmask. */
- /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
- /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits). */
- /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits) */
-
- guint64 if_speed; /**< 0xFFFFFFFF if unknown
- * opt 8
- * Interface speed (in bps). 100000000 for 100Mbps
- */
- guint8 if_tsresol; /**< default is 6 for microsecond resolution
- * opt 9
- * Resolution of timestamps.
- * If the Most Significant Bit is equal to zero,
- * the remaining bits indicates the resolution of the
- * timestamp as as a negative power of 10
- */
-
- /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
-
- gchar *if_filter_str; /**< NULL if not available
- * opt 11 libpcap string.
- */
- guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
- gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
- gchar *if_os; /**< NULL if not available
- * 12 A UTF-8 string containing the name of the
- * operating system of the machine in which this
- * interface is installed.
- */
- gint8 if_fcslen; /**< -1 if unknown or changes between packets,
- * opt 13
- * An integer value that specified the length of
- * the Frame Check Sequence (in bits) for this interface. */
- /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
guint8 num_stat_entries;
GArray *interface_statistics; /**< An array holding the interface statistics from
* pcapng ISB:s or equivalent(?)*/
-} wtapng_if_descr_t;
+} wtapng_if_descr_mandatory_t;
+/* Interface description data - Option 11 structure */
+typedef struct wtapng_if_descr_filter_s {
+ gchar *if_filter_str; /**< NULL if not available
+ * libpcap string.
+ */
+ guint16 bpf_filter_len; /** variant II BPF filter len 0 if not used*/
+ guint8 *if_filter_bpf_bytes; /** BPF filter or NULL */
+} wtapng_if_descr_filter_t;
/**
- * Interface Statistics. pcap-ng Interface Statistics Block (ISB).
+ * Holds the required data for pcap-ng Interface Statistics Block (ISB).
*/
-typedef struct wtapng_if_stats_s {
- /* mandatory */
+typedef struct wtapng_if_stats_mandatory_s {
guint32 interface_id;
guint32 ts_high;
guint32 ts_low;
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- guint64 isb_starttime;
- guint64 isb_endtime;
- guint64 isb_ifrecv;
- guint64 isb_ifdrop;
- guint64 isb_filteraccept;
- guint64 isb_osdrop;
- guint64 isb_usrdeliv;
-} wtapng_if_stats_t;
-
+} wtapng_if_stats_mandatory_t;
+
+#ifndef MAXNAMELEN
+#define MAXNAMELEN 64 /* max name length (hostname and port name) */
+#endif
+
+typedef struct hashipv4 {
+ guint addr;
+ guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
+ gchar ip[16];
+ gchar name[MAXNAMELEN];
+} hashipv4_t;
+
+typedef struct hashipv6 {
+ guint8 addr[16];
+ guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
+ gchar ip6[46];
+ gchar name[MAXNAMELEN];
+} hashipv6_t;
/** A struct with lists of resolved addresses.
* Used when writing name resoultion blocks (NRB)
} wtap_wslua_file_info_t;
/*
- * For registering extensions used for capture file formats.
+ * For registering extensions used for file formats.
*
* These items are used in dialogs for opening files, so that
* the user can ask to see all capture files (as identified
* by file extension) or particular types of capture files.
*
- * Each file type has a description and a list of extensions the file
- * might have. Some file types aren't real file types, they're
- * just generic types, such as "text file" or "XML file", that can
- * be used for, among other things, captures we can read, or for
- * extensions such as ".cap" that were unimaginatively chosen by
- * several different sniffers for their file formats.
+ * Each file type has a description, a flag indicating whether it's
+ * a capture file or just some file whose contents we can dissect,
+ * and a list of extensions the file might have.
+ *
+ * Some file types aren't real file types, they're just generic types,
+ * such as "text file" or "XML file", that can be used for, among other
+ * things, captures we can read, or for extensions such as ".cap" that
+ * were unimaginatively chosen by several different sniffers for their
+ * file formats.
*/
struct file_extension_info {
/* the file type name */
const char *name;
+ /* TRUE if this is a capture file type */
+ gboolean is_capture_file;
+
/* a semicolon-separated list of file extensions used for this type */
const char *extensions;
};
int wtap_file_encap(wtap *wth);
WS_DLL_PUBLIC
int wtap_file_tsprec(wtap *wth);
+
+/**
+ * @brief Gets existing section header block, not for new file.
+ * @details Returns the pointer to the existing SHB, without creating a
+ * new one. This should only be used for accessing info, not
+ * for creating a new file based on existing SHB info. Use
+ * wtap_file_get_shb_for_new_file() for that.
+ *
+ * @param wth The wiretap session.
+ * @return The existing section header, which must NOT be g_free'd.
+ *
+ * XXX - need to be updated to handle multiple SHBs.
+ */
WS_DLL_PUBLIC
-wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
+wtap_block_t wtap_file_get_shb(wtap *wth);
+
+/**
+ * @brief Gets new section header block for new file, based on existing info.
+ * @details Creates a new wtap_block_t section header block and only
+ * copies appropriate members of the SHB for a new file. In
+ * particular, the comment string is copied, and any custom options
+ * which should be copied are copied. The os, hardware, and
+ * application strings are *not* copied.
+ *
+ * @note Use wtap_free_shb() to free the returned section header.
+ *
+ * @param wth The wiretap session.
+ * @return The new section header, which must be wtap_free_shb'd.
+ */
WS_DLL_PUBLIC
-wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+GArray* wtap_file_get_shb_for_new_file(wtap *wth);
+
+/**
+ * @brief Sets or replaces the section header comment.
+ * @details The passed-in comment string is set to be the comment
+ * for the section header block. The passed-in string's
+ * ownership will be owned by the block, so it should be
+ * duplicated before passing into this function.
+ *
+ * @param wth The wiretap session.
+ * @param comment The comment string.
+ */
WS_DLL_PUBLIC
void wtap_write_shb_comment(wtap *wth, gchar *comment);
+/**
+ * @brief Gets existing interface descriptions.
+ * @details Returns a new struct containing a pointer to the existing
+ * description, without creating new descriptions internally.
+ * @note The returned pointer must be g_free'd, but its internal
+ * interface_data must not.
+ *
+ * @param wth The wiretap session.
+ * @return A new struct of the existing section descriptions, which must be g_free'd.
+ */
+WS_DLL_PUBLIC
+wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+
+/**
+ * @brief Free's a interface description block and all of its members.
+ *
+ * @details This free's all of the interface descriptions inside the passed-in
+ * struct, including their members (e.g., comments); and then free's the
+ * passed-in struct as well.
+ *
+ * @warning Do not use this for the struct returned by
+ * wtap_file_get_idb_info(), as that one did not create the internal
+ * interface descriptions; for that case you can simply g_free() the new
+ * struct.
+ */
+WS_DLL_PUBLIC
+void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info);
+
+/**
+ * @brief Gets a debug string of an interface description.
+ * @details Returns a newly allocated string of debug information about
+ * the given interface descrption, useful for debugging.
+ * @note The returned pointer must be g_free'd.
+ *
+ * @param if_descr The interface description.
+ * @param indent Number of spaces to indent each line by.
+ * @param line_end A string to append to each line (e.g., "\n" or ", ").
+ * @return A newly allocated gcahr array string, which must be g_free'd.
+ */
+WS_DLL_PUBLIC
+gchar *wtap_get_debug_if_descr(const wtap_block_t if_descr,
+ const int indent,
+ const char* line_end);
+
+/**
+ * @brief Gets existing name resolution block, not for new file.
+ * @details Returns the pointer to the existing NRB, without creating a
+ * new one. This should only be used for accessing info, not
+ * for creating a new file based on existing NRB info. Use
+ * wtap_file_get_nrb_for_new_file() for that.
+ *
+ * @param wth The wiretap session.
+ * @return The existing section header, which must NOT be g_free'd.
+ *
+ * XXX - need to be updated to handle multiple NRBs.
+ */
+WS_DLL_PUBLIC
+wtap_block_t wtap_file_get_nrb(wtap *wth);
+
+/**
+ * @brief Gets new name resolution info for new file, based on existing info.
+ * @details Creates a new wtap_block_t of name resolution info and only
+ * copies appropriate members for a new file.
+ *
+ * @note Use wtap_free_nrb() to free the returned pointer.
+ *
+ * @param wth The wiretap session.
+ * @return The new name resolution info, which must be freed.
+ */
+WS_DLL_PUBLIC
+GArray* wtap_file_get_nrb_for_new_file(wtap *wth);
+
/*** close the file descriptors for the current file ***/
WS_DLL_PUBLIC
void wtap_fdclose(wtap *wth);
WS_DLL_PUBLIC
gboolean wtap_fdreopen(wtap *wth, const char *filename, int *err);
-/*** close the current file ***/
+/** Close only the sequential side, freeing up memory it uses. */
WS_DLL_PUBLIC
void wtap_sequential_close(wtap *wth);
+
+/** Closes any open file handles and frees the memory associated with wth. */
WS_DLL_PUBLIC
void wtap_close(wtap *wth);
gboolean wtap_dump_supports_comment_types(int filetype, guint32 comment_types);
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
+wtap_dumper* wtap_dump_open(const char *filename, int file_type_subtype, int encap,
int snaplen, gboolean compressed, int *err);
+/**
+ * @brief Opens a new capture file for writing.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param filename The new file's name.
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_ng(const char *filename, int file_type_subtype, int encap,
+ int snaplen, gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
+
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
- int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
+wtap_dumper* wtap_dump_open_tempfile(char **filenamep, const char *pfx,
+ int file_type_subtype, int encap, int snaplen, gboolean compressed,
+ int *err);
+
+/**
+ * @brief Creates a dumper for a temporary file.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param filenamep Points to a pointer that's set to point to the
+ * pathname of the temporary file; it's allocated with g_malloc()
+ * @param pfx A string to be used as the prefix for the temporary file name
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_tempfile_ng(char **filenamep, const char *pfx,
+ int file_type_subtype, int encap, int snaplen, gboolean compressed,
+ GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
+wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype, int encap, int snaplen,
gboolean compressed, int *err);
+/**
+ * @brief Creates a dumper for an existing file descriptor.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param fd The file descriptor for which the dumper should be created.
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_fdopen_ng(int fd, int filetype, int encap, int snaplen,
- gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
+wtap_dumper* wtap_dump_fdopen_ng(int fd, int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_stdout(int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, int *err);
+
+/**
+ * @brief Creates a dumper for the standard output.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_stdout_ng(int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
WS_DLL_PUBLIC
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const guint8 *,
struct addrinfo;
WS_DLL_PUBLIC
gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
+
+/**
+ * Closes open file handles and frees memory associated with wdh. Note that
+ * shb_hdr, idb_inf and nrb_hdr are not freed by this routine.
+ */
WS_DLL_PUBLIC
-gboolean wtap_dump_close(wtap_dumper *, int *);
+gboolean wtap_dump_close(wtap_dumper *wdh, int *err);
/**
* Return TRUE if we can write a file out with the given GArray of file
/*** various file extension functions ***/
WS_DLL_PUBLIC
-GSList *wtap_get_all_file_extensions_list(void);
+GSList *wtap_get_all_capture_file_extensions_list(void);
WS_DLL_PUBLIC
const char *wtap_default_file_extension(int filetype);
WS_DLL_PUBLIC
WS_DLL_PUBLIC
int wtap_short_string_to_encap(const char *short_name);
+WS_DLL_PUBLIC
+const char* wtap_tsprec_string(int tsprec);
+
WS_DLL_PUBLIC
const char *wtap_strerror(int err);