#ifndef __WTAP_H__
#define __WTAP_H__
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
#include <glib.h>
#include <time.h>
-#include <wiretap/buffer.h>
+#include <wsutil/buffer.h>
#include <wsutil/nstime.h>
+#include "wtap_opttypes.h"
#include "ws_symbol_export.h"
#ifdef __cplusplus
#define WTAP_ENCAP_CATAPULT_DCT2000 89
#define WTAP_ENCAP_BER 90
#define WTAP_ENCAP_JUNIPER_VP 91
-#define WTAP_ENCAP_USB 92
+#define WTAP_ENCAP_USB_FREEBSD 92
#define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
#define WTAP_ENCAP_NETTL_RAW_TELNET 94
#define WTAP_ENCAP_USB_LINUX 95
#define WTAP_ENCAP_MIME 134
#define WTAP_ENCAP_NETANALYZER 135
#define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
-#define WTAP_ENCAP_IP_OVER_IB 137
+#define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
#define WTAP_ENCAP_MPEG_2_TS 138
#define WTAP_ENCAP_PPP_ETHER 139
#define WTAP_ENCAP_NFC_LLCP 140
#define WTAP_ENCAP_V5_EF 142
#define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
#define WTAP_ENCAP_IXVERIWAVE 144
-#define WTAP_ENCAP_IEEE_802_11_AIROPEEK 145
-#define WTAP_ENCAP_SDH 146
-#define WTAP_ENCAP_DBUS 147
-#define WTAP_ENCAP_AX25_KISS 148
-#define WTAP_ENCAP_AX25 149
-#define WTAP_ENCAP_SCTP 150
-#define WTAP_ENCAP_INFINIBAND 151
-#define WTAP_ENCAP_JUNIPER_SVCS 152
-#define WTAP_ENCAP_USBPCAP 153
-#define WTAP_ENCAP_RTAC_SERIAL 154
-#define WTAP_ENCAP_BLUETOOTH_LE_LL 155
-#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 156
-#define WTAP_ENCAP_STANAG_4607 157
-#define WTAP_ENCAP_STANAG_5066_D_PDU 158
-#define WTAP_ENCAP_NETLINK 159
-#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 160
-#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 161
-#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 162
-#define WTAP_ENCAP_NSTRACE_3_0 163
-#define WTAP_ENCAP_LOGCAT 164
-#define WTAP_ENCAP_LOGCAT_BRIEF 165
-#define WTAP_ENCAP_LOGCAT_PROCESS 166
-#define WTAP_ENCAP_LOGCAT_TAG 167
-#define WTAP_ENCAP_LOGCAT_THREAD 168
-#define WTAP_ENCAP_LOGCAT_TIME 169
-#define WTAP_ENCAP_LOGCAT_THREADTIME 170
-#define WTAP_ENCAP_LOGCAT_LONG 171
-#define WTAP_ENCAP_PKTAP 172
-#define WTAP_ENCAP_EPON 173
+#define WTAP_ENCAP_SDH 145
+#define WTAP_ENCAP_DBUS 146
+#define WTAP_ENCAP_AX25_KISS 147
+#define WTAP_ENCAP_AX25 148
+#define WTAP_ENCAP_SCTP 149
+#define WTAP_ENCAP_INFINIBAND 150
+#define WTAP_ENCAP_JUNIPER_SVCS 151
+#define WTAP_ENCAP_USBPCAP 152
+#define WTAP_ENCAP_RTAC_SERIAL 153
+#define WTAP_ENCAP_BLUETOOTH_LE_LL 154
+#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
+#define WTAP_ENCAP_STANAG_4607 156
+#define WTAP_ENCAP_STANAG_5066_D_PDU 157
+#define WTAP_ENCAP_NETLINK 158
+#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
+#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
+#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
+#define WTAP_ENCAP_NSTRACE_3_0 162
+#define WTAP_ENCAP_LOGCAT 163
+#define WTAP_ENCAP_LOGCAT_BRIEF 164
+#define WTAP_ENCAP_LOGCAT_PROCESS 165
+#define WTAP_ENCAP_LOGCAT_TAG 166
+#define WTAP_ENCAP_LOGCAT_THREAD 167
+#define WTAP_ENCAP_LOGCAT_TIME 168
+#define WTAP_ENCAP_LOGCAT_THREADTIME 169
+#define WTAP_ENCAP_LOGCAT_LONG 170
+#define WTAP_ENCAP_PKTAP 171
+#define WTAP_ENCAP_EPON 172
+#define WTAP_ENCAP_IPMI_TRACE 173
+#define WTAP_ENCAP_LOOP 174
+#define WTAP_ENCAP_JSON 175
+#define WTAP_ENCAP_NSTRACE_3_5 176
+#define WTAP_ENCAP_ISO14443 177
+#define WTAP_ENCAP_GFP_T 178
+#define WTAP_ENCAP_GFP_F 179
+#define WTAP_ENCAP_IP_OVER_IB_PCAP 180
+#define WTAP_ENCAP_JUNIPER_VN 181
/* After adding new item here, please also add new item to encap_table_base array */
#define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME 72
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME 73
#define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG 74
+#define WTAP_FILE_TYPE_SUBTYPE_COLASOFT_CAPSA 75
+#define WTAP_FILE_TYPE_SUBTYPE_COLASOFT_PACKET_BUILDER 76
+#define WTAP_FILE_TYPE_SUBTYPE_JSON 77
+#define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 78
+#define WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 79
+#define WTAP_FILE_TYPE_SUBTYPE_MPLOG 80
#define WTAP_NUM_FILE_TYPES_SUBTYPES wtap_get_num_file_types_subtypes()
/* timestamp precision (currently only these values are supported) */
-#define WTAP_FILE_TSPREC_SEC 0
-#define WTAP_FILE_TSPREC_DSEC 1
-#define WTAP_FILE_TSPREC_CSEC 2
-#define WTAP_FILE_TSPREC_MSEC 3
-#define WTAP_FILE_TSPREC_USEC 6
-#define WTAP_FILE_TSPREC_NSEC 9
+#define WTAP_TSPREC_UNKNOWN -2
+#define WTAP_TSPREC_PER_PACKET -1 /* as a per-file value, means per-packet */
+#define WTAP_TSPREC_SEC 0
+#define WTAP_TSPREC_DSEC 1
+#define WTAP_TSPREC_CSEC 2
+#define WTAP_TSPREC_MSEC 3
+#define WTAP_TSPREC_USEC 6
+#define WTAP_TSPREC_NSEC 9
+/* if you add to the above, update wtap_tsprec_string() */
/*
* Maximum packet size we'll support.
- * 65535 is the largest snapshot length that libpcap supports, so we
+ * 262144 is the largest snapshot length that libpcap supports, so we
* use that.
*/
-#define WTAP_MAX_PACKET_SIZE 65535
+#define WTAP_MAX_PACKET_SIZE 262144
/*
* "Pseudo-headers" are used to supply to the clients of wiretap
*/
-struct nstr_phdr {
- gint64 rec_offset;
- gint32 rec_len;
- guint8 nicno_offset;
- guint8 nicno_len;
- guint8 dir_offset;
- guint8 dir_len;
- guint8 eth_offset;
- guint8 pcb_offset;
- guint8 l_pcb_offset;
- guint8 rec_type;
- guint8 vlantag_offset;
- guint8 coreid_offset;
- guint8 srcnodeid_offset;
- guint8 destnodeid_offset;
- guint8 clflags_offset;
- guint8 src_vmname_len_offset;
- guint8 dst_vmname_len_offset;
- guint8 ns_activity_offset;
- guint8 data_offset;
-};
-
/* Packet "pseudo-header" information for Ethernet capture files. */
struct eth_phdr {
gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
guint32 aal5t_chksum; /* checksum for AAL5 packet */
};
-/* Packet "pseudo-header" for Nokia output */
-struct nokia_phdr {
- struct eth_phdr eth;
- guint8 stuff[4]; /* mysterious stuff */
-};
-
/* Packet "pseudo-header" for the output from "wandsession", "wannext",
"wandisplay", and similar commands on Lucent/Ascend access equipment. */
/*
* Packet "pseudo-header" information for 802.11.
- * Radio information is only present for WTAP_ENCAP_IEEE_802_11_WITH_RADIO.
+ * Radio information is only present in this form for
+ * WTAP_ENCAP_IEEE_802_11_WITH_RADIO. This is used for file formats in
+ * which the radio information isn't provided as a pseudo-header in the
+ * packet data. It is also used by the dissectors for the pseudo-headers
+ * in the packet data to supply radio information, in a form independent
+ * of the file format and pseudo-header format, to the "802.11 radio"
+ * dissector.
*
* Signal strength, etc. information:
*
* The signal strength can be represented as a percentage, which is 100
* times the ratio of the RSSI and the maximum RSSI.
*/
+
+/*
+ * PHY types.
+ */
+#define PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */
+#define PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */
+#define PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */
+#define PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */
+#define PHDR_802_11_PHY_11B 4 /* 802.11b */
+#define PHDR_802_11_PHY_11A 5 /* 802.11a */
+#define PHDR_802_11_PHY_11G 6 /* 802.11g */
+#define PHDR_802_11_PHY_11N 7 /* 802.11n */
+#define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
+#define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
+
+/*
+ * PHY-specific information.
+ */
+
+/*
+ * 802.11 legacy FHSS.
+ */
+struct ieee_802_11_fhss {
+ guint has_hop_set:1;
+ guint has_hop_pattern:1;
+ guint has_hop_index:1;
+
+ guint8 hop_set; /* Hop set */
+ guint8 hop_pattern; /* Hop pattern */
+ guint8 hop_index; /* Hop index */
+};
+
+/*
+ * 802.11b.
+ */
+struct ieee_802_11b {
+ /* Which of this information is present? */
+ guint has_short_preamble:1;
+
+ gboolean short_preamble; /* Short preamble */
+};
+
+/*
+ * 802.11a.
+ */
+struct ieee_802_11a {
+ /* Which of this information is present? */
+ guint has_channel_type:1;
+ guint has_turbo_type:1;
+
+ guint channel_type:2;
+ guint turbo_type:2;
+};
+
+/*
+ * Channel type values.
+ */
+#define PHDR_802_11A_CHANNEL_TYPE_NORMAL 0
+#define PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1
+#define PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2
+
+/*
+ * "Turbo" is an Atheros proprietary extension with 40 MHz-wide channels.
+ * It can be dynamic or static.
+ *
+ * See
+ *
+ * http://wifi-insider.com/atheros/turbo.htm
+ */
+#define PHDR_802_11A_TURBO_TYPE_NORMAL 0
+#define PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know wehther it's static or dynamic */
+#define PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2
+#define PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3
+
+/*
+ * 802.11g.
+ */
+struct ieee_802_11g {
+ /* Which of this information is present? */
+ guint has_short_preamble:1;
+ guint has_mode:1;
+
+ gboolean short_preamble; /* Short preamble */
+ guint32 mode; /* Various proprietary extensions */
+};
+
+/*
+ * Mode values.
+ */
+#define PHDR_802_11G_MODE_NORMAL 0
+#define PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */
+
+/*
+ * 802.11n.
+ */
+struct ieee_802_11n {
+ /* Which of this information is present? */
+ guint has_mcs_index:1;
+ guint has_bandwidth:1;
+ guint has_short_gi:1;
+ guint has_greenfield:1;
+ guint has_fec:1;
+ guint has_stbc_streams:1;
+ guint has_ness:1;
+
+ guint16 mcs_index; /* MCS index */
+ guint bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
+ guint short_gi:1; /* True for short guard interval */
+ guint greenfield:1; /* True for greenfield, short for mixed */
+ guint fec:1; /* FEC: 0 = BCC, 1 = LDPC */
+ guint stbc_streams:2; /* Number of STBC streams */
+ guint ness; /* Number of extension spatial streams */
+};
+
+/*
+ * Bandwidth values; used for both 11n and 11ac.
+ */
+#define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
+#define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
+#define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */
+#define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */
+#define PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */
+#define PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */
+#define PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */
+#define PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */
+#define PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */
+
+/*
+ * 802.11ac.
+ */
+struct ieee_802_11ac {
+ /* Which of this information is present? */
+ guint has_stbc:1;
+ guint has_txop_ps_not_allowed:1;
+ guint has_short_gi:1;
+ guint has_short_gi_nsym_disambig:1;
+ guint has_ldpc_extra_ofdm_symbol:1;
+ guint has_beamformed:1;
+ guint has_bandwidth:1;
+ guint has_fec:1;
+ guint has_group_id:1;
+ guint has_partial_aid:1;
+
+ guint stbc:1; /* 1 if all spatial streams have STBC */
+ guint txop_ps_not_allowed:1;
+ guint short_gi:1; /* True for short guard interval */
+ guint short_gi_nsym_disambig:1;
+ guint ldpc_extra_ofdm_symbol:1;
+ guint beamformed:1;
+ guint8 bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
+ guint8 mcs[4]; /* MCS index per user */
+ guint8 nss[4]; /* NSS per user */
+ guint8 fec; /* Bit array of FEC per user: 0 = BCC, 1 = LDPC */
+ guint8 group_id;
+ guint16 partial_aid;
+};
+
+/*
+ * 802.11ad.
+ */
+
+/*
+ * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
+ */
+
+#define PHDR_802_11AD_MIN_FREQUENCY 57000
+#define PHDR_802_11AD_MAX_FREQUENCY 66000
+
+#define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
+ ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
+
+struct ieee_802_11ad {
+ /* Which of this information is present? */
+ guint has_mcs_index:1;
+
+ guint8 mcs; /* MCS index */
+};
+
struct ieee_802_11_phdr {
- gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
- gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
- guint8 channel; /* Channel number */
- guint16 data_rate; /* in .5 Mb/s units */
- guint8 signal_level; /* percentage */
+ gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
+ gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
+ gboolean datapad; /* TRUE if frame has padding between 802.11 header and payload */
+ guint phy; /* PHY type */
+ union {
+ struct ieee_802_11_fhss info_11_fhss;
+ struct ieee_802_11b info_11b;
+ struct ieee_802_11a info_11a;
+ struct ieee_802_11g info_11g;
+ struct ieee_802_11n info_11n;
+ struct ieee_802_11ac info_11ac;
+ struct ieee_802_11ad info_11ad;
+ } phy_info;
+
+ /* Which of this information is present? */
+ guint has_channel:1;
+ guint has_frequency:1;
+ guint has_data_rate:1;
+ guint has_signal_percent:1;
+ guint has_noise_percent:1;
+ guint has_signal_dbm:1;
+ guint has_noise_dbm:1;
+ guint has_tsf_timestamp:1;
+ guint has_aggregate_info:1; /* aggregate flags and ID */
+
+ guint16 channel; /* Channel number */
+ guint32 frequency; /* Channel center frequency */
+ guint16 data_rate; /* Data rate, in .5 Mb/s units */
+ guint8 signal_percent; /* Signal level, as a percentage */
+ guint8 noise_percent; /* Noise level, as a percentage */
+ gint8 signal_dbm; /* Signal level, in dBm */
+ gint8 noise_dbm; /* Noise level, in dBm */
+ guint64 tsf_timestamp;
+ guint32 aggregate_flags; /* A-MPDU flags */
+ guint32 aggregate_id; /* ID for A-MPDU reassembly */
};
+/*
+ * A-MPDU flags.
+ */
+#define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
+#define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
+
/* Packet "pseudo-header" for the output from CoSine L2 debug output. */
#define COSINE_MAX_IF_NAME_LEN 128
struct wtap *wth;
};
-#define LIBPCAP_BT_PHDR_SENT 0
-#define LIBPCAP_BT_PHDR_RECV 1
-
-/*
- * Header prepended by libpcap to each bluetooth hci h4 frame.
- * Values in network byte order
- */
-struct libpcap_bt_phdr {
- guint32 direction; /* Bit 0 hold the frame direction. */
-};
-
-/*
- * Header prepended by libpcap to each bluetooth monitor frame
- * Values in network byte order
- */
-struct libpcap_bt_monitor_phdr {
- guint16 adapter_id;
- guint16 opcode;
-};
-
-#define LIBPCAP_PPP_PHDR_RECV 0
-#define LIBPCAP_PPP_PHDR_SENT 1
-
-/*
- * Header prepended by libpcap to each ppp frame.
- */
-struct libpcap_ppp_phdr {
- guint8 direction;
-};
-
/*
* Endace Record Format pseudo header
*/
#define MAX_ERF_EHDR 8
+struct wtap_erf_eth_hdr {
+ guint8 offset;
+ guint8 pad;
+};
+
struct erf_mc_phdr {
struct erf_phdr phdr;
struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
union
{
- guint16 eth_hdr;
+ struct wtap_erf_eth_hdr eth_hdr;
guint32 mc_hdr;
+ guint32 aal2_hdr;
} subhdr;
};
-#define LLCP_PHDR_FLAG_SENT 0
-struct llcp_phdr {
- guint8 adapter;
- guint8 flags;
-};
-
#define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
#define SITA_FRAME_DIR_RXED (0x01)
#define SITA_FRAME_DIR (0x01) /* mask */
#define GSM_UM_CHANNEL_AGCH 7
#define GSM_UM_CHANNEL_PCH 8
+/* Pseudo-header for nstrace packets */
+struct nstr_phdr {
+ gint64 rec_offset;
+ gint32 rec_len;
+ guint8 nicno_offset;
+ guint8 nicno_len;
+ guint8 dir_offset;
+ guint8 dir_len;
+ guint8 eth_offset;
+ guint8 pcb_offset;
+ guint8 l_pcb_offset;
+ guint8 rec_type;
+ guint8 vlantag_offset;
+ guint8 coreid_offset;
+ guint8 srcnodeid_offset;
+ guint8 destnodeid_offset;
+ guint8 clflags_offset;
+ guint8 src_vmname_len_offset;
+ guint8 dst_vmname_len_offset;
+ guint8 ns_activity_offset;
+ guint8 data_offset;
+};
+
+/* Packet "pseudo-header" for Nokia output */
+struct nokia_phdr {
+ struct eth_phdr eth;
+ guint8 stuff[4]; /* mysterious stuff */
+};
+
+#define LLCP_PHDR_FLAG_SENT 0
+struct llcp_phdr {
+ guint8 adapter;
+ guint8 flags;
+};
+
/* pseudo header for WTAP_ENCAP_LOGCAT */
struct logcat_phdr {
gint version;
};
+/* Packet "pseudo-header" information for Sysdig events. */
+
+struct sysdig_event_phdr {
+ guint record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
+ int byte_order;
+ guint16 cpu_id;
+ /* guint32 sentinel; */
+ guint64 timestamp; /* ns since epoch */
+ guint64 thread_id;
+ guint32 event_len; /* XXX dup of wtap_pkthdr.len */
+ guint16 event_type;
+ /* ... Event ... */
+};
+
+/* Pseudo-header for file-type-specific records */
+struct ft_specific_record_phdr {
+ guint record_type; /* the type of record this is */
+};
+
union wtap_pseudo_header {
struct eth_phdr eth;
struct x25_phdr x25;
struct nokia_phdr nokia;
struct llcp_phdr llcp;
struct logcat_phdr logcat;
+ struct sysdig_event_phdr sysdig_event;
+ struct ft_specific_record_phdr ftsrec;
};
+/*
+ * Record type values.
+ *
+ * This list will expand over time, so don't assume everything will
+ * forever be one of the types listed below.
+ *
+ * For file-type-specific records, the "ftsrec" field of the pseudo-header
+ * contains a file-type-specific subtype value, such as a block type for
+ * a pcap-ng file.
+ *
+ * An "event" is an indication that something happened during the capture
+ * process, such as a status transition of some sort on the network.
+ * These should, ideally, have a time stamp and, if they're relevant to
+ * a particular interface on a multi-interface capture, should also have
+ * an interface ID. The data for the event is file-type-specific and
+ * subtype-specific. These should be dissected and displayed just as
+ * packets are.
+ *
+ * A "report" supplies information not corresponding to an event;
+ * for example, a pcap-ng Interface Statistics Block would be a report,
+ * as it doesn't correspond to something happening on the network.
+ * They may have a time stamp, and should be dissected and displayed
+ * just as packets are.
+ *
+ * We distingiush between "events" and "reports" so that, for example,
+ * the packet display can show the delta between a packet and an event
+ * but not show the delta between a packet and a report, as the time
+ * stamp of a report may not correspond to anything interesting on
+ * the network but the time stamp of an event would.
+ *
+ * XXX - are there any file-type-specific records that *shouldn't* be
+ * dissected and displayed? If so, they should be parsed and the
+ * information in them stored somewhere, and used somewhere, whether
+ * it's just used when saving the file in its native format or also
+ * used to parse *other* file-type-specific records.
+ */
+#define REC_TYPE_PACKET 0 /**< packet */
+#define REC_TYPE_FT_SPECIFIC_EVENT 1 /**< file-type-specific event */
+#define REC_TYPE_FT_SPECIFIC_REPORT 2 /**< file-type-specific report */
+#define REC_TYPE_SYSCALL 3 /**< system call */
+
struct wtap_pkthdr {
- guint32 presence_flags; /* what stuff do we have? */
- nstime_t ts;
- guint32 caplen; /* data length in the file */
- guint32 len; /* data length on the wire */
- int pkt_encap;
- /* pcapng variables */
- guint32 interface_id; /* identifier of the interface. */
- /* options */
- gchar *opt_comment; /* NULL if not available */
- guint64 drop_count; /* number of packets lost (by the interface and the
- operating system) between this packet and the preceding one. */
- guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
+ guint rec_type; /* what type of record is this? */
+ guint32 presence_flags; /* what stuff do we have? */
+ nstime_t ts; /* time stamp */
+ guint32 caplen; /* data length in the file */
+ guint32 len; /* data length on the wire */
+ int pkt_encap; /* WTAP_ENCAP_ value for this packet */
+ int pkt_tsprec; /* WTAP_TSPREC_ value for this packet */
+ /* pcapng variables */
+ guint32 interface_id; /* identifier of the interface. */
+ /* options */
+ gchar *opt_comment; /* NULL if not available */
+ guint64 drop_count; /* number of packets lost (by the interface and the
+ operating system) between this packet and the preceding one. */
+ guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
+ Buffer ft_specific_data; /* file-type specific data */
union wtap_pseudo_header pseudo_header;
};
#define WTAP_HAS_PACK_FLAGS 0x00000020 /**< packet flags */
/**
- * Holds the option strings from pcapng:s Section Header block(SHB).
+ * Holds the required data from pcapng:s Section Header block(SHB).
*/
-typedef struct wtapng_section_s {
- /* mandatory */
+typedef struct wtapng_section_mandatory_s {
guint64 section_length; /**< 64-bit value specifying the length in bytes of the
* following section.
* Section Length equal -1 (0xFFFFFFFFFFFFFFFF) means
* that the size of the section is not specified
+ * Note: if writing to a new file, this length will
+ * be invalid if anything changes, such as the other
+ * members of this struct, or the packets written.
*/
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *shb_hardware; /**< NULL if not available
- * UTF-8 string containing the description of the
- * hardware used to create this section.
- */
- gchar *shb_os; /**< NULL if not available, UTF-8 string containing the
- * name of the operating system used to create this section.
- */
- const gchar *shb_user_appl; /**< NULL if not available, UTF-8 string containing the
- * name of the application used to create this section.
- */
-} wtapng_section_t;
-
+} wtapng_mandatory_section_t;
/** struct holding the information to build IDB:s
- * the interface_data array holds an array of wtapng_if_descr_t
- * one per interface.
+ * the interface_data array holds an array of wtap_block_t
+ * represending IDB of one per interface.
*/
typedef struct wtapng_iface_descriptions_s {
- guint number_of_interfaces;
GArray *interface_data;
} wtapng_iface_descriptions_t;
-/* Interface Description
- *
- * Options:
- *
- * if_name 2 A UTF-8 string containing the name of the device used to capture data.
- * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
- *
- * if_description 3 A UTF-8 string containing the description of the device used
- * to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
- *
- * if_IPv4addr 4 Interface network address and netmask. This option can be
- * repeated multiple times within the same Interface Description Block
- * when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
- *
- * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte).
- * This option can be repeated multiple times within the same Interface
- * Description Block when multiple IPv6 addresses are assigned to the interface.
- * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
- * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
- *
- * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
- *
- * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
- *
- * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
- *
- * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero,
- * the remaining bits indicates the resolution of the timestamp as as a
- * negative power of 10 (e.g. 6 means microsecond resolution, timestamps
- * are the number of microseconds since 1/1/1970). If the Most Significant Bit
- * is equal to one, the remaining bits indicates the resolution has a
- * negative power of 2 (e.g. 10 means 1/1024 of second).
- * If this option is not present, a resolution of 10^-6 is assumed
- * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
- *
- * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
- *
- * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
- * The first byte of the Option Data keeps a code of the filter used
- * (e.g. if this is a libpcap string, or BPF bytecode, and more).
- * More details about this format will be presented in Appendix XXX (TODO).
- * (TODO: better use different options for different fields?
- * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
- *
- * if_os 12 A UTF-8 string containing the name of the operating system of the
- * machine in which this interface is installed.
- * This can be different from the same information that can be
- * contained by the Section Header Block
- * (Section 3.1 (Section Header Block (mandatory))) because
- * the capture can have been done on a remote machine.
- * "Windows XP SP2" / "openSUSE 10.2" / ...
- *
- * if_fcslen 13 An integer value that specified the length of the
- * Frame Check Sequence (in bits) for this interface.
- * For link layers whose FCS length can change during time,
- * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
- *
- * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds)
- * that must be added to the timestamp of each packet to obtain
- * the absolute timestamp of a packet. If the option is missing,
- * the timestamps stored in the packet must be considered absolute
- * timestamps. The time zone of the offset can be specified with the
- * option if_tzone. TODO: won't a if_tsoffset_low for fractional
- * second offsets be useful for highly syncronized capture systems? 1234
- */
/**
* Interface description data
*/
-typedef struct wtapng_if_descr_s {
+typedef struct wtapng_if_descr_mandatory_s {
int wtap_encap; /**< link_type translated to wtap_encap */
guint64 time_units_per_second;
+ int tsprecision; /**< WTAP_TSPREC_ value for this interface */
- /* mandatory */
guint16 link_type;
guint32 snap_len;
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- gchar *if_name; /**< NULL if not available
- * opt 2
- * A UTF-8 string containing the name of the
- * device used to capture data.
- */
- gchar *if_description; /**< NULL if not available
- * opt 3
- * A UTF-8 string containing the description
- * of the device used to capture data.
- */
-
- /* XXX: if_IPv4addr opt 4 Interface network address and netmask. */
- /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
- /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits). */
- /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits) */
-
- guint64 if_speed; /**< 0xFFFFFFFF if unknown
- * opt 8
- * Interface speed (in bps). 100000000 for 100Mbps
- */
- guint8 if_tsresol; /**< default is 6 for microsecond resolution
- * opt 9
- * Resolution of timestamps.
- * If the Most Significant Bit is equal to zero,
- * the remaining bits indicates the resolution of the
- * timestamp as as a negative power of 10
- */
-
- /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
-
- gchar *if_filter_str; /**< NULL if not available
- * opt 11 libpcap string.
- */
- guint16 bpf_filter_len; /** Opt 11 variant II BPF filter len 0 if not used*/
- gchar *if_filter_bpf_bytes; /** Opt 11 BPF filter or NULL */
- gchar *if_os; /**< NULL if not available
- * 12 A UTF-8 string containing the name of the
- * operating system of the machine in which this
- * interface is installed.
- */
- gint8 if_fcslen; /**< -1 if unknown or changes between packets,
- * opt 13
- * An integer value that specified the length of
- * the Frame Check Sequence (in bits) for this interface. */
- /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
guint8 num_stat_entries;
GArray *interface_statistics; /**< An array holding the interface statistics from
* pcapng ISB:s or equivalent(?)*/
-} wtapng_if_descr_t;
+} wtapng_if_descr_mandatory_t;
+/* Interface description data - Option 11 structure */
+typedef struct wtapng_if_descr_filter_s {
+ gchar *if_filter_str; /**< NULL if not available
+ * libpcap string.
+ */
+ guint16 bpf_filter_len; /** variant II BPF filter len 0 if not used*/
+ guint8 *if_filter_bpf_bytes; /** BPF filter or NULL */
+} wtapng_if_descr_filter_t;
/**
- * Interface Statistics. pcap-ng Interface Statistics Block (ISB).
+ * Holds the required data for pcap-ng Interface Statistics Block (ISB).
*/
-typedef struct wtapng_if_stats_s {
- /* mandatory */
+typedef struct wtapng_if_stats_mandatory_s {
guint32 interface_id;
guint32 ts_high;
guint32 ts_low;
- /* options */
- gchar *opt_comment; /**< NULL if not available */
- guint64 isb_starttime;
- guint64 isb_endtime;
- guint64 isb_ifrecv;
- guint64 isb_ifdrop;
- guint64 isb_filteraccept;
- guint64 isb_osdrop;
- guint64 isb_usrdeliv;
-} wtapng_if_stats_t;
+} wtapng_if_stats_mandatory_t;
+
+#ifndef MAXNAMELEN
+#define MAXNAMELEN 64 /* max name length (hostname and port name) */
+#endif
+typedef struct hashipv4 {
+ guint addr;
+ guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
+ gchar ip[16];
+ gchar name[MAXNAMELEN];
+} hashipv4_t;
+
+typedef struct hashipv6 {
+ guint8 addr[16];
+ guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
+ gchar ip6[46];
+ gchar name[MAXNAMELEN];
+} hashipv6_t;
/** A struct with lists of resolved addresses.
* Used when writing name resoultion blocks (NRB)
} wtap_wslua_file_info_t;
/*
- * For registering extensions used for capture file formats.
+ * For registering extensions used for file formats.
*
* These items are used in dialogs for opening files, so that
* the user can ask to see all capture files (as identified
* by file extension) or particular types of capture files.
*
- * Each file type has a description and a list of extensions the file
- * might have. Some file types aren't real file types, they're
- * just generic types, such as "text file" or "XML file", that can
- * be used for, among other things, captures we can read, or for
- * extensions such as ".cap" that were unimaginatively chosen by
- * several different sniffers for their file formats.
+ * Each file type has a description, a flag indicating whether it's
+ * a capture file or just some file whose contents we can dissect,
+ * and a list of extensions the file might have.
+ *
+ * Some file types aren't real file types, they're just generic types,
+ * such as "text file" or "XML file", that can be used for, among other
+ * things, captures we can read, or for extensions such as ".cap" that
+ * were unimaginatively chosen by several different sniffers for their
+ * file formats.
*/
struct file_extension_info {
/* the file type name */
const char *name;
+ /* TRUE if this is a capture file type */
+ gboolean is_capture_file;
+
/* a semicolon-separated list of file extensions used for this type */
const char *extensions;
};
*
* The open routine should return:
*
- * -1 on an I/O error;
+ * WTAP_OPEN_ERROR on an I/O error;
*
- * 1 if the file it's reading is one of the types it handles;
+ * WTAP_OPEN_MINE if the file it's reading is one of the types
+ * it handles;
*
- * 0 if the file it's reading isn't the type it handles.
+ * WTAP_OPEN_NOT_MINE if the file it's reading isn't one of the
+ * types it handles.
*
* If the routine handles this type of file, it should set the "file_type"
* field in the "struct wtap" to the type of the file.
* (See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8518)
*
* However, the caller does have to free the private data pointer when
- * returning 0, since the next file type will be called and will likely
- * just overwrite the pointer.
+ * returning WTAP_OPEN_NOT_MINE, since the next file type will be called
+ * and will likely just overwrite the pointer.
*/
+typedef enum {
+ WTAP_OPEN_NOT_MINE = 0,
+ WTAP_OPEN_MINE = 1,
+ WTAP_OPEN_ERROR = -1
+} wtap_open_return_val;
+
+typedef wtap_open_return_val (*wtap_open_routine_t)(struct wtap*, int *,
+ char **);
/*
* Some file formats have defined magic numbers at fixed offsets from
* Those file formats do not require a file name extension in order
* to recognize them or to avoid recognizing other file types as that
* type, and have no extensions specified for them.
- */
-typedef int (*wtap_open_routine_t)(struct wtap*, int *, char **);
-
-/*
- * Some file formats don't have defined magic numbers at fixed offsets,
+ *
+ * Other file formats don't have defined magic numbers at fixed offsets,
* so a heuristic is required. If that file format has any file name
* extensions used for it, a list of those extensions should be
* specified, so that, if the name of the file being opened has an
* the ones that don't, to handle the case where a file of one type
* might be recognized by the heuristics for a different file type.
*/
-/*struct heuristic_open_info {
- wtap_open_routine_t open_routine;
- const char *extensions;
-};
-*/
-#define OPEN_INFO_MAGIC 0
-#define OPEN_INFO_HEURISTIC 1
+
+typedef enum {
+ OPEN_INFO_MAGIC = 0,
+ OPEN_INFO_HEURISTIC = 1
+} wtap_open_type;
WS_DLL_PUBLIC void init_open_routines(void);
struct open_info {
const char *name;
- int type;
+ wtap_open_type type;
wtap_open_routine_t open_routine;
const char *extensions;
gchar **extensions_set; /* populated using extensions member during initialization */
/*
* Types of comments.
*/
-#define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
-#define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
-#define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
+#define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
+#define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
+#define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
struct file_type_subtype_info {
/* the file type name */
WS_DLL_PUBLIC
gboolean wtap_seek_read (wtap *wth, gint64 seek_off,
- struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
+ struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info);
/*** get various information snippets about the current packet ***/
WS_DLL_PUBLIC
WS_DLL_PUBLIC
guint8 *wtap_buf_ptr(wtap *wth);
+/*** initialize a wtap_pkthdr structure ***/
+WS_DLL_PUBLIC
+void wtap_phdr_init(struct wtap_pkthdr *phdr);
+
+/*** clean up a wtap_pkthdr structure, freeing what wtap_phdr_init() allocated */
+WS_DLL_PUBLIC
+void wtap_phdr_cleanup(struct wtap_pkthdr *phdr);
+
/*** get various information snippets about the current file ***/
/** Return an approximation of the amount of data we've read sequentially
WS_DLL_PUBLIC
int wtap_file_encap(wtap *wth);
WS_DLL_PUBLIC
-int wtap_file_tsprecision(wtap *wth);
+int wtap_file_tsprec(wtap *wth);
+
+/**
+ * @brief Gets existing section header block, not for new file.
+ * @details Returns the pointer to the existing SHB, without creating a
+ * new one. This should only be used for accessing info, not
+ * for creating a new file based on existing SHB info. Use
+ * wtap_file_get_shb_for_new_file() for that.
+ *
+ * @param wth The wiretap session.
+ * @return The existing section header, which must NOT be g_free'd.
+ *
+ * XXX - need to be updated to handle multiple SHBs.
+ */
WS_DLL_PUBLIC
-wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
+wtap_block_t wtap_file_get_shb(wtap *wth);
+
+/**
+ * @brief Gets new section header block for new file, based on existing info.
+ * @details Creates a new wtap_block_t section header block and only
+ * copies appropriate members of the SHB for a new file. In
+ * particular, the comment string is copied, and any custom options
+ * which should be copied are copied. The os, hardware, and
+ * application strings are *not* copied.
+ *
+ * @note Use wtap_free_shb() to free the returned section header.
+ *
+ * @param wth The wiretap session.
+ * @return The new section header, which must be wtap_free_shb'd.
+ */
WS_DLL_PUBLIC
-wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+GArray* wtap_file_get_shb_for_new_file(wtap *wth);
+
+/**
+ * @brief Sets or replaces the section header comment.
+ * @details The passed-in comment string is set to be the comment
+ * for the section header block. The passed-in string's
+ * ownership will be owned by the block, so it should be
+ * duplicated before passing into this function.
+ *
+ * @param wth The wiretap session.
+ * @param comment The comment string.
+ */
WS_DLL_PUBLIC
void wtap_write_shb_comment(wtap *wth, gchar *comment);
+/**
+ * @brief Gets existing interface descriptions.
+ * @details Returns a new struct containing a pointer to the existing
+ * description, without creating new descriptions internally.
+ * @note The returned pointer must be g_free'd, but its internal
+ * interface_data must not.
+ *
+ * @param wth The wiretap session.
+ * @return A new struct of the existing section descriptions, which must be g_free'd.
+ */
+WS_DLL_PUBLIC
+wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+
+/**
+ * @brief Free's a interface description block and all of its members.
+ *
+ * @details This free's all of the interface descriptions inside the passed-in
+ * struct, including their members (e.g., comments); and then free's the
+ * passed-in struct as well.
+ *
+ * @warning Do not use this for the struct returned by
+ * wtap_file_get_idb_info(), as that one did not create the internal
+ * interface descriptions; for that case you can simply g_free() the new
+ * struct.
+ */
+WS_DLL_PUBLIC
+void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info);
+
+/**
+ * @brief Gets a debug string of an interface description.
+ * @details Returns a newly allocated string of debug information about
+ * the given interface descrption, useful for debugging.
+ * @note The returned pointer must be g_free'd.
+ *
+ * @param if_descr The interface description.
+ * @param indent Number of spaces to indent each line by.
+ * @param line_end A string to append to each line (e.g., "\n" or ", ").
+ * @return A newly allocated gcahr array string, which must be g_free'd.
+ */
+WS_DLL_PUBLIC
+gchar *wtap_get_debug_if_descr(const wtap_block_t if_descr,
+ const int indent,
+ const char* line_end);
+
+/**
+ * @brief Gets existing name resolution block, not for new file.
+ * @details Returns the pointer to the existing NRB, without creating a
+ * new one. This should only be used for accessing info, not
+ * for creating a new file based on existing NRB info. Use
+ * wtap_file_get_nrb_for_new_file() for that.
+ *
+ * @param wth The wiretap session.
+ * @return The existing section header, which must NOT be g_free'd.
+ *
+ * XXX - need to be updated to handle multiple NRBs.
+ */
+WS_DLL_PUBLIC
+wtap_block_t wtap_file_get_nrb(wtap *wth);
+
+/**
+ * @brief Gets new name resolution info for new file, based on existing info.
+ * @details Creates a new wtap_block_t of name resolution info and only
+ * copies appropriate members for a new file.
+ *
+ * @note Use wtap_free_nrb() to free the returned pointer.
+ *
+ * @param wth The wiretap session.
+ * @return The new name resolution info, which must be freed.
+ */
+WS_DLL_PUBLIC
+GArray* wtap_file_get_nrb_for_new_file(wtap *wth);
+
/*** close the file descriptors for the current file ***/
WS_DLL_PUBLIC
void wtap_fdclose(wtap *wth);
WS_DLL_PUBLIC
gboolean wtap_fdreopen(wtap *wth, const char *filename, int *err);
-/*** close the current file ***/
+/** Close only the sequential side, freeing up memory it uses. */
WS_DLL_PUBLIC
void wtap_sequential_close(wtap *wth);
+
+/** Closes any open file handles and frees the memory associated with wth. */
WS_DLL_PUBLIC
void wtap_close(wtap *wth);
gboolean wtap_dump_supports_comment_types(int filetype, guint32 comment_types);
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
+wtap_dumper* wtap_dump_open(const char *filename, int file_type_subtype, int encap,
int snaplen, gboolean compressed, int *err);
+/**
+ * @brief Opens a new capture file for writing.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param filename The new file's name.
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_ng(const char *filename, int file_type_subtype, int encap,
+ int snaplen, gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
+
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_tempfile(char **filenamep, const char *pfx,
+ int file_type_subtype, int encap, int snaplen, gboolean compressed,
+ int *err);
+
+/**
+ * @brief Creates a dumper for a temporary file.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param filenamep Points to a pointer that's set to point to the
+ * pathname of the temporary file; it's allocated with g_malloc()
+ * @param pfx A string to be used as the prefix for the temporary file name
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
- int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
+wtap_dumper* wtap_dump_open_tempfile_ng(char **filenamep, const char *pfx,
+ int file_type_subtype, int encap, int snaplen, gboolean compressed,
+ GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
+wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype, int encap, int snaplen,
gboolean compressed, int *err);
+/**
+ * @brief Creates a dumper for an existing file descriptor.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param fd The file descriptor for which the dumper should be created.
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_fdopen_ng(int fd, int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
+
WS_DLL_PUBLIC
-wtap_dumper* wtap_dump_fdopen_ng(int fd, int filetype, int encap, int snaplen,
- gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
+wtap_dumper* wtap_dump_open_stdout(int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, int *err);
+/**
+ * @brief Creates a dumper for the standard output.
+ *
+ * @note The shb_hdr, idb_inf, and nrb_hdr arguments will be used until
+ * wtap_dump_close() is called, but will not be free'd by the dumper. If
+ * you created them, you must free them yourself after wtap_dump_close().
+ *
+ * @param file_type_subtype The WTAP_FILE_TYPE_SUBTYPE_XXX file type.
+ * @param encap The WTAP_ENCAP_XXX encapsulation type (WTAP_ENCAP_PER_PACKET for multi)
+ * @param snaplen The maximum packet capture length.
+ * @param compressed True if file should be compressed.
+ * @param shb_hdrs The section header block(s) information, or NULL.
+ * @param idb_inf The interface description information, or NULL.
+ * @param nrb_hdrs The name resolution blocks(s) comment/custom_opts information, or NULL.
+ * @param[out] err Will be set to an error code on failure.
+ * @return The newly created dumper object, or NULL on failure.
+ */
+WS_DLL_PUBLIC
+wtap_dumper* wtap_dump_open_stdout_ng(int file_type_subtype, int encap, int snaplen,
+ gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
+ GArray* nrb_hdrs, int *err);
WS_DLL_PUBLIC
-gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const guint8 *, int *err);
+gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const guint8 *,
+ int *err, gchar **err_info);
WS_DLL_PUBLIC
void wtap_dump_flush(wtap_dumper *);
WS_DLL_PUBLIC
struct addrinfo;
WS_DLL_PUBLIC
gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
+
+/**
+ * Closes open file handles and frees memory associated with wdh. Note that
+ * shb_hdr, idb_inf and nrb_hdr are not freed by this routine.
+ */
WS_DLL_PUBLIC
-gboolean wtap_dump_close(wtap_dumper *, int *);
+gboolean wtap_dump_close(wtap_dumper *wdh, int *err);
/**
* Return TRUE if we can write a file out with the given GArray of file
/*** various file extension functions ***/
WS_DLL_PUBLIC
-GSList *wtap_get_all_file_extensions_list(void);
+GSList *wtap_get_all_capture_file_extensions_list(void);
WS_DLL_PUBLIC
const char *wtap_default_file_extension(int filetype);
WS_DLL_PUBLIC
WS_DLL_PUBLIC
int wtap_short_string_to_encap(const char *short_name);
+WS_DLL_PUBLIC
+const char* wtap_tsprec_string(int tsprec);
+
WS_DLL_PUBLIC
const char *wtap_strerror(int err);
#define WTAP_ERR_CANT_OPEN -6
/** The file couldn't be opened, reason unknown */
-#define WTAP_ERR_UNSUPPORTED_FILE_TYPE -7
+#define WTAP_ERR_UNWRITABLE_FILE_TYPE -7
/** Wiretap can't save files in the specified format */
-#define WTAP_ERR_UNSUPPORTED_ENCAP -8
+#define WTAP_ERR_UNWRITABLE_ENCAP -8
/** Wiretap can't read or save files in the specified format with the
specified encapsulation */
#define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
/** The specified format doesn't support per-packet encapsulations */
-#define WTAP_ERR_CANT_CLOSE -10
- /** The file couldn't be closed, reason unknown */
-
-#define WTAP_ERR_CANT_READ -11
+#define WTAP_ERR_CANT_WRITE -10
/** An attempt to read failed, reason unknown */
+#define WTAP_ERR_CANT_CLOSE -11
+ /** The file couldn't be closed, reason unknown */
+
#define WTAP_ERR_SHORT_READ -12
/** An attempt to read read less data than it should have */
#define WTAP_ERR_SHORT_WRITE -14
/** An attempt to write wrote less data than it should have */
-#define WTAP_ERR_UNC_TRUNCATED -15
- /** Sniffer compressed data was oddly truncated */
-
-#define WTAP_ERR_UNC_OVERFLOW -16
+#define WTAP_ERR_UNC_OVERFLOW -15
/** Uncompressing Sniffer data would overflow buffer */
-#define WTAP_ERR_UNC_BAD_OFFSET -17
- /** LZ77 compressed data has bad offset to string */
-
-#define WTAP_ERR_RANDOM_OPEN_STDIN -18
+#define WTAP_ERR_RANDOM_OPEN_STDIN -16
/** We're trying to open the standard input for random access */
-#define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -19
+#define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17
/* The filetype doesn't support output compression */
-#define WTAP_ERR_CANT_SEEK -20
+#define WTAP_ERR_CANT_SEEK -18
/** An attempt to seek failed, reason unknown */
-#define WTAP_ERR_CANT_SEEK_COMPRESSED -21
+#define WTAP_ERR_CANT_SEEK_COMPRESSED -19
/** An attempt to seek on a compressed stream */
-#define WTAP_ERR_DECOMPRESS -22
+#define WTAP_ERR_DECOMPRESS -20
/** Error decompressing */
-#define WTAP_ERR_INTERNAL -23
+#define WTAP_ERR_INTERNAL -21
/** "Shouldn't happen" internal errors */
-#define WTAP_ERR_PACKET_TOO_LARGE -24
+#define WTAP_ERR_PACKET_TOO_LARGE -22
/** Packet being written is larger than we support; do not use when
reading, use WTAP_ERR_BAD_FILE instead */
-#define WTAP_ERR_CHECK_WSLUA -25
+#define WTAP_ERR_CHECK_WSLUA -23
/** Not really an error: the file type being checked is from a Lua
plugin, so that the code will call wslua_can_write_encap() instead if it gets this */
+#define WTAP_ERR_UNWRITABLE_REC_TYPE -24
+ /** Specified record type can't be written to that file type */
+
+#define WTAP_ERR_UNWRITABLE_REC_DATA -25
+ /** Something in the record data can't be written to that file type */
+
#ifdef __cplusplus
}
#endif /* __cplusplus */