#define WTAP_ENCAP_NETANALYZER 135
#define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
#define WTAP_ENCAP_IP_OVER_IB 137
+#define WTAP_ENCAP_MPEG_2_TS 138
#define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
#define TRAF_IPSILON 7 /* Ipsilon */
#define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
#define TRAF_GPRS_NS 9 /* GPRS Network Services */
+#define TRAF_SSCOP 10 /* SSCOP */
/*
* Traffic subtypes.
};
struct wtap_pkthdr {
- struct wtap_nstime ts;
- guint32 caplen;
- guint32 len;
- int pkt_encap;
+ guint32 presence_flags; /* what stuff do we have? */
+ struct wtap_nstime ts;
+ guint32 caplen; /* data length in the file */
+ guint32 len; /* data length on the wire */
+ int pkt_encap;
+ /* pcapng variables */
+ guint32 interface_id; /* identifier of the interface. */
+ /* options */
+ gchar *opt_comment; /* NULL if not available */
+ guint64 drop_count; /* number of packets lost (by the interface and the operating system) between this packet and the preceding one. */
+ guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
};
+/*
+ * Bits in presence_flags, indicating which of the fields we have.
+ *
+ * For the time stamp, we may need some more flags to indicate
+ * whether the time stamp is an absolute date-and-time stamp, an
+ * absolute time-only stamp (which can make relative time
+ * calculations tricky, as you could in theory have two time
+ * stamps separated by an unknown number of days), or a time stamp
+ * relative to some unspecified time in the past (see mpeg.c).
+ *
+ * There is no presence flag for len - there has to be *some* length
+ * value for the packet. (The "captured length" can be missing if
+ * the file format doesn't report a captured length distinct from
+ * the on-the-network length because the application(s) producing those
+ * files don't support slicing packets.)
+ *
+ * There could be a presence flag for the packet encapsulation - if it's
+ * absent, use the file encapsulation - but it's not clear that's useful;
+ * we currently do that in the module for the file format.
+ */
+#define WTAP_HAS_TS 0x00000001 /* time stamp */
+#define WTAP_HAS_CAP_LEN 0x00000002 /* captured length separate from on-the-network length */
+#define WTAP_HAS_INTERFACE_ID 0x00000004 /* interface ID */
+#define WTAP_HAS_COMMENTS 0x00000008 /* comments */
+#define WTAP_HAS_DROP_COUNT 0x00000010 /* drop count */
+#define WTAP_HAS_PACK_FLAGS 0x00000020 /* packet flags */
+
+/**
+ * Holds the option strings from pcapng:s Section Header block(SHB).
+ */
+typedef struct wtapng_section_s {
+ /* mandatory */
+ guint64 section_length;
+ /* options */
+ gchar *opt_comment; /* NULL if not available */
+ gchar *shb_hardware; /* NULL if not available, UTF-8 string containing the description of the hardware used to create this section. */
+ gchar *shb_os; /* NULL if not available, UTF-8 string containing the name of the operating system used to create this section. */
+ gchar *shb_user_appl; /* NULL if not available, UTF-8 string containing the name of the application used to create this section. */
+} wtapng_section_t;
+
+
+/** struct holding the information to build IDB:s
+ * the interface_data array holds an array of wtapng_if_descr_t
+ * one per interface.
+ */
+typedef struct wtapng_iface_descriptions_s {
+ guint number_of_interfaces;
+ GArray *interface_data;
+} wtapng_iface_descriptions_t;
+
+/* Interface Description
+ *
+ * Options:
+ * if_name 2 A UTF-8 string containing the name of the device used to capture data. "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
+ * if_description 3 A UTF-8 string containing the description of the device used to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
+ * if_IPv4addr 4 Interface network address and netmask. This option can be repeated multiple times within the same Interface Description Block when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
+ * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte). This option can be repeated multiple times within the same Interface Description Block when multiple IPv6 addresses are assigned to the interface. 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
+ * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
+ * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
+ * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
+ * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10 (e.g. 6 means microsecond resolution, timestamps are the number of microseconds since 1/1/1970). If the Most Significant Bit is equal to one, the remaining bits indicates the resolution as as negative power of 2 (e.g. 10 means 1/1024 of second). If this option is not present, a resolution of 10^-6 is assumed (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
+ * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
+ * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic. The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more). More details about this format will be presented in Appendix XXX (TODO). (TODO: better use different options for different fields? e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
+ * if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. This can be different from the same information that can be contained by the Section Header Block (Section 3.1 (Section Header Block (mandatory))) because the capture can have been done on a remote machine. "Windows XP SP2" / "openSUSE 10.2" / ...
+ * if_fcslen 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. For link layers whose FCS length can change during time, the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
+ * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds) that must be added to the timestamp of each packet to obtain the absolute timestamp of a packet. If the option is missing, the timestamps stored in the packet must be considered absolute timestamps. The time zone of the offset can be specified with the option if_tzone. TODO: won't a if_tsoffset_low for fractional second offsets be useful for highly syncronized capture systems? 1234
+ */
+/**
+ * Interface description data
+ */
+typedef struct wtapng_if_descr_s {
+ int wtap_encap; /**< link_type translated to wtap_encap */
+ guint64 time_units_per_second;
+ /* mandatory */
+ guint16 link_type;
+ guint32 snap_len;
+ /* options */
+ gchar *opt_comment; /**< NULL if not available */
+ gchar *if_name; /**< NULL if not available, opt 2 A UTF-8 string containing the name of the device used to capture data. */
+ gchar *if_description;/**< NULL if not available, opt 3 A UTF-8 string containing the description of the device used to capture data. */
+ /* XXX: if_IPv4addr opt 4 Interface network address and netmask.*/
+ /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
+ /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits).*/
+ /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits)*/
+ guint64 if_speed; /**< 0xFFFFFFFF if unknown, opt 8 Interface speed (in bps). 100000000 for 100Mbps */
+ guint8 if_tsresol; /**< default is 6 for microsecond resolution, opt 9 Resolution of timestamps.
+ * If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10
+ */
+ /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
+ gchar *if_filter; /**< NULL if not available, opt 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
+ * The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more).
+ */
+ gchar *if_os; /**< NULL if not available, 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. */
+ gint8 if_fcslen; /**< -1 if unknown or changes between packets, opt 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. */
+ /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
+} wtapng_if_descr_t;
+
struct Buffer;
struct wtap_dumper;
/* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
const char *short_name;
- /* the common file extensions for this type (seperated by semicolon) */
- /* should be *.* if no common extension is applicable */
- const char *file_extensions;
-
/* the default file extension, used to save this type */
/* should be NULL if no default extension is known */
- const char *file_extension_default;
+ const char *default_file_extension;
+
+ /* a semicolon-separated list of additional file extensions */
+ /* used for this type */
+ /* should be NULL if no extensions, or no extensions other */
+ /* than the default extension, are known */
+ const char *additional_file_extensions;
/* when writing this file format, is seeking required? */
gboolean writing_must_seek;
/*** get various information snippets about the current file ***/
-/* Return an approximation of the amount of data we've read sequentially
+/** Return an approximation of the amount of data we've read sequentially
* from the file so far. */
gint64 wtap_read_so_far(wtap *wth);
gint64 wtap_file_size(wtap *wth, int *err);
int wtap_file_type(wtap *wth);
int wtap_file_encap(wtap *wth);
int wtap_file_tsprecision(wtap *wth);
+wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
+wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+void wtap_write_shb_comment(wtap *wth, gchar *comment);
/*** close the current file ***/
void wtap_sequential_close(wtap *wth);
gboolean wtap_dump_can_write_encap(int filetype, int encap);
gboolean wtap_dump_can_compress(int filetype);
gboolean wtap_dump_has_name_resolution(int filetype);
+
wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
int snaplen, gboolean compressed, int *err);
+
+wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
+ int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
+
wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
gboolean compressed, int *err);
+
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
const union wtap_pseudo_header *pseudo_header, const guint8 *, int *err);
void wtap_dump_flush(wtap_dumper *);
gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, struct addrinfo *addrinfo_list);
gboolean wtap_dump_close(wtap_dumper *, int *);
+/*
+ * Get a GArray of WTAP_FILE_ values for file types that can be used
+ * to save a file of a given type with a given WTAP_ENCAP_ type.
+ */
+GArray *wtap_get_savable_file_types(int file_type, int file_encap);
+
/*** various string converter functions ***/
const char *wtap_file_type_string(int filetype);
const char *wtap_file_type_short_string(int filetype);
int wtap_short_string_to_file_type(const char *short_name);
+/*** various file extension functions ***/
+const char *wtap_default_file_extension(int filetype);
GSList *wtap_get_file_extensions_list(int filetype);
void wtap_free_file_extensions_list(GSList *extensions);
-const char *wtap_file_extension_default_string(int filetype);
const char *wtap_encap_string(int encap);
const char *wtap_encap_short_string(int encap);
git.samba.org / metze / wireshark / wip.git / blobdiff