#define WTAP_ENCAP_NSTRACE_2_0 120
#define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
#define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
-#define WTAP_ENCAP_JPEG_JFIF 123
+#define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
#define WTAP_ENCAP_IPNET 124
#define WTAP_ENCAP_SOCKETCAN 125
#define WTAP_ENCAP_IEEE802_11_NETMON_RADIO 126
#define WTAP_ENCAP_RAW_IP4 129
#define WTAP_ENCAP_RAW_IP6 130
#define WTAP_ENCAP_LAPD 131
+#define WTAP_ENCAP_DVBCI 132
+#define WTAP_ENCAP_MUX27010 133
+#define WTAP_ENCAP_MIME 134
+#define WTAP_ENCAP_NETANALYZER 135
+#define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
+#define WTAP_ENCAP_IP_OVER_IB 137
+#define WTAP_ENCAP_MPEG_2_TS 138
#define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
We support writing some many of these file types, too, so we
distinguish between different versions of them. */
#define WTAP_FILE_UNKNOWN 0
-#define WTAP_FILE_WTAP 1
-#define WTAP_FILE_PCAP 2
+#define WTAP_FILE_PCAP 1
+#define WTAP_FILE_PCAPNG 2
#define WTAP_FILE_PCAP_NSEC 3
#define WTAP_FILE_PCAP_AIX 4
#define WTAP_FILE_PCAP_SS991029 5
#define WTAP_FILE_NGSNIFFER_COMPRESSED 30
#define WTAP_FILE_NETXRAY_1_1 31
#define WTAP_FILE_NETXRAY_2_00x 32
-#define WTAP_FILE_NETWORK_INSTRUMENTS_V9 33
+#define WTAP_FILE_NETWORK_INSTRUMENTS 33
#define WTAP_FILE_LANALYZER 34
#define WTAP_FILE_PPPDUMP 35
#define WTAP_FILE_RADCOM 36
#define WTAP_FILE_K12TEXT 47
#define WTAP_FILE_NETSCREEN 48
#define WTAP_FILE_COMMVIEW 49
-#define WTAP_FILE_PCAPNG 50
-#define WTAP_FILE_BTSNOOP 51
-#define WTAP_FILE_X2E_XORAYA 52
-#define WTAP_FILE_TNEF 53
-#define WTAP_FILE_DCT3TRACE 54
-#define WTAP_FILE_PACKETLOGGER 55
-#define WTAP_FILE_DAINTREE_SNA 56
-#define WTAP_FILE_NETSCALER_1_0 57
-#define WTAP_FILE_NETSCALER_2_0 58
-#define WTAP_FILE_JPEG_JFIF 59
-#define WTAP_FILE_IPFIX 60
+#define WTAP_FILE_BTSNOOP 50
+#define WTAP_FILE_TNEF 51
+#define WTAP_FILE_DCT3TRACE 52
+#define WTAP_FILE_PACKETLOGGER 53
+#define WTAP_FILE_DAINTREE_SNA 54
+#define WTAP_FILE_NETSCALER_1_0 55
+#define WTAP_FILE_NETSCALER_2_0 56
+#define WTAP_FILE_JPEG_JFIF 57 /* obsoleted by WTAP_FILE_MIME */
+#define WTAP_FILE_IPFIX 58
+#define WTAP_FILE_MIME 59
+#define WTAP_FILE_AETHRA 60
#define WTAP_NUM_FILE_TYPES wtap_get_num_file_types()
#define TRAF_SPANS 6 /* FORE SPANS */
#define TRAF_IPSILON 7 /* Ipsilon */
#define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
+#define TRAF_GPRS_NS 9 /* GPRS Network Services */
+#define TRAF_SSCOP 10 /* SSCOP */
/*
* Traffic subtypes.
const gchar* stack_file;
guint32 input_type;
k12_input_info_t input_info;
- guchar* extra_info;
+ guint8* extra_info;
guint32 extra_length;
void* stuff;
};
* ERF pseudo header with optional subheader
* (Multichannel or Ethernet)
*/
+
+#define MAX_ERF_EHDR 8
+
struct erf_mc_phdr {
struct erf_phdr phdr;
- struct erf_ehdr ehdr_list[8];
+ struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
union
{
guint16 eth_hdr;
#define SITA_PROTO_BOP_FRL (0x12)
struct sita_phdr {
- guint8 flags;
- guint8 signals;
- guint8 errors1;
- guint8 errors2;
- guint8 proto;
+ guint8 sita_flags;
+ guint8 sita_signals;
+ guint8 sita_errors1;
+ guint8 sita_errors2;
+ guint8 sita_proto;
};
/*pseudo header for Bluetooth HCI*/
};
struct wtap_pkthdr {
- struct wtap_nstime ts;
- guint32 caplen;
- guint32 len;
- int pkt_encap;
+ guint32 presence_flags; /* what stuff do we have? */
+ struct wtap_nstime ts;
+ guint32 caplen; /* data length in the file */
+ guint32 len; /* data length on the wire */
+ int pkt_encap;
+ /* pcapng variables */
+ guint32 interface_id; /* identifier of the interface. */
+ /* options */
+ gchar *opt_comment; /* NULL if not available */
+ guint64 drop_count; /* number of packets lost (by the interface and the operating system) between this packet and the preceding one. */
+ guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
};
+/*
+ * Bits in presence_flags, indicating which of the fields we have.
+ *
+ * For the time stamp, we may need some more flags to indicate
+ * whether the time stamp is an absolute date-and-time stamp, an
+ * absolute time-only stamp (which can make relative time
+ * calculations tricky, as you could in theory have two time
+ * stamps separated by an unknown number of days), or a time stamp
+ * relative to some unspecified time in the past (see mpeg.c).
+ *
+ * There is no presence flag for len - there has to be *some* length
+ * value for the packet. (The "captured length" can be missing if
+ * the file format doesn't report a captured length distinct from
+ * the on-the-network length because the application(s) producing those
+ * files don't support slicing packets.)
+ *
+ * There could be a presence flag for the packet encapsulation - if it's
+ * absent, use the file encapsulation - but it's not clear that's useful;
+ * we currently do that in the module for the file format.
+ */
+#define WTAP_HAS_TS 0x00000001 /* time stamp */
+#define WTAP_HAS_CAP_LEN 0x00000002 /* captured length separate from on-the-network length */
+#define WTAP_HAS_INTERFACE_ID 0x00000004 /* interface ID */
+#define WTAP_HAS_COMMENTS 0x00000008 /* comments */
+#define WTAP_HAS_DROP_COUNT 0x00000010 /* drop count */
+#define WTAP_HAS_PACK_FLAGS 0x00000020 /* packet flags */
+
+/**
+ * Holds the option strings from pcapng:s Section Header block(SHB).
+ */
+typedef struct wtapng_section_s {
+ /* mandatory */
+ guint64 section_length;
+ /* options */
+ gchar *opt_comment; /* NULL if not available */
+ gchar *shb_hardware; /* NULL if not available, UTF-8 string containing the description of the hardware used to create this section. */
+ gchar *shb_os; /* NULL if not available, UTF-8 string containing the name of the operating system used to create this section. */
+ gchar *shb_user_appl; /* NULL if not available, UTF-8 string containing the name of the application used to create this section. */
+} wtapng_section_t;
+
+
+/** struct holding the information to build IDB:s
+ * the interface_data array holds an array of wtapng_if_descr_t
+ * one per interface.
+ */
+typedef struct wtapng_iface_descriptions_s {
+ guint number_of_interfaces;
+ GArray *interface_data;
+} wtapng_iface_descriptions_t;
+
+/* Interface Description
+ *
+ * Options:
+ * if_name 2 A UTF-8 string containing the name of the device used to capture data. "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" / ...
+ * if_description 3 A UTF-8 string containing the description of the device used to capture data. "Broadcom NetXtreme" / "First Ethernet Interface" / ...
+ * if_IPv4addr 4 Interface network address and netmask. This option can be repeated multiple times within the same Interface Description Block when multiple IPv4 addresses are assigned to the interface. 192 168 1 1 255 255 255 0
+ * if_IPv6addr 5 Interface network address and prefix length (stored in the last byte). This option can be repeated multiple times within the same Interface Description Block when multiple IPv6 addresses are assigned to the interface. 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"
+ * if_MACaddr 6 Interface Hardware MAC address (48 bits). 00 01 02 03 04 05
+ * if_EUIaddr 7 Interface Hardware EUI address (64 bits), if available. TODO: give a good example
+ * if_speed 8 Interface speed (in bps). 100000000 for 100Mbps
+ * if_tsresol 9 Resolution of timestamps. If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10 (e.g. 6 means microsecond resolution, timestamps are the number of microseconds since 1/1/1970). If the Most Significant Bit is equal to one, the remaining bits indicates the resolution as as negative power of 2 (e.g. 10 means 1/1024 of second). If this option is not present, a resolution of 10^-6 is assumed (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). 6
+ * if_tzone 10 Time zone for GMT support (TODO: specify better). TODO: give a good example
+ * if_filter 11 The filter (e.g. "capture only TCP traffic") used to capture traffic. The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more). More details about this format will be presented in Appendix XXX (TODO). (TODO: better use different options for different fields? e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
+ * if_os 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. This can be different from the same information that can be contained by the Section Header Block (Section 3.1 (Section Header Block (mandatory))) because the capture can have been done on a remote machine. "Windows XP SP2" / "openSUSE 10.2" / ...
+ * if_fcslen 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. For link layers whose FCS length can change during time, the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)). 4
+ * if_tsoffset 14 A 64 bits integer value that specifies an offset (in seconds) that must be added to the timestamp of each packet to obtain the absolute timestamp of a packet. If the option is missing, the timestamps stored in the packet must be considered absolute timestamps. The time zone of the offset can be specified with the option if_tzone. TODO: won't a if_tsoffset_low for fractional second offsets be useful for highly syncronized capture systems? 1234
+ */
+/**
+ * Interface description data
+ */
+typedef struct wtapng_if_descr_s {
+ int wtap_encap; /**< link_type translated to wtap_encap */
+ guint64 time_units_per_second;
+ /* mandatory */
+ guint16 link_type;
+ guint32 snap_len;
+ /* options */
+ gchar *opt_comment; /**< NULL if not available */
+ gchar *if_name; /**< NULL if not available, opt 2 A UTF-8 string containing the name of the device used to capture data. */
+ gchar *if_description;/**< NULL if not available, opt 3 A UTF-8 string containing the description of the device used to capture data. */
+ /* XXX: if_IPv4addr opt 4 Interface network address and netmask.*/
+ /* XXX: if_IPv6addr opt 5 Interface network address and prefix length (stored in the last byte).*/
+ /* XXX: if_MACaddr opt 6 Interface Hardware MAC address (48 bits).*/
+ /* XXX: if_EUIaddr opt 7 Interface Hardware EUI address (64 bits)*/
+ guint64 if_speed; /**< 0xFFFFFFFF if unknown, opt 8 Interface speed (in bps). 100000000 for 100Mbps */
+ guint8 if_tsresol; /**< default is 6 for microsecond resolution, opt 9 Resolution of timestamps.
+ * If the Most Significant Bit is equal to zero, the remaining bits indicates the resolution of the timestamp as as a negative power of 10
+ */
+ /* XXX: if_tzone 10 Time zone for GMT support (TODO: specify better). */
+ gchar *if_filter; /**< NULL if not available, opt 11 The filter (e.g. "capture only TCP traffic") used to capture traffic.
+ * The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more).
+ */
+ gchar *if_os; /**< NULL if not available, 12 A UTF-8 string containing the name of the operating system of the machine in which this interface is installed. */
+ gint8 if_fcslen; /**< -1 if unknown or changes between packets, opt 13 An integer value that specified the length of the Frame Check Sequence (in bits) for this interface. */
+ /* XXX: guint64 if_tsoffset; opt 14 A 64 bits integer value that specifies an offset (in seconds)...*/
+} wtapng_if_descr_t;
+
struct Buffer;
struct wtap_dumper;
typedef struct wtap wtap;
typedef struct wtap_dumper wtap_dumper;
+typedef struct wtap_reader *FILE_T;
+
struct file_type_info {
/* the file type name */
/* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
/* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
const char *short_name;
- /* the common file extensions for this type (seperated by semicolon) */
- /* should be *.* if no common extension is applicable */
- const char *file_extensions;
-
/* the default file extension, used to save this type */
/* should be NULL if no default extension is known */
- const char *file_extension_default;
+ const char *default_file_extension;
+
+ /* a semicolon-separated list of additional file extensions */
+ /* used for this type */
+ /* should be NULL if no extensions, or no extensions other */
+ /* than the default extension, are known */
+ const char *additional_file_extensions;
- /* can this type be compressed with gzip? */
- gboolean can_compress;
+ /* when writing this file format, is seeking required? */
+ gboolean writing_must_seek;
+
+ /* does this type support name resolution records? */
+ /* should be FALSE is this file type doesn't support name resolution records */
+ gboolean has_name_resolution;
/* can this type write this encapsulation format? */
- /* should be NULL is this file type don't have write support */
+ /* should be NULL is this file type doesn't have write support */
int (*can_write_encap)(int);
/* the function to open the capture file for writing */
/* should be NULL is this file type don't have write support */
- int (*dump_open)(wtap_dumper *, gboolean, int *);
+ int (*dump_open)(wtap_dumper *, int *);
};
typedef int (*wtap_open_routine_t)(struct wtap*, int *, char **);
-/*
- * On failure, "wtap_open_offline()" returns NULL, and puts into the
+/** On failure, "wtap_open_offline()" returns NULL, and puts into the
* "int" pointed to by its second argument:
*
- * a positive "errno" value if the capture file can't be opened;
+ * @param filename Name of the file to open
+ * @param err a positive "errno" value if the capture file can't be opened;
* a negative number, indicating the type of error, on other failures.
+ * @param err_info for some errors, a string giving more details of
+ * the error
+ * @param do_random TRUE if random access to the file will be done,
+ * FALSE if not
*/
struct wtap* wtap_open_offline(const char *filename, int *err,
gchar **err_info, gboolean do_random);
*/
void wtap_cleareof(wtap *wth);
+/*
+ * Set callback functions to add new hostnames. Currently pcapng-only.
+ * MUST match add_ipv4_name and add_ipv6_name in addr_resolv.c.
+ */
+typedef void (*wtap_new_ipv4_callback_t) (const guint addr, const gchar *name);
+void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
+
+typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const gchar *name);
+void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
+
/* Returns TRUE if read was successful. FALSE if failure. data_offset is
* set to the offset in the file where the data for the read packet is
* located. */
/*** get various information snippets about the current file ***/
-/* Return an approximation of the amount of data we've read sequentially
+/** Return an approximation of the amount of data we've read sequentially
* from the file so far. */
-gint64 wtap_read_so_far(wtap *wth, int *err);
+gint64 wtap_read_so_far(wtap *wth);
gint64 wtap_file_size(wtap *wth, int *err);
-int wtap_snapshot_length(wtap *wth); /* per file */
+guint wtap_snapshot_length(wtap *wth); /* per file */
int wtap_file_type(wtap *wth);
int wtap_file_encap(wtap *wth);
int wtap_file_tsprecision(wtap *wth);
+wtapng_section_t* wtap_file_get_shb_info(wtap *wth);
+wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
+void wtap_write_shb_comment(wtap *wth, gchar *comment);
/*** close the current file ***/
void wtap_sequential_close(wtap *wth);
gboolean wtap_dump_can_open(int filetype);
gboolean wtap_dump_can_write_encap(int filetype, int encap);
gboolean wtap_dump_can_compress(int filetype);
+gboolean wtap_dump_has_name_resolution(int filetype);
+
wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
int snaplen, gboolean compressed, int *err);
+
+wtap_dumper* wtap_dump_open_ng(const char *filename, int filetype, int encap,
+ int snaplen, gboolean compressed, wtapng_section_t *shb_hdr, wtapng_iface_descriptions_t *idb_inf, int *err);
+
wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
gboolean compressed, int *err);
+
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
- const union wtap_pseudo_header *pseudo_header, const guchar *, int *err);
+ const union wtap_pseudo_header *pseudo_header, const guint8 *, int *err);
void wtap_dump_flush(wtap_dumper *);
gint64 wtap_get_bytes_dumped(wtap_dumper *);
void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped);
+struct addrinfo;
+gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, struct addrinfo *addrinfo_list);
gboolean wtap_dump_close(wtap_dumper *, int *);
+/*
+ * Get a GArray of WTAP_FILE_ values for file types that can be used
+ * to save a file of a given type with a given WTAP_ENCAP_ type.
+ */
+GArray *wtap_get_savable_file_types(int file_type, int file_encap);
+
/*** various string converter functions ***/
const char *wtap_file_type_string(int filetype);
const char *wtap_file_type_short_string(int filetype);
int wtap_short_string_to_file_type(const char *short_name);
-const char *wtap_file_extensions_string(int filetype);
-const char *wtap_file_extension_default_string(int filetype);
+/*** various file extension functions ***/
+const char *wtap_default_file_extension(int filetype);
+GSList *wtap_get_file_extensions_list(int filetype);
+void wtap_free_file_extensions_list(GSList *extensions);
const char *wtap_encap_string(int encap);
const char *wtap_encap_short_string(int encap);
/* An attempt to read failed, reason unknown */
#define WTAP_ERR_SHORT_READ -12
/* An attempt to read read less data than it should have */
-#define WTAP_ERR_BAD_RECORD -13
- /* We read an invalid record */
+#define WTAP_ERR_BAD_FILE -13
+ /* The file appears to be damaged or corrupted or otherwise bogus */
#define WTAP_ERR_SHORT_WRITE -14
/* An attempt to write wrote less data than it should have */
#define WTAP_ERR_UNC_TRUNCATED -15
/* LZ77 compressed data has bad offset to string */
#define WTAP_ERR_RANDOM_OPEN_STDIN -18
/* We're trying to open the standard input for random access */
-#define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -19
+#define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -19
/* The filetype doesn't support output compression */
#define WTAP_ERR_CANT_SEEK -20
/* An attempt to seek failed, reason unknown */
-
-/* Errors from zlib; zlib error Z_xxx turns into Wiretap error
- WTAP_ERR_ZLIB + Z_xxx.
-
- WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
- errors; we leave room for 100 positive and 100 negative error
- codes. */
-
-#define WTAP_ERR_ZLIB -200
-#define WTAP_ERR_ZLIB_MAX -100
-#define WTAP_ERR_ZLIB_MIN -300
+#define WTAP_ERR_DECOMPRESS -21
+ /* Error decompressing */
+#define WTAP_ERR_INTERNAL -22
+ /* "Shouldn't happen" internal errors */
#ifdef __cplusplus
}
git.samba.org / metze / wireshark / wip.git / blobdiff