3 * $Id: wtap.h,v 1.27 1999/08/19 05:31:38 guy Exp $
6 * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /* Encapsulation types. Choose names that truly reflect
28 * what is contained in the packet trace file.
30 * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
31 * ATM on Linux code from <http://lrcwww.epfl.ch/linux-atm/>;
32 * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
33 * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
34 * presumably used on some BSD systems, which we turn into
35 * WTAP_ENCAP_ATM_RFC1483.
37 * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
38 * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
39 * type for all packets in the file; this may cause those routines to
40 * fail if the capture file format being written can't support that.
42 * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
43 * if it's handed an unknown encapsulation. */
44 #define WTAP_ENCAP_UNKNOWN -2
45 #define WTAP_ENCAP_PER_PACKET -1
46 #define WTAP_ENCAP_NONE 0
47 #define WTAP_ENCAP_ETHERNET 1
48 #define WTAP_ENCAP_TR 2
49 #define WTAP_ENCAP_SLIP 3
50 #define WTAP_ENCAP_PPP 4
51 #define WTAP_ENCAP_FDDI 5
52 #define WTAP_ENCAP_RAW_IP 6
53 #define WTAP_ENCAP_ARCNET 7
54 #define WTAP_ENCAP_ATM_RFC1483 8
55 #define WTAP_ENCAP_LINUX_ATM_CLIP 9
56 #define WTAP_ENCAP_LAPB 10
58 /* last WTAP_ENCAP_ value + 1 */
59 #define WTAP_NUM_ENCAP_TYPES 11
61 /* File types that can be read by wiretap.
62 We may eventually support writing some or all of these file types,
63 too, so we distinguish between different versions of them. */
64 #define WTAP_FILE_UNKNOWN 0
65 #define WTAP_FILE_WTAP 1
66 #define WTAP_FILE_PCAP 2
67 #define WTAP_FILE_LANALYZER 3
68 #define WTAP_FILE_NGSNIFFER 4
69 #define WTAP_FILE_SNOOP 6
70 #define WTAP_FILE_IPTRACE 7
71 #define WTAP_FILE_NETMON_1_x 8
72 #define WTAP_FILE_NETMON_2_x 9
73 #define WTAP_FILE_NETXRAY_1_0 10
74 #define WTAP_FILE_NETXRAY_1_1 11
75 #define WTAP_FILE_NETXRAY_2_001 12
76 #define WTAP_FILE_RADCOM 13
78 /* Filter types that wiretap can create. An 'offline' filter is really
79 * a BPF filter, but it is treated specially because wiretap might not know
80 * in advance the datalink type(s) needed.
82 #define WTAP_FILTER_NONE 0
83 #define WTAP_FILTER_OFFLINE 1
84 #define WTAP_FILTER_BPF 2
86 #include <sys/types.h>
88 #ifdef HAVE_SYS_TIME_H
121 guint16 version_major;
122 guint16 version_minor;
128 guint8 version_major;
135 double start_timestamp;
146 guint8 flags; /* ENCAP_LAPB : 1st bit means From DCE */
149 typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
150 int, const u_char *);
153 struct bpf_instruction;
156 typedef int (*subtype_read_func)(struct wtap*, int*);
157 typedef struct wtap {
161 struct Buffer *frame_buffer;
162 struct wtap_pkthdr phdr;
166 lanalyzer_t *lanalyzer;
167 ngsniffer_t *ngsniffer;
173 subtype_read_func subtype_read;
174 int file_encap; /* per-file, for those
175 file formats that have
176 per-file encapsulation
182 typedef int (*subtype_write_func)(struct wtap_dumper*,
183 const struct wtap_pkthdr*, const u_char*, int*);
184 typedef int (*subtype_close_func)(struct wtap_dumper*, int*);
185 typedef struct wtap_dumper {
191 subtype_write_func subtype_write;
192 subtype_close_func subtype_close;
196 * On failure, "wtap_open_offline()" returns NULL, and puts into the
197 * "int" pointed to by its second argument:
199 * a positive "errno" value if the capture file can't be opened;
201 * a negative number, indicating the type of error, on other failures.
203 wtap* wtap_open_offline(const char *filename, int *err);
204 int wtap_loop(wtap *wth, int, wtap_handler, u_char*, int*);
206 FILE* wtap_file(wtap *wth);
207 int wtap_snapshot_length(wtap *wth); /* per file */
208 int wtap_file_type(wtap *wth);
209 const char *wtap_file_type_string(wtap *wth);
210 void wtap_close(wtap *wth);
212 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
213 int snaplen, int *err);
214 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
216 int wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const u_char *,
218 FILE* wtap_dump_file(wtap_dumper *);
219 int wtap_dump_close(wtap_dumper *, int *);
221 /* XXX - needed until "wiretap" can do live packet captures */
222 int wtap_pcap_encap_to_wtap_encap(int encap);
225 * Wiretap error codes.
227 #define WTAP_ERR_NOT_REGULAR_FILE -1
228 /* The file being opened for reading isn't a plain file */
229 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -2
230 /* The file being opened is not a capture file in a known format */
231 #define WTAP_ERR_UNSUPPORTED -3
232 /* Supported file type, but there's something in the file we
234 #define WTAP_ERR_CANT_OPEN -4
235 /* The file couldn't be opened, reason unknown */
236 #define WTAP_ERR_UNSUPPORTED_FILE_TYPE -5
237 /* Wiretap can't save files in the specified format */
238 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -6
239 /* The specified format doesn't support per-packet encapsulations */
240 #define WTAP_ERR_CANT_CLOSE -7
241 /* The file couldn't be closed, reason unknown */
242 #define WTAP_ERR_CANT_READ -8
243 /* An attempt to read failed, reason unknown */
244 #define WTAP_ERR_SHORT_READ -9
245 /* An attempt to read read less data than it should have */
246 #define WTAP_ERR_BAD_RECORD -10
247 /* We read an invalid record */
248 #define WTAP_ERR_SHORT_WRITE -11
249 /* An attempt to write wrote less data than it should have */
251 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
252 * byte array, returns the value of the two or four bytes at the pointer.
253 * The pletoh[sl] versions return the little-endian representation.
257 #define pntohs(p) ((guint16) \
258 ((guint16)*((guint8 *)p+0)<<8| \
259 (guint16)*((guint8 *)p+1)<<0))
263 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
264 (guint32)*((guint8 *)p+1)<<16| \
265 (guint32)*((guint8 *)p+2)<<8| \
266 (guint32)*((guint8 *)p+3)<<0)
270 #define phtons(p) ((guint16) \
271 ((guint16)*((guint8 *)p+0)<<8| \
272 (guint16)*((guint8 *)p+1)<<0))
276 #define phtonl(p) ((guint32)*((guint8 *)p+0)<<24| \
277 (guint32)*((guint8 *)p+1)<<16| \
278 (guint32)*((guint8 *)p+2)<<8| \
279 (guint32)*((guint8 *)p+3)<<0)
283 #define pletohs(p) ((guint16) \
284 ((guint16)*((guint8 *)p+1)<<8| \
285 (guint16)*((guint8 *)p+0)<<0))
289 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
290 (guint32)*((guint8 *)p+2)<<16| \
291 (guint32)*((guint8 *)p+1)<<8| \
292 (guint32)*((guint8 *)p+0)<<0)
295 #endif /* __WTAP_H__ */