3 * $Id: wtap.h,v 1.28 1999/08/20 04:49:18 gram Exp $
6 * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /* Encapsulation types. Choose names that truly reflect
28 * what is contained in the packet trace file.
30 * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
31 * ATM on Linux code from <http://lrcwww.epfl.ch/linux-atm/>;
32 * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
33 * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
34 * presumably used on some BSD systems, which we turn into
35 * WTAP_ENCAP_ATM_RFC1483.
37 * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
38 * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
39 * type for all packets in the file; this may cause those routines to
40 * fail if the capture file format being written can't support that.
42 * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
43 * if it's handed an unknown encapsulation. */
44 #define WTAP_ENCAP_UNKNOWN -2
45 #define WTAP_ENCAP_PER_PACKET -1
46 #define WTAP_ENCAP_NONE 0
47 #define WTAP_ENCAP_ETHERNET 1
48 #define WTAP_ENCAP_TR 2
49 #define WTAP_ENCAP_SLIP 3
50 #define WTAP_ENCAP_PPP 4
51 #define WTAP_ENCAP_FDDI 5
52 #define WTAP_ENCAP_RAW_IP 6
53 #define WTAP_ENCAP_ARCNET 7
54 #define WTAP_ENCAP_ATM_RFC1483 8
55 #define WTAP_ENCAP_LINUX_ATM_CLIP 9
56 #define WTAP_ENCAP_LAPB 10
58 /* last WTAP_ENCAP_ value + 1 */
59 #define WTAP_NUM_ENCAP_TYPES 11
61 /* File types that can be read by wiretap.
62 We may eventually support writing some or all of these file types,
63 too, so we distinguish between different versions of them. */
64 #define WTAP_FILE_UNKNOWN 0
65 #define WTAP_FILE_WTAP 1
66 #define WTAP_FILE_PCAP 2
67 #define WTAP_FILE_LANALYZER 3
68 #define WTAP_FILE_NGSNIFFER 4
69 #define WTAP_FILE_SNOOP 6
70 #define WTAP_FILE_IPTRACE 7
71 #define WTAP_FILE_NETMON_1_x 8
72 #define WTAP_FILE_NETMON_2_x 9
73 #define WTAP_FILE_NETXRAY_1_0 10
74 #define WTAP_FILE_NETXRAY_1_1 11
75 #define WTAP_FILE_NETXRAY_2_001 12
76 #define WTAP_FILE_RADCOM 13
78 #include <sys/types.h>
80 #ifdef HAVE_SYS_TIME_H
111 guint16 version_major;
112 guint16 version_minor;
118 guint8 version_major;
125 double start_timestamp;
136 guint8 flags; /* ENCAP_LAPB : 1st bit means From DCE */
139 typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
140 int, const u_char *);
143 struct bpf_instruction;
146 typedef int (*subtype_read_func)(struct wtap*, int*);
147 typedef struct wtap {
151 struct Buffer *frame_buffer;
152 struct wtap_pkthdr phdr;
156 lanalyzer_t *lanalyzer;
157 ngsniffer_t *ngsniffer;
163 subtype_read_func subtype_read;
164 int file_encap; /* per-file, for those
165 file formats that have
166 per-file encapsulation
172 typedef int (*subtype_write_func)(struct wtap_dumper*,
173 const struct wtap_pkthdr*, const u_char*, int*);
174 typedef int (*subtype_close_func)(struct wtap_dumper*, int*);
175 typedef struct wtap_dumper {
181 subtype_write_func subtype_write;
182 subtype_close_func subtype_close;
186 * On failure, "wtap_open_offline()" returns NULL, and puts into the
187 * "int" pointed to by its second argument:
189 * a positive "errno" value if the capture file can't be opened;
191 * a negative number, indicating the type of error, on other failures.
193 wtap* wtap_open_offline(const char *filename, int *err);
194 int wtap_loop(wtap *wth, int, wtap_handler, u_char*, int*);
196 FILE* wtap_file(wtap *wth);
197 int wtap_snapshot_length(wtap *wth); /* per file */
198 int wtap_file_type(wtap *wth);
199 const char *wtap_file_type_string(wtap *wth);
200 void wtap_close(wtap *wth);
202 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
203 int snaplen, int *err);
204 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
206 int wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const u_char *,
208 FILE* wtap_dump_file(wtap_dumper *);
209 int wtap_dump_close(wtap_dumper *, int *);
211 /* XXX - needed until "wiretap" can do live packet captures */
212 int wtap_pcap_encap_to_wtap_encap(int encap);
215 * Wiretap error codes.
217 #define WTAP_ERR_NOT_REGULAR_FILE -1
218 /* The file being opened for reading isn't a plain file */
219 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -2
220 /* The file being opened is not a capture file in a known format */
221 #define WTAP_ERR_UNSUPPORTED -3
222 /* Supported file type, but there's something in the file we
224 #define WTAP_ERR_CANT_OPEN -4
225 /* The file couldn't be opened, reason unknown */
226 #define WTAP_ERR_UNSUPPORTED_FILE_TYPE -5
227 /* Wiretap can't save files in the specified format */
228 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -6
229 /* The specified format doesn't support per-packet encapsulations */
230 #define WTAP_ERR_CANT_CLOSE -7
231 /* The file couldn't be closed, reason unknown */
232 #define WTAP_ERR_CANT_READ -8
233 /* An attempt to read failed, reason unknown */
234 #define WTAP_ERR_SHORT_READ -9
235 /* An attempt to read read less data than it should have */
236 #define WTAP_ERR_BAD_RECORD -10
237 /* We read an invalid record */
238 #define WTAP_ERR_SHORT_WRITE -11
239 /* An attempt to write wrote less data than it should have */
241 /* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
242 * byte array, returns the value of the two or four bytes at the pointer.
243 * The pletoh[sl] versions return the little-endian representation.
247 #define pntohs(p) ((guint16) \
248 ((guint16)*((guint8 *)p+0)<<8| \
249 (guint16)*((guint8 *)p+1)<<0))
253 #define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
254 (guint32)*((guint8 *)p+1)<<16| \
255 (guint32)*((guint8 *)p+2)<<8| \
256 (guint32)*((guint8 *)p+3)<<0)
260 #define phtons(p) ((guint16) \
261 ((guint16)*((guint8 *)p+0)<<8| \
262 (guint16)*((guint8 *)p+1)<<0))
266 #define phtonl(p) ((guint32)*((guint8 *)p+0)<<24| \
267 (guint32)*((guint8 *)p+1)<<16| \
268 (guint32)*((guint8 *)p+2)<<8| \
269 (guint32)*((guint8 *)p+3)<<0)
273 #define pletohs(p) ((guint16) \
274 ((guint16)*((guint8 *)p+1)<<8| \
275 (guint16)*((guint8 *)p+0)<<0))
279 #define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
280 (guint32)*((guint8 *)p+2)<<16| \
281 (guint32)*((guint8 *)p+1)<<8| \
282 (guint32)*((guint8 *)p+0)<<0)
285 #endif /* __WTAP_H__ */