3 * $Id: wtap.h,v 1.96 2001/11/30 07:14:22 guy Exp $
6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /* Encapsulation types. Choose names that truly reflect
28 * what is contained in the packet trace file.
30 * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
31 * "wtap_dump_fd_open()" to indicate that there is no single encapsulation
32 * type for all packets in the file; this may cause those routines to
33 * fail if the capture file format being written can't support that.
34 * It's also returned by "wtap_file_encap()" for capture files that
35 * don't have a single encapsulation type for all packets in the file.
37 * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
38 * if it's handed an unknown encapsulation.
40 * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
41 * MAC addresses you get from the hardware are bit-swapped. Ideally,
42 * the driver would tell us that, but I know of none that do, so, for
43 * now, we base it on the machine on which we're *reading* the
44 * capture, rather than on the machine on which the capture was taken
45 * (they're probably likely to be the same). We assume that they're
46 * bit-swapped on everything except for systems running Ultrix, Alpha
47 * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
48 * Digital decided to bit-swap addresses in the hardware or in the
49 * driver, and I guess BSDI bit-swapped them in the driver, given that
50 * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
51 * save file format, we'd use the WTAP_ENCAP values to flag the
52 * encapsulation of a packet, so there we'd at least be able to base
53 * it on the machine on which the capture was taken.
55 * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
56 * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
57 * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
58 * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
59 * presumably used on some BSD systems, which we turn into
60 * WTAP_ENCAP_ATM_RFC1483.
62 * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
65 * 1) PPP-over-HDLC encapsulation, at least with some versions
66 * of ISDN4BSD (but not the current ones, it appears, unless
67 * I've missed something);
69 * 2) a 4-byte header containing the AF_ address family, in
70 * the byte order of the machine that saved the capture,
71 * for the packet, as used on many BSD systems for the
72 * loopback device and some other devices;
74 * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
75 * type in the byte order from an Ethernet header, that being
76 * what "libpcap" on Linux turns the Ethernet header for
77 * loopback interfaces into. */
78 #define WTAP_ENCAP_PER_PACKET -1
79 #define WTAP_ENCAP_UNKNOWN 0
80 #define WTAP_ENCAP_ETHERNET 1
81 #define WTAP_ENCAP_TOKEN_RING 2
82 #define WTAP_ENCAP_SLIP 3
83 #define WTAP_ENCAP_PPP 4
84 #define WTAP_ENCAP_FDDI 5
85 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
86 #define WTAP_ENCAP_RAW_IP 7
87 #define WTAP_ENCAP_ARCNET 8
88 #define WTAP_ENCAP_ATM_RFC1483 9
89 #define WTAP_ENCAP_LINUX_ATM_CLIP 10
90 #define WTAP_ENCAP_LAPB 11
91 #define WTAP_ENCAP_ATM_SNIFFER 12
92 #define WTAP_ENCAP_NULL 13
93 #define WTAP_ENCAP_ASCEND 14
94 #define WTAP_ENCAP_LAPD 15
95 #define WTAP_ENCAP_V120 16
96 #define WTAP_ENCAP_PPP_WITH_PHDR 17
97 #define WTAP_ENCAP_IEEE_802_11 18
98 #define WTAP_ENCAP_SLL 19
99 #define WTAP_ENCAP_FRELAY 20
100 #define WTAP_ENCAP_CHDLC 21
101 #define WTAP_ENCAP_CISCO_IOS 22
102 #define WTAP_ENCAP_LOCALTALK 23
103 #define WTAP_ENCAP_PRISM_HEADER 24
105 /* last WTAP_ENCAP_ value + 1 */
106 #define WTAP_NUM_ENCAP_TYPES 25
108 /* File types that can be read by wiretap.
109 We support writing some many of these file types, too, so we
110 distinguish between different versions of them. */
111 #define WTAP_FILE_UNKNOWN 0
112 #define WTAP_FILE_WTAP 1
113 #define WTAP_FILE_PCAP 2
114 #define WTAP_FILE_PCAP_SS990417 3
115 #define WTAP_FILE_PCAP_SS990915 4
116 #define WTAP_FILE_PCAP_SS991029 5
117 #define WTAP_FILE_PCAP_NOKIA 6
118 #define WTAP_FILE_PCAP_AIX 7
119 #define WTAP_FILE_LANALYZER 8
120 #define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 9
121 #define WTAP_FILE_NGSNIFFER_COMPRESSED 10
122 #define WTAP_FILE_SNOOP 11
123 #define WTAP_FILE_IPTRACE_1_0 12
124 #define WTAP_FILE_IPTRACE_2_0 13
125 #define WTAP_FILE_NETMON_1_x 14
126 #define WTAP_FILE_NETMON_2_x 15
127 #define WTAP_FILE_NETXRAY_1_0 16
128 #define WTAP_FILE_NETXRAY_1_1 17
129 #define WTAP_FILE_NETXRAY_2_00x 18
130 #define WTAP_FILE_RADCOM 19
131 #define WTAP_FILE_ASCEND 20
132 #define WTAP_FILE_NETTL 21
133 #define WTAP_FILE_TOSHIBA 22
134 #define WTAP_FILE_I4BTRACE 23
135 #define WTAP_FILE_CSIDS 24
136 #define WTAP_FILE_PPPDUMP 25
137 #define WTAP_FILE_ETHERPEEK_MAC_V56 26
138 #define WTAP_FILE_ETHERPEEK_MAC_V7 27
139 #define WTAP_FILE_VMS 28
140 #define WTAP_FILE_DBS_ETHERWATCH 29
142 /* last WTAP_FILE_ value + 1 */
143 #define WTAP_NUM_FILE_TYPES 30
146 * Maximum packet size we'll support.
148 #define WTAP_MAX_PACKET_SIZE 65535
150 #ifdef HAVE_SYS_TYPES_H
151 #include <sys/types.h>
154 #ifdef HAVE_SYS_TIME_H
155 #include <sys/time.h>
158 #ifdef HAVE_WINSOCK_H
165 /* Packet "pseudo-header" information for X.25 capture files. */
167 guint8 flags; /* ENCAP_LAPB : 1st bit means From DCE */
170 /* Packet "pseudo-header" for ATM Sniffer capture files. */
171 struct ngsniffer_atm_phdr {
172 guint8 AppTrafType; /* traffic type */
173 guint8 AppHLType; /* protocol type */
174 guint16 Vpi; /* virtual path identifier */
175 guint16 Vci; /* virtual circuit identifier */
176 guint16 channel; /* link: 0 for DCE, 1 for DTE */
177 guint16 cells; /* number of cells */
178 guint16 aal5t_u2u; /* user-to-user indicator */
179 guint16 aal5t_len; /* length of the packet */
180 guint32 aal5t_chksum; /* checksum for AAL5 packet */
183 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
184 "wandisplay", and similar commands on Lucent/Ascend access equipment. */
186 #define ASCEND_MAX_STR_LEN 64
188 #define ASCEND_PFX_WDS_X 1
189 #define ASCEND_PFX_WDS_R 2
190 #define ASCEND_PFX_WDD 3
193 guint16 type; /* ASCEND_PFX_*, as defined above */
194 char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
195 guint32 sess; /* Session number, from wandsession header */
196 char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
197 guint32 chunk; /* Chunk number, from WDD header */
198 guint32 task; /* Task number */
201 /* Packet "pseudo_header" for etherpeek capture files. */
202 struct etherpeek_phdr {
203 struct timeval reference_time;
207 gboolean sent; /* TRUE=sent, FALSE=received */
212 * Bits in AppTrafType.
214 * For AAL types other than AAL5, the packet data is presumably for a
215 * single cell, not a reassembled frame, as the ATM Sniffer manual says
216 * it dosn't reassemble cells other than AAL5 cells.
218 #define ATT_AALTYPE 0x0F /* AAL type: */
219 #define ATT_AAL_UNKNOWN 0x00 /* Unknown AAL */
220 #define ATT_AAL1 0x01 /* AAL1 */
221 #define ATT_AAL3_4 0x02 /* AAL3/4 */
222 #define ATT_AAL5 0x03 /* AAL5 */
223 #define ATT_AAL_USER 0x04 /* User AAL */
224 #define ATT_AAL_SIGNALLING 0x05 /* Signaling AAL */
225 #define ATT_OAMCELL 0x06 /* OAM cell */
227 #define ATT_HLTYPE 0xF0 /* Higher-layer type: */
228 #define ATT_HL_UNKNOWN 0x00 /* unknown */
229 #define ATT_HL_LLCMX 0x10 /* LLC multiplexed (probably RFC 1483) */
230 #define ATT_HL_VCMX 0x20 /* VC multiplexed (probably RFC 1483) */
231 #define ATT_HL_LANE 0x30 /* LAN Emulation */
232 #define ATT_HL_ILMI 0x40 /* ILMI */
233 #define ATT_HL_FRMR 0x50 /* Frame Relay */
234 #define ATT_HL_SPANS 0x60 /* FORE SPANS */
235 #define ATT_HL_IPSILON 0x70 /* Ipsilon */
238 * Values for AppHLType; the interpretation depends on the ATT_HLTYPE
239 * bits in AppTrafType.
241 #define AHLT_UNKNOWN 0x0
242 #define AHLT_VCMX_802_3_FCS 0x1 /* VCMX: 802.3 FCS */
243 #define AHLT_LANE_LE_CTRL 0x1 /* LANE: LE Ctrl */
244 #define AHLT_IPSILON_FT0 0x1 /* Ipsilon: Flow Type 0 */
245 #define AHLT_VCMX_802_4_FCS 0x2 /* VCMX: 802.4 FCS */
246 #define AHLT_LANE_802_3 0x2 /* LANE: 802.3 */
247 #define AHLT_IPSILON_FT1 0x2 /* Ipsilon: Flow Type 1 */
248 #define AHLT_VCMX_802_5_FCS 0x3 /* VCMX: 802.5 FCS */
249 #define AHLT_LANE_802_5 0x3 /* LANE: 802.5 */
250 #define AHLT_IPSILON_FT2 0x3 /* Ipsilon: Flow Type 2 */
251 #define AHLT_VCMX_FDDI_FCS 0x4 /* VCMX: FDDI FCS */
252 #define AHLT_LANE_802_3_MC 0x4 /* LANE: 802.3 multicast */
253 #define AHLT_VCMX_802_6_FCS 0x5 /* VCMX: 802.6 FCS */
254 #define AHLT_LANE_802_5_MC 0x5 /* LANE: 802.5 multicast */
255 #define AHLT_VCMX_802_3 0x7 /* VCMX: 802.3 */
256 #define AHLT_VCMX_802_4 0x8 /* VCMX: 802.4 */
257 #define AHLT_VCMX_802_5 0x9 /* VCMX: 802.5 */
258 #define AHLT_VCMX_FDDI 0xa /* VCMX: FDDI */
259 #define AHLT_VCMX_802_6 0xb /* VCMX: 802.6 */
260 #define AHLT_VCMX_FRAGMENTS 0xc /* VCMX: Fragments */
261 #define AHLT_VCMX_BPDU 0xe /* VCMX: BPDU */
263 union wtap_pseudo_header {
265 struct ngsniffer_atm_phdr ngsniffer_atm;
266 struct ascend_phdr ascend;
267 struct etherpeek_phdr etherpeek;
278 typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
279 long, union wtap_pseudo_header *pseudo_header, const u_char *);
285 typedef struct wtap wtap;
286 typedef struct wtap_dumper wtap_dumper;
289 * On failure, "wtap_open_offline()" returns NULL, and puts into the
290 * "int" pointed to by its second argument:
292 * a positive "errno" value if the capture file can't be opened;
294 * a negative number, indicating the type of error, on other failures.
296 struct wtap* wtap_open_offline(const char *filename, int *err, gboolean do_random);
298 /* Returns TRUE if entire loop-reading was successful. If read failure
299 * happened, FALSE is returned and err is set. */
300 gboolean wtap_loop(wtap *wth, int, wtap_handler, u_char*, int *err);
302 /* Returns TRUE if read was successful. FALSE if failure. data_offset is
303 * set the the offset in the file where the data for the read packet is
305 gboolean wtap_read(wtap *wth, int *err, long *data_offset);
307 struct wtap_pkthdr *wtap_phdr(wtap *wth);
308 union wtap_pseudo_header *wtap_pseudoheader(wtap *wth);
309 guint8 *wtap_buf_ptr(wtap *wth);
311 int wtap_fd(wtap *wth);
312 int wtap_snapshot_length(wtap *wth); /* per file */
313 int wtap_file_type(wtap *wth);
314 int wtap_file_encap(wtap *wth);
316 const char *wtap_file_type_string(int filetype);
317 const char *wtap_file_type_short_string(int filetype);
318 int wtap_short_string_to_file_type(const char *short_name);
320 const char *wtap_encap_string(int encap);
321 const char *wtap_encap_short_string(int encap);
322 int wtap_short_string_to_encap(const char *short_name);
324 const char *wtap_strerror(int err);
325 void wtap_sequential_close(wtap *wth);
326 void wtap_close(wtap *wth);
327 int wtap_seek_read (wtap *wth, long seek_off,
328 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len);
329 int wtap_def_seek_read (wtap *wth, long seek_off,
330 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len);
332 gboolean wtap_dump_can_open(int filetype);
333 gboolean wtap_dump_can_write_encap(int filetype, int encap);
334 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
335 int snaplen, int *err);
336 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
338 gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
339 const union wtap_pseudo_header *pseudo_header, const u_char *, int *err);
340 FILE* wtap_dump_file(wtap_dumper *);
341 gboolean wtap_dump_close(wtap_dumper *, int *);
343 /* XXX - needed until "wiretap" can do live packet captures */
344 int wtap_pcap_encap_to_wtap_encap(int encap);
347 * Wiretap error codes.
349 #define WTAP_ERR_NOT_REGULAR_FILE -1
350 /* The file being opened for reading isn't a plain file */
351 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -2
352 /* The file being opened is not a capture file in a known format */
353 #define WTAP_ERR_UNSUPPORTED -3
354 /* Supported file type, but there's something in the file we
356 #define WTAP_ERR_CANT_OPEN -4
357 /* The file couldn't be opened, reason unknown */
358 #define WTAP_ERR_UNSUPPORTED_FILE_TYPE -5
359 /* Wiretap can't save files in the specified format */
360 #define WTAP_ERR_UNSUPPORTED_ENCAP -6
361 /* Wiretap can't read or save files in the specified format with the
362 specified encapsulation */
363 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -7
364 /* The specified format doesn't support per-packet encapsulations */
365 #define WTAP_ERR_CANT_CLOSE -8
366 /* The file couldn't be closed, reason unknown */
367 #define WTAP_ERR_CANT_READ -9
368 /* An attempt to read failed, reason unknown */
369 #define WTAP_ERR_SHORT_READ -10
370 /* An attempt to read read less data than it should have */
371 #define WTAP_ERR_BAD_RECORD -11
372 /* We read an invalid record */
373 #define WTAP_ERR_SHORT_WRITE -12
374 /* An attempt to write wrote less data than it should have */
375 #define WTAP_ERR_UNC_TRUNCATED -13
376 /* Sniffer compressed data was oddly truncated */
377 #define WTAP_ERR_UNC_OVERFLOW -14
378 /* Uncompressing Sniffer data would overflow buffer */
379 #define WTAP_ERR_UNC_BAD_OFFSET -15
380 /* LZ77 compressed data has bad offset to string */
382 /* Errors from zlib; zlib error Z_xxx turns into Wiretap error
383 WTAP_ERR_ZLIB + Z_xxx.
385 WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
386 errors; we leave room for 100 positive and 100 negative error
389 #define WTAP_ERR_ZLIB -200
390 #define WTAP_ERR_ZLIB_MAX -100
391 #define WTAP_ERR_ZLIB_MIN -300
394 #endif /* __WTAP_H__ */
git.samba.org / obnox / wireshark / wip.git / blob