6 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26 #ifdef HAVE_SYS_TIME_H
30 #ifdef HAVE_WINSOCK2_H
31 # include <winsock2.h>
40 #endif /* __cplusplus */
42 /* Encapsulation types. Choose names that truly reflect
43 * what is contained in the packet trace file.
45 * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
46 * "wtap_dump_fd_open()" to indicate that there is no single encapsulation
47 * type for all packets in the file; this may cause those routines to
48 * fail if the capture file format being written can't support that.
49 * It's also returned by "wtap_file_encap()" for capture files that
50 * don't have a single encapsulation type for all packets in the file.
52 * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
53 * if it's handed an unknown encapsulation.
55 * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
56 * MAC addresses you get from the hardware are bit-swapped. Ideally,
57 * the driver would tell us that, but I know of none that do, so, for
58 * now, we base it on the machine on which we're *reading* the
59 * capture, rather than on the machine on which the capture was taken
60 * (they're probably likely to be the same). We assume that they're
61 * bit-swapped on everything except for systems running Ultrix, Alpha
62 * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
63 * Digital decided to bit-swap addresses in the hardware or in the
64 * driver, and I guess BSDI bit-swapped them in the driver, given that
65 * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
66 * save file format, we'd use the WTAP_ENCAP values to flag the
67 * encapsulation of a packet, so there we'd at least be able to base
68 * it on the machine on which the capture was taken.
70 * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
71 * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
72 * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
73 * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
74 * presumably used on some BSD systems, which we turn into
75 * WTAP_ENCAP_ATM_RFC1483.
77 * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
80 * 1) PPP-over-HDLC encapsulation, at least with some versions
81 * of ISDN4BSD (but not the current ones, it appears, unless
82 * I've missed something);
84 * 2) a 4-byte header containing the AF_ address family, in
85 * the byte order of the machine that saved the capture,
86 * for the packet, as used on many BSD systems for the
87 * loopback device and some other devices, or a 4-byte header
88 * containing the AF_ address family in network byte order,
89 * as used on recent OpenBSD systems for the loopback device;
91 * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
92 * type in the byte order from an Ethernet header, that being
93 * what older versions of "libpcap" on Linux turn the Ethernet
94 * header for loopback interfaces into (0.6.0 and later versions
95 * leave the Ethernet header alone and make it DLT_EN10MB). */
96 #define WTAP_ENCAP_PER_PACKET -1
97 #define WTAP_ENCAP_UNKNOWN 0
98 #define WTAP_ENCAP_ETHERNET 1
99 #define WTAP_ENCAP_TOKEN_RING 2
100 #define WTAP_ENCAP_SLIP 3
101 #define WTAP_ENCAP_PPP 4
102 #define WTAP_ENCAP_FDDI 5
103 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
104 #define WTAP_ENCAP_RAW_IP 7
105 #define WTAP_ENCAP_ARCNET 8
106 #define WTAP_ENCAP_ARCNET_LINUX 9
107 #define WTAP_ENCAP_ATM_RFC1483 10
108 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
109 #define WTAP_ENCAP_LAPB 12
110 #define WTAP_ENCAP_ATM_PDUS 13
111 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
112 #define WTAP_ENCAP_NULL 15
113 #define WTAP_ENCAP_ASCEND 16
114 #define WTAP_ENCAP_ISDN 17
115 #define WTAP_ENCAP_IP_OVER_FC 18
116 #define WTAP_ENCAP_PPP_WITH_PHDR 19
117 #define WTAP_ENCAP_IEEE_802_11 20
118 #define WTAP_ENCAP_PRISM_HEADER 21
119 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
120 #define WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP 23
121 #define WTAP_ENCAP_IEEE_802_11_WLAN_AVS 24
122 #define WTAP_ENCAP_SLL 25
123 #define WTAP_ENCAP_FRELAY 26
124 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
125 #define WTAP_ENCAP_CHDLC 28
126 #define WTAP_ENCAP_CISCO_IOS 29
127 #define WTAP_ENCAP_LOCALTALK 30
128 #define WTAP_ENCAP_OLD_PFLOG 31
129 #define WTAP_ENCAP_HHDLC 32
130 #define WTAP_ENCAP_DOCSIS 33
131 #define WTAP_ENCAP_COSINE 34
132 #define WTAP_ENCAP_WFLEET_HDLC 35
133 #define WTAP_ENCAP_SDLC 36
134 #define WTAP_ENCAP_TZSP 37
135 #define WTAP_ENCAP_ENC 38
136 #define WTAP_ENCAP_PFLOG 39
137 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
138 #define WTAP_ENCAP_BLUETOOTH_H4 41
139 #define WTAP_ENCAP_MTP2 42
140 #define WTAP_ENCAP_MTP3 43
141 #define WTAP_ENCAP_IRDA 44
142 #define WTAP_ENCAP_USER0 45
143 #define WTAP_ENCAP_USER1 46
144 #define WTAP_ENCAP_USER2 47
145 #define WTAP_ENCAP_USER3 48
146 #define WTAP_ENCAP_USER4 49
147 #define WTAP_ENCAP_USER5 50
148 #define WTAP_ENCAP_USER6 51
149 #define WTAP_ENCAP_USER7 52
150 #define WTAP_ENCAP_USER8 53
151 #define WTAP_ENCAP_USER9 54
152 #define WTAP_ENCAP_USER10 55
153 #define WTAP_ENCAP_USER11 56
154 #define WTAP_ENCAP_USER12 57
155 #define WTAP_ENCAP_USER13 58
156 #define WTAP_ENCAP_USER14 59
157 #define WTAP_ENCAP_USER15 60
158 #define WTAP_ENCAP_SYMANTEC 61
159 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
160 #define WTAP_ENCAP_BACNET_MS_TP 63
161 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
162 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
163 #define WTAP_ENCAP_GPRS_LLC 66
164 #define WTAP_ENCAP_JUNIPER_ATM1 67
165 #define WTAP_ENCAP_JUNIPER_ATM2 68
166 #define WTAP_ENCAP_REDBACK 69
167 #define WTAP_ENCAP_NETTL_RAW_IP 70
168 #define WTAP_ENCAP_NETTL_ETHERNET 71
169 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
170 #define WTAP_ENCAP_NETTL_FDDI 73
171 #define WTAP_ENCAP_NETTL_UNKNOWN 74
172 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
173 #define WTAP_ENCAP_JUNIPER_PPPOE 76
174 #define WTAP_GCOM_TIE1 77
175 #define WTAP_GCOM_SERIAL 78
176 #define WTAP_ENCAP_NETTL_X25 79
177 #define WTAP_ENCAP_K12 80
178 #define WTAP_ENCAP_JUNIPER_MLPPP 81
179 #define WTAP_ENCAP_JUNIPER_MLFR 82
180 #define WTAP_ENCAP_JUNIPER_ETHER 83
181 #define WTAP_ENCAP_JUNIPER_PPP 84
182 #define WTAP_ENCAP_JUNIPER_FRELAY 85
183 #define WTAP_ENCAP_JUNIPER_CHDLC 86
184 #define WTAP_ENCAP_JUNIPER_GGSN 87
185 #define WTAP_ENCAP_LINUX_LAPD 88
186 #define WTAP_ENCAP_CATAPULT_DCT2000 89
187 #define WTAP_ENCAP_BER 90
188 #define WTAP_ENCAP_JUNIPER_VP 91
189 #define WTAP_ENCAP_USB 92
190 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
191 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
192 #define WTAP_ENCAP_USB_LINUX 95
193 #define WTAP_ENCAP_MPEG 96
195 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
197 /* File types that can be read by wiretap.
198 We support writing some many of these file types, too, so we
199 distinguish between different versions of them. */
200 #define WTAP_FILE_UNKNOWN 0
201 #define WTAP_FILE_WTAP 1
202 #define WTAP_FILE_PCAP 2
203 #define WTAP_FILE_PCAP_NSEC 3
204 #define WTAP_FILE_PCAP_AIX 4
205 #define WTAP_FILE_PCAP_SS991029 5
206 #define WTAP_FILE_PCAP_NOKIA 6
207 #define WTAP_FILE_PCAP_SS990417 7
208 #define WTAP_FILE_PCAP_SS990915 8
209 #define WTAP_FILE_5VIEWS 9
210 #define WTAP_FILE_IPTRACE_1_0 10
211 #define WTAP_FILE_IPTRACE_2_0 11
212 #define WTAP_FILE_BER 12
213 #define WTAP_FILE_HCIDUMP 13
214 #define WTAP_FILE_CATAPULT_DCT2000 14
215 #define WTAP_FILE_NETXRAY_OLD 15
216 #define WTAP_FILE_NETXRAY_1_0 16
217 #define WTAP_FILE_COSINE 17
218 #define WTAP_FILE_CSIDS 18
219 #define WTAP_FILE_DBS_ETHERWATCH 19
220 #define WTAP_FILE_ERF 20
221 #define WTAP_FILE_EYESDN 21
222 #define WTAP_FILE_NETTL 22
223 #define WTAP_FILE_ISERIES 23
224 #define WTAP_FILE_ISERIES_UNICODE 24
225 #define WTAP_FILE_I4BTRACE 25
226 #define WTAP_FILE_ASCEND 26
227 #define WTAP_FILE_NETMON_1_x 27
228 #define WTAP_FILE_NETMON_2_x 28
229 #define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 29
230 #define WTAP_FILE_NGSNIFFER_COMPRESSED 30
231 #define WTAP_FILE_NETXRAY_1_1 31
232 #define WTAP_FILE_NETXRAY_2_00x 32
233 #define WTAP_FILE_NETWORK_INSTRUMENTS_V9 33
234 #define WTAP_FILE_LANALYZER 34
235 #define WTAP_FILE_PPPDUMP 35
236 #define WTAP_FILE_RADCOM 36
237 #define WTAP_FILE_SNOOP 37
238 #define WTAP_FILE_SHOMITI 38
239 #define WTAP_FILE_VMS 39
240 #define WTAP_FILE_K12 40
241 #define WTAP_FILE_TOSHIBA 41
242 #define WTAP_FILE_VISUAL_NETWORKS 42
243 #define WTAP_FILE_ETHERPEEK_V56 43
244 #define WTAP_FILE_ETHERPEEK_V7 44
245 #define WTAP_FILE_AIROPEEK_V9 45
246 #define WTAP_FILE_MPEG 46
247 #define WTAP_FILE_K12TEXT 47
249 #define WTAP_NUM_FILE_TYPES wtap_get_num_file_types()
251 /* timestamp precision (currently only these values are supported) */
252 #define WTAP_FILE_TSPREC_SEC 0
253 #define WTAP_FILE_TSPREC_DSEC 1
254 #define WTAP_FILE_TSPREC_CSEC 2
255 #define WTAP_FILE_TSPREC_MSEC 3
256 #define WTAP_FILE_TSPREC_USEC 6
257 #define WTAP_FILE_TSPREC_NSEC 9
260 * Maximum packet size we'll support.
261 * It must be at least 65535.
263 #define WTAP_MAX_PACKET_SIZE 65535
266 * "Pseudo-headers" are used to supply to the clients of wiretap
267 * per-packet information that's not part of the packet payload
270 * NOTE: do not use pseudo-header structures to hold information
271 * used by the code to read a particular capture file type; to
272 * keep that sort of state information, add a new structure for
273 * that private information to "wtap-int.h", add a pointer to that
274 * type of structure to the "capture" member of the "struct wtap"
275 * structure, and allocate one of those structures and set that member
276 * in the "open" routine for that capture file type if the open
277 * succeeds. See various other capture file type handlers for examples
281 /* Packet "pseudo-header" information for Ethernet capture files. */
283 gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
286 /* Packet "pseudo-header" information for X.25 capture files. */
287 #define FROM_DCE 0x80
289 guint8 flags; /* ENCAP_LAPB, ENCAP_V120 : 1st bit means From DCE */
292 /* Packet "pseudo-header" information for ISDN capture files. */
297 guint8 channel; /* 0 = D-channel; n = B-channel n */
300 /* Packet "pseudo-header" for ATM capture files.
301 Not all of this information is supplied by all capture types. */
306 #define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
311 #define AAL_UNKNOWN 0 /* AAL unknown */
312 #define AAL_1 1 /* AAL1 */
313 #define AAL_2 2 /* AAL2 */
314 #define AAL_3_4 3 /* AAL3/4 */
315 #define AAL_5 4 /* AAL5 */
316 #define AAL_USER 5 /* User AAL */
317 #define AAL_SIGNALLING 6 /* Signaling AAL */
318 #define AAL_OAMCELL 7 /* OAM cell */
323 #define TRAF_UNKNOWN 0 /* Unknown */
324 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
325 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
326 #define TRAF_LANE 3 /* LAN Emulation */
327 #define TRAF_ILMI 4 /* ILMI */
328 #define TRAF_FR 5 /* Frame Relay */
329 #define TRAF_SPANS 6 /* FORE SPANS */
330 #define TRAF_IPSILON 7 /* Ipsilon */
331 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
336 #define TRAF_ST_UNKNOWN 0 /* Unknown */
341 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
342 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
343 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
344 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
345 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
346 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
347 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
348 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
349 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
350 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
351 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
352 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
357 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
358 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
359 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
360 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
361 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
366 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
367 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
368 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
371 guint32 flags; /* status flags */
372 guint8 aal; /* AAL of the traffic */
373 guint8 type; /* traffic type */
374 guint8 subtype; /* traffic subtype */
375 guint16 vpi; /* virtual path identifier */
376 guint16 vci; /* virtual circuit identifier */
377 guint8 aal2_cid; /* channel id */
378 guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
379 guint16 cells; /* number of cells */
380 guint16 aal5t_u2u; /* user-to-user indicator */
381 guint16 aal5t_len; /* length of the packet */
382 guint32 aal5t_chksum; /* checksum for AAL5 packet */
385 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
386 "wandisplay", and similar commands on Lucent/Ascend access equipment. */
388 #define ASCEND_MAX_STR_LEN 64
390 #define ASCEND_PFX_WDS_X 1
391 #define ASCEND_PFX_WDS_R 2
392 #define ASCEND_PFX_WDD 3
393 #define ASCEND_PFX_ISDN_X 4
394 #define ASCEND_PFX_ISDN_R 5
395 #define ASCEND_PFX_ETHER 6
398 guint16 type; /* ASCEND_PFX_*, as defined above */
399 char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
400 guint32 sess; /* Session number, from wandsession header */
401 char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
402 guint32 chunk; /* Chunk number, from WDD header */
403 guint32 task; /* Task number */
406 /* Packet "pseudo-header" for point-to-point links with direction flags. */
408 gboolean sent; /* TRUE=sent, FALSE=received */
412 * Packet "pseudo-header" information for 802.11.
413 * Radio information is only present for WTAP_ENCAP_IEEE_802_11_WITH_RADIO.
415 * Signal strength, etc. information:
417 * Raw signal strength can be measured in milliwatts.
418 * It can also be represented as dBm, which is 10 times the log base 10
419 * of the signal strength in mW.
421 * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
422 * The actual RSSI value for a given signal strength is dependent on the
423 * vendor (and perhaps on the adapter). The maximum possible RSSI value
424 * is also dependent on the vendor and perhaps the adapter.
426 * The signal strength can be represented as a percentage, which is 100
427 * times the ratio of the RSSI and the maximum RSSI.
429 struct ieee_802_11_phdr {
430 gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
431 guint8 channel; /* Channel number */
432 guint8 data_rate; /* in .5 Mb/s units */
433 guint8 signal_level; /* percentage */
436 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
438 #define COSINE_MAX_IF_NAME_LEN 128
440 #define COSINE_ENCAP_TEST 1
441 #define COSINE_ENCAP_PPoATM 2
442 #define COSINE_ENCAP_PPoFR 3
443 #define COSINE_ENCAP_ATM 4
444 #define COSINE_ENCAP_FR 5
445 #define COSINE_ENCAP_HDLC 6
446 #define COSINE_ENCAP_PPP 7
447 #define COSINE_ENCAP_ETH 8
448 #define COSINE_ENCAP_UNKNOWN 99
450 #define COSINE_DIR_TX 1
451 #define COSINE_DIR_RX 2
454 guint8 encap; /* COSINE_ENCAP_* as defined above */
455 guint8 direction; /* COSINE_DIR_*, as defined above */
456 char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
457 guint16 pro; /* Protocol */
458 guint16 off; /* Offset */
459 guint16 pri; /* Priority */
460 guint16 rm; /* Rate Marking */
461 guint16 err; /* Error Code */
464 /* Packet "pseudo-header" for IrDA capture files. */
467 * Direction of the packet
469 #define IRDA_INCOMING 0x0000
470 #define IRDA_OUTGOING 0x0004
473 * "Inline" log messages produced by IrCOMM2k on Windows
475 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
476 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
479 * Differentiate between frames and log messages
481 #define IRDA_CLASS_FRAME 0x0000
482 #define IRDA_CLASS_LOG 0x0100
483 #define IRDA_CLASS_MASK 0xFF00
486 guint16 pkttype; /* packet type */
489 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
499 /* Packet "pseudo-header" for MTP2 files. */
507 /* Packet "pseudo-header" for K12 files. */
521 const gchar* input_name;
522 const gchar* stack_file;
524 k12_input_info_t input_info;
526 guint32 extra_length;
530 #define K12_PORT_DS0S 0x00010008
531 #define K12_PORT_DS1 0x00100008
532 #define K12_PORT_ATMPVC 0x01020000
535 guint16 pkttype; /* packet type */
540 struct catapult_dct2000_phdr
544 struct isdn_phdr isdn;
547 } inner_pseudo_header;
553 * possible event type
555 #define URB_SUBMIT 'S'
556 #define URB_COMPLETE 'C'
557 #define URB_ERROR 'E'
560 * possible transfer mode
562 #define URB_ISOCHRONOUS 0x0
563 #define URB_INTERRUPT 0x1
564 #define URB_CONTROL 0x2
567 #define URB_TRANSFER_IN 0x80 /* to host */
570 * USB setup header as defined in USB specification
572 struct usb_request_hdr {
581 * Header prepended by Linux kernel to each USB event.
582 * Followed by a struct usb_request_hdr, although that header is valid
583 * only if setup_flag is 0.
584 * (Setup flag is '-', 'D', 'Z', or 0. Data flag is '<', '>', 'Z', or 0.)
586 * We present this as a pseudo-header; the values are in host byte order.
588 struct linux_usb_phdr {
589 guint64 id; /* urb id, to link submission and completion events*/
590 guint8 event_type; /* Submit ('S'), Completed ('C'), Error ('E') */
591 guint8 transfer_type; /* ISO (0), Intr, Control, Bulk (3) */
592 guint8 endpoint_number; /* Endpoint number (0-15) and transfer direction */
593 guint8 device_address; /* 0-127 */
595 gint8 setup_flag; /*if !=0 the urb setup header is not present*/
596 gint8 data_flag; /*if !=0 no urb data is present*/
600 guint32 urb_len; /* whole len of urb this event refers to */
601 guint32 data_len; /* amount of urb data really present in this event*/
604 union wtap_pseudo_header {
607 struct isdn_phdr isdn;
609 struct ascend_phdr ascend;
611 struct ieee_802_11_phdr ieee_802_11;
612 struct cosine_phdr cosine;
613 struct irda_phdr irda;
614 struct nettl_phdr nettl;
615 struct mtp2_phdr mtp2;
617 struct lapd_phdr lapd;
618 struct catapult_dct2000_phdr dct2000;
619 struct linux_usb_phdr linux_usb;
628 struct wtap_nstime ts;
638 typedef struct wtap wtap;
639 typedef struct wtap_dumper wtap_dumper;
641 struct file_type_info {
642 /* the file type name */
643 /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
646 /* the file type short name, used as a shortcut for the command line tools */
647 /* should be NULL for all "pseudo" types that are are only internally used and not read/writeable */
648 const char *short_name;
650 /* the common file extensions for this type (seperated by semicolon) */
651 /* should be *.* if no common extension is applicable */
652 const char *file_extensions;
654 /* the default file extension, used to save this type */
655 /* should be NULL if no default extension is known */
656 const char *file_extension_default;
658 /* can this type be compressed with gzip? */
659 gboolean can_compress;
661 /* can this type write this encapsulation format? */
662 /* should be NULL is this file type don't have write support */
663 int (*can_write_encap)(int);
665 /* the function to open the capture file for writing */
666 /* should be NULL is this file type don't have write support */
667 int (*dump_open)(wtap_dumper *, gboolean, int *);
671 typedef int (*wtap_open_routine_t)(struct wtap*, int *, char **);
675 * On failure, "wtap_open_offline()" returns NULL, and puts into the
676 * "int" pointed to by its second argument:
678 * a positive "errno" value if the capture file can't be opened;
680 * a negative number, indicating the type of error, on other failures.
682 struct wtap* wtap_open_offline(const char *filename, int *err,
683 gchar **err_info, gboolean do_random);
685 /* Returns TRUE if read was successful. FALSE if failure. data_offset is
686 * set the the offset in the file where the data for the read packet is
688 gboolean wtap_read(wtap *wth, int *err, gchar **err_info,
689 gint64 *data_offset);
692 * Return an approximation of the amount of data we've read sequentially
693 * from the file so far.
695 gint64 wtap_read_so_far(wtap *wth, int *err);
697 struct wtap_pkthdr *wtap_phdr(wtap *wth);
698 union wtap_pseudo_header *wtap_pseudoheader(wtap *wth);
699 guint8 *wtap_buf_ptr(wtap *wth);
701 gint64 wtap_file_size(wtap *wth, int *err);
702 int wtap_snapshot_length(wtap *wth); /* per file */
703 int wtap_file_type(wtap *wth);
704 int wtap_file_encap(wtap *wth);
705 int wtap_file_tsprecision(wtap *wth);
707 const char *wtap_file_type_string(int filetype);
708 const char *wtap_file_type_short_string(int filetype);
709 int wtap_short_string_to_file_type(const char *short_name);
711 const char *wtap_file_extensions_string(int filetype);
712 const char *wtap_file_extension_default_string(int filetype);
714 const char *wtap_encap_string(int encap);
715 const char *wtap_encap_short_string(int encap);
716 int wtap_short_string_to_encap(const char *short_name);
718 const char *wtap_strerror(int err);
719 void wtap_sequential_close(wtap *wth);
720 void wtap_close(wtap *wth);
721 gboolean wtap_seek_read (wtap *wth, gint64 seek_off,
722 union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
723 int *err, gchar **err_info);
725 gboolean wtap_dump_can_open(int filetype);
726 gboolean wtap_dump_can_write_encap(int filetype, int encap);
727 gboolean wtap_dump_can_compress(int filetype);
728 wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
729 int snaplen, gboolean compressed, int *err);
730 wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
731 gboolean compressed, int *err);
732 gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
733 const union wtap_pseudo_header *pseudo_header, const guchar *, int *err);
734 void wtap_dump_flush(wtap_dumper *);
735 gboolean wtap_dump_close(wtap_dumper *, int *);
736 gint64 wtap_get_bytes_dumped(wtap_dumper *);
737 void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped);
738 int wtap_get_num_encap_types(void);
739 int wtap_get_num_file_types(void);
740 void wtap_register_open_routine(wtap_open_routine_t,gboolean);
741 int wtap_register_encap_type(char* name, char* short_name);
742 int wtap_register_file_type(const struct file_type_info*);
744 * Wiretap error codes.
746 #define WTAP_ERR_NOT_REGULAR_FILE -1
747 /* The file being opened for reading isn't a plain file (or pipe) */
748 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
749 /* The file is being opened for random access and it's a pipe */
750 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
751 /* The file being opened is not a capture file in a known format */
752 #define WTAP_ERR_UNSUPPORTED -4
753 /* Supported file type, but there's something in the file we
755 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
756 /* Wiretap can't save to a pipe in the specified format */
757 #define WTAP_ERR_CANT_OPEN -6
758 /* The file couldn't be opened, reason unknown */
759 #define WTAP_ERR_UNSUPPORTED_FILE_TYPE -7
760 /* Wiretap can't save files in the specified format */
761 #define WTAP_ERR_UNSUPPORTED_ENCAP -8
762 /* Wiretap can't read or save files in the specified format with the
763 specified encapsulation */
764 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
765 /* The specified format doesn't support per-packet encapsulations */
766 #define WTAP_ERR_CANT_CLOSE -10
767 /* The file couldn't be closed, reason unknown */
768 #define WTAP_ERR_CANT_READ -11
769 /* An attempt to read failed, reason unknown */
770 #define WTAP_ERR_SHORT_READ -12
771 /* An attempt to read read less data than it should have */
772 #define WTAP_ERR_BAD_RECORD -13
773 /* We read an invalid record */
774 #define WTAP_ERR_SHORT_WRITE -14
775 /* An attempt to write wrote less data than it should have */
776 #define WTAP_ERR_UNC_TRUNCATED -15
777 /* Sniffer compressed data was oddly truncated */
778 #define WTAP_ERR_UNC_OVERFLOW -16
779 /* Uncompressing Sniffer data would overflow buffer */
780 #define WTAP_ERR_UNC_BAD_OFFSET -17
781 /* LZ77 compressed data has bad offset to string */
782 #define WTAP_ERR_RANDOM_OPEN_STDIN -18
783 /* We're trying to open the standard input for random access */
784 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -19
785 /* The filetype doesn't support output compression */
787 /* Errors from zlib; zlib error Z_xxx turns into Wiretap error
788 WTAP_ERR_ZLIB + Z_xxx.
790 WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
791 errors; we leave room for 100 positive and 100 negative error
794 #define WTAP_ERR_ZLIB -200
795 #define WTAP_ERR_ZLIB_MAX -100
796 #define WTAP_ERR_ZLIB_MIN -300
800 #endif /* __cplusplus */
802 #endif /* __WTAP_H__ */