/* wtap.h
*
- * $Id: wtap.h,v 1.38 1999/09/13 03:52:53 gerald Exp $
+ * $Id: wtap.h,v 1.75 2000/07/26 06:04:34 guy Exp $
*
* Wiretap Library
- * Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
+ * Copyright (c) 1998 by Gilbert Ramirez <gram@xiexie.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* what is contained in the packet trace file.
*
* WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
- * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
+ * "wtap_dump_fd_open()" to indicate that there is no single encapsulation
* type for all packets in the file; this may cause those routines to
* fail if the capture file format being written can't support that.
+ * It's also returned by "wtap_file_encap()" for capture files that
+ * don't have a single encapsulation type for all packets in the file.
*
* WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
* if it's handed an unknown encapsulation.
#define WTAP_ENCAP_LAPB 11
#define WTAP_ENCAP_ATM_SNIFFER 12
#define WTAP_ENCAP_NULL 13
-#define WTAP_ENCAP_ASCEND 14
+#define WTAP_ENCAP_ASCEND 14
+#define WTAP_ENCAP_LAPD 15
+#define WTAP_ENCAP_V120 16
/* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES 15
+#define WTAP_NUM_ENCAP_TYPES 17
/* File types that can be read by wiretap.
We may eventually support writing some or all of these file types,
#define WTAP_FILE_UNKNOWN 0
#define WTAP_FILE_WTAP 1
#define WTAP_FILE_PCAP 2
-#define WTAP_FILE_LANALYZER 3
-#define WTAP_FILE_NGSNIFFER 4
-#define WTAP_FILE_SNOOP 6
-#define WTAP_FILE_IPTRACE 7
-#define WTAP_FILE_NETMON_1_x 8
-#define WTAP_FILE_NETMON_2_x 9
-#define WTAP_FILE_NETXRAY_1_0 10
-#define WTAP_FILE_NETXRAY_1_1 11
-#define WTAP_FILE_NETXRAY_2_001 12
-#define WTAP_FILE_RADCOM 13
-#define WTAP_FILE_ASCEND 14
+#define WTAP_FILE_PCAP_SS990417 3
+#define WTAP_FILE_PCAP_SS990915 4
+#define WTAP_FILE_PCAP_SS991029 5
+#define WTAP_FILE_LANALYZER 6
+#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 7
+#define WTAP_FILE_NGSNIFFER_COMPRESSED 8
+#define WTAP_FILE_SNOOP 9
+#define WTAP_FILE_IPTRACE_1_0 10
+#define WTAP_FILE_IPTRACE_2_0 11
+#define WTAP_FILE_NETMON_1_x 12
+#define WTAP_FILE_NETMON_2_x 13
+#define WTAP_FILE_NETXRAY_1_0 14
+#define WTAP_FILE_NETXRAY_1_1 15
+#define WTAP_FILE_NETXRAY_2_00x 16
+#define WTAP_FILE_RADCOM 17
+#define WTAP_FILE_ASCEND 18
+#define WTAP_FILE_NETTL 19
+#define WTAP_FILE_TOSHIBA 20
+#define WTAP_FILE_I4BTRACE 21
+
+/* last WTAP_FILE_ value + 1 */
+#define WTAP_NUM_FILE_TYPES 22
/*
* Maximum packet size we'll support.
#include <glib.h>
#include <stdio.h>
-typedef struct {
- double timeunit;
- time_t start;
- int is_atm;
-} ngsniffer_t;
-
-typedef struct {
- time_t start;
-} radcom_t;
-
-typedef struct {
- time_t start;
-} lanalyzer_t;
-
-typedef struct {
- int byte_swapped;
- guint16 version_major;
- guint16 version_minor;
-} libpcap_t;
-
-typedef struct {
- time_t start_secs;
- guint32 start_usecs;
- guint8 version_major;
- int end_offset;
-} netmon_t;
-
-typedef struct {
- time_t start_time;
- double timeunit;
- double start_timestamp;
- int wrapped;
- int end_offset;
- int version_major;
-} netxray_t;
-
-typedef struct {
- time_t inittime;
- int adjusted;
- int seek_add;
-} ascend_t;
-
/* Packet "pseudo-header" information for X.25 capture files. */
struct x25_phdr {
guint8 flags; /* ENCAP_LAPB : 1st bit means From DCE */
guint32 task; /* Task number */
};
+/* Packet "pseudo-header" information for LAPD capture files. */
+struct lapd_phdr {
+ gboolean from_network_to_user;
+};
+
/*
* Bits in AppTrafType.
*
#define AHLT_VCMX_FRAGMENTS 0xc /* VCMX: Fragments */
#define AHLT_VCMX_BPDU 0xe /* VCMX: BPDU */
-union pseudo_header {
- struct x25_phdr x25;
- struct ngsniffer_atm_phdr ngsniffer_atm;
- struct ascend_phdr ascend;
+union wtap_pseudo_header {
+ struct x25_phdr x25;
+ struct ngsniffer_atm_phdr ngsniffer_atm;
+ struct ascend_phdr ascend;
+ struct lapd_phdr lapd;
};
struct wtap_pkthdr {
guint32 caplen;
guint32 len;
int pkt_encap;
- union pseudo_header pseudo_header;
};
typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
- int, const u_char *);
+ int, union wtap_pseudo_header *pseudo_header, const u_char *);
struct wtap;
-struct bpf_instruction;
struct Buffer;
-
-typedef int (*subtype_read_func)(struct wtap*, int*);
-typedef struct wtap {
- FILE* fh;
- int file_type;
- int snapshot_length;
- struct Buffer *frame_buffer;
- struct wtap_pkthdr phdr;
-
- long data_offset;
-
- union {
- libpcap_t *pcap;
- lanalyzer_t *lanalyzer;
- ngsniffer_t *ngsniffer;
- radcom_t *radcom;
- netmon_t *netmon;
- netxray_t *netxray;
- ascend_t *ascend;
- } capture;
-
- subtype_read_func subtype_read;
- int file_encap; /* per-file, for those
- file formats that have
- per-file encapsulation
- types */
-} wtap;
-
struct wtap_dumper;
-typedef int (*subtype_write_func)(struct wtap_dumper*,
- const struct wtap_pkthdr*, const u_char*, int*);
-typedef int (*subtype_close_func)(struct wtap_dumper*, int*);
-typedef struct wtap_dumper {
- FILE* fh;
- int file_type;
- int snaplen;
- int encap;
-
- subtype_write_func subtype_write;
- subtype_close_func subtype_close;
-} wtap_dumper;
+typedef struct wtap wtap;
+typedef struct wtap_dumper wtap_dumper;
/*
* On failure, "wtap_open_offline()" returns NULL, and puts into the
*
* a negative number, indicating the type of error, on other failures.
*/
-wtap* wtap_open_offline(const char *filename, int *err);
+struct wtap* wtap_open_offline(const char *filename, int *err, gboolean do_random);
int wtap_loop(wtap *wth, int, wtap_handler, u_char*, int*);
+int wtap_read(wtap *wth, int *err);
+struct wtap_pkthdr *wtap_phdr(wtap *wth);
+union wtap_pseudo_header *wtap_pseudoheader(wtap *wth);
+guint8 *wtap_buf_ptr(wtap *wth);
FILE* wtap_file(wtap *wth);
+int wtap_fd(wtap *wth);
int wtap_snapshot_length(wtap *wth); /* per file */
int wtap_file_type(wtap *wth);
-const char *wtap_file_type_string(wtap *wth);
+int wtap_file_encap(wtap *wth);
+
+const char *wtap_file_type_string(int filetype);
+const char *wtap_file_type_short_string(int filetype);
+int wtap_short_string_to_file_type(const char *short_name);
+
+const char *wtap_encap_string(int encap);
+const char *wtap_encap_short_string(int encap);
+int wtap_short_string_to_encap(const char *short_name);
+
const char *wtap_strerror(int err);
+void wtap_sequential_close(wtap *wth);
void wtap_close(wtap *wth);
-int wtap_seek_read (int encaps, FILE *fh, int seek_off, guint8 *pd, int len);
-int wtap_def_seek_read (FILE *fh, int seek_off, guint8 *pd, int len);
+int wtap_seek_read (wtap *wth, int seek_off,
+ union wtap_pseudo_header *pseudo_header, guint8 *pd, int len);
+int wtap_def_seek_read (wtap *wth, int seek_off,
+ union wtap_pseudo_header *pseudo_header, guint8 *pd, int len);
+gboolean wtap_dump_can_open(int filetype);
+gboolean wtap_dump_can_write_encap(int filetype, int encap);
wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
int snaplen, int *err);
wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
int *err);
-int wtap_dump(wtap_dumper *, const struct wtap_pkthdr *, const u_char *,
- int *err);
+gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
+ const union wtap_pseudo_header *pseudo_header, const u_char *, int *err);
FILE* wtap_dump_file(wtap_dumper *);
-int wtap_dump_close(wtap_dumper *, int *);
+gboolean wtap_dump_close(wtap_dumper *, int *);
/* XXX - needed until "wiretap" can do live packet captures */
int wtap_pcap_encap_to_wtap_encap(int encap);
#define WTAP_ERR_UNSUPPORTED_FILE_TYPE -5
/* Wiretap can't save files in the specified format */
#define WTAP_ERR_UNSUPPORTED_ENCAP -6
- /* Wiretap can't save files in the specified format with the
+ /* Wiretap can't read or save files in the specified format with the
specified encapsulation */
#define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -7
/* The specified format doesn't support per-packet encapsulations */
/* We read an invalid record */
#define WTAP_ERR_SHORT_WRITE -12
/* An attempt to write wrote less data than it should have */
+#define WTAP_ERR_UNC_TRUNCATED -13
+ /* Sniffer compressed data was oddly truncated */
+#define WTAP_ERR_UNC_OVERFLOW -14
+ /* Uncompressing Sniffer data would overflow buffer */
+#define WTAP_ERR_UNC_BAD_OFFSET -15
+ /* LZ77 compressed data has bad offset to string */
-/* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
- * byte array, returns the value of the two or four bytes at the pointer.
- * The pletoh[sl] versions return the little-endian representation.
- */
-
-#ifndef pntohs
-#define pntohs(p) ((guint16) \
- ((guint16)*((guint8 *)p+0)<<8| \
- (guint16)*((guint8 *)p+1)<<0))
-#endif
-
-#ifndef pntohl
-#define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
- (guint32)*((guint8 *)p+1)<<16| \
- (guint32)*((guint8 *)p+2)<<8| \
- (guint32)*((guint8 *)p+3)<<0)
-#endif
+/* Errors from zlib; zlib error Z_xxx turns into Wiretap error
+ WTAP_ERR_ZLIB + Z_xxx.
-#ifndef phtons
-#define phtons(p) ((guint16) \
- ((guint16)*((guint8 *)p+0)<<8| \
- (guint16)*((guint8 *)p+1)<<0))
-#endif
+ WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
+ errors; we leave room for 100 positive and 100 negative error
+ codes. */
-#ifndef phtonl
-#define phtonl(p) ((guint32)*((guint8 *)p+0)<<24| \
- (guint32)*((guint8 *)p+1)<<16| \
- (guint32)*((guint8 *)p+2)<<8| \
- (guint32)*((guint8 *)p+3)<<0)
-#endif
+#define WTAP_ERR_ZLIB -200
+#define WTAP_ERR_ZLIB_MAX -100
+#define WTAP_ERR_ZLIB_MIN -300
-#ifndef pletohs
-#define pletohs(p) ((guint16) \
- ((guint16)*((guint8 *)p+1)<<8| \
- (guint16)*((guint8 *)p+0)<<0))
-#endif
-
-#ifndef plethol
-#define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
- (guint32)*((guint8 *)p+2)<<16| \
- (guint32)*((guint8 *)p+1)<<8| \
- (guint32)*((guint8 *)p+0)<<0)
-#endif
#endif /* __WTAP_H__ */