From 763adefead52e4a93953196b27671471d9c5bbd4 Mon Sep 17 00:00:00 2001 From: guy Date: Thu, 23 Oct 2008 05:56:59 +0000 Subject: [PATCH] Add a man page describing the pcap file format. Refer to it from the pcap_open_offline() and pcap_dump_open() man pages (so they are now generated). Update .cvsignore. --- .cvsignore | 2 + Makefile.in | 26 +++- configure | 7 +- configure.in | 12 +- pcap-savefile.manfile.in | 123 ++++++++++++++++++ ...dump_open.3pcap => pcap_dump_open.3pcap.in | 5 +- ...ffline.3pcap => pcap_open_offline.3pcap.in | 4 +- 7 files changed, 161 insertions(+), 18 deletions(-) create mode 100644 pcap-savefile.manfile.in rename pcap_dump_open.3pcap => pcap_dump_open.3pcap.in (93%) rename pcap_open_offline.3pcap => pcap_open_offline.3pcap.in (93%) diff --git a/.cvsignore b/.cvsignore index 134005c..f63b37a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -9,7 +9,9 @@ config.h pcap-config pcap-filter.manmisc pcap-linktype.manmisc +pcap-savefile.manfile pcap.3pcap +pcap_compile.3pcap pcap_datalink.3pcap pcap_list_datalinks.3pcap pcap_open_dead.3pcap diff --git a/Makefile.in b/Makefile.in index b6d9c59..6a455e8 100644 --- a/Makefile.in +++ b/Makefile.in @@ -17,7 +17,7 @@ # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # -# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.133 2008-10-22 18:02:36 guy Exp $ (LBL) +# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.134 2008-10-23 05:56:59 guy Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -130,8 +130,10 @@ MAN3PCAP_EXPAND = \ pcap.3pcap.in \ pcap_compile.3pcap.in \ pcap_datalink.3pcap.in \ + pcap_dump_open.3pcap.in \ pcap_list_datalinks.3pcap.in \ - pcap_open_dead.3pcap.in + pcap_open_dead.3pcap.in \ + pcap_open_offline.3pcap.in MAN3PCAP_NOEXPAND = \ pcap_activate.3pcap \ @@ -146,7 +148,6 @@ MAN3PCAP_NOEXPAND = \ pcap_dump_file.3pcap \ pcap_dump_flush.3pcap \ pcap_dump_ftell.3pcap \ - pcap_dump_open.3pcap \ pcap_file.3pcap \ pcap_fileno.3pcap \ pcap_findalldevs.3pcap \ @@ -165,7 +166,6 @@ MAN3PCAP_NOEXPAND = \ pcap_next_ex.3pcap \ pcap_offline_filter.3pcap \ pcap_open_live.3pcap \ - pcap_open_offline.3pcap \ pcap_set_buffer_size.3pcap \ pcap_set_datalink.3pcap \ pcap_set_promisc.3pcap \ @@ -182,7 +182,11 @@ MAN3PCAP_NOEXPAND = \ MAN3PCAP = $(MAN3PCAP_NOEXPAND) $(MAN3PCAP_EXPAND:.in=) -MANMISC = pcap-filter.manmisc.in \ +MANFILE = \ + pcap-savefile.manfile.in + +MANMISC = \ + pcap-filter.manmisc.in \ pcap-linktype.manmisc.in EXTRA_DIST = \ @@ -422,6 +426,8 @@ install: libpcap.a pcap-config (mkdir -p $(DESTDIR)$(mandir)/man1; chmod 755 $(DESTDIR)$(mandir)/man1) [ -d $(DESTDIR)$(mandir)/man3 ] || \ (mkdir -p $(DESTDIR)$(mandir)/man3; chmod 755 $(DESTDIR)$(mandir)/man3) + [ -d $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@ ] || \ + (mkdir -p $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@; chmod 755 $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@) [ -d $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@ ] || \ (mkdir -p $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@; chmod 755 $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@) $(INSTALL_DATA) $(srcdir)/pcap/pcap.h \ @@ -464,6 +470,9 @@ install: libpcap.a pcap-config $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap ln $(DESTDIR)$(mandir)/man3/pcap_setnonblock.3pcap \ $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap + for i in $(MANFILE); do \ + $(INSTALL_DATA) $(srcdir)/`echo $$i | sed 's/.manfile.in/.manfile/'` \ + $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@/`echo $$i | sed 's/.manfile.in/.@MAN_FILE_FORMATS@/'`; done for i in $(MANMISC); do \ $(INSTALL_DATA) $(srcdir)/`echo $$i | sed 's/.manmisc.in/.manmisc/'` \ $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@/`echo $$i | sed 's/.manmisc.in/.@MAN_MISC_INFO@/'`; done @@ -499,6 +508,8 @@ uninstall: rm -f $(DESTDIR)$(mandir)/man3/pcap_next.3pcap rm -f $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap rm -f $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap + for i in $(MANFILE); do \ + rm -f $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@/`echo $$i | sed 's/.manfile.in/.@MAN_FILE_FORMATS@/'`; done for i in $(MANMISC); do \ rm -f $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@/`echo $$i | sed 's/.manmisc.in/.@MAN_MISC_INFO@/'`; done @@ -509,7 +520,7 @@ distclean: clean rm -f Makefile config.cache config.log config.status \ config.h gnuc.h os-proto.h bpf_filter.c pcap-config \ stamp-h stamp-h.in - rm -f $(MAN3PCAP_EXPAND:.in=) $(MANMISC:.in=) + rm -f $(MAN3PCAP_EXPAND:.in=) $(MANFILE:.in=) $(MANMISC:.in=) rm -rf autom4te.cache tags: $(TAGFILES) @@ -523,7 +534,8 @@ releasetar: @cwd=`pwd` ; dir=`basename $$cwd` ; name=$(PROG)-`cat VERSION` ; \ mkdir $$name; \ tar cf - $(CSRC) $(HDR) $(MAN1) $(MAN3PCAP_EXPAND) \ - $(MAN3PCAP_NOEXPAND) $(MANMISC) $(EXTRA_DIST) | (cd $$name; tar xf -); \ + $(MAN3PCAP_NOEXPAND) $(MANFILE) $(MANMISC) $(EXTRA_DIST) | \ + (cd $$name; tar xf -); \ tar -c -z -f $$name.tar.gz $$name; \ rm -rf $$name diff --git a/configure b/configure index 52101e3..dee059c 100755 --- a/configure +++ b/configure @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.in Revision: 1.158 . +# From configure.in Revision: 1.159 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61. # @@ -9449,7 +9449,7 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' ac_config_headers="$ac_config_headers config.h" -ac_config_files="$ac_config_files Makefile pcap-filter.manmisc pcap-linktype.manmisc pcap.3pcap pcap_compile.3pcap pcap_datalink.3pcap pcap_list_datalinks.3pcap pcap_open_dead.3pcap" +ac_config_files="$ac_config_files Makefile pcap-filter.manmisc pcap-linktype.manmisc pcap-savefile.manfile pcap.3pcap pcap_compile.3pcap pcap_datalink.3pcap pcap_dump_open.3pcap pcap_list_datalinks.3pcap pcap_open_dead.3pcap pcap_open_offline.3pcap" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -10008,11 +10008,14 @@ do "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "pcap-filter.manmisc") CONFIG_FILES="$CONFIG_FILES pcap-filter.manmisc" ;; "pcap-linktype.manmisc") CONFIG_FILES="$CONFIG_FILES pcap-linktype.manmisc" ;; + "pcap-savefile.manfile") CONFIG_FILES="$CONFIG_FILES pcap-savefile.manfile" ;; "pcap.3pcap") CONFIG_FILES="$CONFIG_FILES pcap.3pcap" ;; "pcap_compile.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_compile.3pcap" ;; "pcap_datalink.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_datalink.3pcap" ;; + "pcap_dump_open.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_dump_open.3pcap" ;; "pcap_list_datalinks.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_list_datalinks.3pcap" ;; "pcap_open_dead.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_open_dead.3pcap" ;; + "pcap_open_offline.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_open_offline.3pcap" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} diff --git a/configure.in b/configure.in index 06bc6f8..3d55b74 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.158 2008-10-21 07:33:01 guy Exp $ (LBL) +dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.159 2008-10-23 05:56:59 guy Exp $ (LBL) dnl dnl Copyright (c) 1994, 1995, 1996, 1997 dnl The Regents of the University of California. All rights reserved. @@ -6,7 +6,7 @@ dnl dnl Process this file with autoconf to produce a configure script. dnl -AC_REVISION($Revision: 1.158 $) +AC_REVISION($Revision: 1.159 $) AC_PREREQ(2.50) AC_INIT(pcap.c) @@ -1050,9 +1050,11 @@ AC_PROG_INSTALL AC_CONFIG_HEADER(config.h) -AC_OUTPUT(Makefile pcap-filter.manmisc pcap-linktype.manmisc pcap.3pcap - pcap_compile.3pcap pcap_datalink.3pcap pcap_list_datalinks.3pcap - pcap_open_dead.3pcap) +AC_OUTPUT(Makefile pcap-filter.manmisc pcap-linktype.manmisc + pcap-savefile.manfile pcap.3pcap pcap_compile.3pcap + pcap_datalink.3pcap pcap_dump_open.3pcap + pcap_list_datalinks.3pcap pcap_open_dead.3pcap + pcap_open_offline.3pcap) if test -f .devel ; then make depend diff --git a/pcap-savefile.manfile.in b/pcap-savefile.manfile.in new file mode 100644 index 0000000..0af855b --- /dev/null +++ b/pcap-savefile.manfile.in @@ -0,0 +1,123 @@ +'\" t +.\" @(#) $Header: /tcpdump/master/libpcap/pcap-savefile.manfile.in,v 1.1 2008-10-23 05:56:59 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP-SAVEFILE @MAN_FILE_FORMATS@ "21 October 2008" +.SH NAME +pcap-savefile \- libpcap savefile format +.SH DESCRIPTION +NOTE: applications and libraries should, if possible, use libpcap to +read savefiles, rather than having their own code to read savefiles. +If, in the future, a new file format is supported by libpcap, +applications and libraries using libpcap to read savefiles will be able +to read the new format of savefiles, but applications and libraries +using their own code to read savefiles will have to be changed to +support the new file format. +.PP +``Savefiles'' read and written by libpcap and applications using libpcap +start with a per-file header. The format of the per-file header is: +.RS +.TS +box; +c s +c | c +c s. +Magic number +_ +Major version Minor version +_ +Time zone offset +_ +Time stamp accuracy +_ +Snapshot length +_ +Link-layer header type +.TE +.RE +.PP +All fields in the per-file header are in the byte order of the host +writing the file. The first field in the per-file header is a 4-byte +magic number, with the value 0xa1b2c3d4. The magic number, when read by +a host with the same byte order as the host that wrote the file, will +have the value 0xa1b2c3d4, and, when read by a host with the opposite +byte order as the host that wrote the file, will have the value +0xd4c3b2a1. That allows software reading the file to determine whether +the byte order of the host that wrote the file is the same as the byte +order of the host on which the file is being read, and thus whether the +values in the per-file and per-packet headers need to be byte-swapped. +.PP +Following this are: +.IP +A 2-byte file format major version number; the current version number is +2. +.IP +A 2-byte file format minor version number; the current version number is +4. +.IP +A 4-byte time zone offset; this is always 0. +.IP +A 4-byte number giving the accuracy of time stamps in the file; this is +always 0. +.IP +A 4-byte number giving the "snapshot length" of the capture; packets +longer than the snapshot length are truncated to the snapshot length, so +that, if the snapshot length is +.IR N , +only the first +.I N +bytes of a packet longer than +.I N +bytes will be saved in the capture. +.IP +a 4-byte number giving the link-layer header type for packets in the +capture. +.PP +Following the per-file header are zero or more packets; each packet +begins with a per-packet header, which is immediately followed by the +raw packet data. The format of the per-packet header is: +.RS +.TS +box; +c. +Time stamp, seconds value +_ +Time stamp, microseconds value +_ +Length of captured packet data +_ +Un-truncated length of the packet data +.TE +.RE +.PP +All fields in the per-packet header are in the byte order of the host +writing the file. The per-packet header begins with a time stamp giving +the approximate time the packet was captured; the time stamp consists of +a 4-byte value, giving the time in seconds since January 1, 1970, +00:00:00 UTC, followed by a 4-byte value, giving the time in +microseconds since that second. Following that are a 4-byte value +giving the number of bytes of captured data that follow the per-packet +header and a 4-byte value giving the number of bytes that would have +been present had the packet not been truncated by the snapshot length. +The two lengths will be equal if the number of bytes of packet data are +less than or equal to the snapshot length. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_dump_open.3pcap b/pcap_dump_open.3pcap.in similarity index 93% rename from pcap_dump_open.3pcap rename to pcap_dump_open.3pcap.in index 2b68fd5..2a5dc9d 100644 --- a/pcap_dump_open.3pcap +++ b/pcap_dump_open.3pcap.in @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_dump_open.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_open.3pcap.in,v 1.1 2008-10-23 05:56:59 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -83,4 +83,5 @@ can be used to get the error text. .SH SEE ALSO pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), pcap_open_offline(3PCAP), pcap_open_live(3PCAP), pcap_open_dead(3PCAP), -pcap_dump(3PCAP), pcap_dump_close(3PCAP), pcap_geterr(3PCAP) +pcap_dump(3PCAP), pcap_dump_close(3PCAP), pcap_geterr(3PCAP), +pcap-savefile(@MAN_FILE_FORMATS@) diff --git a/pcap_open_offline.3pcap b/pcap_open_offline.3pcap.in similarity index 93% rename from pcap_open_offline.3pcap rename to pcap_open_offline.3pcap.in index dd5d494..825b365 100644 --- a/pcap_open_offline.3pcap +++ b/pcap_open_offline.3pcap.in @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_open_offline.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_open_offline.3pcap.in,v 1.1 2008-10-23 05:56:59 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -75,4 +75,4 @@ is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. .SH SEE ALSO -pcap(3PCAP) +pcap(3PCAP), pcap-savefile(@MAN_FILE_FORMATS@)