2003-08-26 07:10:39 +00:00
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This software and documentation has been developed by Endace Technology Ltd.
|
|
|
|
|
* along with the DAG PCI network capture cards. For further information please
|
|
|
|
|
* visit http://www.endace.com/.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
*
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* 3. The name of Endace Technology Ltd may not be used to endorse or promote
|
|
|
|
|
* products derived from this software without specific prior written
|
|
|
|
|
* permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY ENDACE TECHNOLOGY LTD ``AS IS'' AND ANY EXPRESS
|
|
|
|
|
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
|
|
|
* EVENT SHALL ENDACE TECHNOLOGY LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
|
|
|
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
|
|
|
|
|
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef __W_ERF_H__
|
|
|
|
|
#define __W_ERF_H__
|
|
|
|
|
|
2011-06-04 21:20:57 +00:00
|
|
|
#include <glib.h>
|
|
|
|
|
#include <wiretap/wtap.h>
|
2013-02-28 19:35:59 +00:00
|
|
|
#include "ws_symbol_export.h"
|
2011-06-04 21:20:57 +00:00
|
|
|
|
2003-08-26 07:10:39 +00:00
|
|
|
/* Record type defines */
|
2007-10-08 11:41:21 +00:00
|
|
|
#define ERF_TYPE_LEGACY 0
|
|
|
|
|
#define ERF_TYPE_HDLC_POS 1
|
|
|
|
|
#define ERF_TYPE_ETH 2
|
|
|
|
|
#define ERF_TYPE_ATM 3
|
|
|
|
|
#define ERF_TYPE_AAL5 4
|
|
|
|
|
#define ERF_TYPE_MC_HDLC 5
|
|
|
|
|
#define ERF_TYPE_MC_RAW 6
|
|
|
|
|
#define ERF_TYPE_MC_ATM 7
|
|
|
|
|
#define ERF_TYPE_MC_RAW_CHANNEL 8
|
|
|
|
|
#define ERF_TYPE_MC_AAL5 9
|
|
|
|
|
#define ERF_TYPE_COLOR_HDLC_POS 10
|
|
|
|
|
#define ERF_TYPE_COLOR_ETH 11
|
|
|
|
|
#define ERF_TYPE_MC_AAL2 12
|
|
|
|
|
#define ERF_TYPE_IP_COUNTER 13
|
|
|
|
|
#define ERF_TYPE_TCP_FLOW_COUNTER 14
|
|
|
|
|
#define ERF_TYPE_DSM_COLOR_HDLC_POS 15
|
|
|
|
|
#define ERF_TYPE_DSM_COLOR_ETH 16
|
|
|
|
|
#define ERF_TYPE_COLOR_MC_HDLC_POS 17
|
|
|
|
|
#define ERF_TYPE_AAL2 18
|
2015-12-19 18:24:47 +00:00
|
|
|
#define ERF_TYPE_COLOR_HASH_POS 19
|
|
|
|
|
#define ERF_TYPE_COLOR_HASH_ETH 20
|
2008-03-14 17:47:53 +00:00
|
|
|
#define ERF_TYPE_INFINIBAND 21
|
2010-04-08 08:41:56 +00:00
|
|
|
#define ERF_TYPE_IPV4 22
|
|
|
|
|
#define ERF_TYPE_IPV6 23
|
|
|
|
|
#define ERF_TYPE_RAW_LINK 24
|
|
|
|
|
#define ERF_TYPE_INFINIBAND_LINK 25
|
2015-12-19 18:24:47 +00:00
|
|
|
/* XXX - what about 26? */
|
2015-11-19 03:23:53 +00:00
|
|
|
#define ERF_TYPE_META 27
|
From Stephen Donnelly of Endace:
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
2007-06-08 17:06:13 +00:00
|
|
|
|
2015-12-19 18:24:47 +00:00
|
|
|
/* 28-31 reserved for future public ERF types */
|
|
|
|
|
|
2015-11-19 03:23:53 +00:00
|
|
|
/* Record types reserved for local and internal use */
|
|
|
|
|
#define ERF_TYPE_INTERNAL0 32
|
|
|
|
|
#define ERF_TYPE_INTERNAL1 33
|
|
|
|
|
#define ERF_TYPE_INTERNAL2 34
|
|
|
|
|
#define ERF_TYPE_INTERNAL3 35
|
|
|
|
|
#define ERF_TYPE_INTERNAL4 36
|
|
|
|
|
#define ERF_TYPE_INTERNAL5 37
|
|
|
|
|
#define ERF_TYPE_INTERNAL6 38
|
|
|
|
|
#define ERF_TYPE_INTERNAL7 39
|
|
|
|
|
#define ERF_TYPE_INTERNAL8 40
|
|
|
|
|
#define ERF_TYPE_INTERNAL9 41
|
|
|
|
|
#define ERF_TYPE_INTERNAL10 42
|
|
|
|
|
#define ERF_TYPE_INTERNAL11 43
|
|
|
|
|
#define ERF_TYPE_INTERNAL12 44
|
|
|
|
|
#define ERF_TYPE_INTERNAL13 45
|
|
|
|
|
#define ERF_TYPE_INTERNAL14 46
|
|
|
|
|
#define ERF_TYPE_INTERNAL15 47
|
|
|
|
|
|
|
|
|
|
/* Pad records */
|
2007-10-08 11:41:21 +00:00
|
|
|
#define ERF_TYPE_PAD 48
|
From Stephen Donnelly of Endace:
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
2007-06-08 17:06:13 +00:00
|
|
|
|
2007-10-08 11:41:21 +00:00
|
|
|
#define ERF_TYPE_MIN 1 /* sanity checking */
|
|
|
|
|
#define ERF_TYPE_MAX 48 /* sanity checking */
|
2003-08-26 07:10:39 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The timestamp is 64bit unsigned fixed point little-endian value with
|
2005-08-26 19:40:46 +00:00
|
|
|
* 32 bits for second and 32 bits for fraction.
|
2003-08-26 07:10:39 +00:00
|
|
|
*/
|
|
|
|
|
typedef guint64 erf_timestamp_t;
|
|
|
|
|
|
|
|
|
|
typedef struct erf_record {
|
|
|
|
|
erf_timestamp_t ts;
|
|
|
|
|
guint8 type;
|
|
|
|
|
guint8 flags;
|
|
|
|
|
guint16 rlen;
|
|
|
|
|
guint16 lctr;
|
|
|
|
|
guint16 wlen;
|
|
|
|
|
} erf_header_t;
|
|
|
|
|
|
2007-10-08 11:41:21 +00:00
|
|
|
typedef struct erf_mc_hdr {
|
|
|
|
|
guint32 mc;
|
|
|
|
|
} erf_mc_header_t;
|
2003-08-26 07:10:39 +00:00
|
|
|
|
2016-01-13 05:21:42 +00:00
|
|
|
typedef struct erf_aal2_hdr {
|
|
|
|
|
guint32 aal2;
|
|
|
|
|
} erf_aal2_header_t;
|
|
|
|
|
|
2007-10-08 11:41:21 +00:00
|
|
|
typedef struct erf_eth_hdr {
|
2016-01-13 08:10:48 +00:00
|
|
|
guint8 offset;
|
|
|
|
|
guint8 pad;
|
2007-10-08 11:41:21 +00:00
|
|
|
} erf_eth_header_t;
|
2003-08-26 07:10:39 +00:00
|
|
|
|
2013-11-08 17:17:57 +00:00
|
|
|
union erf_subhdr {
|
2007-10-08 11:41:21 +00:00
|
|
|
struct erf_mc_hdr mc_hdr;
|
2016-01-13 08:10:48 +00:00
|
|
|
struct erf_aal2_hdr aal2_hdr;
|
2007-10-08 11:41:21 +00:00
|
|
|
struct erf_eth_hdr eth_hdr;
|
|
|
|
|
};
|
2003-08-26 07:10:39 +00:00
|
|
|
|
2007-10-08 11:41:21 +00:00
|
|
|
#define MIN_RECORDS_FOR_ERF_CHECK 3
|
|
|
|
|
#define RECORDS_FOR_ERF_CHECK 20
|
|
|
|
|
#define FCS_BITS 32
|
2007-02-18 11:32:54 +00:00
|
|
|
|
2014-10-10 01:04:16 +00:00
|
|
|
wtap_open_return_val erf_open(wtap *wth, int *err, gchar **err_info);
|
2011-08-31 20:50:15 +00:00
|
|
|
int erf_dump_can_write_encap(int encap);
|
2014-05-09 05:18:49 +00:00
|
|
|
int erf_dump_open(wtap_dumper *wdh, int *err);
|
2003-08-26 07:10:39 +00:00
|
|
|
|
2012-05-24 09:24:05 +00:00
|
|
|
int erf_populate_interfaces(wtap *wth);
|
|
|
|
|
|
2003-08-26 07:10:39 +00:00
|
|
|
#endif /* __W_ERF_H__ */
|
2015-01-02 00:45:22 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
|
*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* c-basic-offset: 8
|
|
|
|
|
* tab-width: 8
|
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
|
* End:
|
|
|
|
|
*
|
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
|
*/
|