2021-11-26 03:31:05 +00:00
|
|
|
/** @file
|
2014-05-24 20:57:11 +00:00
|
|
|
*
|
|
|
|
* Wiretap Library
|
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
|
|
|
*
|
2018-02-07 11:26:45 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2014-05-24 20:57:11 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __PCAP_MODULE_H__
|
|
|
|
#define __PCAP_MODULE_H__
|
|
|
|
|
2018-02-04 00:41:13 +00:00
|
|
|
/*
|
|
|
|
* These are the officially registered block types, from the pcapng
|
|
|
|
* specification.
|
|
|
|
*
|
|
|
|
* XXX - Dear Sysdig People: please add your blocks to the spec!
|
|
|
|
*/
|
2021-06-17 20:52:45 +00:00
|
|
|
#define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */
|
|
|
|
#define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */
|
|
|
|
#define BLOCK_TYPE_PB 0x00000002 /* Packet Block (obsolete) */
|
|
|
|
#define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */
|
|
|
|
#define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */
|
|
|
|
#define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */
|
|
|
|
#define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */
|
|
|
|
#define BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */
|
|
|
|
#define BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */
|
|
|
|
#define BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT 0x00000009 /* systemd journal entry */
|
|
|
|
#define BLOCK_TYPE_DSB 0x0000000A /* Decryption Secrets Block */
|
|
|
|
#define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */
|
|
|
|
#define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */
|
|
|
|
#define BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216 /* Sysdig Event Block version 2 */
|
|
|
|
#define BLOCK_TYPE_SYSDIG_EVF_V2 0x00000217 /* Sysdig Event Block with flags version 2 */
|
2021-10-28 12:24:13 +00:00
|
|
|
#define BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE 0x00000221 /* Sysdig Event Block version 2 with large payload */
|
|
|
|
#define BLOCK_TYPE_SYSDIG_EVF_V2_LARGE 0x00000222 /* Sysdig Event Block with flags version 2 with large payload */
|
2021-06-17 20:52:45 +00:00
|
|
|
#define BLOCK_TYPE_CB_COPY 0x00000BAD /* Custom Block which can be copied */
|
|
|
|
#define BLOCK_TYPE_CB_NO_COPY 0x40000BAD /* Custom Block which should not be copied */
|
2018-02-04 00:41:13 +00:00
|
|
|
|
|
|
|
/* TODO: the following are not yet well defined in the draft spec,
|
|
|
|
* and do not yet have block type values assigned to them:
|
2015-07-20 14:35:06 +00:00
|
|
|
* Compression Block
|
|
|
|
* Encryption Block
|
|
|
|
* Fixed Length Block
|
|
|
|
* Directory Block
|
|
|
|
* Traffic Statistics and Monitoring Blocks
|
|
|
|
* Event/Security Block
|
|
|
|
*/
|
|
|
|
|
2018-02-05 04:33:02 +00:00
|
|
|
/* Block data to be passed between functions during reading */
|
|
|
|
typedef struct wtapng_block_s {
|
2018-02-09 00:19:12 +00:00
|
|
|
guint32 type; /* block_type as defined by pcapng */
|
|
|
|
gboolean internal; /* TRUE if this block type shouldn't be returned from pcapng_read() */
|
|
|
|
wtap_block_t block;
|
|
|
|
wtap_rec *rec;
|
|
|
|
Buffer *frame_buffer;
|
2018-02-05 04:33:02 +00:00
|
|
|
} wtapng_block_t;
|
|
|
|
|
2021-08-27 06:47:36 +00:00
|
|
|
/* Section data in private struct */
|
|
|
|
/*
|
|
|
|
* XXX - there needs to be a more general way to implement the Netflix
|
|
|
|
* BBLog blocks and options.
|
|
|
|
*/
|
|
|
|
typedef struct section_info_t {
|
|
|
|
gboolean byte_swapped; /**< TRUE if this section is not in our byte order */
|
|
|
|
guint16 version_major; /**< Major version number of this section */
|
|
|
|
guint16 version_minor; /**< Minor version number of this section */
|
|
|
|
GArray *interfaces; /**< Interfaces found in this section */
|
|
|
|
gint64 shb_off; /**< File offset of the SHB for this section */
|
|
|
|
guint32 bblog_version; /**< BBLog: version used */
|
|
|
|
guint64 bblog_offset_tv_sec; /**< BBLog: UTC offset */
|
|
|
|
guint64 bblog_offset_tv_usec;
|
|
|
|
} section_info_t;
|
|
|
|
|
2014-05-24 20:57:11 +00:00
|
|
|
/*
|
2018-01-09 00:38:10 +00:00
|
|
|
* Reader and writer routines for pcapng block types.
|
2014-05-24 20:57:11 +00:00
|
|
|
*/
|
2021-02-04 22:43:00 +00:00
|
|
|
typedef gboolean (*block_reader)(FILE_T fh, guint32 block_read,
|
|
|
|
gboolean byte_swapped,
|
|
|
|
wtapng_block_t *wblock,
|
|
|
|
int *err, gchar **err_info);
|
|
|
|
typedef gboolean (*block_writer)(wtap_dumper *wdh, const wtap_rec *rec,
|
|
|
|
const guint8 *pd, int *err);
|
2014-05-24 20:57:11 +00:00
|
|
|
|
|
|
|
/*
|
2018-01-09 00:38:10 +00:00
|
|
|
* Register a handler for a pcapng block type.
|
2014-05-24 20:57:11 +00:00
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC
|
2019-01-04 13:12:45 +00:00
|
|
|
void register_pcapng_block_type_handler(guint block_type, block_reader reader,
|
|
|
|
block_writer writer);
|
2014-05-24 20:57:11 +00:00
|
|
|
|
2014-12-01 00:30:19 +00:00
|
|
|
/*
|
2021-02-04 22:43:00 +00:00
|
|
|
* Handler routines for pcapng option type.
|
2014-12-01 00:30:19 +00:00
|
|
|
*/
|
2021-02-04 22:43:00 +00:00
|
|
|
typedef gboolean (*option_parser)(wtap_block_t block,
|
|
|
|
gboolean byte_swapped,
|
|
|
|
guint option_length,
|
|
|
|
const guint8 *option_content,
|
|
|
|
int *err, gchar **err_info);
|
|
|
|
typedef guint32 (*option_sizer)(guint option_id, wtap_optval_t *optval);
|
|
|
|
typedef gboolean (*option_writer)(wtap_dumper *wdh, guint option_id,
|
|
|
|
wtap_optval_t *optval, int *err);
|
2014-12-01 00:30:19 +00:00
|
|
|
|
|
|
|
/*
|
2018-01-09 00:38:10 +00:00
|
|
|
* Register a handler for a pcapng option code for a particular block
|
2014-12-01 00:30:19 +00:00
|
|
|
* type.
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void register_pcapng_option_handler(guint block_type, guint option_code,
|
2021-02-04 22:43:00 +00:00
|
|
|
option_parser parser,
|
|
|
|
option_sizer sizer,
|
|
|
|
option_writer writer);
|
2014-12-01 00:30:19 +00:00
|
|
|
|
2021-08-27 06:47:36 +00:00
|
|
|
/*
|
|
|
|
* Byte order of the options within a block.
|
|
|
|
*
|
|
|
|
* This is usually the byte order of the section, but, for options
|
|
|
|
* within a Custom Block, it needs to be a specified byte order,
|
|
|
|
* or a byte order indicated by data in the Custom Data (stored in
|
|
|
|
* a fashion that doesn't require knowing the byte order of the
|
|
|
|
* Custom Data, as it's also the byte order of the Custom Data
|
|
|
|
* itself), so that programs ignorant of the format of a given
|
|
|
|
* type of Custom Block can still read a block from one file and
|
|
|
|
* write it to another, even if the host doing the writing has
|
|
|
|
* a byte order different from the host that previously wrote
|
|
|
|
* the file.
|
|
|
|
*/
|
|
|
|
typedef enum {
|
|
|
|
OPT_SECTION_BYTE_ORDER, /* byte order of this section */
|
|
|
|
OPT_BIG_ENDIAN, /* as it says */
|
|
|
|
OPT_LITTLE_ENDIAN /* ditto */
|
|
|
|
} pcapng_opt_byte_order_e;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Process the options section of a block. process_option points to
|
|
|
|
* a routine that processes all the block-specific options, i.e.
|
|
|
|
* options other than the end-of-options, comment, and custom
|
|
|
|
* options.
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
gboolean pcapng_process_options(FILE_T fh, wtapng_block_t *wblock,
|
|
|
|
section_info_t *section_info,
|
|
|
|
guint opt_cont_buf_len,
|
|
|
|
gboolean (*process_option)(wtapng_block_t *,
|
|
|
|
const section_info_t *,
|
|
|
|
guint16, guint16,
|
|
|
|
const guint8 *,
|
|
|
|
int *, gchar **),
|
|
|
|
pcapng_opt_byte_order_e byte_order,
|
|
|
|
int *err, gchar **err_info);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Helper routines to process options with types used in more than one
|
|
|
|
* block type.
|
|
|
|
*/
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void pcapng_process_uint8_option(wtapng_block_t *wblock,
|
|
|
|
guint16 option_code, guint16 option_length,
|
|
|
|
const guint8 *option_content);
|
|
|
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void pcapng_process_uint32_option(wtapng_block_t *wblock,
|
2021-08-27 08:28:46 +00:00
|
|
|
const section_info_t *section_info,
|
|
|
|
pcapng_opt_byte_order_e byte_order,
|
2021-08-27 06:47:36 +00:00
|
|
|
guint16 option_code, guint16 option_length,
|
2021-08-27 08:28:46 +00:00
|
|
|
const guint8 *option_content);
|
2021-08-27 06:47:36 +00:00
|
|
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void pcapng_process_timestamp_option(wtapng_block_t *wblock,
|
|
|
|
const section_info_t *section_info,
|
|
|
|
pcapng_opt_byte_order_e byte_order,
|
|
|
|
guint16 option_code, guint16 option_length,
|
|
|
|
const guint8 *option_content);
|
|
|
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void pcapng_process_uint64_option(wtapng_block_t *wblock,
|
|
|
|
const section_info_t *section_info,
|
|
|
|
pcapng_opt_byte_order_e byte_order,
|
|
|
|
guint16 option_code, guint16 option_length,
|
|
|
|
const guint8 *option_content);
|
|
|
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void pcapng_process_string_option(wtapng_block_t *wblock, guint16 option_code,
|
|
|
|
guint16 option_length, const guint8 *option_content);
|
|
|
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
void pcapng_process_bytes_option(wtapng_block_t *wblock, guint16 option_code,
|
|
|
|
guint16 option_length, const guint8 *option_content);
|
|
|
|
|
2014-05-24 20:57:11 +00:00
|
|
|
#endif /* __PCAP_MODULE_H__ */
|