1998-11-12 06:01:27 +00:00
|
|
|
/* wtap.h
|
|
|
|
|
*
|
2002-04-08 09:09:49 +00:00
|
|
|
* $Id: wtap.h,v 1.108 2002/04/08 09:09:49 guy Exp $
|
1998-11-12 06:01:27 +00:00
|
|
|
*
|
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
1998-11-12 00:06:47 +00:00
|
|
|
*
|
1998-11-12 06:01:27 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*
|
1998-11-12 00:06:47 +00:00
|
|
|
*/
|
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef __WTAP_H__
|
|
|
|
|
#define __WTAP_H__
|
|
|
|
|
|
1998-12-17 06:39:13 +00:00
|
|
|
/* Encapsulation types. Choose names that truly reflect
|
1999-07-28 23:16:42 +00:00
|
|
|
* what is contained in the packet trace file.
|
|
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
|
1999-09-22 01:26:50 +00:00
|
|
|
* "wtap_dump_fd_open()" to indicate that there is no single encapsulation
|
1999-08-22 02:29:40 +00:00
|
|
|
* type for all packets in the file; this may cause those routines to
|
|
|
|
|
* fail if the capture file format being written can't support that.
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
* It's also returned by "wtap_file_encap()" for capture files that
|
|
|
|
|
* don't have a single encapsulation type for all packets in the file.
|
1999-08-22 02:29:40 +00:00
|
|
|
*
|
|
|
|
|
* WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
|
|
|
|
|
* if it's handed an unknown encapsulation.
|
|
|
|
|
*
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
* WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
|
|
|
|
|
* MAC addresses you get from the hardware are bit-swapped. Ideally,
|
|
|
|
|
* the driver would tell us that, but I know of none that do, so, for
|
|
|
|
|
* now, we base it on the machine on which we're *reading* the
|
|
|
|
|
* capture, rather than on the machine on which the capture was taken
|
|
|
|
|
* (they're probably likely to be the same). We assume that they're
|
|
|
|
|
* bit-swapped on everything except for systems running Ultrix, Alpha
|
|
|
|
|
* systems, and BSD/OS systems (that's what "tcpdump" does; I guess
|
|
|
|
|
* Digital decided to bit-swap addresses in the hardware or in the
|
|
|
|
|
* driver, and I guess BSDI bit-swapped them in the driver, given that
|
|
|
|
|
* BSD/OS generally runs on Boring Old PC's). If we create a wiretap
|
|
|
|
|
* save file format, we'd use the WTAP_ENCAP values to flag the
|
|
|
|
|
* encapsulation of a packet, so there we'd at least be able to base
|
|
|
|
|
* it on the machine on which the capture was taken.
|
|
|
|
|
*
|
1999-07-28 23:16:42 +00:00
|
|
|
* WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
|
2001-09-23 21:55:21 +00:00
|
|
|
* ATM on Linux code from <http://linux-atm.sourceforge.net/>;
|
1999-07-28 23:16:42 +00:00
|
|
|
* that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
|
|
|
|
|
* encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
|
|
|
|
|
* presumably used on some BSD systems, which we turn into
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
* WTAP_ENCAP_ATM_RFC1483.
|
|
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
|
|
|
|
|
* corresponds to
|
1999-08-18 17:08:47 +00:00
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* 1) PPP-over-HDLC encapsulation, at least with some versions
|
|
|
|
|
* of ISDN4BSD (but not the current ones, it appears, unless
|
|
|
|
|
* I've missed something);
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* 2) a 4-byte header containing the AF_ address family, in
|
|
|
|
|
* the byte order of the machine that saved the capture,
|
|
|
|
|
* for the packet, as used on many BSD systems for the
|
2002-02-01 00:10:03 +00:00
|
|
|
* loopback device and some other devices, or a 4-byte header
|
|
|
|
|
* containing the AF_ address family in network byte order,
|
|
|
|
|
* as used on recent OpenBSD systems for the loopback device;
|
1999-08-22 02:29:40 +00:00
|
|
|
*
|
|
|
|
|
* 3) a 4-byte header containing 2 octets of 0 and an Ethernet
|
|
|
|
|
* type in the byte order from an Ethernet header, that being
|
2002-02-01 00:10:03 +00:00
|
|
|
* what older versions of "libpcap" on Linux turn the Ethernet
|
|
|
|
|
* header for loopback interfaces into (0.6.0 and later versions
|
|
|
|
|
* leave the Ethernet header alone and make it DLT_EN10MB). */
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
#define WTAP_ENCAP_PER_PACKET -1
|
1999-08-22 02:29:40 +00:00
|
|
|
#define WTAP_ENCAP_UNKNOWN 0
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_ENCAP_ETHERNET 1
|
2000-09-21 04:41:37 +00:00
|
|
|
#define WTAP_ENCAP_TOKEN_RING 2
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_ENCAP_SLIP 3
|
|
|
|
|
#define WTAP_ENCAP_PPP 4
|
|
|
|
|
#define WTAP_ENCAP_FDDI 5
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
#define WTAP_ENCAP_FDDI_BITSWAPPED 6
|
|
|
|
|
#define WTAP_ENCAP_RAW_IP 7
|
|
|
|
|
#define WTAP_ENCAP_ARCNET 8
|
|
|
|
|
#define WTAP_ENCAP_ATM_RFC1483 9
|
|
|
|
|
#define WTAP_ENCAP_LINUX_ATM_CLIP 10
|
|
|
|
|
#define WTAP_ENCAP_LAPB 11
|
|
|
|
|
#define WTAP_ENCAP_ATM_SNIFFER 12
|
|
|
|
|
#define WTAP_ENCAP_NULL 13
|
1999-10-19 04:41:52 +00:00
|
|
|
#define WTAP_ENCAP_ASCEND 14
|
1999-11-11 05:36:16 +00:00
|
|
|
#define WTAP_ENCAP_LAPD 15
|
1999-12-12 22:40:10 +00:00
|
|
|
#define WTAP_ENCAP_V120 16
|
2000-09-21 04:41:37 +00:00
|
|
|
#define WTAP_ENCAP_PPP_WITH_PHDR 17
|
2000-11-15 05:42:35 +00:00
|
|
|
#define WTAP_ENCAP_IEEE_802_11 18
|
2002-04-08 09:09:49 +00:00
|
|
|
#define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 19
|
|
|
|
|
#define WTAP_ENCAP_SLL 20
|
|
|
|
|
#define WTAP_ENCAP_FRELAY 21
|
|
|
|
|
#define WTAP_ENCAP_CHDLC 22
|
|
|
|
|
#define WTAP_ENCAP_CISCO_IOS 23
|
|
|
|
|
#define WTAP_ENCAP_LOCALTALK 24
|
|
|
|
|
#define WTAP_ENCAP_PRISM_HEADER 25
|
|
|
|
|
#define WTAP_ENCAP_PFLOG 26
|
|
|
|
|
#define WTAP_ENCAP_AIROPEEK 27
|
|
|
|
|
#define WTAP_ENCAP_HHDLC 28
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* last WTAP_ENCAP_ value + 1 */
|
2002-04-08 09:09:49 +00:00
|
|
|
#define WTAP_NUM_ENCAP_TYPES 29
|
1999-03-01 18:57:07 +00:00
|
|
|
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
/* File types that can be read by wiretap.
|
2000-09-15 07:52:43 +00:00
|
|
|
We support writing some many of these file types, too, so we
|
|
|
|
|
distinguish between different versions of them. */
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_FILE_UNKNOWN 0
|
|
|
|
|
#define WTAP_FILE_WTAP 1
|
|
|
|
|
#define WTAP_FILE_PCAP 2
|
2000-07-26 06:04:34 +00:00
|
|
|
#define WTAP_FILE_PCAP_SS990417 3
|
|
|
|
|
#define WTAP_FILE_PCAP_SS990915 4
|
|
|
|
|
#define WTAP_FILE_PCAP_SS991029 5
|
2000-09-15 07:52:43 +00:00
|
|
|
#define WTAP_FILE_PCAP_NOKIA 6
|
Add in some heuristics to try to detect AIX libpcap format. (This works
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
2001-11-06 01:55:14 +00:00
|
|
|
#define WTAP_FILE_PCAP_AIX 7
|
|
|
|
|
#define WTAP_FILE_LANALYZER 8
|
|
|
|
|
#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 9
|
|
|
|
|
#define WTAP_FILE_NGSNIFFER_COMPRESSED 10
|
|
|
|
|
#define WTAP_FILE_SNOOP 11
|
|
|
|
|
#define WTAP_FILE_IPTRACE_1_0 12
|
|
|
|
|
#define WTAP_FILE_IPTRACE_2_0 13
|
|
|
|
|
#define WTAP_FILE_NETMON_1_x 14
|
|
|
|
|
#define WTAP_FILE_NETMON_2_x 15
|
|
|
|
|
#define WTAP_FILE_NETXRAY_1_0 16
|
|
|
|
|
#define WTAP_FILE_NETXRAY_1_1 17
|
|
|
|
|
#define WTAP_FILE_NETXRAY_2_00x 18
|
|
|
|
|
#define WTAP_FILE_RADCOM 19
|
|
|
|
|
#define WTAP_FILE_ASCEND 20
|
|
|
|
|
#define WTAP_FILE_NETTL 21
|
|
|
|
|
#define WTAP_FILE_TOSHIBA 22
|
|
|
|
|
#define WTAP_FILE_I4BTRACE 23
|
|
|
|
|
#define WTAP_FILE_CSIDS 24
|
|
|
|
|
#define WTAP_FILE_PPPDUMP 25
|
2002-01-23 06:32:52 +00:00
|
|
|
#define WTAP_FILE_ETHERPEEK_V56 26
|
|
|
|
|
#define WTAP_FILE_ETHERPEEK_V7 27
|
Add in some heuristics to try to detect AIX libpcap format. (This works
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
2001-11-06 01:55:14 +00:00
|
|
|
#define WTAP_FILE_VMS 28
|
|
|
|
|
#define WTAP_FILE_DBS_ETHERWATCH 29
|
2001-12-04 22:28:19 +00:00
|
|
|
#define WTAP_FILE_VISUAL_NETWORKS 30
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-12-04 08:32:14 +00:00
|
|
|
/* last WTAP_FILE_ value + 1 */
|
2001-12-04 22:28:19 +00:00
|
|
|
#define WTAP_NUM_FILE_TYPES 31
|
1999-12-04 08:32:14 +00:00
|
|
|
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
/*
|
|
|
|
|
* Maximum packet size we'll support.
|
|
|
|
|
*/
|
|
|
|
|
#define WTAP_MAX_PACKET_SIZE 65535
|
|
|
|
|
|
2000-08-11 13:37:21 +00:00
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
1998-11-12 00:06:47 +00:00
|
|
|
#include <sys/types.h>
|
2000-08-11 13:37:21 +00:00
|
|
|
#endif
|
1999-07-13 02:53:26 +00:00
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TIME_H
|
1998-11-12 00:06:47 +00:00
|
|
|
#include <sys/time.h>
|
1999-07-13 02:53:26 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_WINSOCK_H
|
|
|
|
|
#include <winsock.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
#include <glib.h>
|
1998-11-15 05:29:17 +00:00
|
|
|
#include <stdio.h>
|
1998-11-12 00:06:47 +00:00
|
|
|
|
2002-01-18 00:25:50 +00:00
|
|
|
/*
|
|
|
|
|
* "Pseudo-headers" are used to supply to the clients of wiretap
|
|
|
|
|
* per-packet information that's not part of the packet payload
|
|
|
|
|
* proper.
|
|
|
|
|
*
|
|
|
|
|
* NOTE: do not use pseudo-header structures to hold information
|
|
|
|
|
* used by the code to read a particular capture file type; to
|
|
|
|
|
* keep that sort of state information, add a new structure for
|
|
|
|
|
* that private information to "wtap-int.h", add a pointer to that
|
|
|
|
|
* type of structure to the "capture" member of the "struct wtap"
|
|
|
|
|
* structure, and allocate one of those structures and set that member
|
|
|
|
|
* in the "open" routine for that capture file type if the open
|
|
|
|
|
* succeeds. See various other capture file type handlers for examples
|
|
|
|
|
* of that.
|
|
|
|
|
*/
|
|
|
|
|
|
1999-08-20 06:55:20 +00:00
|
|
|
/* Packet "pseudo-header" information for X.25 capture files. */
|
|
|
|
|
struct x25_phdr {
|
|
|
|
|
guint8 flags; /* ENCAP_LAPB : 1st bit means From DCE */
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Packet "pseudo-header" for ATM Sniffer capture files. */
|
|
|
|
|
struct ngsniffer_atm_phdr {
|
|
|
|
|
guint8 AppTrafType; /* traffic type */
|
|
|
|
|
guint8 AppHLType; /* protocol type */
|
|
|
|
|
guint16 Vpi; /* virtual path identifier */
|
|
|
|
|
guint16 Vci; /* virtual circuit identifier */
|
|
|
|
|
guint16 channel; /* link: 0 for DCE, 1 for DTE */
|
|
|
|
|
guint16 cells; /* number of cells */
|
|
|
|
|
guint16 aal5t_u2u; /* user-to-user indicator */
|
|
|
|
|
guint16 aal5t_len; /* length of the packet */
|
|
|
|
|
guint32 aal5t_chksum; /* checksum for AAL5 packet */
|
|
|
|
|
};
|
|
|
|
|
|
1999-09-11 22:36:38 +00:00
|
|
|
/* Packet "pseudo-header" for the output from "wandsession", "wannext",
|
|
|
|
|
"wandisplay", and similar commands on Lucent/Ascend access equipment. */
|
|
|
|
|
|
|
|
|
|
#define ASCEND_MAX_STR_LEN 64
|
|
|
|
|
|
1999-09-13 03:52:53 +00:00
|
|
|
#define ASCEND_PFX_WDS_X 1
|
|
|
|
|
#define ASCEND_PFX_WDS_R 2
|
|
|
|
|
#define ASCEND_PFX_WDD 3
|
1999-09-11 22:36:38 +00:00
|
|
|
|
|
|
|
|
struct ascend_phdr {
|
|
|
|
|
guint16 type; /* ASCEND_PFX_*, as defined above */
|
1999-09-13 03:52:53 +00:00
|
|
|
char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
|
|
|
|
|
guint32 sess; /* Session number, from wandsession header */
|
|
|
|
|
char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
|
|
|
|
|
guint32 chunk; /* Chunk number, from WDD header */
|
1999-09-11 22:36:38 +00:00
|
|
|
guint32 task; /* Task number */
|
|
|
|
|
};
|
|
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/* Packet "pseudo-header" for point-to-point links with direction flags. */
|
2000-09-21 04:41:37 +00:00
|
|
|
struct p2p_phdr {
|
|
|
|
|
gboolean sent; /* TRUE=sent, FALSE=received */
|
1999-11-11 05:36:16 +00:00
|
|
|
};
|
|
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/* Packet "pseudo-header" information for 802.11 with radio information. */
|
|
|
|
|
struct ieee_802_11_phdr {
|
|
|
|
|
guint8 channel; /* Channel number */
|
|
|
|
|
guint8 data_rate; /* in .5 Mb/s units */
|
|
|
|
|
guint8 signal_level; /* percentage */
|
|
|
|
|
};
|
2000-09-21 04:41:37 +00:00
|
|
|
|
1999-08-20 06:55:20 +00:00
|
|
|
/*
|
|
|
|
|
* Bits in AppTrafType.
|
|
|
|
|
*
|
|
|
|
|
* For AAL types other than AAL5, the packet data is presumably for a
|
|
|
|
|
* single cell, not a reassembled frame, as the ATM Sniffer manual says
|
|
|
|
|
* it dosn't reassemble cells other than AAL5 cells.
|
|
|
|
|
*/
|
|
|
|
|
#define ATT_AALTYPE 0x0F /* AAL type: */
|
|
|
|
|
#define ATT_AAL_UNKNOWN 0x00 /* Unknown AAL */
|
|
|
|
|
#define ATT_AAL1 0x01 /* AAL1 */
|
|
|
|
|
#define ATT_AAL3_4 0x02 /* AAL3/4 */
|
|
|
|
|
#define ATT_AAL5 0x03 /* AAL5 */
|
|
|
|
|
#define ATT_AAL_USER 0x04 /* User AAL */
|
|
|
|
|
#define ATT_AAL_SIGNALLING 0x05 /* Signaling AAL */
|
|
|
|
|
#define ATT_OAMCELL 0x06 /* OAM cell */
|
|
|
|
|
|
|
|
|
|
#define ATT_HLTYPE 0xF0 /* Higher-layer type: */
|
|
|
|
|
#define ATT_HL_UNKNOWN 0x00 /* unknown */
|
|
|
|
|
#define ATT_HL_LLCMX 0x10 /* LLC multiplexed (probably RFC 1483) */
|
|
|
|
|
#define ATT_HL_VCMX 0x20 /* VC multiplexed (probably RFC 1483) */
|
|
|
|
|
#define ATT_HL_LANE 0x30 /* LAN Emulation */
|
|
|
|
|
#define ATT_HL_ILMI 0x40 /* ILMI */
|
|
|
|
|
#define ATT_HL_FRMR 0x50 /* Frame Relay */
|
|
|
|
|
#define ATT_HL_SPANS 0x60 /* FORE SPANS */
|
|
|
|
|
#define ATT_HL_IPSILON 0x70 /* Ipsilon */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Values for AppHLType; the interpretation depends on the ATT_HLTYPE
|
|
|
|
|
* bits in AppTrafType.
|
|
|
|
|
*/
|
|
|
|
|
#define AHLT_UNKNOWN 0x0
|
|
|
|
|
#define AHLT_VCMX_802_3_FCS 0x1 /* VCMX: 802.3 FCS */
|
|
|
|
|
#define AHLT_LANE_LE_CTRL 0x1 /* LANE: LE Ctrl */
|
|
|
|
|
#define AHLT_IPSILON_FT0 0x1 /* Ipsilon: Flow Type 0 */
|
|
|
|
|
#define AHLT_VCMX_802_4_FCS 0x2 /* VCMX: 802.4 FCS */
|
|
|
|
|
#define AHLT_LANE_802_3 0x2 /* LANE: 802.3 */
|
|
|
|
|
#define AHLT_IPSILON_FT1 0x2 /* Ipsilon: Flow Type 1 */
|
|
|
|
|
#define AHLT_VCMX_802_5_FCS 0x3 /* VCMX: 802.5 FCS */
|
|
|
|
|
#define AHLT_LANE_802_5 0x3 /* LANE: 802.5 */
|
|
|
|
|
#define AHLT_IPSILON_FT2 0x3 /* Ipsilon: Flow Type 2 */
|
|
|
|
|
#define AHLT_VCMX_FDDI_FCS 0x4 /* VCMX: FDDI FCS */
|
|
|
|
|
#define AHLT_LANE_802_3_MC 0x4 /* LANE: 802.3 multicast */
|
|
|
|
|
#define AHLT_VCMX_802_6_FCS 0x5 /* VCMX: 802.6 FCS */
|
|
|
|
|
#define AHLT_LANE_802_5_MC 0x5 /* LANE: 802.5 multicast */
|
|
|
|
|
#define AHLT_VCMX_802_3 0x7 /* VCMX: 802.3 */
|
|
|
|
|
#define AHLT_VCMX_802_4 0x8 /* VCMX: 802.4 */
|
|
|
|
|
#define AHLT_VCMX_802_5 0x9 /* VCMX: 802.5 */
|
|
|
|
|
#define AHLT_VCMX_FDDI 0xa /* VCMX: FDDI */
|
|
|
|
|
#define AHLT_VCMX_802_6 0xb /* VCMX: 802.6 */
|
|
|
|
|
#define AHLT_VCMX_FRAGMENTS 0xc /* VCMX: Fragments */
|
|
|
|
|
#define AHLT_VCMX_BPDU 0xe /* VCMX: BPDU */
|
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
union wtap_pseudo_header {
|
1999-11-11 05:36:16 +00:00
|
|
|
struct x25_phdr x25;
|
|
|
|
|
struct ngsniffer_atm_phdr ngsniffer_atm;
|
|
|
|
|
struct ascend_phdr ascend;
|
2000-09-21 04:41:37 +00:00
|
|
|
struct p2p_phdr p2p;
|
2002-04-08 09:09:49 +00:00
|
|
|
struct ieee_802_11_phdr ieee_802_11;
|
1999-08-20 06:55:20 +00:00
|
|
|
};
|
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
struct wtap_pkthdr {
|
|
|
|
|
struct timeval ts;
|
|
|
|
|
guint32 caplen;
|
|
|
|
|
guint32 len;
|
1999-01-02 06:10:55 +00:00
|
|
|
int pkt_encap;
|
1998-11-12 00:06:47 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
|
2001-10-04 08:30:36 +00:00
|
|
|
long, union wtap_pseudo_header *pseudo_header, const u_char *);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
struct wtap;
|
1999-03-01 18:57:07 +00:00
|
|
|
struct Buffer;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
struct wtap_dumper;
|
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
typedef struct wtap wtap;
|
|
|
|
|
typedef struct wtap_dumper wtap_dumper;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
|
1999-08-15 06:59:13 +00:00
|
|
|
/*
|
|
|
|
|
* On failure, "wtap_open_offline()" returns NULL, and puts into the
|
|
|
|
|
* "int" pointed to by its second argument:
|
|
|
|
|
*
|
|
|
|
|
* a positive "errno" value if the capture file can't be opened;
|
|
|
|
|
*
|
|
|
|
|
* a negative number, indicating the type of error, on other failures.
|
|
|
|
|
*/
|
2000-05-19 23:07:04 +00:00
|
|
|
struct wtap* wtap_open_offline(const char *filename, int *err, gboolean do_random);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
|
|
|
|
/* Returns TRUE if entire loop-reading was successful. If read failure
|
|
|
|
|
* happened, FALSE is returned and err is set. */
|
|
|
|
|
gboolean wtap_loop(wtap *wth, int, wtap_handler, u_char*, int *err);
|
|
|
|
|
|
|
|
|
|
/* Returns TRUE if read was successful. FALSE if failure. data_offset is
|
|
|
|
|
* set the the offset in the file where the data for the read packet is
|
|
|
|
|
* located. */
|
2001-10-04 08:30:36 +00:00
|
|
|
gboolean wtap_read(wtap *wth, int *err, long *data_offset);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
struct wtap_pkthdr *wtap_phdr(wtap *wth);
|
|
|
|
|
union wtap_pseudo_header *wtap_pseudoheader(wtap *wth);
|
|
|
|
|
guint8 *wtap_buf_ptr(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-09-23 04:39:01 +00:00
|
|
|
int wtap_fd(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
int wtap_snapshot_length(wtap *wth); /* per file */
|
|
|
|
|
int wtap_file_type(wtap *wth);
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
int wtap_file_encap(wtap *wth);
|
1999-12-05 01:24:54 +00:00
|
|
|
|
1999-12-04 08:51:52 +00:00
|
|
|
const char *wtap_file_type_string(int filetype);
|
1999-12-04 21:20:09 +00:00
|
|
|
const char *wtap_file_type_short_string(int filetype);
|
|
|
|
|
int wtap_short_string_to_file_type(const char *short_name);
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
|
const char *wtap_encap_string(int encap);
|
|
|
|
|
const char *wtap_encap_short_string(int encap);
|
|
|
|
|
int wtap_short_string_to_encap(const char *short_name);
|
|
|
|
|
|
1999-08-22 02:52:48 +00:00
|
|
|
const char *wtap_strerror(int err);
|
2000-05-18 09:09:50 +00:00
|
|
|
void wtap_sequential_close(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
void wtap_close(wtap *wth);
|
2002-03-05 08:40:27 +00:00
|
|
|
gboolean wtap_seek_read (wtap *wth, long seek_off,
|
2002-03-05 05:58:41 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header, guint8 *pd, int len, int *err);
|
2002-03-05 08:40:27 +00:00
|
|
|
gboolean wtap_def_seek_read (wtap *wth, long seek_off,
|
2002-03-05 05:58:41 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header, guint8 *pd, int len, int *err);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-12-04 08:32:14 +00:00
|
|
|
gboolean wtap_dump_can_open(int filetype);
|
|
|
|
|
gboolean wtap_dump_can_write_encap(int filetype, int encap);
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
|
|
|
|
|
int snaplen, int *err);
|
|
|
|
|
wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
|
|
|
|
|
int *err);
|
2000-05-18 09:09:50 +00:00
|
|
|
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
|
2000-05-19 23:07:04 +00:00
|
|
|
const union wtap_pseudo_header *pseudo_header, const u_char *, int *err);
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
FILE* wtap_dump_file(wtap_dumper *);
|
1999-12-04 05:22:21 +00:00
|
|
|
gboolean wtap_dump_close(wtap_dumper *, int *);
|
2001-12-04 08:26:00 +00:00
|
|
|
long wtap_get_bytes_dumped(wtap_dumper *);
|
|
|
|
|
void wtap_set_bytes_dumped(wtap_dumper *wdh, long bytes_dumped);
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
|
|
|
|
|
/* XXX - needed until "wiretap" can do live packet captures */
|
|
|
|
|
int wtap_pcap_encap_to_wtap_encap(int encap);
|
|
|
|
|
|
1999-08-18 04:41:20 +00:00
|
|
|
/*
|
|
|
|
|
* Wiretap error codes.
|
|
|
|
|
*/
|
|
|
|
|
#define WTAP_ERR_NOT_REGULAR_FILE -1
|
|
|
|
|
/* The file being opened for reading isn't a plain file */
|
|
|
|
|
#define WTAP_ERR_FILE_UNKNOWN_FORMAT -2
|
|
|
|
|
/* The file being opened is not a capture file in a known format */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#define WTAP_ERR_UNSUPPORTED -3
|
|
|
|
|
/* Supported file type, but there's something in the file we
|
|
|
|
|
can't support */
|
|
|
|
|
#define WTAP_ERR_CANT_OPEN -4
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The file couldn't be opened, reason unknown */
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
#define WTAP_ERR_UNSUPPORTED_FILE_TYPE -5
|
1999-08-18 04:41:20 +00:00
|
|
|
/* Wiretap can't save files in the specified format */
|
1999-08-22 03:50:31 +00:00
|
|
|
#define WTAP_ERR_UNSUPPORTED_ENCAP -6
|
2000-02-19 08:00:08 +00:00
|
|
|
/* Wiretap can't read or save files in the specified format with the
|
1999-08-22 03:50:31 +00:00
|
|
|
specified encapsulation */
|
|
|
|
|
#define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -7
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The specified format doesn't support per-packet encapsulations */
|
1999-08-22 03:50:31 +00:00
|
|
|
#define WTAP_ERR_CANT_CLOSE -8
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The file couldn't be closed, reason unknown */
|
1999-08-22 03:50:31 +00:00
|
|
|
#define WTAP_ERR_CANT_READ -9
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* An attempt to read failed, reason unknown */
|
1999-08-22 03:50:31 +00:00
|
|
|
#define WTAP_ERR_SHORT_READ -10
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* An attempt to read read less data than it should have */
|
1999-08-22 03:50:31 +00:00
|
|
|
#define WTAP_ERR_BAD_RECORD -11
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* We read an invalid record */
|
1999-08-22 03:50:31 +00:00
|
|
|
#define WTAP_ERR_SHORT_WRITE -12
|
1999-08-18 04:41:20 +00:00
|
|
|
/* An attempt to write wrote less data than it should have */
|
2000-05-25 09:00:24 +00:00
|
|
|
#define WTAP_ERR_UNC_TRUNCATED -13
|
|
|
|
|
/* Sniffer compressed data was oddly truncated */
|
|
|
|
|
#define WTAP_ERR_UNC_OVERFLOW -14
|
|
|
|
|
/* Uncompressing Sniffer data would overflow buffer */
|
|
|
|
|
#define WTAP_ERR_UNC_BAD_OFFSET -15
|
|
|
|
|
/* LZ77 compressed data has bad offset to string */
|
1999-08-18 04:41:20 +00:00
|
|
|
|
1999-10-05 07:06:08 +00:00
|
|
|
/* Errors from zlib; zlib error Z_xxx turns into Wiretap error
|
|
|
|
|
WTAP_ERR_ZLIB + Z_xxx.
|
|
|
|
|
|
|
|
|
|
WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
|
|
|
|
|
errors; we leave room for 100 positive and 100 negative error
|
|
|
|
|
codes. */
|
|
|
|
|
|
|
|
|
|
#define WTAP_ERR_ZLIB -200
|
|
|
|
|
#define WTAP_ERR_ZLIB_MAX -100
|
|
|
|
|
#define WTAP_ERR_ZLIB_MIN -300
|
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif /* __WTAP_H__ */
|