1998-11-12 06:01:27 +00:00
|
|
|
/* wtap.h
|
|
|
|
|
*
|
1999-08-15 06:59:13 +00:00
|
|
|
* $Id: wtap.h,v 1.23 1999/08/15 06:59:13 guy Exp $
|
1998-11-12 06:01:27 +00:00
|
|
|
*
|
|
|
|
|
* Wiretap Library
|
|
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@verdict.uthscsa.edu>
|
1998-11-12 00:06:47 +00:00
|
|
|
*
|
1998-11-12 06:01:27 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*
|
1998-11-12 00:06:47 +00:00
|
|
|
*/
|
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef __WTAP_H__
|
|
|
|
|
#define __WTAP_H__
|
|
|
|
|
|
1998-12-17 06:39:13 +00:00
|
|
|
/* Encapsulation types. Choose names that truly reflect
|
1999-07-28 23:16:42 +00:00
|
|
|
* what is contained in the packet trace file.
|
|
|
|
|
*
|
|
|
|
|
* WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
|
|
|
|
|
* ATM on Linux code from <http://lrcwww.epfl.ch/linux-atm/>;
|
|
|
|
|
* that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
|
|
|
|
|
* encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
|
|
|
|
|
* presumably used on some BSD systems, which we turn into
|
|
|
|
|
* WTAP_ENCAP_ATM_RFC1483. */
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_ENCAP_NONE 0
|
|
|
|
|
#define WTAP_ENCAP_ETHERNET 1
|
|
|
|
|
#define WTAP_ENCAP_TR 2
|
|
|
|
|
#define WTAP_ENCAP_SLIP 3
|
|
|
|
|
#define WTAP_ENCAP_PPP 4
|
|
|
|
|
#define WTAP_ENCAP_FDDI 5
|
|
|
|
|
#define WTAP_ENCAP_RAW_IP 6
|
1998-11-13 05:57:39 +00:00
|
|
|
#define WTAP_ENCAP_ARCNET 7
|
1998-12-17 06:39:13 +00:00
|
|
|
#define WTAP_ENCAP_ATM_RFC1483 8
|
1999-07-28 23:16:42 +00:00
|
|
|
#define WTAP_ENCAP_LINUX_ATM_CLIP 9
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
#define WTAP_ENCAP_LAPB 10
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* last WTAP_ENCAP_ value + 1 */
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
#define WTAP_NUM_ENCAP_TYPES 11
|
1999-03-01 18:57:07 +00:00
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
/* File types that can be read by wiretap */
|
|
|
|
|
#define WTAP_FILE_UNKNOWN 0
|
|
|
|
|
#define WTAP_FILE_WTAP 1
|
|
|
|
|
#define WTAP_FILE_PCAP 2
|
|
|
|
|
#define WTAP_FILE_LANALYZER 3
|
|
|
|
|
#define WTAP_FILE_NGSNIFFER 4
|
|
|
|
|
#define WTAP_FILE_SNOOP 6
|
|
|
|
|
#define WTAP_FILE_IPTRACE 7
|
1999-01-17 09:33:15 +00:00
|
|
|
#define WTAP_FILE_NETMON 8
|
1999-02-20 06:49:27 +00:00
|
|
|
#define WTAP_FILE_NETXRAY 9
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
#define WTAP_FILE_RADCOM 10
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* Filter types that wiretap can create. An 'offline' filter is really
|
|
|
|
|
* a BPF filter, but it is treated specially because wiretap might not know
|
|
|
|
|
* in advance the datalink type(s) needed.
|
|
|
|
|
*/
|
|
|
|
|
#define WTAP_FILTER_NONE 0
|
|
|
|
|
#define WTAP_FILTER_OFFLINE 1
|
|
|
|
|
#define WTAP_FILTER_BPF 2
|
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
#include <sys/types.h>
|
1999-07-13 02:53:26 +00:00
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TIME_H
|
1998-11-12 00:06:47 +00:00
|
|
|
#include <sys/time.h>
|
1999-07-13 02:53:26 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_WINSOCK_H
|
|
|
|
|
#include <winsock.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
#include <glib.h>
|
1998-11-15 05:29:17 +00:00
|
|
|
#include <stdio.h>
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1998-11-13 05:57:39 +00:00
|
|
|
typedef struct {
|
1998-11-13 06:47:37 +00:00
|
|
|
double timeunit;
|
1998-12-13 05:08:05 +00:00
|
|
|
time_t start;
|
1998-12-17 06:39:13 +00:00
|
|
|
guint16 pkt_len;
|
|
|
|
|
guint16 size;
|
|
|
|
|
guint16 true_size;
|
|
|
|
|
double t;
|
|
|
|
|
int is_atm;
|
1998-11-13 05:57:39 +00:00
|
|
|
} ngsniffer_t;
|
|
|
|
|
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
typedef struct {
|
|
|
|
|
time_t start;
|
|
|
|
|
} radcom_t;
|
|
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
typedef struct {
|
|
|
|
|
guint16 pkt_len;
|
|
|
|
|
guint32 totpktt;
|
1998-12-13 05:08:05 +00:00
|
|
|
time_t start;
|
1998-11-12 06:01:27 +00:00
|
|
|
} lanalyzer_t;
|
|
|
|
|
|
1998-11-15 05:29:17 +00:00
|
|
|
typedef struct {
|
|
|
|
|
int byte_swapped;
|
|
|
|
|
guint16 version_major;
|
|
|
|
|
guint16 version_minor;
|
|
|
|
|
} libpcap_t;
|
|
|
|
|
|
1999-01-17 09:33:15 +00:00
|
|
|
typedef struct {
|
|
|
|
|
time_t start_secs;
|
1999-05-12 21:40:07 +00:00
|
|
|
guint32 start_usecs;
|
|
|
|
|
guint8 version_major;
|
1999-01-17 09:33:15 +00:00
|
|
|
int end_offset;
|
|
|
|
|
} netmon_t;
|
|
|
|
|
|
1999-02-20 06:49:27 +00:00
|
|
|
typedef struct {
|
1999-03-01 22:59:47 +00:00
|
|
|
time_t start_time;
|
1999-02-20 06:49:27 +00:00
|
|
|
double timeunit;
|
1999-03-01 22:59:47 +00:00
|
|
|
double start_timestamp;
|
1999-03-01 18:57:07 +00:00
|
|
|
int wrapped;
|
|
|
|
|
int end_offset;
|
1999-03-22 02:46:46 +00:00
|
|
|
int version_major;
|
1999-02-20 06:49:27 +00:00
|
|
|
} netxray_t;
|
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
struct wtap_pkthdr {
|
|
|
|
|
struct timeval ts;
|
|
|
|
|
guint32 caplen;
|
|
|
|
|
guint32 len;
|
1999-01-02 06:10:55 +00:00
|
|
|
int pkt_encap;
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
guint8 flags; /* ENCAP_LAPB : 1st bit means From DCE */
|
1998-11-12 00:06:47 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef void (*wtap_handler)(u_char*, const struct wtap_pkthdr*,
|
1998-11-15 05:29:17 +00:00
|
|
|
int, const u_char *);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
struct wtap;
|
1999-03-01 18:57:07 +00:00
|
|
|
struct bpf_instruction;
|
|
|
|
|
struct Buffer;
|
|
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
typedef int (*subtype_func)(struct wtap*);
|
|
|
|
|
typedef struct wtap {
|
1998-11-12 00:06:47 +00:00
|
|
|
FILE* fh;
|
1999-03-01 18:57:07 +00:00
|
|
|
int file_type;
|
|
|
|
|
int snapshot_length;
|
|
|
|
|
struct Buffer *frame_buffer;
|
1998-11-12 00:06:47 +00:00
|
|
|
struct wtap_pkthdr phdr;
|
|
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
union {
|
1998-11-15 05:29:17 +00:00
|
|
|
libpcap_t *pcap;
|
1998-11-12 06:01:27 +00:00
|
|
|
lanalyzer_t *lanalyzer;
|
1998-11-13 05:57:39 +00:00
|
|
|
ngsniffer_t *ngsniffer;
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
radcom_t *radcom;
|
1999-01-17 09:33:15 +00:00
|
|
|
netmon_t *netmon;
|
1999-02-20 06:49:27 +00:00
|
|
|
netxray_t *netxray;
|
1998-11-12 06:01:27 +00:00
|
|
|
} capture;
|
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
subtype_func subtype_read;
|
|
|
|
|
int file_encap; /* per-file, for those
|
|
|
|
|
file formats that have
|
|
|
|
|
per-file encapsulation
|
|
|
|
|
types */
|
1998-11-12 00:06:47 +00:00
|
|
|
} wtap;
|
|
|
|
|
|
1999-08-15 06:59:13 +00:00
|
|
|
/*
|
|
|
|
|
* On failure, "wtap_open_offline()" returns NULL, and puts into the
|
|
|
|
|
* "int" pointed to by its second argument:
|
|
|
|
|
*
|
|
|
|
|
* 0 on success;
|
|
|
|
|
*
|
|
|
|
|
* a positive "errno" value if the capture file can't be opened;
|
|
|
|
|
*
|
|
|
|
|
* a negative number, indicating the type of error, on other failures.
|
|
|
|
|
*/
|
|
|
|
|
#define WTAP_ERR_NOT_REGULAR_FILE -1 /* not a plain file */
|
|
|
|
|
#define WTAP_ERR_FILE_UNKNOWN_FORMAT -2 /* not a capture file in a known format */
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-08-15 06:59:13 +00:00
|
|
|
wtap* wtap_open_offline(const char *filename, int *err);
|
1998-11-12 00:06:47 +00:00
|
|
|
void wtap_loop(wtap *wth, int, wtap_handler, u_char*);
|
|
|
|
|
|
|
|
|
|
FILE* wtap_file(wtap *wth);
|
|
|
|
|
int wtap_snapshot_length(wtap *wth); /* per file */
|
|
|
|
|
int wtap_file_type(wtap *wth);
|
Check in Olivier Abad's patch to add dissectors for LAP-B and X.25, and
wiretap support for RADCOM Ltd.'s WAN/LAN analyzers (see
http://www.radcom-inc.com/
). Note: as I remember, IEEE 802.2/ISO 8022 LLC has somewhat of an SDLC
flavor to it, just as I think LAP, LAPB, LAPD, and so on do, so we may
be able to combine some of the LLC dissection and the LAPB dissection
into common code that could, conceivably be used for other SDLC-flavored
protocols.
Make "S" a mnemonic for "Summary" in the "Tools" menu.
Move the routine, used for the "Tools/Summary" display, that turns a
wiretap file type into a descriptive string for it into the wiretap
library itself, expand on some of its descriptions, and add an entry for
files from a RADCOM analyzer.
Have "Tools/Summary" display the snapshot length for the capture.
svn path=/trunk/; revision=416
1999-08-02 02:04:38 +00:00
|
|
|
const char *wtap_file_type_string(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
void wtap_close(wtap *wth);
|
|
|
|
|
|
|
|
|
|
/* Pointer versions of ntohs and ntohl. Given a pointer to a member of a
|
|
|
|
|
* byte array, returns the value of the two or four bytes at the pointer.
|
|
|
|
|
* The pletoh[sl] versions return the little-endian representation.
|
|
|
|
|
*/
|
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef pntohs
|
1998-11-12 00:06:47 +00:00
|
|
|
#define pntohs(p) ((guint16) \
|
|
|
|
|
((guint16)*((guint8 *)p+0)<<8| \
|
|
|
|
|
(guint16)*((guint8 *)p+1)<<0))
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef pntohl
|
1998-11-12 00:06:47 +00:00
|
|
|
#define pntohl(p) ((guint32)*((guint8 *)p+0)<<24| \
|
|
|
|
|
(guint32)*((guint8 *)p+1)<<16| \
|
|
|
|
|
(guint32)*((guint8 *)p+2)<<8| \
|
|
|
|
|
(guint32)*((guint8 *)p+3)<<0)
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-28 18:32:03 +00:00
|
|
|
#ifndef phtons
|
|
|
|
|
#define phtons(p) ((guint16) \
|
|
|
|
|
((guint16)*((guint8 *)p+0)<<8| \
|
|
|
|
|
(guint16)*((guint8 *)p+1)<<0))
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef phtonl
|
|
|
|
|
#define phtonl(p) ((guint32)*((guint8 *)p+0)<<24| \
|
|
|
|
|
(guint32)*((guint8 *)p+1)<<16| \
|
|
|
|
|
(guint32)*((guint8 *)p+2)<<8| \
|
|
|
|
|
(guint32)*((guint8 *)p+3)<<0)
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef pletohs
|
1998-11-12 00:06:47 +00:00
|
|
|
#define pletohs(p) ((guint16) \
|
|
|
|
|
((guint16)*((guint8 *)p+1)<<8| \
|
|
|
|
|
(guint16)*((guint8 *)p+0)<<0))
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef plethol
|
1998-11-12 00:06:47 +00:00
|
|
|
#define pletohl(p) ((guint32)*((guint8 *)p+3)<<24| \
|
|
|
|
|
(guint32)*((guint8 *)p+2)<<16| \
|
|
|
|
|
(guint32)*((guint8 *)p+1)<<8| \
|
|
|
|
|
(guint32)*((guint8 *)p+0)<<0)
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif /* __WTAP_H__ */
|
