forked from osmocom/wireshark
164 lines
9.3 KiB
C
164 lines
9.3 KiB
C
/* pcapng.h
|
|
*
|
|
* Wiretap Library
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
#ifndef __W_PCAPNG_H__
|
|
#define __W_PCAPNG_H__
|
|
|
|
#include <glib.h>
|
|
#include "wtap.h"
|
|
#include "ws_symbol_export.h"
|
|
|
|
/* Option codes: 16-bit field */
|
|
#define OPT_EOFOPT 0x0000
|
|
#define OPT_COMMENT 0x0001 /**< NULL if not available */
|
|
|
|
/* Section Header block (SHB) */
|
|
#define OPT_SHB_HARDWARE 0x0002 /**< NULL if not available
|
|
* UTF-8 string containing the description of the
|
|
* hardware used to create this section.
|
|
*/
|
|
#define OPT_SHB_OS 0x0003 /**< NULL if not available, UTF-8 string containing the
|
|
* name of the operating system used to create this section.
|
|
*/
|
|
#define OPT_SHB_USERAPPL 0x0004 /**< NULL if not available, UTF-8 string containing the
|
|
* name of the application used to create this section.
|
|
*/
|
|
|
|
/* Interface Description block (IDB) */
|
|
#define OPT_IDB_NAME 0x0002 /**< NULL if not available, A UTF-8 string containing the name
|
|
* of the device used to capture data.
|
|
* "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}"
|
|
*/
|
|
#define OPT_IDB_DESCR 0x0003 /**< NULL if not available, A UTF-8 string containing the description
|
|
* of the device used to capture data.
|
|
* "Broadcom NetXtreme" / "First Ethernet Interface"
|
|
*/
|
|
#define OPT_IDB_IP4ADDR 0x0004 /**< XXX: if_IPv4addr Interface network address and netmask.
|
|
* This option can be repeated multiple times within the same Interface Description Block
|
|
* when multiple IPv4 addresses are assigned to the interface.
|
|
* 192 168 1 1 255 255 255 0
|
|
*/
|
|
#define OPT_IDB_IP6ADDR 0x0005 /* XXX: if_IPv6addr Interface network address and prefix length (stored in the last byte).
|
|
* This option can be repeated multiple times within the same Interface
|
|
* Description Block when multiple IPv6 addresses are assigned to the interface.
|
|
* 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as
|
|
* "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"*/
|
|
#define OPT_IDB_MACADDR 0x0006 /* XXX: if_MACaddr Interface Hardware MAC address (48 bits). */
|
|
#define OPT_IDB_EUIADDR 0x0007 /* XXX: if_EUIaddr Interface Hardware EUI address (64 bits) */
|
|
#define OPT_IDB_SPEED 0x0008 /**< 0xFFFFFFFF if unknown
|
|
* Interface speed (in bps). 100000000 for 100Mbps
|
|
*/
|
|
#define OPT_IDB_TSRESOL 0x0009 /**< Resolution of timestamps. If the Most Significant Bit is equal to zero,
|
|
* the remaining bits indicates the resolution of the timestamp as as a
|
|
* negative power of 10 (e.g. 6 means microsecond resolution, timestamps
|
|
* are the number of microseconds since 1/1/1970). If the Most Significant Bit
|
|
* is equal to one, the remaining bits indicates the resolution has a
|
|
* negative power of 2 (e.g. 10 means 1/1024 of second).
|
|
* If this option is not present, a resolution of 10^-6 is assumed
|
|
* (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps).
|
|
*/
|
|
#define OPT_IDB_TZONE 0x000A /* XXX: if_tzone Time zone for GMT support (TODO: specify better). */
|
|
#define OPT_IDB_FILTER 0x000B /**< The filter (e.g. "capture only TCP traffic") used to capture traffic.
|
|
* The first byte of the Option Data keeps a code of the filter used
|
|
* (e.g. if this is a libpcap string, or BPF bytecode, and more).
|
|
* More details about this format will be presented in Appendix XXX (TODO).
|
|
* (TODO: better use different options for different fields?
|
|
* e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5"
|
|
*/
|
|
#define OPT_IDB_OS 0x000C /**< NULL if not available, A UTF-8 string containing the name of the operating system of the
|
|
* machine in which this interface is installed.
|
|
* This can be different from the same information that can be
|
|
* contained by the Section Header Block
|
|
* (Section 3.1 (Section Header Block (mandatory))) because
|
|
* the capture can have been done on a remote machine.
|
|
* "Windows XP SP2" / "openSUSE 10.2"
|
|
*/
|
|
#define OPT_IDB_FCSLEN 0x000D /**< An integer value that specified the length of the
|
|
* Frame Check Sequence (in bits) for this interface.
|
|
* For link layers whose FCS length can change during time,
|
|
* the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word))
|
|
*/
|
|
#define OPT_IDB_TSOFFSET 0x000E /**< XXX: A 64 bits integer value that specifies an offset (in seconds)
|
|
* that must be added to the timestamp of each packet to obtain
|
|
* the absolute timestamp of a packet. If the option is missing,
|
|
* the timestamps stored in the packet must be considered absolute
|
|
* timestamps. The time zone of the offset can be specified with the
|
|
* option if_tzone. TODO: won't a if_tsoffset_low for fractional
|
|
* second offsets be useful for highly syncronized capture systems?
|
|
*/
|
|
|
|
#define OPT_ISB_STARTTIME 0x0002
|
|
#define OPT_ISB_ENDTIME 0x0003
|
|
#define OPT_ISB_IFRECV 0x0004
|
|
#define OPT_ISB_IFDROP 0x0005
|
|
#define OPT_ISB_FILTERACCEPT 0x0006
|
|
#define OPT_ISB_OSDROP 0x0007
|
|
#define OPT_ISB_USRDELIV 0x0008
|
|
|
|
/* pcapng: common block header file encoding for every block type */
|
|
typedef struct pcapng_block_header_s {
|
|
guint32 block_type;
|
|
guint32 block_total_length;
|
|
/* x bytes block_body */
|
|
/* guint32 block_total_length */
|
|
} pcapng_block_header_t;
|
|
|
|
/* pcapng: section header block file encoding */
|
|
typedef struct pcapng_section_header_block_s {
|
|
/* pcapng_block_header_t */
|
|
guint32 magic;
|
|
guint16 version_major;
|
|
guint16 version_minor;
|
|
guint64 section_length; /* might be -1 for unknown */
|
|
/* ... Options ... */
|
|
} pcapng_section_header_block_t;
|
|
|
|
/* pcapng: interface description block file encoding */
|
|
typedef struct pcapng_interface_description_block_s {
|
|
guint16 linktype;
|
|
guint16 reserved;
|
|
guint32 snaplen;
|
|
/* ... Options ... */
|
|
} pcapng_interface_description_block_t;
|
|
|
|
/* pcapng: interface statistics block file encoding */
|
|
typedef struct pcapng_interface_statistics_block_s {
|
|
guint32 interface_id;
|
|
guint32 timestamp_high;
|
|
guint32 timestamp_low;
|
|
/* ... Options ... */
|
|
} pcapng_interface_statistics_block_t;
|
|
|
|
struct pcapng_option_header {
|
|
guint16 type;
|
|
guint16 value_length;
|
|
};
|
|
|
|
/*
|
|
* Minimum IDB size = minimum block size + size of fixed length portion of IDB.
|
|
*/
|
|
#define MIN_IDB_SIZE ((guint32)(MIN_BLOCK_SIZE + sizeof(pcapng_interface_description_block_t)))
|
|
|
|
wtap_open_return_val pcapng_open(wtap *wth, int *err, gchar **err_info);
|
|
gboolean pcapng_dump_open(wtap_dumper *wdh, int *err);
|
|
int pcapng_dump_can_write_encap(int encap);
|
|
|
|
#endif
|