2003-08-26 07:10:39 +00:00
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2003 Endace Technology Ltd, Hamilton, New Zealand.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This software and documentation has been developed by Endace Technology Ltd.
|
|
|
|
|
* along with the DAG PCI network capture cards. For further information please
|
|
|
|
|
* visit http://www.endace.com/.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
*
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* 3. The name of Endace Technology Ltd may not be used to endorse or promote
|
|
|
|
|
* products derived from this software without specific prior written
|
|
|
|
|
* permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY ENDACE TECHNOLOGY LTD ``AS IS'' AND ANY EXPRESS
|
|
|
|
|
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
|
|
|
* EVENT SHALL ENDACE TECHNOLOGY LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
|
|
|
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
|
|
|
|
|
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2003-08-26 07:10:39 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef __W_ERF_H__
|
|
|
|
|
#define __W_ERF_H__
|
|
|
|
|
|
|
|
|
|
/* Record type defines */
|
From Stephen Donnelly of Endace:
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
2007-06-08 17:06:13 +00:00
|
|
|
#define TYPE_LEGACY 0
|
|
|
|
|
#define TYPE_HDLC_POS 1
|
|
|
|
|
#define TYPE_ETH 2
|
|
|
|
|
#define TYPE_ATM 3
|
|
|
|
|
#define TYPE_AAL5 4
|
|
|
|
|
#define TYPE_MC_HDLC 5
|
|
|
|
|
#define TYPE_MC_RAW 6
|
|
|
|
|
#define TYPE_MC_ATM 7
|
|
|
|
|
#define TYPE_MC_RAW_CHANNEL 8
|
|
|
|
|
#define TYPE_MC_AAL5 9
|
|
|
|
|
#define TYPE_COLOR_HDLC_POS 10
|
|
|
|
|
#define TYPE_COLOR_ETH 11
|
|
|
|
|
#define TYPE_MC_AAL2 12
|
|
|
|
|
#define TYPE_IP_COUNTER 13
|
|
|
|
|
#define TYPE_TCP_FLOW_COUNTER 14
|
|
|
|
|
#define TYPE_DSM_COLOR_HDLC_POS 15
|
|
|
|
|
#define TYPE_DSM_COLOR_ETH 16
|
|
|
|
|
#define TYPE_COLOR_MC_HDLC_POS 17
|
|
|
|
|
#define TYPE_AAL2 18
|
|
|
|
|
|
|
|
|
|
#define TYPE_PAD 48
|
|
|
|
|
|
|
|
|
|
#define TYPE_MIN 1 /* sanity checking */
|
|
|
|
|
#define TYPE_MAX 48 /* sanity checking */
|
2003-08-26 07:10:39 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The timestamp is 64bit unsigned fixed point little-endian value with
|
2005-08-26 19:40:46 +00:00
|
|
|
* 32 bits for second and 32 bits for fraction.
|
2003-08-26 07:10:39 +00:00
|
|
|
*/
|
|
|
|
|
typedef guint64 erf_timestamp_t;
|
|
|
|
|
|
|
|
|
|
typedef struct erf_record {
|
|
|
|
|
erf_timestamp_t ts;
|
|
|
|
|
guint8 type;
|
|
|
|
|
guint8 flags;
|
|
|
|
|
guint16 rlen;
|
|
|
|
|
guint16 lctr;
|
|
|
|
|
guint16 wlen;
|
|
|
|
|
} erf_header_t;
|
|
|
|
|
|
|
|
|
|
#define MAX_RECORD_LEN 0x10000 /* 64k */
|
|
|
|
|
#define RECORDS_FOR_ERF_CHECK 3
|
|
|
|
|
#define FCS_BITS 32
|
|
|
|
|
|
|
|
|
|
#ifndef min
|
|
|
|
|
#define min(a, b) ((a) > (b) ? (b) : (a))
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ATM snaplength
|
|
|
|
|
*/
|
|
|
|
|
#define ATM_SNAPLEN 48
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Size of ATM payload
|
|
|
|
|
*/
|
|
|
|
|
#define ATM_SLEN(h, e) ATM_SNAPLEN
|
|
|
|
|
#define ATM_WLEN(h, e) ATM_SNAPLEN
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Size of Ethernet payload
|
|
|
|
|
*/
|
|
|
|
|
#define ETHERNET_WLEN(h, e) (g_htons((h)->wlen))
|
|
|
|
|
#define ETHERNET_SLEN(h, e) min(ETHERNET_WLEN(h, e), g_htons((h)->rlen) - sizeof(*(h)) - 2)
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Size of HDLC payload
|
|
|
|
|
*/
|
|
|
|
|
#define HDLC_WLEN(h, e) (g_htons((h)->wlen))
|
|
|
|
|
#define HDLC_SLEN(h, e) min(HDLC_WLEN(h, e), g_htons((h)->rlen) - sizeof(*(h)))
|
|
|
|
|
|
2007-02-18 11:32:54 +00:00
|
|
|
/*
|
|
|
|
|
* Size of MC_HDLC payload
|
|
|
|
|
*/
|
|
|
|
|
#define MC_HDLC_WLEN(h, e) (g_htons((h)->wlen))
|
From Stephen Donnelly of Endace:
The code for reading ERF files has not been significantly
updated since 2004. This patch brings it up to date with a
number of changes.
1) Increase number of decodable ERF types from 7 to 12. This
covers newer DAG card models and firmware updates.
2) Fix timestamp conversion. Was calculating only microsecond
precision, now displaying with nanosecond resolution. Hardware
precision is 7.5 to 30 ns depending on model.
3) Allow the user to specify HDLC encapsulation as 'chdlc',
'ppp_serial', 'frelay' or 'mtp2'. This is needed because the
ERF HDLC capture formats do not include information on what
protocol is used at the next level. This is currently done via
an environment variable 'ERF_HDLC_ENCAP' and is analagous to the
existing 'ERF_ATM_ENCAP' variable.
If the user does not specify an HDLC encapsulation it tries to
guess, and falls back to MTP2 for backwards compatibility with
Florent's existing behaviour.
I know environment variables are ugly, suggestions are welcome.
4) When reading HDLC captures as MTP2, use
WTAP_ENCAP_MTP2_WITH_PHDR rather than WTAP_ENCAP_MTP2. This
allows us to put the 'Multi-Channel ERF' record 'channel
number' field into the MTP2 pseudo header > 'link_number'
field. This is then displayed in Frame information, and can
be filtered on. (Would be nice if it could be made a display
column?)
Because the ERF record does not specify whether Annex A is used
or not, we pass MTP2_ANNEX_A_USED_UNKNOWN and allow the existing
user preference to decide.
Move the MTP2_ANNEX_A_ definitions into Wiretap, make the annex_a_used
field a guint8, and change MTP2_ANNEX_A_USED_UNKNOWN to 2 so it fits in
a guint8. (This means that if you can save an ERF MTP2 file as a
libpcap file, the pseudo-header will have MTP2_ANNEX_A_USED_UNKNOWN in
it.)
svn path=/trunk/; revision=22067
2007-06-08 17:06:13 +00:00
|
|
|
#define MC_HDLC_SLEN(h, e) min(MC_HDLC_WLEN(h, e), g_htons((h)->rlen) - sizeof(*(h)) )
|
2007-02-18 11:32:54 +00:00
|
|
|
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
int erf_open(wtap *wth, int *err, gchar **err_info);
|
2003-08-26 07:10:39 +00:00
|
|
|
|
|
|
|
|
#endif /* __W_ERF_H__ */
|