1998-11-15 05:29:17 +00:00
|
|
|
/* libpcap.h
|
|
|
|
*
|
2002-02-27 08:57:25 +00:00
|
|
|
* $Id: libpcap.h,v 1.12 2002/02/27 08:57:25 guy Exp $
|
1998-11-15 05:29:17 +00:00
|
|
|
*
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
1998-11-15 05:29:17 +00:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
2000-08-11 13:37:21 +00:00
|
|
|
#ifndef __W_LIBPCAP_H__
|
|
|
|
#define __W_LIBPCAP_H__
|
|
|
|
|
2000-07-30 16:54:12 +00:00
|
|
|
/* Magic numbers in "libpcap" files.
|
|
|
|
|
|
|
|
"libpcap" file records are written in the byte order of the host that
|
|
|
|
writes them, and the reader is expected to fix this up.
|
|
|
|
|
|
|
|
PCAP_MAGIC is the magic number, in host byte order; PCAP_SWAPPED_MAGIC
|
|
|
|
is a byte-swapped version of that.
|
|
|
|
|
|
|
|
PCAP_MODIFIED_MAGIC is for Alexey Kuznetsov's modified "libpcap"
|
|
|
|
format, as generated on Linux systems that have a "libpcap" with
|
|
|
|
his patches, at
|
|
|
|
|
|
|
|
http://ftp.sunet.se/pub/os/Linux/ip-routing/lbl-tools/
|
|
|
|
|
|
|
|
applied; PCAP_SWAPPED_MODIFIED_MAGIC is the byte-swapped version. */
|
|
|
|
#define PCAP_MAGIC 0xa1b2c3d4
|
|
|
|
#define PCAP_SWAPPED_MAGIC 0xd4c3b2a1
|
|
|
|
#define PCAP_MODIFIED_MAGIC 0xa1b2cd34
|
|
|
|
#define PCAP_SWAPPED_MODIFIED_MAGIC 0x34cdb2a1
|
|
|
|
|
|
|
|
/* "libpcap" file header (minus magic number). */
|
|
|
|
struct pcap_hdr {
|
|
|
|
guint16 version_major; /* major version number */
|
|
|
|
guint16 version_minor; /* minor version number */
|
|
|
|
gint32 thiszone; /* GMT to local correction */
|
|
|
|
guint32 sigfigs; /* accuracy of timestamps */
|
|
|
|
guint32 snaplen; /* max length of captured packets, in octets */
|
|
|
|
guint32 network; /* data link type */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* "libpcap" record header. */
|
|
|
|
struct pcaprec_hdr {
|
|
|
|
guint32 ts_sec; /* timestamp seconds */
|
|
|
|
guint32 ts_usec; /* timestamp microseconds */
|
|
|
|
guint32 incl_len; /* number of octets of packet saved in file */
|
|
|
|
guint32 orig_len; /* actual length of packet */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* "libpcap" record header for Alexey's patched version. */
|
|
|
|
struct pcaprec_modified_hdr {
|
|
|
|
struct pcaprec_hdr hdr; /* the regular header */
|
|
|
|
guint32 ifindex; /* index, in *capturing* machine's list of
|
|
|
|
interfaces, of the interface on which this
|
|
|
|
packet came in. */
|
|
|
|
guint16 protocol; /* Ethernet packet type */
|
|
|
|
guint8 pkt_type; /* broadcast/multicast/etc. indication */
|
|
|
|
guint8 pad; /* pad to a 4-byte boundary */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* "libpcap" record header for Alexey's patched version in its ss990915
|
|
|
|
incarnation; this version shows up in SuSE Linux 6.3. */
|
|
|
|
struct pcaprec_ss990915_hdr {
|
|
|
|
struct pcaprec_hdr hdr; /* the regular header */
|
|
|
|
guint32 ifindex; /* index, in *capturing* machine's list of
|
|
|
|
interfaces, of the interface on which this
|
|
|
|
packet came in. */
|
|
|
|
guint16 protocol; /* Ethernet packet type */
|
|
|
|
guint8 pkt_type; /* broadcast/multicast/etc. indication */
|
|
|
|
guint8 cpu1, cpu2; /* SMP debugging gunk? */
|
|
|
|
guint8 pad[3]; /* pad to a 4-byte boundary */
|
|
|
|
};
|
|
|
|
|
2000-09-15 07:52:43 +00:00
|
|
|
/* "libpcap" record header for version used on some Nokia boxes (firewalls?) */
|
|
|
|
struct pcaprec_nokia_hdr {
|
|
|
|
struct pcaprec_hdr hdr; /* the regular header */
|
|
|
|
guint8 stuff[4]; /* mysterious stuff */
|
|
|
|
};
|
|
|
|
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
int libpcap_open(wtap *wth, int *err);
|
1999-12-04 05:14:39 +00:00
|
|
|
gboolean libpcap_dump_open(wtap_dumper *wdh, int *err);
|
2002-02-27 08:57:25 +00:00
|
|
|
int libpcap_dump_can_write_encap(int encap);
|
2000-08-11 13:37:21 +00:00
|
|
|
|
|
|
|
#endif
|