1998-11-12 06:01:27 +00:00
|
|
|
/* wtap.h
|
|
|
|
*
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
* $Id: wtap.h,v 1.148 2004/01/25 21:55:17 guy Exp $
|
1998-11-12 06:01:27 +00:00
|
|
|
*
|
|
|
|
* Wiretap Library
|
2001-11-13 23:55:44 +00:00
|
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1998-11-12 06:01:27 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1998-11-12 06:01:27 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 20:30:45 +00:00
|
|
|
*
|
1998-11-12 06:01:27 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
1998-11-12 00:06:47 +00:00
|
|
|
*/
|
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#ifndef __WTAP_H__
|
|
|
|
#define __WTAP_H__
|
|
|
|
|
2002-07-29 06:09:59 +00:00
|
|
|
#ifdef HAVE_SYS_TIME_H
|
|
|
|
#include <sys/time.h>
|
|
|
|
#endif
|
|
|
|
|
2002-07-31 22:41:34 +00:00
|
|
|
#ifdef HAVE_WINSOCK2_H
|
|
|
|
# include <winsock2.h>
|
|
|
|
#endif
|
|
|
|
|
2002-07-29 06:09:59 +00:00
|
|
|
#include <glib.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
1998-12-17 06:39:13 +00:00
|
|
|
/* Encapsulation types. Choose names that truly reflect
|
1999-07-28 23:16:42 +00:00
|
|
|
* what is contained in the packet trace file.
|
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
|
1999-09-22 01:26:50 +00:00
|
|
|
* "wtap_dump_fd_open()" to indicate that there is no single encapsulation
|
1999-08-22 02:29:40 +00:00
|
|
|
* type for all packets in the file; this may cause those routines to
|
|
|
|
* fail if the capture file format being written can't support that.
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
* It's also returned by "wtap_file_encap()" for capture files that
|
|
|
|
* don't have a single encapsulation type for all packets in the file.
|
1999-08-22 02:29:40 +00:00
|
|
|
*
|
|
|
|
* WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
|
|
|
|
* if it's handed an unknown encapsulation.
|
|
|
|
*
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
* WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
|
|
|
|
* MAC addresses you get from the hardware are bit-swapped. Ideally,
|
|
|
|
* the driver would tell us that, but I know of none that do, so, for
|
|
|
|
* now, we base it on the machine on which we're *reading* the
|
|
|
|
* capture, rather than on the machine on which the capture was taken
|
|
|
|
* (they're probably likely to be the same). We assume that they're
|
|
|
|
* bit-swapped on everything except for systems running Ultrix, Alpha
|
|
|
|
* systems, and BSD/OS systems (that's what "tcpdump" does; I guess
|
|
|
|
* Digital decided to bit-swap addresses in the hardware or in the
|
|
|
|
* driver, and I guess BSDI bit-swapped them in the driver, given that
|
|
|
|
* BSD/OS generally runs on Boring Old PC's). If we create a wiretap
|
|
|
|
* save file format, we'd use the WTAP_ENCAP values to flag the
|
|
|
|
* encapsulation of a packet, so there we'd at least be able to base
|
|
|
|
* it on the machine on which the capture was taken.
|
|
|
|
*
|
1999-07-28 23:16:42 +00:00
|
|
|
* WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
|
2001-09-23 21:55:21 +00:00
|
|
|
* ATM on Linux code from <http://linux-atm.sourceforge.net/>;
|
1999-07-28 23:16:42 +00:00
|
|
|
* that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
|
|
|
|
* encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
|
|
|
|
* presumably used on some BSD systems, which we turn into
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
* WTAP_ENCAP_ATM_RFC1483.
|
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
|
|
|
|
* corresponds to
|
1999-08-18 17:08:47 +00:00
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* 1) PPP-over-HDLC encapsulation, at least with some versions
|
|
|
|
* of ISDN4BSD (but not the current ones, it appears, unless
|
|
|
|
* I've missed something);
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
*
|
1999-08-22 02:29:40 +00:00
|
|
|
* 2) a 4-byte header containing the AF_ address family, in
|
|
|
|
* the byte order of the machine that saved the capture,
|
|
|
|
* for the packet, as used on many BSD systems for the
|
2002-02-01 00:10:03 +00:00
|
|
|
* loopback device and some other devices, or a 4-byte header
|
|
|
|
* containing the AF_ address family in network byte order,
|
|
|
|
* as used on recent OpenBSD systems for the loopback device;
|
1999-08-22 02:29:40 +00:00
|
|
|
*
|
|
|
|
* 3) a 4-byte header containing 2 octets of 0 and an Ethernet
|
|
|
|
* type in the byte order from an Ethernet header, that being
|
2002-02-01 00:10:03 +00:00
|
|
|
* what older versions of "libpcap" on Linux turn the Ethernet
|
|
|
|
* header for loopback interfaces into (0.6.0 and later versions
|
|
|
|
* leave the Ethernet header alone and make it DLT_EN10MB). */
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
#define WTAP_ENCAP_PER_PACKET -1
|
1999-08-22 02:29:40 +00:00
|
|
|
#define WTAP_ENCAP_UNKNOWN 0
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_ENCAP_ETHERNET 1
|
2000-09-21 04:41:37 +00:00
|
|
|
#define WTAP_ENCAP_TOKEN_RING 2
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_ENCAP_SLIP 3
|
|
|
|
#define WTAP_ENCAP_PPP 4
|
|
|
|
#define WTAP_ENCAP_FDDI 5
|
Add a new Wiretap encapsulation type WTAP_ENCAP_FDDI_BITSWAPPED, meaning
"FDDI with the MAC addresses bit-swapped"; whether the MAC addresses are
bit-swapped is a property of the machine on which the capture was taken,
not of the machine on which the capture is being read - right now, none
of the capture file formats we read indicate whether FDDI MAC addresses
are bit-swapped, but this does let us treat non-"libpcap" captures as
being bit-swapped or not bit-swapped independent of the machine on which
they're being read (and of the machine on which they were captured, but
I have the impression they're bit-swapped on most platforms), and allows
us to, if, as, and when we implement packet capture in Wiretap, mark
packets in a capture file written in Wiretap-native format based on the
machine on which they are captured (assuming the rule "Ultrix, Alpha,
and BSD/OS are the only platforms that don't bit-swap", or some other
compile-time rule, gets the right answer, or that some platform has
drivers that can tell us whether the addresses are bit-swapped).
(NOTE: if, for any of the capture file formats used only on one
platform, FDDI MAC addresses aren't bit-swapped, the code to read that
capture file format should be fixed to flag them as not bit-swapped.)
Use the encapsulation type to decide whether to bit-swap addresses in
"dissect_fddi()".
svn path=/trunk/; revision=557
1999-08-24 03:19:34 +00:00
|
|
|
#define WTAP_ENCAP_FDDI_BITSWAPPED 6
|
|
|
|
#define WTAP_ENCAP_RAW_IP 7
|
|
|
|
#define WTAP_ENCAP_ARCNET 8
|
2003-01-23 04:04:01 +00:00
|
|
|
#define WTAP_ENCAP_ARCNET_LINUX 9
|
|
|
|
#define WTAP_ENCAP_ATM_RFC1483 10
|
|
|
|
#define WTAP_ENCAP_LINUX_ATM_CLIP 11
|
|
|
|
#define WTAP_ENCAP_LAPB 12
|
|
|
|
#define WTAP_ENCAP_ATM_PDUS 13
|
|
|
|
#define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
|
|
|
|
#define WTAP_ENCAP_NULL 15
|
|
|
|
#define WTAP_ENCAP_ASCEND 16
|
|
|
|
#define WTAP_ENCAP_ISDN 17
|
|
|
|
#define WTAP_ENCAP_IP_OVER_FC 18
|
|
|
|
#define WTAP_ENCAP_PPP_WITH_PHDR 19
|
|
|
|
#define WTAP_ENCAP_IEEE_802_11 20
|
|
|
|
#define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 21
|
|
|
|
#define WTAP_ENCAP_SLL 22
|
|
|
|
#define WTAP_ENCAP_FRELAY 23
|
2003-01-31 01:02:14 +00:00
|
|
|
#define WTAP_ENCAP_FRELAY_WITH_PHDR 24
|
|
|
|
#define WTAP_ENCAP_CHDLC 25
|
|
|
|
#define WTAP_ENCAP_CISCO_IOS 26
|
|
|
|
#define WTAP_ENCAP_LOCALTALK 27
|
|
|
|
#define WTAP_ENCAP_PRISM_HEADER 28
|
2003-05-15 07:14:46 +00:00
|
|
|
#define WTAP_ENCAP_OLD_PFLOG 29
|
2003-01-31 01:02:14 +00:00
|
|
|
#define WTAP_ENCAP_HHDLC 30
|
|
|
|
#define WTAP_ENCAP_DOCSIS 31
|
|
|
|
#define WTAP_ENCAP_COSINE 32
|
|
|
|
#define WTAP_ENCAP_WLAN_HEADER 33
|
|
|
|
#define WTAP_ENCAP_WFLEET_HDLC 34
|
|
|
|
#define WTAP_ENCAP_SDLC 35
|
|
|
|
#define WTAP_ENCAP_TZSP 36
|
2003-03-08 09:11:53 +00:00
|
|
|
#define WTAP_ENCAP_ENC 37
|
2003-05-15 07:14:46 +00:00
|
|
|
#define WTAP_ENCAP_PFLOG 38
|
2003-10-25 07:17:28 +00:00
|
|
|
#define WTAP_ENCAP_CHDLC_WITH_PHDR 39
|
2003-10-30 03:11:03 +00:00
|
|
|
#define WTAP_ENCAP_BLUETOOTH_H4 40
|
2003-12-03 22:40:39 +00:00
|
|
|
#define WTAP_ENCAP_MTP2 41
|
|
|
|
#define WTAP_ENCAP_MTP3 42
|
2003-12-18 19:07:14 +00:00
|
|
|
#define WTAP_ENCAP_IRDA 43
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
/* last WTAP_ENCAP_ value + 1 */
|
2003-12-18 19:07:14 +00:00
|
|
|
#define WTAP_NUM_ENCAP_TYPES 44
|
1999-03-01 18:57:07 +00:00
|
|
|
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
/* File types that can be read by wiretap.
|
2000-09-15 07:52:43 +00:00
|
|
|
We support writing some many of these file types, too, so we
|
|
|
|
distinguish between different versions of them. */
|
1998-11-12 00:06:47 +00:00
|
|
|
#define WTAP_FILE_UNKNOWN 0
|
|
|
|
#define WTAP_FILE_WTAP 1
|
|
|
|
#define WTAP_FILE_PCAP 2
|
2000-07-26 06:04:34 +00:00
|
|
|
#define WTAP_FILE_PCAP_SS990417 3
|
|
|
|
#define WTAP_FILE_PCAP_SS990915 4
|
|
|
|
#define WTAP_FILE_PCAP_SS991029 5
|
2000-09-15 07:52:43 +00:00
|
|
|
#define WTAP_FILE_PCAP_NOKIA 6
|
Add in some heuristics to try to detect AIX libpcap format. (This works
with one capture I've seen, but perhaps that was done with an old
version of AIX, and newer versions use a minor version number, in the
file, of 4.
However, libpcap hasn't used a minor version of 2 for ages, so perhaps
AIX hasn't updated their libpcap in ages, and aren't about to do so
soon. If they do, let's hope they change the magic number. The capture
file in question *does* have the capture length and real length in the
old, pre-2.3, order, so it really looks as if it's an old version,
rather than IBM trying to be "helpful" by using a different minor
version number so that you can distinguish between normal libpcap and
AIX libpcap formats.)
svn path=/trunk/; revision=4164
2001-11-06 01:55:14 +00:00
|
|
|
#define WTAP_FILE_PCAP_AIX 7
|
|
|
|
#define WTAP_FILE_LANALYZER 8
|
|
|
|
#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 9
|
|
|
|
#define WTAP_FILE_NGSNIFFER_COMPRESSED 10
|
|
|
|
#define WTAP_FILE_SNOOP 11
|
2002-12-05 22:33:11 +00:00
|
|
|
#define WTAP_FILE_SHOMITI 12
|
|
|
|
#define WTAP_FILE_IPTRACE_1_0 13
|
|
|
|
#define WTAP_FILE_IPTRACE_2_0 14
|
|
|
|
#define WTAP_FILE_NETMON_1_x 15
|
|
|
|
#define WTAP_FILE_NETMON_2_x 16
|
|
|
|
#define WTAP_FILE_NETXRAY_OLD 17
|
|
|
|
#define WTAP_FILE_NETXRAY_1_0 18
|
|
|
|
#define WTAP_FILE_NETXRAY_1_1 19
|
|
|
|
#define WTAP_FILE_NETXRAY_2_00x 20
|
|
|
|
#define WTAP_FILE_RADCOM 21
|
|
|
|
#define WTAP_FILE_ASCEND 22
|
|
|
|
#define WTAP_FILE_NETTL 23
|
|
|
|
#define WTAP_FILE_TOSHIBA 24
|
|
|
|
#define WTAP_FILE_I4BTRACE 25
|
|
|
|
#define WTAP_FILE_CSIDS 26
|
|
|
|
#define WTAP_FILE_PPPDUMP 27
|
|
|
|
#define WTAP_FILE_ETHERPEEK_V56 28
|
|
|
|
#define WTAP_FILE_ETHERPEEK_V7 29
|
|
|
|
#define WTAP_FILE_VMS 30
|
|
|
|
#define WTAP_FILE_DBS_ETHERWATCH 31
|
|
|
|
#define WTAP_FILE_VISUAL_NETWORKS 32
|
|
|
|
#define WTAP_FILE_COSINE 33
|
2003-07-29 19:42:01 +00:00
|
|
|
#define WTAP_FILE_5VIEWS 34
|
2003-08-26 07:10:39 +00:00
|
|
|
#define WTAP_FILE_ERF 35
|
2003-10-30 03:11:03 +00:00
|
|
|
#define WTAP_FILE_HCIDUMP 36
|
2003-10-31 00:43:21 +00:00
|
|
|
#define WTAP_FILE_NETWORK_INSTRUMENTS_V9 37
|
2003-12-02 19:37:05 +00:00
|
|
|
#define WTAP_FILE_AIROPEEK_V9 38
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-12-04 08:32:14 +00:00
|
|
|
/* last WTAP_FILE_ value + 1 */
|
2003-12-02 19:37:05 +00:00
|
|
|
#define WTAP_NUM_FILE_TYPES 39
|
1999-12-04 08:32:14 +00:00
|
|
|
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
/*
|
|
|
|
* Maximum packet size we'll support.
|
2003-06-25 17:35:17 +00:00
|
|
|
* It must be at least 65535.
|
DLT_NULL, from "libpcap", means different things on different platforms
and in different capture files; throw in some heuristics to try to
figure out whether the 4-byte header is:
1) PPP-over-HDLC (some version of ISDN4BSD?);
2) big-endian AF_ value (BSD on big-endian platforms);
3) little-endian AF_ value (BSD on little-endian platforms);
4) two octets of 0 followed by an Ethernet type (Linux, at least
on little-endian platforms, as mutated by "libpcap").
Make a separate Wiretap encapsulation type, WTAP_ENCAP_NULL,
corresponding to DLT_NULL.
Have the PPP code dissect the frame if it's PPP-over-HDLC, and have
"ethertype()" dissect the Ethernet type and the rest of the packet if
it's a Linux-style header; dissect it ourselves only if it's an AF_
value.
Have Wiretap impose a maximum packet size of 65535 bytes, so that it
fails more gracefully when handed a corrupt "libpcap" capture file
(other capture file formats with more than a 16-bit capture length
field, if any, will have that check added later), and put that size in
"wtap.h" and have Ethereal use it as its notion of a maximum packet
size.
Have Ethereal put up a "this file appears to be damaged or corrupt"
message box if Wiretap returns a WTAP_ERR_BAD_RECORD error when opening
or reading a capture file.
Include loopback interfaces in the list of interfaces offered by the
"Capture" dialog box, but put them at the end of the list so that it
doesn't default to a loopback interface unless there are no other
interfaces. Also, don't require that an interface in the list have an
IP address associated with it, and only put one entry in the list for a
given interface (SIOCGIFCONF returns one entry per interface *address*,
not per *interface* - and even if you were to use only IP addresses, an
interface could conceivably have more than one IP address).
Exclusively use Wiretap encapsulation types internally, even when
capturing; don't use DLT_ types.
svn path=/trunk/; revision=540
1999-08-22 00:47:56 +00:00
|
|
|
*/
|
|
|
|
#define WTAP_MAX_PACKET_SIZE 65535
|
|
|
|
|
2002-01-18 00:25:50 +00:00
|
|
|
/*
|
|
|
|
* "Pseudo-headers" are used to supply to the clients of wiretap
|
|
|
|
* per-packet information that's not part of the packet payload
|
|
|
|
* proper.
|
|
|
|
*
|
|
|
|
* NOTE: do not use pseudo-header structures to hold information
|
|
|
|
* used by the code to read a particular capture file type; to
|
|
|
|
* keep that sort of state information, add a new structure for
|
|
|
|
* that private information to "wtap-int.h", add a pointer to that
|
|
|
|
* type of structure to the "capture" member of the "struct wtap"
|
|
|
|
* structure, and allocate one of those structures and set that member
|
|
|
|
* in the "open" routine for that capture file type if the open
|
|
|
|
* succeeds. See various other capture file type handlers for examples
|
|
|
|
* of that.
|
|
|
|
*/
|
|
|
|
|
2003-10-01 07:11:49 +00:00
|
|
|
/* Packet "pseudo-header" information for Ethernet capture files. */
|
|
|
|
struct eth_phdr {
|
|
|
|
gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
|
|
|
|
};
|
|
|
|
|
1999-08-20 06:55:20 +00:00
|
|
|
/* Packet "pseudo-header" information for X.25 capture files. */
|
2002-04-09 08:15:04 +00:00
|
|
|
#define FROM_DCE 0x80
|
1999-08-20 06:55:20 +00:00
|
|
|
struct x25_phdr {
|
2002-04-09 08:15:04 +00:00
|
|
|
guint8 flags; /* ENCAP_LAPB, ENCAP_V120 : 1st bit means From DCE */
|
1999-08-20 06:55:20 +00:00
|
|
|
};
|
|
|
|
|
2002-10-31 07:12:42 +00:00
|
|
|
/* Packet "pseudo-header" information for ISDN capture files. */
|
|
|
|
|
|
|
|
/* Direction */
|
|
|
|
struct isdn_phdr {
|
|
|
|
gboolean uton;
|
|
|
|
guint8 channel; /* 0 = D-channel; n = B-channel n */
|
|
|
|
};
|
|
|
|
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
/* Packet "pseudo-header" for ATM capture files.
|
|
|
|
Not all of this information is supplied by all capture types. */
|
|
|
|
|
2003-01-10 04:04:42 +00:00
|
|
|
/*
|
|
|
|
* Status bits.
|
|
|
|
*/
|
|
|
|
#define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
|
|
|
|
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
/*
|
|
|
|
* AAL types.
|
|
|
|
*/
|
|
|
|
#define AAL_UNKNOWN 0 /* AAL unknown */
|
|
|
|
#define AAL_1 1 /* AAL1 */
|
|
|
|
#define AAL_2 2 /* AAL2 */
|
|
|
|
#define AAL_3_4 3 /* AAL3/4 */
|
|
|
|
#define AAL_5 4 /* AAL5 */
|
|
|
|
#define AAL_USER 5 /* User AAL */
|
|
|
|
#define AAL_SIGNALLING 6 /* Signaling AAL */
|
|
|
|
#define AAL_OAMCELL 7 /* OAM cell */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Traffic types.
|
|
|
|
*/
|
|
|
|
#define TRAF_UNKNOWN 0 /* Unknown */
|
|
|
|
#define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
|
|
|
|
#define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
|
|
|
|
#define TRAF_LANE 3 /* LAN Emulation */
|
|
|
|
#define TRAF_ILMI 4 /* ILMI */
|
|
|
|
#define TRAF_FR 5 /* Frame Relay */
|
|
|
|
#define TRAF_SPANS 6 /* FORE SPANS */
|
|
|
|
#define TRAF_IPSILON 7 /* Ipsilon */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Traffic subtypes.
|
|
|
|
*/
|
|
|
|
#define TRAF_ST_UNKNOWN 0 /* Unknown */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For TRAF_VCMX:
|
|
|
|
*/
|
|
|
|
#define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
|
|
|
|
#define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
|
|
|
|
#define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
|
|
|
|
#define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
|
|
|
|
#define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
|
|
|
|
#define TRAF_ST_VCMX_BPDU 13 /* BPDU */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For TRAF_LANE:
|
|
|
|
*/
|
|
|
|
#define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
|
|
|
|
#define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
|
|
|
|
#define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
|
|
|
|
#define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
|
|
|
|
#define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For TRAF_IPSILON:
|
|
|
|
*/
|
|
|
|
#define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
|
|
|
|
#define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
|
|
|
|
#define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
|
|
|
|
|
|
|
|
struct atm_phdr {
|
2003-01-10 04:04:42 +00:00
|
|
|
guint32 flags; /* status flags */
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
guint8 aal; /* AAL of the traffic */
|
|
|
|
guint8 type; /* traffic type */
|
|
|
|
guint8 subtype; /* traffic subtype */
|
|
|
|
guint16 vpi; /* virtual path identifier */
|
|
|
|
guint16 vci; /* virtual circuit identifier */
|
2003-01-09 01:55:13 +00:00
|
|
|
guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
|
1999-08-20 06:55:20 +00:00
|
|
|
guint16 cells; /* number of cells */
|
|
|
|
guint16 aal5t_u2u; /* user-to-user indicator */
|
|
|
|
guint16 aal5t_len; /* length of the packet */
|
|
|
|
guint32 aal5t_chksum; /* checksum for AAL5 packet */
|
|
|
|
};
|
|
|
|
|
1999-09-11 22:36:38 +00:00
|
|
|
/* Packet "pseudo-header" for the output from "wandsession", "wannext",
|
|
|
|
"wandisplay", and similar commands on Lucent/Ascend access equipment. */
|
|
|
|
|
|
|
|
#define ASCEND_MAX_STR_LEN 64
|
|
|
|
|
1999-09-13 03:52:53 +00:00
|
|
|
#define ASCEND_PFX_WDS_X 1
|
|
|
|
#define ASCEND_PFX_WDS_R 2
|
|
|
|
#define ASCEND_PFX_WDD 3
|
1999-09-11 22:36:38 +00:00
|
|
|
|
|
|
|
struct ascend_phdr {
|
|
|
|
guint16 type; /* ASCEND_PFX_*, as defined above */
|
1999-09-13 03:52:53 +00:00
|
|
|
char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
|
|
|
|
guint32 sess; /* Session number, from wandsession header */
|
|
|
|
char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
|
|
|
|
guint32 chunk; /* Chunk number, from WDD header */
|
1999-09-11 22:36:38 +00:00
|
|
|
guint32 task; /* Task number */
|
|
|
|
};
|
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/* Packet "pseudo-header" for point-to-point links with direction flags. */
|
2000-09-21 04:41:37 +00:00
|
|
|
struct p2p_phdr {
|
|
|
|
gboolean sent; /* TRUE=sent, FALSE=received */
|
1999-11-11 05:36:16 +00:00
|
|
|
};
|
|
|
|
|
2002-04-08 09:09:49 +00:00
|
|
|
/* Packet "pseudo-header" information for 802.11 with radio information. */
|
|
|
|
struct ieee_802_11_phdr {
|
|
|
|
guint8 channel; /* Channel number */
|
|
|
|
guint8 data_rate; /* in .5 Mb/s units */
|
|
|
|
guint8 signal_level; /* percentage */
|
|
|
|
};
|
2000-09-21 04:41:37 +00:00
|
|
|
|
2002-07-31 19:27:57 +00:00
|
|
|
/* Packet "pseudo-header" for the output from CoSine L2 debug output. */
|
|
|
|
|
|
|
|
#define COSINE_MAX_IF_NAME_LEN 128
|
|
|
|
|
|
|
|
#define COSINE_ENCAP_TEST 1
|
|
|
|
#define COSINE_ENCAP_PPoATM 2
|
|
|
|
#define COSINE_ENCAP_PPoFR 3
|
|
|
|
#define COSINE_ENCAP_ATM 4
|
|
|
|
#define COSINE_ENCAP_FR 5
|
|
|
|
#define COSINE_ENCAP_HDLC 6
|
|
|
|
#define COSINE_ENCAP_PPP 7
|
|
|
|
#define COSINE_ENCAP_ETH 8
|
|
|
|
#define COSINE_ENCAP_UNKNOWN 99
|
|
|
|
|
|
|
|
#define COSINE_DIR_TX 1
|
|
|
|
#define COSINE_DIR_RX 2
|
|
|
|
|
|
|
|
struct cosine_phdr {
|
|
|
|
guint8 encap; /* COSINE_ENCAP_* as defined above */
|
|
|
|
guint8 direction; /* COSINE_DIR_*, as defined above */
|
2003-10-30 03:11:03 +00:00
|
|
|
char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
|
2002-08-16 00:41:39 +00:00
|
|
|
guint16 pro; /* Protocol */
|
|
|
|
guint16 off; /* Offset */
|
|
|
|
guint16 pri; /* Priority */
|
|
|
|
guint16 rm; /* Rate Marking */
|
|
|
|
guint16 err; /* Error Code */
|
2002-07-31 19:27:57 +00:00
|
|
|
};
|
|
|
|
|
2003-12-18 19:07:14 +00:00
|
|
|
/* Packet "pseudo-header" for IrDA capture files. */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Direction of the packet
|
|
|
|
*/
|
|
|
|
#define IRDA_INCOMING 0x0000
|
|
|
|
#define IRDA_OUTGOING 0x0004
|
|
|
|
|
|
|
|
/*
|
|
|
|
* "Inline" log messages produced by IrCOMM2k on Windows
|
|
|
|
*/
|
|
|
|
#define IRDA_LOG_MESSAGE 0x0100 /* log message */
|
|
|
|
#define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Differentiate between frames and log messages
|
|
|
|
*/
|
|
|
|
#define IRDA_CLASS_FRAME 0x0000
|
|
|
|
#define IRDA_CLASS_LOG 0x0100
|
|
|
|
#define IRDA_CLASS_MASK 0xFF00
|
|
|
|
|
|
|
|
struct irda_phdr {
|
|
|
|
guint16 pkttype; /* packet type */
|
|
|
|
};
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
union wtap_pseudo_header {
|
2003-10-01 07:11:49 +00:00
|
|
|
struct eth_phdr eth;
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
struct x25_phdr x25;
|
2002-10-31 07:12:42 +00:00
|
|
|
struct isdn_phdr isdn;
|
Replace the "ngsniffer_atm" with an "atm" pseudo-header, which isn't
just an image of the ATM Sniffer data. This means that Ethereal doesn't
have to know any ATM Sniffer-specific details (that's all hidden in
Wiretap), and allows us to add to that pseudo-header fields, traffic
types, etc. unknown to ATM Sniffers.
Have Wiretap map VPI 0/VCI 5 to the signalling AAL - for some capture
files, this might not be necessary, as they may mark all signalling
traffic as such, but, on other platforms, we don't know the AAL, so we
assume AAL5 except for 0/5 traffic. Doing it in Wiretap lets us hide
those details from Ethereal (and lets Ethereal interpret 0/5 traffic as
non-signalling traffic, in case that happens to be what it is).
We may know that traffic is LANE, but not whether it's LE Control or
emulated 802.3/802.5; handle that case.
svn path=/trunk/; revision=5302
2002-04-30 08:48:27 +00:00
|
|
|
struct atm_phdr atm;
|
|
|
|
struct ascend_phdr ascend;
|
|
|
|
struct p2p_phdr p2p;
|
|
|
|
struct ieee_802_11_phdr ieee_802_11;
|
2002-07-31 19:27:57 +00:00
|
|
|
struct cosine_phdr cosine;
|
2003-12-18 19:07:14 +00:00
|
|
|
struct irda_phdr irda;
|
1999-08-20 06:55:20 +00:00
|
|
|
};
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
struct wtap_pkthdr {
|
|
|
|
struct timeval ts;
|
|
|
|
guint32 caplen;
|
|
|
|
guint32 len;
|
1999-01-02 06:10:55 +00:00
|
|
|
int pkt_encap;
|
1998-11-12 00:06:47 +00:00
|
|
|
};
|
|
|
|
|
2002-07-29 06:09:59 +00:00
|
|
|
typedef void (*wtap_handler)(guchar*, const struct wtap_pkthdr*,
|
|
|
|
long, union wtap_pseudo_header *pseudo_header, const guchar *);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1998-11-12 06:01:27 +00:00
|
|
|
struct wtap;
|
1999-03-01 18:57:07 +00:00
|
|
|
struct Buffer;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
struct wtap_dumper;
|
|
|
|
|
2000-05-19 23:07:04 +00:00
|
|
|
typedef struct wtap wtap;
|
|
|
|
typedef struct wtap_dumper wtap_dumper;
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
|
1999-08-15 06:59:13 +00:00
|
|
|
/*
|
|
|
|
* On failure, "wtap_open_offline()" returns NULL, and puts into the
|
|
|
|
* "int" pointed to by its second argument:
|
|
|
|
*
|
|
|
|
* a positive "errno" value if the capture file can't be opened;
|
|
|
|
*
|
|
|
|
* a negative number, indicating the type of error, on other failures.
|
|
|
|
*/
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
struct wtap* wtap_open_offline(const char *filename, int *err,
|
|
|
|
gchar **err_info, gboolean do_random);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
|
|
|
/* Returns TRUE if entire loop-reading was successful. If read failure
|
|
|
|
* happened, FALSE is returned and err is set. */
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
gboolean wtap_loop(wtap *wth, int, wtap_handler, guchar*, int *err,
|
|
|
|
gchar **err_info);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
|
|
|
/* Returns TRUE if read was successful. FALSE if failure. data_offset is
|
|
|
|
* set the the offset in the file where the data for the read packet is
|
|
|
|
* located. */
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
gboolean wtap_read(wtap *wth, int *err, gchar **err_info,
|
|
|
|
long *data_offset);
|
2000-09-07 05:34:23 +00:00
|
|
|
|
Add routines to Wiretap to allow a client of Wiretap to get:
a pointer to the "wtap_pkthdr" structure for an open capture
file;
a pointer to the "wtap_pseudo_header" union for an open capture
file;
a pointer to the packet buffer for an open capture file;
so that a program using "wtap_read()" in a loop can get at those items.
Keep, in a "capture_file" structure, an indicator of whether:
no file is open;
a file is open, and being read;
a file is open, and is being read, but the user tried to quit
out of reading the file (e.g., by doing "File/Quit");
a file is open, and has been completely read.
Abort if we try to close a capture that's being read if the user hasn't
tried to quit out of the read.
Have "File/Quit" check if a file is being read; if so, just set the
state indicator to "user tried to quit out of it", so that the code
reading the file can do what's appropriate to clean up, rather than
closing the file out from under that code and causing crashes.
Have "read_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
close the capture and return an indication that the read was aborted by
the user. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "continue_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
return an indication that the read was aborted by the user if that
happened. Otherwise, return an indication of whether the read
completely succeeded or failed in the middle (and, if it failed, return
the error code through a pointer).
Have "finish_tail_cap_file()" read the capture file with a loop using
"wtap_read()", rather than by using "wtap_loop()"; have it check after
reading each packet whether the user tried to abort the read and, if so,
quit the loop, and after the loop finishes (even if it read no packets),
close the capture and return an indication that the read was aborted by
the user if that happened. Otherwise, return an indication of whether
the read completely succeeded or failed in the middle (and, if it
failed, return the error code through a pointer).
Have their callers check whether the read was aborted or not and, if it
was, bail out in the appropriate fashion (exit if it's reading a file
specified by "-r" on the command line; exit the main loop if it's
reading a file specified with File->Open; kill the capture child if it's
"continue_tail_cap_file()"; exit the main loop if it's
"finish_tail_cap_file()".
svn path=/trunk/; revision=2095
2000-06-27 07:13:42 +00:00
|
|
|
struct wtap_pkthdr *wtap_phdr(wtap *wth);
|
|
|
|
union wtap_pseudo_header *wtap_pseudoheader(wtap *wth);
|
|
|
|
guint8 *wtap_buf_ptr(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-09-23 04:39:01 +00:00
|
|
|
int wtap_fd(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
int wtap_snapshot_length(wtap *wth); /* per file */
|
|
|
|
int wtap_file_type(wtap *wth);
|
Add "wtap_file_encap()", to return the encapsulation of packets in the
file (which could be WTAP_ENCAP_UNKNOWN, if we couldn't determine it, or
WTAP_ENCAP_PER_PACKET, if we could determine the encapsulation of
packets in the file, but they didn't all have the same encapsulation).
This may be useful in the future, if we allow files to be saved in
different capture file formats - we'd have to specify, when creating the
capture file, the per-file encapsulation, for those formats that don't
support per-packet encapsulations (we wouldn't be able to save a
multi-encapsulation capture in those formats).
Make the code to read "iptrace" files set the per-file packet
encapsulation - set it to the type of the first packet seen, and, if any
subsequent packets have a different encapsulation, set it to
WTAP_ENCAP_PER_PACKET.
svn path=/trunk/; revision=772
1999-10-06 03:29:36 +00:00
|
|
|
int wtap_file_encap(wtap *wth);
|
1999-12-05 01:24:54 +00:00
|
|
|
|
1999-12-04 08:51:52 +00:00
|
|
|
const char *wtap_file_type_string(int filetype);
|
1999-12-04 21:20:09 +00:00
|
|
|
const char *wtap_file_type_short_string(int filetype);
|
|
|
|
int wtap_short_string_to_file_type(const char *short_name);
|
1999-12-05 01:24:54 +00:00
|
|
|
|
|
|
|
const char *wtap_encap_string(int encap);
|
|
|
|
const char *wtap_encap_short_string(int encap);
|
|
|
|
int wtap_short_string_to_encap(const char *short_name);
|
|
|
|
|
1999-08-22 02:52:48 +00:00
|
|
|
const char *wtap_strerror(int err);
|
2000-05-18 09:09:50 +00:00
|
|
|
void wtap_sequential_close(wtap *wth);
|
1998-11-12 00:06:47 +00:00
|
|
|
void wtap_close(wtap *wth);
|
2002-03-05 08:40:27 +00:00
|
|
|
gboolean wtap_seek_read (wtap *wth, long seek_off,
|
Have the Wiretap open, read, and seek-and-read routines return, in
addition to an error code, an error info string, for
WTAP_ERR_UNSUPPORTED, WTAP_ERR_UNSUPPORTED_ENCAP, and
WTAP_ERR_BAD_RECORD errors. Replace the error messages logged with
"g_message()" for those errors with g_strdup()ed or g_strdup_printf()ed
strings returned as the error info string, and change the callers of
those routines to, for those errors, put the info string into the
printed message or alert box for the error.
Add messages for cases where those errors were returned without printing
an additional message.
Nobody uses the error code from "cf_read()" - "cf_read()" puts up the
alert box itself for failures; get rid of the error code, so it just
returns a success/failure indication.
Rename "file_read_error_message()" to "cf_read_error_message()", as it
handles read errors from Wiretap, and have it take an error info string
as an argument. (That handles a lot of the work of putting the info
string into the error message.)
Make some variables in "ascend-grammar.y" static.
Check the return value of "erf_read_header()" in "erf_seek_read()".
Get rid of an unused #define in "i4btrace.c".
svn path=/trunk/; revision=9852
2004-01-25 21:55:17 +00:00
|
|
|
union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
|
|
|
|
int *err, gchar **err_info);
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-12-04 08:32:14 +00:00
|
|
|
gboolean wtap_dump_can_open(int filetype);
|
|
|
|
gboolean wtap_dump_can_write_encap(int filetype, int encap);
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
|
|
|
|
int snaplen, int *err);
|
|
|
|
wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
|
|
|
|
int *err);
|
2000-05-18 09:09:50 +00:00
|
|
|
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
|
2002-07-29 06:09:59 +00:00
|
|
|
const union wtap_pseudo_header *pseudo_header, const guchar *, int *err);
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
FILE* wtap_dump_file(wtap_dumper *);
|
1999-12-04 05:22:21 +00:00
|
|
|
gboolean wtap_dump_close(wtap_dumper *, int *);
|
2001-12-04 08:26:00 +00:00
|
|
|
long wtap_get_bytes_dumped(wtap_dumper *);
|
|
|
|
void wtap_set_bytes_dumped(wtap_dumper *wdh, long bytes_dumped);
|
Add to Wiretap the ability to write capture files; for now, it can only
write them in "libpcap" format, but the mechanism can have other formats
added.
When creating the temporary file for a capture, use "create_tempfile()",
to close a security hole opened by the fact that "tempnam()" creates a
temporary file, but doesn't open it, and we open the file with the name
it gives us - somebody could remove the file and plant a link to some
file, and, if as may well be the case when Ethereal is capturing
packets, it's running as "root", that means we write a capture on top of
that file.... (The aforementioned changes to Wiretap let you open a
capture file for writing given an file descriptor, "fdopen()"-style,
which this change requires.)
svn path=/trunk/; revision=509
1999-08-18 04:17:38 +00:00
|
|
|
|
1999-08-18 04:41:20 +00:00
|
|
|
/*
|
|
|
|
* Wiretap error codes.
|
|
|
|
*/
|
|
|
|
#define WTAP_ERR_NOT_REGULAR_FILE -1
|
2002-06-07 07:47:58 +00:00
|
|
|
/* The file being opened for reading isn't a plain file (or pipe) */
|
|
|
|
#define WTAP_ERR_RANDOM_OPEN_PIPE -2
|
|
|
|
/* The file is being opened for random access and it's a pipe */
|
|
|
|
#define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The file being opened is not a capture file in a known format */
|
2002-06-07 07:47:58 +00:00
|
|
|
#define WTAP_ERR_UNSUPPORTED -4
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* Supported file type, but there's something in the file we
|
|
|
|
can't support */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_CANT_WRITE_TO_PIPE -5
|
|
|
|
/* Wiretap can't save to a pipe in the specified format */
|
|
|
|
#define WTAP_ERR_CANT_OPEN -6
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The file couldn't be opened, reason unknown */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_UNSUPPORTED_FILE_TYPE -7
|
1999-08-18 04:41:20 +00:00
|
|
|
/* Wiretap can't save files in the specified format */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_UNSUPPORTED_ENCAP -8
|
2000-02-19 08:00:08 +00:00
|
|
|
/* Wiretap can't read or save files in the specified format with the
|
1999-08-22 03:50:31 +00:00
|
|
|
specified encapsulation */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The specified format doesn't support per-packet encapsulations */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_CANT_CLOSE -10
|
1999-08-18 04:41:20 +00:00
|
|
|
/* The file couldn't be closed, reason unknown */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_CANT_READ -11
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* An attempt to read failed, reason unknown */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_SHORT_READ -12
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* An attempt to read read less data than it should have */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_BAD_RECORD -13
|
Have the per-capture-file-type open routines "wtap_open_offline()" calls
return 1 on success, -1 if they got an error, and 0 if the file isn't of
the type that file is checking for, and supply an error code if they
return -1; have "wtap_open_offline()" use that error code. Also, have
the per-capture-file-type open routines treat errors accessing the file
as errors, and return -1, rather than just returning 0 so that we try
another file type.
Have the per-capture-file-type read routines "wtap_loop()" calls return
-1 and supply an error code on error (and not, as they did in some
cases, call "g_error()" and abort), and have "wtap_loop()", if the read
routine returned an error, return FALSE (and pass an error-code-pointer
argument onto the read routines, so they fill it in), and return TRUE on
success.
Add some new error codes for them to return.
Now that "wtap_loop()" can return a success/failure indication and an
error code, in "read_cap_file()" put up a message box if we get an error
reading the file, and return the error code.
Handle the additional errors we can get when opening a capture file.
If the attempt to open a capture file succeeds, but the attempt to read
it fails, don't treat that as a complete failure - we may have managed
to read some of the capture file, and we should display what we managed
to read.
svn path=/trunk/; revision=516
1999-08-19 05:31:38 +00:00
|
|
|
/* We read an invalid record */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_SHORT_WRITE -14
|
1999-08-18 04:41:20 +00:00
|
|
|
/* An attempt to write wrote less data than it should have */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_UNC_TRUNCATED -15
|
2000-05-25 09:00:24 +00:00
|
|
|
/* Sniffer compressed data was oddly truncated */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_UNC_OVERFLOW -16
|
2000-05-25 09:00:24 +00:00
|
|
|
/* Uncompressing Sniffer data would overflow buffer */
|
2002-07-16 07:15:09 +00:00
|
|
|
#define WTAP_ERR_UNC_BAD_OFFSET -17
|
2000-05-25 09:00:24 +00:00
|
|
|
/* LZ77 compressed data has bad offset to string */
|
1999-08-18 04:41:20 +00:00
|
|
|
|
1999-10-05 07:06:08 +00:00
|
|
|
/* Errors from zlib; zlib error Z_xxx turns into Wiretap error
|
|
|
|
WTAP_ERR_ZLIB + Z_xxx.
|
|
|
|
|
|
|
|
WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
|
|
|
|
errors; we leave room for 100 positive and 100 negative error
|
|
|
|
codes. */
|
|
|
|
|
|
|
|
#define WTAP_ERR_ZLIB -200
|
|
|
|
#define WTAP_ERR_ZLIB_MAX -100
|
|
|
|
#define WTAP_ERR_ZLIB_MIN -300
|
|
|
|
|
1998-11-12 00:06:47 +00:00
|
|
|
|
1999-03-01 18:57:07 +00:00
|
|
|
#endif /* __WTAP_H__ */
|