636 lines
20 KiB
C
636 lines
20 KiB
C
/* wtap.h
|
|
*
|
|
* $Id$
|
|
*
|
|
* Wiretap Library
|
|
* Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
*/
|
|
|
|
#ifndef __WTAP_H__
|
|
#define __WTAP_H__
|
|
|
|
#ifdef HAVE_SYS_TIME_H
|
|
#include <sys/time.h>
|
|
#endif
|
|
|
|
#ifdef HAVE_WINSOCK2_H
|
|
# include <winsock2.h>
|
|
#endif
|
|
|
|
#include <glib.h>
|
|
#include <stdio.h>
|
|
#include <time.h>
|
|
|
|
/* Encapsulation types. Choose names that truly reflect
|
|
* what is contained in the packet trace file.
|
|
*
|
|
* WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
|
|
* "wtap_dump_fd_open()" to indicate that there is no single encapsulation
|
|
* type for all packets in the file; this may cause those routines to
|
|
* fail if the capture file format being written can't support that.
|
|
* It's also returned by "wtap_file_encap()" for capture files that
|
|
* don't have a single encapsulation type for all packets in the file.
|
|
*
|
|
* WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
|
|
* if it's handed an unknown encapsulation.
|
|
*
|
|
* WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
|
|
* MAC addresses you get from the hardware are bit-swapped. Ideally,
|
|
* the driver would tell us that, but I know of none that do, so, for
|
|
* now, we base it on the machine on which we're *reading* the
|
|
* capture, rather than on the machine on which the capture was taken
|
|
* (they're probably likely to be the same). We assume that they're
|
|
* bit-swapped on everything except for systems running Ultrix, Alpha
|
|
* systems, and BSD/OS systems (that's what "tcpdump" does; I guess
|
|
* Digital decided to bit-swap addresses in the hardware or in the
|
|
* driver, and I guess BSDI bit-swapped them in the driver, given that
|
|
* BSD/OS generally runs on Boring Old PC's). If we create a wiretap
|
|
* save file format, we'd use the WTAP_ENCAP values to flag the
|
|
* encapsulation of a packet, so there we'd at least be able to base
|
|
* it on the machine on which the capture was taken.
|
|
*
|
|
* WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
|
|
* ATM on Linux code from <http://linux-atm.sourceforge.net/>;
|
|
* that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
|
|
* encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
|
|
* presumably used on some BSD systems, which we turn into
|
|
* WTAP_ENCAP_ATM_RFC1483.
|
|
*
|
|
* WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
|
|
* corresponds to
|
|
*
|
|
* 1) PPP-over-HDLC encapsulation, at least with some versions
|
|
* of ISDN4BSD (but not the current ones, it appears, unless
|
|
* I've missed something);
|
|
*
|
|
* 2) a 4-byte header containing the AF_ address family, in
|
|
* the byte order of the machine that saved the capture,
|
|
* for the packet, as used on many BSD systems for the
|
|
* loopback device and some other devices, or a 4-byte header
|
|
* containing the AF_ address family in network byte order,
|
|
* as used on recent OpenBSD systems for the loopback device;
|
|
*
|
|
* 3) a 4-byte header containing 2 octets of 0 and an Ethernet
|
|
* type in the byte order from an Ethernet header, that being
|
|
* what older versions of "libpcap" on Linux turn the Ethernet
|
|
* header for loopback interfaces into (0.6.0 and later versions
|
|
* leave the Ethernet header alone and make it DLT_EN10MB). */
|
|
#define WTAP_ENCAP_PER_PACKET -1
|
|
#define WTAP_ENCAP_UNKNOWN 0
|
|
#define WTAP_ENCAP_ETHERNET 1
|
|
#define WTAP_ENCAP_TOKEN_RING 2
|
|
#define WTAP_ENCAP_SLIP 3
|
|
#define WTAP_ENCAP_PPP 4
|
|
#define WTAP_ENCAP_FDDI 5
|
|
#define WTAP_ENCAP_FDDI_BITSWAPPED 6
|
|
#define WTAP_ENCAP_RAW_IP 7
|
|
#define WTAP_ENCAP_ARCNET 8
|
|
#define WTAP_ENCAP_ARCNET_LINUX 9
|
|
#define WTAP_ENCAP_ATM_RFC1483 10
|
|
#define WTAP_ENCAP_LINUX_ATM_CLIP 11
|
|
#define WTAP_ENCAP_LAPB 12
|
|
#define WTAP_ENCAP_ATM_PDUS 13
|
|
#define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
|
|
#define WTAP_ENCAP_NULL 15
|
|
#define WTAP_ENCAP_ASCEND 16
|
|
#define WTAP_ENCAP_ISDN 17
|
|
#define WTAP_ENCAP_IP_OVER_FC 18
|
|
#define WTAP_ENCAP_PPP_WITH_PHDR 19
|
|
#define WTAP_ENCAP_IEEE_802_11 20
|
|
#define WTAP_ENCAP_PRISM_HEADER 21
|
|
#define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
|
|
#define WTAP_ENCAP_IEEE_802_11_WLAN_RADIOTAP 23
|
|
#define WTAP_ENCAP_IEEE_802_11_WLAN_AVS 24
|
|
#define WTAP_ENCAP_SLL 25
|
|
#define WTAP_ENCAP_FRELAY 26
|
|
#define WTAP_ENCAP_FRELAY_WITH_PHDR 27
|
|
#define WTAP_ENCAP_CHDLC 28
|
|
#define WTAP_ENCAP_CISCO_IOS 29
|
|
#define WTAP_ENCAP_LOCALTALK 30
|
|
#define WTAP_ENCAP_OLD_PFLOG 31
|
|
#define WTAP_ENCAP_HHDLC 32
|
|
#define WTAP_ENCAP_DOCSIS 33
|
|
#define WTAP_ENCAP_COSINE 34
|
|
#define WTAP_ENCAP_WFLEET_HDLC 35
|
|
#define WTAP_ENCAP_SDLC 36
|
|
#define WTAP_ENCAP_TZSP 37
|
|
#define WTAP_ENCAP_ENC 38
|
|
#define WTAP_ENCAP_PFLOG 39
|
|
#define WTAP_ENCAP_CHDLC_WITH_PHDR 40
|
|
#define WTAP_ENCAP_BLUETOOTH_H4 41
|
|
#define WTAP_ENCAP_MTP2 42
|
|
#define WTAP_ENCAP_MTP3 43
|
|
#define WTAP_ENCAP_IRDA 44
|
|
#define WTAP_ENCAP_USER0 45
|
|
#define WTAP_ENCAP_USER1 46
|
|
#define WTAP_ENCAP_USER2 47
|
|
#define WTAP_ENCAP_USER3 48
|
|
#define WTAP_ENCAP_USER4 49
|
|
#define WTAP_ENCAP_USER5 50
|
|
#define WTAP_ENCAP_USER6 51
|
|
#define WTAP_ENCAP_USER7 52
|
|
#define WTAP_ENCAP_USER8 53
|
|
#define WTAP_ENCAP_USER9 54
|
|
#define WTAP_ENCAP_USER10 55
|
|
#define WTAP_ENCAP_USER11 56
|
|
#define WTAP_ENCAP_USER12 57
|
|
#define WTAP_ENCAP_USER13 58
|
|
#define WTAP_ENCAP_USER14 59
|
|
#define WTAP_ENCAP_USER15 60
|
|
#define WTAP_ENCAP_SYMANTEC 61
|
|
#define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
|
|
#define WTAP_ENCAP_BACNET_MS_TP 63
|
|
#define WTAP_ENCAP_NETTL_RAW_ICMP 64
|
|
#define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
|
|
#define WTAP_ENCAP_GPRS_LLC 67
|
|
#define WTAP_ENCAP_JUNIPER_ATM1 68
|
|
#define WTAP_ENCAP_JUNIPER_ATM2 69
|
|
#define WTAP_ENCAP_REDBACK 70
|
|
#define WTAP_ENCAP_NETTL_RAW_IP 71
|
|
#define WTAP_ENCAP_NETTL_ETHERNET 72
|
|
#define WTAP_ENCAP_NETTL_TOKEN_RING 73
|
|
#define WTAP_ENCAP_NETTL_FDDI 74
|
|
#define WTAP_ENCAP_NETTL_UNKNOWN 75
|
|
#define WTAP_ENCAP_MTP2_WITH_PHDR 76
|
|
#define WTAP_ENCAP_JUNIPER_PPPOE 77
|
|
#define WTAP_GCOM_TIE1 78
|
|
#define WTAP_GCOM_SERIAL 79
|
|
#define WTAP_ENCAP_NETTL_X25 80
|
|
#define WTAP_ENCAP_K12 81
|
|
#define WTAP_ENCAP_JUNIPER_MLPPP 82
|
|
#define WTAP_ENCAP_JUNIPER_MLFR 83
|
|
/* last WTAP_ENCAP_ value + 1 */
|
|
#define WTAP_NUM_ENCAP_TYPES 84
|
|
|
|
/* File types that can be read by wiretap.
|
|
We support writing some many of these file types, too, so we
|
|
distinguish between different versions of them. */
|
|
#define WTAP_FILE_UNKNOWN 0
|
|
#define WTAP_FILE_WTAP 1
|
|
#define WTAP_FILE_PCAP 2
|
|
#define WTAP_FILE_PCAP_SS990417 3
|
|
#define WTAP_FILE_PCAP_SS990915 4
|
|
#define WTAP_FILE_PCAP_SS991029 5
|
|
#define WTAP_FILE_PCAP_NOKIA 6
|
|
#define WTAP_FILE_PCAP_AIX 7
|
|
#define WTAP_FILE_LANALYZER 8
|
|
#define WTAP_FILE_NGSNIFFER_UNCOMPRESSED 9
|
|
#define WTAP_FILE_NGSNIFFER_COMPRESSED 10
|
|
#define WTAP_FILE_SNOOP 11
|
|
#define WTAP_FILE_SHOMITI 12
|
|
#define WTAP_FILE_IPTRACE_1_0 13
|
|
#define WTAP_FILE_IPTRACE_2_0 14
|
|
#define WTAP_FILE_NETMON_1_x 15
|
|
#define WTAP_FILE_NETMON_2_x 16
|
|
#define WTAP_FILE_NETXRAY_OLD 17
|
|
#define WTAP_FILE_NETXRAY_1_0 18
|
|
#define WTAP_FILE_NETXRAY_1_1 19
|
|
#define WTAP_FILE_NETXRAY_2_00x 20
|
|
#define WTAP_FILE_RADCOM 21
|
|
#define WTAP_FILE_ASCEND 22
|
|
#define WTAP_FILE_NETTL 23
|
|
#define WTAP_FILE_TOSHIBA 24
|
|
#define WTAP_FILE_I4BTRACE 25
|
|
#define WTAP_FILE_CSIDS 26
|
|
#define WTAP_FILE_PPPDUMP 27
|
|
#define WTAP_FILE_ETHERPEEK_V56 28
|
|
#define WTAP_FILE_ETHERPEEK_V7 29
|
|
#define WTAP_FILE_VMS 30
|
|
#define WTAP_FILE_DBS_ETHERWATCH 31
|
|
#define WTAP_FILE_VISUAL_NETWORKS 32
|
|
#define WTAP_FILE_COSINE 33
|
|
#define WTAP_FILE_5VIEWS 34
|
|
#define WTAP_FILE_ERF 35
|
|
#define WTAP_FILE_HCIDUMP 36
|
|
#define WTAP_FILE_NETWORK_INSTRUMENTS_V9 37
|
|
#define WTAP_FILE_AIROPEEK_V9 38
|
|
#define WTAP_FILE_EYESDN 39
|
|
#define WTAP_FILE_K12 40
|
|
|
|
/* last WTAP_FILE_ value + 1 */
|
|
#define WTAP_NUM_FILE_TYPES 41
|
|
|
|
/* timestamp accuracy (currently only these values are supported) */
|
|
#define WTAP_FILE_TSPREC_USEC 6
|
|
#define WTAP_FILE_TSPREC_NSEC 9
|
|
|
|
/*
|
|
* Maximum packet size we'll support.
|
|
* It must be at least 65535.
|
|
*/
|
|
#define WTAP_MAX_PACKET_SIZE 65535
|
|
|
|
/*
|
|
* "Pseudo-headers" are used to supply to the clients of wiretap
|
|
* per-packet information that's not part of the packet payload
|
|
* proper.
|
|
*
|
|
* NOTE: do not use pseudo-header structures to hold information
|
|
* used by the code to read a particular capture file type; to
|
|
* keep that sort of state information, add a new structure for
|
|
* that private information to "wtap-int.h", add a pointer to that
|
|
* type of structure to the "capture" member of the "struct wtap"
|
|
* structure, and allocate one of those structures and set that member
|
|
* in the "open" routine for that capture file type if the open
|
|
* succeeds. See various other capture file type handlers for examples
|
|
* of that.
|
|
*/
|
|
|
|
/* Packet "pseudo-header" information for Ethernet capture files. */
|
|
struct eth_phdr {
|
|
gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
|
|
};
|
|
|
|
/* Packet "pseudo-header" information for X.25 capture files. */
|
|
#define FROM_DCE 0x80
|
|
struct x25_phdr {
|
|
guint8 flags; /* ENCAP_LAPB, ENCAP_V120 : 1st bit means From DCE */
|
|
};
|
|
|
|
/* Packet "pseudo-header" information for ISDN capture files. */
|
|
|
|
/* Direction */
|
|
struct isdn_phdr {
|
|
gboolean uton;
|
|
guint8 channel; /* 0 = D-channel; n = B-channel n */
|
|
};
|
|
|
|
/* Packet "pseudo-header" for ATM capture files.
|
|
Not all of this information is supplied by all capture types. */
|
|
|
|
/*
|
|
* Status bits.
|
|
*/
|
|
#define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
|
|
|
|
/*
|
|
* AAL types.
|
|
*/
|
|
#define AAL_UNKNOWN 0 /* AAL unknown */
|
|
#define AAL_1 1 /* AAL1 */
|
|
#define AAL_2 2 /* AAL2 */
|
|
#define AAL_3_4 3 /* AAL3/4 */
|
|
#define AAL_5 4 /* AAL5 */
|
|
#define AAL_USER 5 /* User AAL */
|
|
#define AAL_SIGNALLING 6 /* Signaling AAL */
|
|
#define AAL_OAMCELL 7 /* OAM cell */
|
|
|
|
/*
|
|
* Traffic types.
|
|
*/
|
|
#define TRAF_UNKNOWN 0 /* Unknown */
|
|
#define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
|
|
#define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
|
|
#define TRAF_LANE 3 /* LAN Emulation */
|
|
#define TRAF_ILMI 4 /* ILMI */
|
|
#define TRAF_FR 5 /* Frame Relay */
|
|
#define TRAF_SPANS 6 /* FORE SPANS */
|
|
#define TRAF_IPSILON 7 /* Ipsilon */
|
|
|
|
/*
|
|
* Traffic subtypes.
|
|
*/
|
|
#define TRAF_ST_UNKNOWN 0 /* Unknown */
|
|
|
|
/*
|
|
* For TRAF_VCMX:
|
|
*/
|
|
#define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
|
|
#define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
|
|
#define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
|
|
#define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
|
|
#define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
|
|
#define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
|
|
#define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
|
|
#define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
|
|
#define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
|
|
#define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
|
|
#define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
|
|
#define TRAF_ST_VCMX_BPDU 13 /* BPDU */
|
|
|
|
/*
|
|
* For TRAF_LANE:
|
|
*/
|
|
#define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
|
|
#define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
|
|
#define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
|
|
#define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
|
|
#define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
|
|
|
|
/*
|
|
* For TRAF_IPSILON:
|
|
*/
|
|
#define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
|
|
#define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
|
|
#define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
|
|
|
|
struct atm_phdr {
|
|
guint32 flags; /* status flags */
|
|
guint8 aal; /* AAL of the traffic */
|
|
guint8 type; /* traffic type */
|
|
guint8 subtype; /* traffic subtype */
|
|
guint16 vpi; /* virtual path identifier */
|
|
guint16 vci; /* virtual circuit identifier */
|
|
guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
|
|
guint16 cells; /* number of cells */
|
|
guint16 aal5t_u2u; /* user-to-user indicator */
|
|
guint16 aal5t_len; /* length of the packet */
|
|
guint32 aal5t_chksum; /* checksum for AAL5 packet */
|
|
};
|
|
|
|
/* Packet "pseudo-header" for the output from "wandsession", "wannext",
|
|
"wandisplay", and similar commands on Lucent/Ascend access equipment. */
|
|
|
|
#define ASCEND_MAX_STR_LEN 64
|
|
|
|
#define ASCEND_PFX_WDS_X 1
|
|
#define ASCEND_PFX_WDS_R 2
|
|
#define ASCEND_PFX_WDD 3
|
|
#define ASCEND_PFX_ISDN_X 4
|
|
#define ASCEND_PFX_ISDN_R 5
|
|
#define ASCEND_PFX_ETHER 6
|
|
|
|
struct ascend_phdr {
|
|
guint16 type; /* ASCEND_PFX_*, as defined above */
|
|
char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
|
|
guint32 sess; /* Session number, from wandsession header */
|
|
char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
|
|
guint32 chunk; /* Chunk number, from WDD header */
|
|
guint32 task; /* Task number */
|
|
};
|
|
|
|
/* Packet "pseudo-header" for point-to-point links with direction flags. */
|
|
struct p2p_phdr {
|
|
gboolean sent; /* TRUE=sent, FALSE=received */
|
|
};
|
|
|
|
/* Packet "pseudo-header" information for 802.11
|
|
Radio information is only present for WTAP_ENCAP_IEEE_802_11_WITH_RADIO. */
|
|
struct ieee_802_11_phdr {
|
|
gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
|
|
guint8 channel; /* Channel number */
|
|
guint8 data_rate; /* in .5 Mb/s units */
|
|
guint8 signal_level; /* percentage */
|
|
};
|
|
|
|
/* Packet "pseudo-header" for the output from CoSine L2 debug output. */
|
|
|
|
#define COSINE_MAX_IF_NAME_LEN 128
|
|
|
|
#define COSINE_ENCAP_TEST 1
|
|
#define COSINE_ENCAP_PPoATM 2
|
|
#define COSINE_ENCAP_PPoFR 3
|
|
#define COSINE_ENCAP_ATM 4
|
|
#define COSINE_ENCAP_FR 5
|
|
#define COSINE_ENCAP_HDLC 6
|
|
#define COSINE_ENCAP_PPP 7
|
|
#define COSINE_ENCAP_ETH 8
|
|
#define COSINE_ENCAP_UNKNOWN 99
|
|
|
|
#define COSINE_DIR_TX 1
|
|
#define COSINE_DIR_RX 2
|
|
|
|
struct cosine_phdr {
|
|
guint8 encap; /* COSINE_ENCAP_* as defined above */
|
|
guint8 direction; /* COSINE_DIR_*, as defined above */
|
|
char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
|
|
guint16 pro; /* Protocol */
|
|
guint16 off; /* Offset */
|
|
guint16 pri; /* Priority */
|
|
guint16 rm; /* Rate Marking */
|
|
guint16 err; /* Error Code */
|
|
};
|
|
|
|
/* Packet "pseudo-header" for IrDA capture files. */
|
|
|
|
/*
|
|
* Direction of the packet
|
|
*/
|
|
#define IRDA_INCOMING 0x0000
|
|
#define IRDA_OUTGOING 0x0004
|
|
|
|
/*
|
|
* "Inline" log messages produced by IrCOMM2k on Windows
|
|
*/
|
|
#define IRDA_LOG_MESSAGE 0x0100 /* log message */
|
|
#define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
|
|
|
|
/*
|
|
* Differentiate between frames and log messages
|
|
*/
|
|
#define IRDA_CLASS_FRAME 0x0000
|
|
#define IRDA_CLASS_LOG 0x0100
|
|
#define IRDA_CLASS_MASK 0xFF00
|
|
|
|
struct irda_phdr {
|
|
guint16 pkttype; /* packet type */
|
|
};
|
|
|
|
/* Packet "pseudo-header" for nettl (HP-UX) capture files. */
|
|
|
|
struct nettl_phdr {
|
|
guint16 subsys;
|
|
guint32 devid;
|
|
guint32 kind;
|
|
gint32 pid;
|
|
gint16 uid;
|
|
};
|
|
|
|
/* Packet "pseudo-header" for MTP2 files. */
|
|
|
|
struct mtp2_phdr {
|
|
guint8 sent;
|
|
guint8 annex_a_used;
|
|
guint16 link_number;
|
|
};
|
|
|
|
/* Packet "pseudo-header" for K12 files. */
|
|
|
|
typedef union {
|
|
struct {
|
|
guint16 vp;
|
|
guint16 vc;
|
|
} atm;
|
|
|
|
guint32 ds0mask;
|
|
} k12_input_info_t;
|
|
|
|
struct k12_phdr {
|
|
guint32 input;
|
|
const gchar* input_name;
|
|
const gchar* stack_file;
|
|
guint32 input_type;
|
|
k12_input_info_t input_info;
|
|
void* stuff;
|
|
};
|
|
|
|
#define K12_PORT_DS0S 0x00010008
|
|
#define K12_PORT_DS1 0x00100008
|
|
#define K12_PORT_ATMPVC 0x01020000
|
|
|
|
union wtap_pseudo_header {
|
|
struct eth_phdr eth;
|
|
struct x25_phdr x25;
|
|
struct isdn_phdr isdn;
|
|
struct atm_phdr atm;
|
|
struct ascend_phdr ascend;
|
|
struct p2p_phdr p2p;
|
|
struct ieee_802_11_phdr ieee_802_11;
|
|
struct cosine_phdr cosine;
|
|
struct irda_phdr irda;
|
|
struct nettl_phdr nettl;
|
|
struct mtp2_phdr mtp2;
|
|
struct k12_phdr k12;
|
|
};
|
|
|
|
struct wtap_nstime {
|
|
time_t secs;
|
|
int nsecs;
|
|
};
|
|
|
|
|
|
struct wtap_pkthdr {
|
|
struct wtap_nstime ts;
|
|
guint32 caplen;
|
|
guint32 len;
|
|
int pkt_encap;
|
|
};
|
|
|
|
struct wtap;
|
|
struct Buffer;
|
|
struct wtap_dumper;
|
|
|
|
typedef struct wtap wtap;
|
|
typedef struct wtap_dumper wtap_dumper;
|
|
|
|
/*
|
|
* On failure, "wtap_open_offline()" returns NULL, and puts into the
|
|
* "int" pointed to by its second argument:
|
|
*
|
|
* a positive "errno" value if the capture file can't be opened;
|
|
*
|
|
* a negative number, indicating the type of error, on other failures.
|
|
*/
|
|
struct wtap* wtap_open_offline(const char *filename, int *err,
|
|
gchar **err_info, gboolean do_random);
|
|
|
|
/* Returns TRUE if read was successful. FALSE if failure. data_offset is
|
|
* set the the offset in the file where the data for the read packet is
|
|
* located. */
|
|
gboolean wtap_read(wtap *wth, int *err, gchar **err_info,
|
|
long *data_offset);
|
|
|
|
/*
|
|
* Return an approximation of the amount of data we've read sequentially
|
|
* from the file so far. (gint64, in case that's 64 bits.)
|
|
*/
|
|
gint64 wtap_read_so_far(wtap *wth, int *err);
|
|
|
|
struct wtap_pkthdr *wtap_phdr(wtap *wth);
|
|
union wtap_pseudo_header *wtap_pseudoheader(wtap *wth);
|
|
guint8 *wtap_buf_ptr(wtap *wth);
|
|
|
|
gint64 wtap_file_size(wtap *wth, int *err);
|
|
int wtap_snapshot_length(wtap *wth); /* per file */
|
|
int wtap_file_type(wtap *wth);
|
|
int wtap_file_encap(wtap *wth);
|
|
int wtap_file_tsprecision(wtap *wth);
|
|
|
|
const char *wtap_file_type_string(int filetype);
|
|
const char *wtap_file_type_short_string(int filetype);
|
|
int wtap_short_string_to_file_type(const char *short_name);
|
|
|
|
const char *wtap_encap_string(int encap);
|
|
const char *wtap_encap_short_string(int encap);
|
|
int wtap_short_string_to_encap(const char *short_name);
|
|
|
|
const char *wtap_strerror(int err);
|
|
void wtap_sequential_close(wtap *wth);
|
|
void wtap_close(wtap *wth);
|
|
gboolean wtap_seek_read (wtap *wth, long seek_off,
|
|
union wtap_pseudo_header *pseudo_header, guint8 *pd, int len,
|
|
int *err, gchar **err_info);
|
|
|
|
gboolean wtap_dump_can_open(int filetype);
|
|
gboolean wtap_dump_can_write_encap(int filetype, int encap);
|
|
wtap_dumper* wtap_dump_open(const char *filename, int filetype, int encap,
|
|
int snaplen, int *err);
|
|
wtap_dumper* wtap_dump_fdopen(int fd, int filetype, int encap, int snaplen,
|
|
int *err);
|
|
gboolean wtap_dump(wtap_dumper *, const struct wtap_pkthdr *,
|
|
const union wtap_pseudo_header *pseudo_header, const guchar *, int *err);
|
|
FILE* wtap_dump_file(wtap_dumper *);
|
|
gboolean wtap_dump_close(wtap_dumper *, int *);
|
|
long wtap_get_bytes_dumped(wtap_dumper *);
|
|
void wtap_set_bytes_dumped(wtap_dumper *wdh, long bytes_dumped);
|
|
|
|
/*
|
|
* Wiretap error codes.
|
|
*/
|
|
#define WTAP_ERR_NOT_REGULAR_FILE -1
|
|
/* The file being opened for reading isn't a plain file (or pipe) */
|
|
#define WTAP_ERR_RANDOM_OPEN_PIPE -2
|
|
/* The file is being opened for random access and it's a pipe */
|
|
#define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
|
|
/* The file being opened is not a capture file in a known format */
|
|
#define WTAP_ERR_UNSUPPORTED -4
|
|
/* Supported file type, but there's something in the file we
|
|
can't support */
|
|
#define WTAP_ERR_CANT_WRITE_TO_PIPE -5
|
|
/* Wiretap can't save to a pipe in the specified format */
|
|
#define WTAP_ERR_CANT_OPEN -6
|
|
/* The file couldn't be opened, reason unknown */
|
|
#define WTAP_ERR_UNSUPPORTED_FILE_TYPE -7
|
|
/* Wiretap can't save files in the specified format */
|
|
#define WTAP_ERR_UNSUPPORTED_ENCAP -8
|
|
/* Wiretap can't read or save files in the specified format with the
|
|
specified encapsulation */
|
|
#define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
|
|
/* The specified format doesn't support per-packet encapsulations */
|
|
#define WTAP_ERR_CANT_CLOSE -10
|
|
/* The file couldn't be closed, reason unknown */
|
|
#define WTAP_ERR_CANT_READ -11
|
|
/* An attempt to read failed, reason unknown */
|
|
#define WTAP_ERR_SHORT_READ -12
|
|
/* An attempt to read read less data than it should have */
|
|
#define WTAP_ERR_BAD_RECORD -13
|
|
/* We read an invalid record */
|
|
#define WTAP_ERR_SHORT_WRITE -14
|
|
/* An attempt to write wrote less data than it should have */
|
|
#define WTAP_ERR_UNC_TRUNCATED -15
|
|
/* Sniffer compressed data was oddly truncated */
|
|
#define WTAP_ERR_UNC_OVERFLOW -16
|
|
/* Uncompressing Sniffer data would overflow buffer */
|
|
#define WTAP_ERR_UNC_BAD_OFFSET -17
|
|
/* LZ77 compressed data has bad offset to string */
|
|
#define WTAP_ERR_RANDOM_OPEN_STDIN -18
|
|
/* We're trying to open the standard input for random access */
|
|
|
|
/* Errors from zlib; zlib error Z_xxx turns into Wiretap error
|
|
WTAP_ERR_ZLIB + Z_xxx.
|
|
|
|
WTAP_ERR_ZLIB_MIN and WTAP_ERR_ZLIB_MAX bound the range of zlib
|
|
errors; we leave room for 100 positive and 100 negative error
|
|
codes. */
|
|
|
|
#define WTAP_ERR_ZLIB -200
|
|
#define WTAP_ERR_ZLIB_MAX -100
|
|
#define WTAP_ERR_ZLIB_MIN -300
|
|
|
|
|
|
#endif /* __WTAP_H__ */
|