Wireshark  2.9.0-477-g68ec514b
The Wireshark network protocol analyzer
wtap.h
1 /* wtap.h
2  *
3  * Wiretap Library
4  * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
5  *
6  * SPDX-License-Identifier: GPL-2.0-or-later
7  */
8 
9 #ifndef __WTAP_H__
10 #define __WTAP_H__
11 
12 #include <glib.h>
13 #include <time.h>
14 #include <wsutil/buffer.h>
15 #include <wsutil/nstime.h>
16 #include <wsutil/inet_addr.h>
17 #include "wtap_opttypes.h"
18 #include "ws_symbol_export.h"
19 #include "ws_attributes.h"
20 #ifdef HAVE_PLUGINS
21 #include "wsutil/plugins.h"
22 #endif
23 
24 #ifdef __cplusplus
25 extern "C" {
26 #endif /* __cplusplus */
27 
28 /* Encapsulation types. Choose names that truly reflect
29  * what is contained in the packet trace file.
30  *
31  * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
32  * "wtap_dump_fd_open()" to indicate that there is no single encapsulation
33  * type for all packets in the file; this may cause those routines to
34  * fail if the capture file format being written can't support that.
35  * It's also returned by "wtap_file_encap()" for capture files that
36  * don't have a single encapsulation type for all packets in the file.
37  *
38  * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
39  * if it's handed an unknown encapsulation.
40  *
41  * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
42  * MAC addresses you get from the hardware are bit-swapped. Ideally,
43  * the driver would tell us that, but I know of none that do, so, for
44  * now, we base it on the machine on which we're *reading* the
45  * capture, rather than on the machine on which the capture was taken
46  * (they're probably likely to be the same). We assume that they're
47  * bit-swapped on everything except for systems running Ultrix, Alpha
48  * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
49  * Digital decided to bit-swap addresses in the hardware or in the
50  * driver, and I guess BSDI bit-swapped them in the driver, given that
51  * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
52  * save file format, we'd use the WTAP_ENCAP values to flag the
53  * encapsulation of a packet, so there we'd at least be able to base
54  * it on the machine on which the capture was taken.
55  *
56  * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
57  * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
58  * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
59  * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
60  * presumably used on some BSD systems, which we turn into
61  * WTAP_ENCAP_ATM_RFC1483.
62  *
63  * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
64  * corresponds to
65  *
66  * 1) PPP-over-HDLC encapsulation, at least with some versions
67  * of ISDN4BSD (but not the current ones, it appears, unless
68  * I've missed something);
69  *
70  * 2) a 4-byte header containing the AF_ address family, in
71  * the byte order of the machine that saved the capture,
72  * for the packet, as used on many BSD systems for the
73  * loopback device and some other devices, or a 4-byte header
74  * containing the AF_ address family in network byte order,
75  * as used on recent OpenBSD systems for the loopback device;
76  *
77  * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
78  * type in the byte order from an Ethernet header, that being
79  * what older versions of "libpcap" on Linux turn the Ethernet
80  * header for loopback interfaces into (0.6.0 and later versions
81  * leave the Ethernet header alone and make it DLT_EN10MB). */
82 #define WTAP_ENCAP_PER_PACKET -1
83 #define WTAP_ENCAP_UNKNOWN 0
84 #define WTAP_ENCAP_ETHERNET 1
85 #define WTAP_ENCAP_TOKEN_RING 2
86 #define WTAP_ENCAP_SLIP 3
87 #define WTAP_ENCAP_PPP 4
88 #define WTAP_ENCAP_FDDI 5
89 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
90 #define WTAP_ENCAP_RAW_IP 7
91 #define WTAP_ENCAP_ARCNET 8
92 #define WTAP_ENCAP_ARCNET_LINUX 9
93 #define WTAP_ENCAP_ATM_RFC1483 10
94 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
95 #define WTAP_ENCAP_LAPB 12
96 #define WTAP_ENCAP_ATM_PDUS 13
97 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
98 #define WTAP_ENCAP_NULL 15
99 #define WTAP_ENCAP_ASCEND 16
100 #define WTAP_ENCAP_ISDN 17
101 #define WTAP_ENCAP_IP_OVER_FC 18
102 #define WTAP_ENCAP_PPP_WITH_PHDR 19
103 #define WTAP_ENCAP_IEEE_802_11 20
104 #define WTAP_ENCAP_IEEE_802_11_PRISM 21
105 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
106 #define WTAP_ENCAP_IEEE_802_11_RADIOTAP 23
107 #define WTAP_ENCAP_IEEE_802_11_AVS 24
108 #define WTAP_ENCAP_SLL 25
109 #define WTAP_ENCAP_FRELAY 26
110 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
111 #define WTAP_ENCAP_CHDLC 28
112 #define WTAP_ENCAP_CISCO_IOS 29
113 #define WTAP_ENCAP_LOCALTALK 30
114 #define WTAP_ENCAP_OLD_PFLOG 31
115 #define WTAP_ENCAP_HHDLC 32
116 #define WTAP_ENCAP_DOCSIS 33
117 #define WTAP_ENCAP_COSINE 34
118 #define WTAP_ENCAP_WFLEET_HDLC 35
119 #define WTAP_ENCAP_SDLC 36
120 #define WTAP_ENCAP_TZSP 37
121 #define WTAP_ENCAP_ENC 38
122 #define WTAP_ENCAP_PFLOG 39
123 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
124 #define WTAP_ENCAP_BLUETOOTH_H4 41
125 #define WTAP_ENCAP_MTP2 42
126 #define WTAP_ENCAP_MTP3 43
127 #define WTAP_ENCAP_IRDA 44
128 #define WTAP_ENCAP_USER0 45
129 #define WTAP_ENCAP_USER1 46
130 #define WTAP_ENCAP_USER2 47
131 #define WTAP_ENCAP_USER3 48
132 #define WTAP_ENCAP_USER4 49
133 #define WTAP_ENCAP_USER5 50
134 #define WTAP_ENCAP_USER6 51
135 #define WTAP_ENCAP_USER7 52
136 #define WTAP_ENCAP_USER8 53
137 #define WTAP_ENCAP_USER9 54
138 #define WTAP_ENCAP_USER10 55
139 #define WTAP_ENCAP_USER11 56
140 #define WTAP_ENCAP_USER12 57
141 #define WTAP_ENCAP_USER13 58
142 #define WTAP_ENCAP_USER14 59
143 #define WTAP_ENCAP_USER15 60
144 #define WTAP_ENCAP_SYMANTEC 61
145 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
146 #define WTAP_ENCAP_BACNET_MS_TP 63
147 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
148 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
149 #define WTAP_ENCAP_GPRS_LLC 66
150 #define WTAP_ENCAP_JUNIPER_ATM1 67
151 #define WTAP_ENCAP_JUNIPER_ATM2 68
152 #define WTAP_ENCAP_REDBACK 69
153 #define WTAP_ENCAP_NETTL_RAW_IP 70
154 #define WTAP_ENCAP_NETTL_ETHERNET 71
155 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
156 #define WTAP_ENCAP_NETTL_FDDI 73
157 #define WTAP_ENCAP_NETTL_UNKNOWN 74
158 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
159 #define WTAP_ENCAP_JUNIPER_PPPOE 76
160 #define WTAP_ENCAP_GCOM_TIE1 77
161 #define WTAP_ENCAP_GCOM_SERIAL 78
162 #define WTAP_ENCAP_NETTL_X25 79
163 #define WTAP_ENCAP_K12 80
164 #define WTAP_ENCAP_JUNIPER_MLPPP 81
165 #define WTAP_ENCAP_JUNIPER_MLFR 82
166 #define WTAP_ENCAP_JUNIPER_ETHER 83
167 #define WTAP_ENCAP_JUNIPER_PPP 84
168 #define WTAP_ENCAP_JUNIPER_FRELAY 85
169 #define WTAP_ENCAP_JUNIPER_CHDLC 86
170 #define WTAP_ENCAP_JUNIPER_GGSN 87
171 #define WTAP_ENCAP_LINUX_LAPD 88
172 #define WTAP_ENCAP_CATAPULT_DCT2000 89
173 #define WTAP_ENCAP_BER 90
174 #define WTAP_ENCAP_JUNIPER_VP 91
175 #define WTAP_ENCAP_USB_FREEBSD 92
176 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
177 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
178 #define WTAP_ENCAP_USB_LINUX 95
179 #define WTAP_ENCAP_MPEG 96
180 #define WTAP_ENCAP_PPI 97
181 #define WTAP_ENCAP_ERF 98
182 #define WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99
183 #define WTAP_ENCAP_SITA 100
184 #define WTAP_ENCAP_SCCP 101
185 #define WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/
186 #define WTAP_ENCAP_IPMB 103
187 #define WTAP_ENCAP_IEEE802_15_4 104
188 #define WTAP_ENCAP_X2E_XORAYA 105
189 #define WTAP_ENCAP_FLEXRAY 106
190 #define WTAP_ENCAP_LIN 107
191 #define WTAP_ENCAP_MOST 108
192 #define WTAP_ENCAP_CAN20B 109
193 #define WTAP_ENCAP_LAYER1_EVENT 110
194 #define WTAP_ENCAP_X2E_SERIAL 111
195 #define WTAP_ENCAP_I2C 112
196 #define WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113
197 #define WTAP_ENCAP_TNEF 114
198 #define WTAP_ENCAP_USB_LINUX_MMAPPED 115
199 #define WTAP_ENCAP_GSM_UM 116
200 #define WTAP_ENCAP_DPNSS 117
201 #define WTAP_ENCAP_PACKETLOGGER 118
202 #define WTAP_ENCAP_NSTRACE_1_0 119
203 #define WTAP_ENCAP_NSTRACE_2_0 120
204 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
205 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
206 #define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
207 #define WTAP_ENCAP_IPNET 124
208 #define WTAP_ENCAP_SOCKETCAN 125
209 #define WTAP_ENCAP_IEEE_802_11_NETMON 126
210 #define WTAP_ENCAP_IEEE802_15_4_NOFCS 127
211 #define WTAP_ENCAP_RAW_IPFIX 128
212 #define WTAP_ENCAP_RAW_IP4 129
213 #define WTAP_ENCAP_RAW_IP6 130
214 #define WTAP_ENCAP_LAPD 131
215 #define WTAP_ENCAP_DVBCI 132
216 #define WTAP_ENCAP_MUX27010 133
217 #define WTAP_ENCAP_MIME 134
218 #define WTAP_ENCAP_NETANALYZER 135
219 #define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
220 #define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
221 #define WTAP_ENCAP_MPEG_2_TS 138
222 #define WTAP_ENCAP_PPP_ETHER 139
223 #define WTAP_ENCAP_NFC_LLCP 140
224 #define WTAP_ENCAP_NFLOG 141
225 #define WTAP_ENCAP_V5_EF 142
226 #define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
227 #define WTAP_ENCAP_IXVERIWAVE 144
228 #define WTAP_ENCAP_SDH 145
229 #define WTAP_ENCAP_DBUS 146
230 #define WTAP_ENCAP_AX25_KISS 147
231 #define WTAP_ENCAP_AX25 148
232 #define WTAP_ENCAP_SCTP 149
233 #define WTAP_ENCAP_INFINIBAND 150
234 #define WTAP_ENCAP_JUNIPER_SVCS 151
235 #define WTAP_ENCAP_USBPCAP 152
236 #define WTAP_ENCAP_RTAC_SERIAL 153
237 #define WTAP_ENCAP_BLUETOOTH_LE_LL 154
238 #define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
239 #define WTAP_ENCAP_STANAG_4607 156
240 #define WTAP_ENCAP_STANAG_5066_D_PDU 157
241 #define WTAP_ENCAP_NETLINK 158
242 #define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
243 #define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
244 #define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
245 #define WTAP_ENCAP_NSTRACE_3_0 162
246 #define WTAP_ENCAP_LOGCAT 163
247 #define WTAP_ENCAP_LOGCAT_BRIEF 164
248 #define WTAP_ENCAP_LOGCAT_PROCESS 165
249 #define WTAP_ENCAP_LOGCAT_TAG 166
250 #define WTAP_ENCAP_LOGCAT_THREAD 167
251 #define WTAP_ENCAP_LOGCAT_TIME 168
252 #define WTAP_ENCAP_LOGCAT_THREADTIME 169
253 #define WTAP_ENCAP_LOGCAT_LONG 170
254 #define WTAP_ENCAP_PKTAP 171
255 #define WTAP_ENCAP_EPON 172
256 #define WTAP_ENCAP_IPMI_TRACE 173
257 #define WTAP_ENCAP_LOOP 174
258 #define WTAP_ENCAP_JSON 175
259 #define WTAP_ENCAP_NSTRACE_3_5 176
260 #define WTAP_ENCAP_ISO14443 177
261 #define WTAP_ENCAP_GFP_T 178
262 #define WTAP_ENCAP_GFP_F 179
263 #define WTAP_ENCAP_IP_OVER_IB_PCAP 180
264 #define WTAP_ENCAP_JUNIPER_VN 181
265 #define WTAP_ENCAP_USB_DARWIN 182
266 #define WTAP_ENCAP_LORATAP 183
267 #define WTAP_ENCAP_3MB_ETHERNET 184
268 #define WTAP_ENCAP_VSOCK 185
269 #define WTAP_ENCAP_NORDIC_BLE 186
270 #define WTAP_ENCAP_NETMON_NET_NETEVENT 187
271 #define WTAP_ENCAP_NETMON_HEADER 188
272 #define WTAP_ENCAP_NETMON_NET_FILTER 189
273 #define WTAP_ENCAP_NETMON_NETWORK_INFO_EX 190
274 #define WTAP_ENCAP_MA_WFP_CAPTURE_V4 191
275 #define WTAP_ENCAP_MA_WFP_CAPTURE_V6 192
276 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V4 193
277 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V6 194
278 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 195
279 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 196
280 #define WTAP_ENCAP_JUNIPER_ST 197
281 #define WTAP_ENCAP_ETHERNET_MPACKET 198
282 #define WTAP_ENCAP_DOCSIS31_XRA31 199
283 
284 /* After adding new item here, please also add new item to encap_table_base array */
285 
286 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
287 
288 /* File types/subtypes that can be read by wiretap.
289  We support writing many of these file types, too, so we
290  distinguish between different subtypes of them, as
291  different subtypes need to be written in a different
292  fashion. */
293 #define WTAP_FILE_TYPE_SUBTYPE_UNKNOWN 0
294 #define WTAP_FILE_TYPE_SUBTYPE_PCAP 1
295 #define WTAP_FILE_TYPE_SUBTYPE_PCAPNG 2
296 #define WTAP_FILE_TYPE_SUBTYPE_PCAP_NSEC 3
297 #define WTAP_FILE_TYPE_SUBTYPE_PCAP_AIX 4
298 #define WTAP_FILE_TYPE_SUBTYPE_PCAP_SS991029 5
299 #define WTAP_FILE_TYPE_SUBTYPE_PCAP_NOKIA 6
300 #define WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990417 7
301 #define WTAP_FILE_TYPE_SUBTYPE_PCAP_SS990915 8
302 #define WTAP_FILE_TYPE_SUBTYPE_5VIEWS 9
303 #define WTAP_FILE_TYPE_SUBTYPE_IPTRACE_1_0 10
304 #define WTAP_FILE_TYPE_SUBTYPE_IPTRACE_2_0 11
305 #define WTAP_FILE_TYPE_SUBTYPE_BER 12
306 #define WTAP_FILE_TYPE_SUBTYPE_HCIDUMP 13
307 #define WTAP_FILE_TYPE_SUBTYPE_CATAPULT_DCT2000 14
308 #define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_OLD 15
309 #define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_0 16
310 #define WTAP_FILE_TYPE_SUBTYPE_COSINE 17
311 #define WTAP_FILE_TYPE_SUBTYPE_CSIDS 18
312 #define WTAP_FILE_TYPE_SUBTYPE_DBS_ETHERWATCH 19
313 #define WTAP_FILE_TYPE_SUBTYPE_ERF 20
314 #define WTAP_FILE_TYPE_SUBTYPE_EYESDN 21
315 #define WTAP_FILE_TYPE_SUBTYPE_NETTL 22
316 #define WTAP_FILE_TYPE_SUBTYPE_ISERIES 23
317 #define WTAP_FILE_TYPE_SUBTYPE_ISERIES_UNICODE 24
318 #define WTAP_FILE_TYPE_SUBTYPE_I4BTRACE 25
319 #define WTAP_FILE_TYPE_SUBTYPE_ASCEND 26
320 #define WTAP_FILE_TYPE_SUBTYPE_NETMON_1_x 27
321 #define WTAP_FILE_TYPE_SUBTYPE_NETMON_2_x 28
322 #define WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_UNCOMPRESSED 29
323 #define WTAP_FILE_TYPE_SUBTYPE_NGSNIFFER_COMPRESSED 30
324 #define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_1_1 31
325 #define WTAP_FILE_TYPE_SUBTYPE_NETXRAY_2_00x 32
326 #define WTAP_FILE_TYPE_SUBTYPE_NETWORK_INSTRUMENTS 33
327 #define WTAP_FILE_TYPE_SUBTYPE_LANALYZER 34
328 #define WTAP_FILE_TYPE_SUBTYPE_PPPDUMP 35
329 #define WTAP_FILE_TYPE_SUBTYPE_RADCOM 36
330 #define WTAP_FILE_TYPE_SUBTYPE_SNOOP 37
331 #define WTAP_FILE_TYPE_SUBTYPE_SHOMITI 38
332 #define WTAP_FILE_TYPE_SUBTYPE_VMS 39
333 #define WTAP_FILE_TYPE_SUBTYPE_K12 40
334 #define WTAP_FILE_TYPE_SUBTYPE_TOSHIBA 41
335 #define WTAP_FILE_TYPE_SUBTYPE_VISUAL_NETWORKS 42
336 #define WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V56 43
337 #define WTAP_FILE_TYPE_SUBTYPE_PEEKCLASSIC_V7 44
338 #define WTAP_FILE_TYPE_SUBTYPE_PEEKTAGGED 45
339 #define WTAP_FILE_TYPE_SUBTYPE_MPEG 46
340 #define WTAP_FILE_TYPE_SUBTYPE_K12TEXT 47
341 #define WTAP_FILE_TYPE_SUBTYPE_NETSCREEN 48
342 #define WTAP_FILE_TYPE_SUBTYPE_COMMVIEW 49
343 #define WTAP_FILE_TYPE_SUBTYPE_BTSNOOP 50
344 #define WTAP_FILE_TYPE_SUBTYPE_TNEF 51
345 #define WTAP_FILE_TYPE_SUBTYPE_DCT3TRACE 52
346 #define WTAP_FILE_TYPE_SUBTYPE_PACKETLOGGER 53
347 #define WTAP_FILE_TYPE_SUBTYPE_DAINTREE_SNA 54
348 #define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_1_0 55
349 #define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_2_0 56
350 #define WTAP_FILE_TYPE_SUBTYPE_JPEG_JFIF 57 /* obsoleted by WTAP_FILE_TYPE_SUBTYPE_MIME */
351 #define WTAP_FILE_TYPE_SUBTYPE_IPFIX 58
352 #define WTAP_FILE_TYPE_SUBTYPE_MIME 59
353 #define WTAP_FILE_TYPE_SUBTYPE_AETHRA 60
354 #define WTAP_FILE_TYPE_SUBTYPE_MPEG_2_TS 61
355 #define WTAP_FILE_TYPE_SUBTYPE_VWR_80211 62
356 #define WTAP_FILE_TYPE_SUBTYPE_VWR_ETH 63
357 #define WTAP_FILE_TYPE_SUBTYPE_CAMINS 64
358 #define WTAP_FILE_TYPE_SUBTYPE_STANAG_4607 65
359 #define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_0 66
360 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT 67
361 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_BRIEF 68
362 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_PROCESS 69
363 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TAG 70
364 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREAD 71
365 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_TIME 72
366 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_THREADTIME 73
367 #define WTAP_FILE_TYPE_SUBTYPE_LOGCAT_LONG 74
368 #define WTAP_FILE_TYPE_SUBTYPE_COLASOFT_CAPSA 75
369 #define WTAP_FILE_TYPE_SUBTYPE_COLASOFT_PACKET_BUILDER 76
370 #define WTAP_FILE_TYPE_SUBTYPE_JSON 77
371 #define WTAP_FILE_TYPE_SUBTYPE_NETSCALER_3_5 78
372 #define WTAP_FILE_TYPE_SUBTYPE_NETTRACE_3GPP_32_423 79
373 #define WTAP_FILE_TYPE_SUBTYPE_MPLOG 80
374 
375 #define WTAP_NUM_FILE_TYPES_SUBTYPES wtap_get_num_file_types_subtypes()
376 
377 /* timestamp precision (currently only these values are supported) */
378 #define WTAP_TSPREC_UNKNOWN -2
379 #define WTAP_TSPREC_PER_PACKET -1 /* as a per-file value, means per-packet */
380 #define WTAP_TSPREC_SEC 0
381 #define WTAP_TSPREC_DSEC 1
382 #define WTAP_TSPREC_CSEC 2
383 #define WTAP_TSPREC_MSEC 3
384 #define WTAP_TSPREC_USEC 6
385 #define WTAP_TSPREC_NSEC 9
386 /* if you add to the above, update wtap_tsprec_string() */
387 
388 /*
389  * We support one maximum packet size for most link-layer header types
390  * and another for D-Bus, because the maximum packet size for D-Bus
391  * is 128MB, as per
392  *
393  * https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
394  *
395  * and that's a lot bigger than the 256KB that we use elsewhere.
396  *
397  * We don't want to write out files that specify a maximum packet size of
398  * 128MB if we don't have to, as software reading those files might
399  * allocate a buffer much larger than necessary, wasting memory.
400  */
401 #define WTAP_MAX_PACKET_SIZE_STANDARD 262144
402 #define WTAP_MAX_PACKET_SIZE_DBUS (128*1024*1024)
403 
404 /*
405  * "Pseudo-headers" are used to supply to the clients of wiretap
406  * per-packet information that's not part of the packet payload
407  * proper.
408  *
409  * NOTE: do not use pseudo-header structures to hold information
410  * used by the code to read a particular capture file type; to
411  * keep that sort of state information, add a new structure for
412  * that private information to "wtap-int.h", add a pointer to that
413  * type of structure to the "capture" member of the "struct wtap"
414  * structure, and allocate one of those structures and set that member
415  * in the "open" routine for that capture file type if the open
416  * succeeds. See various other capture file type handlers for examples
417  * of that.
418  */
419 
420 
421 /* Packet "pseudo-header" information for Ethernet capture files. */
422 struct eth_phdr {
423  gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
424 };
425 
426 /* Packet "pseudo-header" information for X.25 capture files. */
427 #define FROM_DCE 0x80
428 struct x25_phdr {
429  guint8 flags; /* ENCAP_LAPB, ENCAP_V120 : 1st bit means From DCE */
430 };
431 
432 /* Packet "pseudo-header" information for ISDN capture files. */
433 
434 /* Direction */
435 struct isdn_phdr {
436  gboolean uton;
437  guint8 channel; /* 0 = D-channel; n = B-channel n */
438 };
439 
440 /* Packet "pseudo-header" for ATM capture files.
441  Not all of this information is supplied by all capture types.
442  These originally came from the Network General (DOS-based)
443  ATM Sniffer file format, but we've added some additional
444  items. */
445 
446 /*
447  * Status bits.
448  */
449 #define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
450 #define ATM_NO_HEC 0x02 /* TRUE if the cell has HEC stripped out */
451 #define ATM_AAL2_NOPHDR 0x04 /* TRUE if the AAL2 PDU has no pseudo-header */
452 #define ATM_REASSEMBLY_ERROR 0x08 /* TRUE if this is an incompletely-reassembled PDU */
453 
454 /*
455  * AAL types.
456  */
457 #define AAL_UNKNOWN 0 /* AAL unknown */
458 #define AAL_1 1 /* AAL1 */
459 #define AAL_2 2 /* AAL2 */
460 #define AAL_3_4 3 /* AAL3/4 */
461 #define AAL_5 4 /* AAL5 */
462 #define AAL_USER 5 /* User AAL */
463 #define AAL_SIGNALLING 6 /* Signaling AAL */
464 #define AAL_OAMCELL 7 /* OAM cell */
465 
466 /*
467  * Traffic types.
468  */
469 #define TRAF_UNKNOWN 0 /* Unknown */
470 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
471 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
472 #define TRAF_LANE 3 /* LAN Emulation */
473 #define TRAF_ILMI 4 /* ILMI */
474 #define TRAF_FR 5 /* Frame Relay */
475 #define TRAF_SPANS 6 /* FORE SPANS */
476 #define TRAF_IPSILON 7 /* Ipsilon */
477 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
478 #define TRAF_GPRS_NS 9 /* GPRS Network Services */
479 #define TRAF_SSCOP 10 /* SSCOP */
480 
481 /*
482  * Traffic subtypes.
483  */
484 #define TRAF_ST_UNKNOWN 0 /* Unknown */
485 
486 /*
487  * For TRAF_VCMX:
488  */
489 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
490 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
491 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
492 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
493 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
494 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
495 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
496 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
497 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
498 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
499 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
500 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
501 
502 /*
503  * For TRAF_LANE:
504  */
505 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
506 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
507 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
508 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
509 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
510 
511 /*
512  * For TRAF_IPSILON:
513  */
514 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
515 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
516 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
517 
518 struct atm_phdr {
519  guint32 flags; /* status flags */
520  guint8 aal; /* AAL of the traffic */
521  guint8 type; /* traffic type */
522  guint8 subtype; /* traffic subtype */
523  guint16 vpi; /* virtual path identifier */
524  guint16 vci; /* virtual circuit identifier */
525  guint8 aal2_cid; /* channel id */
526  guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
527  guint16 cells; /* number of cells */
528  guint16 aal5t_u2u; /* user-to-user indicator */
529  guint16 aal5t_len; /* length of the packet */
530  guint32 aal5t_chksum; /* checksum for AAL5 packet */
531 };
532 
533 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
534  "wandisplay", and similar commands on Lucent/Ascend access equipment. */
535 
536 #define ASCEND_MAX_STR_LEN 64
537 
538 #define ASCEND_PFX_WDS_X 1
539 #define ASCEND_PFX_WDS_R 2
540 #define ASCEND_PFX_WDD 3
541 #define ASCEND_PFX_ISDN_X 4
542 #define ASCEND_PFX_ISDN_R 5
543 #define ASCEND_PFX_ETHER 6
544 
545 struct ascend_phdr {
546  guint16 type; /* ASCEND_PFX_*, as defined above */
547  char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
548  guint32 sess; /* Session number, from wandsession header */
549  char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
550  guint32 chunk; /* Chunk number, from WDD header */
551  guint32 task; /* Task number */
552 };
553 
554 /* Also defined in epan/packet_info.h */
555 #define P2P_DIR_UNKNOWN -1
556 #define P2P_DIR_SENT 0
557 #define P2P_DIR_RECV 1
558 
559 /* Packet "pseudo-header" for point-to-point links with direction flags. */
560 struct p2p_phdr {
561  int sent; /* TRUE=sent, FALSE=received, -1=unknown*/
562 };
563 
564 /*
565  * Packet "pseudo-header" information for 802.11.
566  * Radio information is only present in this form for
567  * WTAP_ENCAP_IEEE_802_11_WITH_RADIO. This is used for file formats in
568  * which the radio information isn't provided as a pseudo-header in the
569  * packet data. It is also used by the dissectors for the pseudo-headers
570  * in the packet data to supply radio information, in a form independent
571  * of the file format and pseudo-header format, to the "802.11 radio"
572  * dissector.
573  *
574  * Signal strength, etc. information:
575  *
576  * Raw signal strength can be measured in milliwatts.
577  * It can also be represented as dBm, which is 10 times the log base 10
578  * of the signal strength in mW.
579  *
580  * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
581  * The actual RSSI value for a given signal strength is dependent on the
582  * vendor (and perhaps on the adapter). The maximum possible RSSI value
583  * is also dependent on the vendor and perhaps the adapter.
584  *
585  * The signal strength can be represented as a percentage, which is 100
586  * times the ratio of the RSSI and the maximum RSSI.
587  */
588 
589 /*
590  * PHY types.
591  */
592 #define PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */
593 #define PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */
594 #define PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */
595 #define PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */
596 #define PHDR_802_11_PHY_11B 4 /* 802.11b */
597 #define PHDR_802_11_PHY_11A 5 /* 802.11a */
598 #define PHDR_802_11_PHY_11G 6 /* 802.11g */
599 #define PHDR_802_11_PHY_11N 7 /* 802.11n */
600 #define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
601 #define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
602 
603 /*
604  * PHY-specific information.
605  */
606 
607 /*
608  * 802.11 legacy FHSS.
609  */
611  guint has_hop_set:1;
612  guint has_hop_pattern:1;
613  guint has_hop_index:1;
614 
615  guint8 hop_set; /* Hop set */
616  guint8 hop_pattern; /* Hop pattern */
617  guint8 hop_index; /* Hop index */
618 };
619 
620 /*
621  * 802.11b.
622  */
623 struct ieee_802_11b {
624  /* Which of this information is present? */
625  guint has_short_preamble:1;
626 
627  gboolean short_preamble; /* Short preamble */
628 };
629 
630 /*
631  * 802.11a.
632  */
633 struct ieee_802_11a {
634  /* Which of this information is present? */
635  guint has_channel_type:1;
636  guint has_turbo_type:1;
637 
638  guint channel_type:2;
639  guint turbo_type:2;
640 };
641 
642 /*
643  * Channel type values.
644  */
645 #define PHDR_802_11A_CHANNEL_TYPE_NORMAL 0
646 #define PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1
647 #define PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2
648 
649 /*
650  * "Turbo" is an Atheros proprietary extension with 40 MHz-wide channels.
651  * It can be dynamic or static.
652  *
653  * See
654  *
655  * http://wifi-insider.com/atheros/turbo.htm
656  */
657 #define PHDR_802_11A_TURBO_TYPE_NORMAL 0
658 #define PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know wehther it's static or dynamic */
659 #define PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2
660 #define PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3
661 
662 /*
663  * 802.11g.
664  */
665 struct ieee_802_11g {
666  /* Which of this information is present? */
667  guint has_short_preamble:1;
668  guint has_mode:1;
669 
670  gboolean short_preamble; /* Short preamble */
671  guint32 mode; /* Various proprietary extensions */
672 };
673 
674 /*
675  * Mode values.
676  */
677 #define PHDR_802_11G_MODE_NORMAL 0
678 #define PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */
679 
680 /*
681  * 802.11n.
682  */
683 struct ieee_802_11n {
684  /* Which of this information is present? */
685  guint has_mcs_index:1;
686  guint has_bandwidth:1;
687  guint has_short_gi:1;
688  guint has_greenfield:1;
689  guint has_fec:1;
690  guint has_stbc_streams:1;
691  guint has_ness:1;
692 
693  guint16 mcs_index; /* MCS index */
694  guint bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
695  guint short_gi:1; /* True for short guard interval */
696  guint greenfield:1; /* True for greenfield, short for mixed */
697  guint fec:1; /* FEC: 0 = BCC, 1 = LDPC */
698  guint stbc_streams:2; /* Number of STBC streams */
699  guint ness; /* Number of extension spatial streams */
700 };
701 
702 /*
703  * Bandwidth values; used for both 11n and 11ac.
704  */
705 #define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
706 #define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
707 #define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */
708 #define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */
709 #define PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */
710 #define PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */
711 #define PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */
712 #define PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */
713 #define PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */
714 #define PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */
715 #define PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */
716 #define PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */
717 #define PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */
718 #define PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */
719 #define PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */
720 #define PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */
721 #define PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */
722 #define PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */
723 #define PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */
724 #define PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */
725 #define PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */
726 #define PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */
727 #define PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */
728 #define PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */
729 #define PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */
730 #define PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */
731 
732 /*
733  * 802.11ac.
734  */
736  /* Which of this information is present? */
737  guint has_stbc:1;
738  guint has_txop_ps_not_allowed:1;
739  guint has_short_gi:1;
740  guint has_short_gi_nsym_disambig:1;
741  guint has_ldpc_extra_ofdm_symbol:1;
742  guint has_beamformed:1;
743  guint has_bandwidth:1;
744  guint has_fec:1;
745  guint has_group_id:1;
746  guint has_partial_aid:1;
747 
748  guint stbc:1; /* 1 if all spatial streams have STBC */
749  guint txop_ps_not_allowed:1;
750  guint short_gi:1; /* True for short guard interval */
751  guint short_gi_nsym_disambig:1;
752  guint ldpc_extra_ofdm_symbol:1;
753  guint beamformed:1;
754  guint8 bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
755  guint8 mcs[4]; /* MCS index per user */
756  guint8 nss[4]; /* NSS per user */
757  guint8 fec; /* Bit array of FEC per user: 0 = BCC, 1 = LDPC */
758  guint8 group_id;
759  guint16 partial_aid;
760 };
761 
762 /*
763  * 802.11ad.
764  */
765 
766 /*
767  * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
768  */
769 
770 #define PHDR_802_11AD_MIN_FREQUENCY 57000
771 #define PHDR_802_11AD_MAX_FREQUENCY 66000
772 
773 #define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
774  ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
775 
777  /* Which of this information is present? */
778  guint has_mcs_index:1;
779 
780  guint8 mcs; /* MCS index */
781 };
782 
784  struct ieee_802_11_fhss info_11_fhss;
785  struct ieee_802_11b info_11b;
786  struct ieee_802_11a info_11a;
787  struct ieee_802_11g info_11g;
788  struct ieee_802_11n info_11n;
789  struct ieee_802_11ac info_11ac;
790  struct ieee_802_11ad info_11ad;
791 };
792 
794  gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
795  gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */
796  gboolean datapad; /* TRUE if frame has padding between 802.11 header and payload */
797  guint phy; /* PHY type */
798  union ieee_802_11_phy_info phy_info;
799 
800  /* Which of this information is present? */
801  guint has_channel:1;
802  guint has_frequency:1;
803  guint has_data_rate:1;
804  guint has_signal_percent:1;
805  guint has_noise_percent:1;
806  guint has_signal_dbm:1;
807  guint has_noise_dbm:1;
808  guint has_tsf_timestamp:1;
809  guint has_aggregate_info:1; /* aggregate flags and ID */
810 
811  guint16 channel; /* Channel number */
812  guint32 frequency; /* Channel center frequency */
813  guint16 data_rate; /* Data rate, in .5 Mb/s units */
814  guint8 signal_percent; /* Signal level, as a percentage */
815  guint8 noise_percent; /* Noise level, as a percentage */
816  gint8 signal_dbm; /* Signal level, in dBm */
817  gint8 noise_dbm; /* Noise level, in dBm */
818  guint64 tsf_timestamp;
819  guint32 aggregate_flags; /* A-MPDU flags */
820  guint32 aggregate_id; /* ID for A-MPDU reassembly */
821 };
822 
823 /*
824  * A-MPDU flags.
825  */
826 #define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
827 #define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
828 
829 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
830 
831 #define COSINE_MAX_IF_NAME_LEN 128
832 
833 #define COSINE_ENCAP_TEST 1
834 #define COSINE_ENCAP_PPoATM 2
835 #define COSINE_ENCAP_PPoFR 3
836 #define COSINE_ENCAP_ATM 4
837 #define COSINE_ENCAP_FR 5
838 #define COSINE_ENCAP_HDLC 6
839 #define COSINE_ENCAP_PPP 7
840 #define COSINE_ENCAP_ETH 8
841 #define COSINE_ENCAP_UNKNOWN 99
842 
843 #define COSINE_DIR_TX 1
844 #define COSINE_DIR_RX 2
845 
846 struct cosine_phdr {
847  guint8 encap; /* COSINE_ENCAP_* as defined above */
848  guint8 direction; /* COSINE_DIR_*, as defined above */
849  char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
850  guint16 pro; /* Protocol */
851  guint16 off; /* Offset */
852  guint16 pri; /* Priority */
853  guint16 rm; /* Rate Marking */
854  guint16 err; /* Error Code */
855 };
856 
857 /* Packet "pseudo-header" for IrDA capture files. */
858 
859 /*
860  * Direction of the packet
861  */
862 #define IRDA_INCOMING 0x0000
863 #define IRDA_OUTGOING 0x0004
864 
865 /*
866  * "Inline" log messages produced by IrCOMM2k on Windows
867  */
868 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
869 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
870 
871 /*
872  * Differentiate between frames and log messages
873  */
874 #define IRDA_CLASS_FRAME 0x0000
875 #define IRDA_CLASS_LOG 0x0100
876 #define IRDA_CLASS_MASK 0xFF00
877 
878 struct irda_phdr {
879  guint16 pkttype; /* packet type */
880 };
881 
882 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
883 
884 struct nettl_phdr {
885  guint16 subsys;
886  guint32 devid;
887  guint32 kind;
888  gint32 pid;
889  guint16 uid;
890 };
891 
892 /* Packet "pseudo-header" for MTP2 files. */
893 
894 #define MTP2_ANNEX_A_NOT_USED 0
895 #define MTP2_ANNEX_A_USED 1
896 #define MTP2_ANNEX_A_USED_UNKNOWN 2
897 
898 struct mtp2_phdr {
899  guint8 sent;
900  guint8 annex_a_used;
901  guint16 link_number;
902 };
903 
904 /* Packet "pseudo-header" for K12 files. */
905 
906 typedef union {
907  struct {
908  guint16 vp;
909  guint16 vc;
910  guint16 cid;
911  } atm;
912 
913  guint32 ds0mask;
915 
916 struct k12_phdr {
917  guint32 input;
918  const gchar *input_name;
919  const gchar *stack_file;
920  guint32 input_type;
921  k12_input_info_t input_info;
922  guint8 *extra_info;
923  guint32 extra_length;
924  void* stuff;
925 };
926 
927 #define K12_PORT_DS0S 0x00010008
928 #define K12_PORT_DS1 0x00100008
929 #define K12_PORT_ATMPVC 0x01020000
930 
931 struct lapd_phdr {
932  guint16 pkttype; /* packet type */
933  guint8 we_network;
934 };
935 
936 struct wtap;
938 {
939  union
940  {
941  struct isdn_phdr isdn;
942  struct atm_phdr atm;
943  struct p2p_phdr p2p;
944  } inner_pseudo_header;
945  gint64 seek_off;
946  struct wtap *wth;
947 };
948 
949 /*
950  * Endace Record Format pseudo header
951  */
952 struct erf_phdr {
953  guint64 ts; /* Time stamp */
954  guint8 type;
955  guint8 flags;
956  guint16 rlen;
957  guint16 lctr;
958  guint16 wlen;
959 };
960 
961 struct erf_ehdr {
962  guint64 ehdr;
963 };
964 
965 /*
966  * ERF pseudo header with optional subheader
967  * (Multichannel or Ethernet)
968  */
969 
970 #define MAX_ERF_EHDR 16
971 
973  guint8 offset;
974  guint8 pad;
975 };
976 
977 struct erf_mc_phdr {
978  struct erf_phdr phdr;
979  struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
980  union
981  {
982  struct wtap_erf_eth_hdr eth_hdr;
983  guint32 mc_hdr;
984  guint32 aal2_hdr;
985  } subhdr;
986 };
987 
988 #define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
989 #define SITA_FRAME_DIR_RXED (0x01)
990 #define SITA_FRAME_DIR (0x01) /* mask */
991 #define SITA_ERROR_NO_BUFFER (0x80)
992 
993 #define SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */
994 #define SITA_SIG_DTR (0x02)
995 #define SITA_SIG_CTS (0x04)
996 #define SITA_SIG_RTS (0x08)
997 #define SITA_SIG_DCD (0x10)
998 #define SITA_SIG_UNDEF1 (0x20)
999 #define SITA_SIG_UNDEF2 (0x40)
1000 #define SITA_SIG_UNDEF3 (0x80)
1001 
1002 #define SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */
1003 #define SITA_ERROR_TX_CTS_LOST (0x02)
1004 #define SITA_ERROR_TX_UART_ERROR (0x04)
1005 #define SITA_ERROR_TX_RETX_LIMIT (0x08)
1006 #define SITA_ERROR_TX_UNDEF1 (0x10)
1007 #define SITA_ERROR_TX_UNDEF2 (0x20)
1008 #define SITA_ERROR_TX_UNDEF3 (0x40)
1009 #define SITA_ERROR_TX_UNDEF4 (0x80)
1010 
1011 #define SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */
1012 #define SITA_ERROR_RX_PARITY (0x02)
1013 #define SITA_ERROR_RX_COLLISION (0x04)
1014 #define SITA_ERROR_RX_FRAME_LONG (0x08)
1015 #define SITA_ERROR_RX_FRAME_SHORT (0x10)
1016 #define SITA_ERROR_RX_UNDEF1 (0x20)
1017 #define SITA_ERROR_RX_UNDEF2 (0x40)
1018 #define SITA_ERROR_RX_UNDEF3 (0x80)
1019 
1020 #define SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */
1021 #define SITA_ERROR_RX_ABORT (0x02)
1022 #define SITA_ERROR_RX_CD_LOST (0x04)
1023 #define SITA_ERROR_RX_DPLL (0x08)
1024 #define SITA_ERROR_RX_OVERRUN (0x10)
1025 #define SITA_ERROR_RX_FRAME_LEN_VIOL (0x20)
1026 #define SITA_ERROR_RX_CRC (0x40)
1027 #define SITA_ERROR_RX_BREAK (0x80)
1028 
1029 #define SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */
1030 #define SITA_PROTO_BOP_LAPB (0x01)
1031 #define SITA_PROTO_ETHERNET (0x02)
1032 #define SITA_PROTO_ASYNC_INTIO (0x03)
1033 #define SITA_PROTO_ASYNC_BLKIO (0x04)
1034 #define SITA_PROTO_ALC (0x05)
1035 #define SITA_PROTO_UTS (0x06)
1036 #define SITA_PROTO_PPP_HDLC (0x07)
1037 #define SITA_PROTO_SDLC (0x08)
1038 #define SITA_PROTO_TOKENRING (0x09)
1039 #define SITA_PROTO_I2C (0x10)
1040 #define SITA_PROTO_DPM_LINK (0x11)
1041 #define SITA_PROTO_BOP_FRL (0x12)
1042 
1043 struct sita_phdr {
1044  guint8 sita_flags;
1045  guint8 sita_signals;
1046  guint8 sita_errors1;
1047  guint8 sita_errors2;
1048  guint8 sita_proto;
1049 };
1050 
1051 /*pseudo header for Bluetooth HCI*/
1052 struct bthci_phdr {
1053  gboolean sent;
1054  guint32 channel;
1055 };
1056 
1057 #define BTHCI_CHANNEL_COMMAND 1
1058 #define BTHCI_CHANNEL_ACL 2
1059 #define BTHCI_CHANNEL_SCO 3
1060 #define BTHCI_CHANNEL_EVENT 4
1061 
1062 /* pseudo header for WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
1063 struct btmon_phdr {
1064  guint16 adapter_id;
1065  guint16 opcode;
1066 };
1067 
1068 /* pseudo header for WTAP_ENCAP_LAYER1_EVENT */
1070  gboolean uton;
1071 };
1072 
1073 /* * I2C pseudo header */
1074 struct i2c_phdr {
1075  guint8 is_event;
1076  guint8 bus;
1077  guint32 flags;
1078 };
1079 
1080 /* pseudo header for WTAP_ENCAP_GSM_UM */
1081 struct gsm_um_phdr {
1082  gboolean uplink;
1083  guint8 channel;
1084  /* The following are only populated for downlink */
1085  guint8 bsic;
1086  guint16 arfcn;
1087  guint32 tdma_frame;
1088  guint8 error;
1089  guint16 timeshift;
1090 };
1091 
1092 #define GSM_UM_CHANNEL_UNKNOWN 0
1093 #define GSM_UM_CHANNEL_BCCH 1
1094 #define GSM_UM_CHANNEL_SDCCH 2
1095 #define GSM_UM_CHANNEL_SACCH 3
1096 #define GSM_UM_CHANNEL_FACCH 4
1097 #define GSM_UM_CHANNEL_CCCH 5
1098 #define GSM_UM_CHANNEL_RACH 6
1099 #define GSM_UM_CHANNEL_AGCH 7
1100 #define GSM_UM_CHANNEL_PCH 8
1101 
1102 /* Pseudo-header for nstrace packets */
1103 struct nstr_phdr {
1104  gint64 rec_offset;
1105  gint32 rec_len;
1106  guint8 nicno_offset;
1107  guint8 nicno_len;
1108  guint8 dir_offset;
1109  guint8 dir_len;
1110  guint8 eth_offset;
1111  guint8 pcb_offset;
1112  guint8 l_pcb_offset;
1113  guint8 rec_type;
1114  guint8 vlantag_offset;
1115  guint8 coreid_offset;
1116  guint8 srcnodeid_offset;
1117  guint8 destnodeid_offset;
1118  guint8 clflags_offset;
1119  guint8 src_vmname_len_offset;
1120  guint8 dst_vmname_len_offset;
1121  guint8 ns_activity_offset;
1122  guint8 data_offset;
1123 };
1124 
1125 /* Packet "pseudo-header" for Nokia output */
1126 struct nokia_phdr {
1127  struct eth_phdr eth;
1128  guint8 stuff[4]; /* mysterious stuff */
1129 };
1130 
1131 #define LLCP_PHDR_FLAG_SENT 0
1132 struct llcp_phdr {
1133  guint8 adapter;
1134  guint8 flags;
1135 };
1136 
1137 /* pseudo header for WTAP_ENCAP_LOGCAT */
1138 struct logcat_phdr {
1139  gint version;
1140 };
1141 
1142 /* Packet "pseudo-header" information for header data from NetMon files. */
1143 
1144 struct netmon_phdr {
1145  guint32 titleLength; /* Number of bytes in the comment title */
1146  guint8* title; /* Comment title */
1147  guint32 descLength; /* Number of bytes in the comment description */
1148  guint8* description; /* Comment description */
1149  guint sub_encap; /* "Real" encap value for the record that will be used once pseudo header data is display */
1151  struct eth_phdr eth;
1152  struct atm_phdr atm;
1153  struct ieee_802_11_phdr ieee_802_11;
1154  } subheader;
1155 };
1156 
1158  struct eth_phdr eth;
1159  struct x25_phdr x25;
1160  struct isdn_phdr isdn;
1161  struct atm_phdr atm;
1162  struct ascend_phdr ascend;
1163  struct p2p_phdr p2p;
1164  struct ieee_802_11_phdr ieee_802_11;
1165  struct cosine_phdr cosine;
1166  struct irda_phdr irda;
1167  struct nettl_phdr nettl;
1168  struct mtp2_phdr mtp2;
1169  struct k12_phdr k12;
1170  struct lapd_phdr lapd;
1171  struct catapult_dct2000_phdr dct2000;
1172  struct erf_mc_phdr erf;
1173  struct sita_phdr sita;
1174  struct bthci_phdr bthci;
1175  struct btmon_phdr btmon;
1176  struct l1event_phdr l1event;
1177  struct i2c_phdr i2c;
1178  struct gsm_um_phdr gsm_um;
1179  struct nstr_phdr nstr;
1180  struct nokia_phdr nokia;
1181  struct llcp_phdr llcp;
1182  struct logcat_phdr logcat;
1183  struct netmon_phdr netmon;
1184 };
1185 
1186 /*
1187  * Record type values.
1188  *
1189  * This list will expand over time, so don't assume everything will
1190  * forever be one of the types listed below.
1191  *
1192  * For file-type-specific records, the "ftsrec" field of the pseudo-header
1193  * contains a file-type-specific subtype value, such as a block type for
1194  * a pcapng file.
1195  *
1196  * An "event" is an indication that something happened during the capture
1197  * process, such as a status transition of some sort on the network.
1198  * These should, ideally, have a time stamp and, if they're relevant to
1199  * a particular interface on a multi-interface capture, should also have
1200  * an interface ID. The data for the event is file-type-specific and
1201  * subtype-specific. These should be dissected and displayed just as
1202  * packets are.
1203  *
1204  * A "report" supplies information not corresponding to an event;
1205  * for example, a pcapng Interface Statistics Block would be a report,
1206  * as it doesn't correspond to something happening on the network.
1207  * They may have a time stamp, and should be dissected and displayed
1208  * just as packets are.
1209  *
1210  * We distingiush between "events" and "reports" so that, for example,
1211  * the packet display can show the delta between a packet and an event
1212  * but not show the delta between a packet and a report, as the time
1213  * stamp of a report may not correspond to anything interesting on
1214  * the network but the time stamp of an event would.
1215  *
1216  * XXX - are there any file-type-specific records that *shouldn't* be
1217  * dissected and displayed? If so, they should be parsed and the
1218  * information in them stored somewhere, and used somewhere, whether
1219  * it's just used when saving the file in its native format or also
1220  * used to parse *other* file-type-specific records.
1221  *
1222  * These would be similar to, for example, pcapng Interface Description
1223  * Blocks, for which the position within the file is significant only
1224  * in that an IDB for an interface must appear before any packets from
1225  * the interface; the fact that an IDB appears at some point doesn't
1226  * necessarily mean something happened in the capture at that point.
1227  * Name Resolution Blocks are another example of such a record.
1228  *
1229  * (XXX - if you want to have a record that says "this interface first
1230  * showed up at this time", that needs to be a separate record type
1231  * from the IDB. We *could* add a "New Interface Description Block",
1232  * with a time stamp, for that purpose, but we'd *still* have to
1233  * provide IDBs for those interfaces, for compatibility with programs
1234  * that don't know about the NIDB. An ISB with only an isb_starttime
1235  * option would suffice for this purpose, so nothing needs to be
1236  * added to pcapng for this.)
1237  */
1238 #define REC_TYPE_PACKET 0
1239 #define REC_TYPE_FT_SPECIFIC_EVENT 1
1240 #define REC_TYPE_FT_SPECIFIC_REPORT 2
1241 #define REC_TYPE_SYSCALL 3
1243 typedef struct {
1244  guint32 caplen; /* data length in the file */
1245  guint32 len; /* data length on the wire */
1246  int pkt_encap; /* WTAP_ENCAP_ value for this packet */
1247  /* pcapng variables */
1248  guint32 interface_id; /* identifier of the interface. */
1249  /* options */
1250  guint64 drop_count; /* number of packets lost (by the interface and the
1251  operating system) between this packet and the preceding one. */
1252  guint32 pack_flags; /* XXX - 0 for now (any value for "we don't have it"?) */
1253 
1254  union wtap_pseudo_header pseudo_header;
1256 
1257 typedef struct {
1258  guint record_type; /* the type of record this is - file type-specific value */
1260 
1261 typedef struct {
1262  guint record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
1263  int byte_order;
1264  /* guint32 sentinel; */
1265  guint64 timestamp; /* ns since epoch - XXX dup of ts */
1266  guint64 thread_id;
1267  guint32 event_len; /* length of the event */
1268  guint32 event_filelen; /* event data length in the file */
1269  guint16 event_type;
1270  guint16 cpu_id;
1271  /* ... Event ... */
1273 
1274 typedef struct {
1275  guint rec_type; /* what type of record is this? */
1276  guint32 presence_flags; /* what stuff do we have? */
1277  nstime_t ts; /* time stamp */
1278  int tsprec; /* WTAP_TSPREC_ value for this record */
1279  union {
1280  wtap_packet_header packet_header;
1281  wtap_ft_specific_header ft_specific_header;
1282  wtap_syscall_header syscall_header;
1283  } rec_header;
1284  /*
1285  * XXX - this should become a full set of options.
1286  */
1287  gchar *opt_comment; /* NULL if not available */
1288  gboolean has_comment_changed; /* TRUE if the comment has been changed. Currently only valid while dumping. */
1289 
1290  /*
1291  * We use a Buffer so that we don't have to allocate and free
1292  * a buffer for the options for each record.
1293  */
1294  Buffer options_buf; /* file-type specific data */
1295 } wtap_rec;
1296 
1297 /*
1298  * Bits in presence_flags, indicating which of the fields we have.
1299  *
1300  * For the time stamp, we may need some more flags to indicate
1301  * whether the time stamp is an absolute date-and-time stamp, an
1302  * absolute time-only stamp (which can make relative time
1303  * calculations tricky, as you could in theory have two time
1304  * stamps separated by an unknown number of days), or a time stamp
1305  * relative to some unspecified time in the past (see mpeg.c).
1306  *
1307  * There is no presence flag for len - there has to be *some* length
1308  * value for the packet. (The "captured length" can be missing if
1309  * the file format doesn't report a captured length distinct from
1310  * the on-the-network length because the application(s) producing those
1311  * files don't support slicing packets.)
1312  *
1313  * There could be a presence flag for the packet encapsulation - if it's
1314  * absent, use the file encapsulation - but it's not clear that's useful;
1315  * we currently do that in the module for the file format.
1316  *
1317  * Only WTAP_HAS_TS applies to all record types.
1318  */
1319 #define WTAP_HAS_TS 0x00000001
1320 #define WTAP_HAS_CAP_LEN 0x00000002
1321 #define WTAP_HAS_INTERFACE_ID 0x00000004
1322 #define WTAP_HAS_COMMENTS 0x00000008
1323 #define WTAP_HAS_DROP_COUNT 0x00000010
1324 #define WTAP_HAS_PACK_FLAGS 0x00000020
1329 typedef struct wtapng_section_mandatory_s {
1330  guint64 section_length;
1339 
1345  GArray *interface_data;
1347 
1353  guint64 time_units_per_second;
1356  guint32 snap_len;
1357 
1358  guint8 num_stat_entries;
1362 
1363 /* Interface description data - Option 11 structure */
1365  gchar *if_filter_str;
1368  guint16 bpf_filter_len;
1371 
1376  guint32 interface_id;
1377  guint32 ts_high;
1378  guint32 ts_low;
1380 
1381 #ifndef MAXNAMELEN
1382 #define MAXNAMELEN 64 /* max name length (hostname and port name) */
1383 #endif
1384 
1385 typedef struct hashipv4 {
1386  guint addr;
1387  guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1388  gchar ip[WS_INET_ADDRSTRLEN];
1389  gchar name[MAXNAMELEN];
1390 } hashipv4_t;
1391 
1392 typedef struct hashipv6 {
1393  guint8 addr[16];
1394  guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1395  gchar ip6[WS_INET6_ADDRSTRLEN];
1396  gchar name[MAXNAMELEN];
1397 } hashipv6_t;
1398 
1402 typedef struct addrinfo_lists {
1406 
1407 struct wtap_dumper;
1408 
1409 typedef struct wtap wtap;
1410 typedef struct wtap_dumper wtap_dumper;
1411 
1412 typedef struct wtap_reader *FILE_T;
1413 
1414 /* Similar to the wtap_open_routine_info for open routines, the following
1415  * wtap_wslua_file_info struct is used by wslua code for Lua-based file writers.
1416  *
1417  * This concept is necessary because when wslua goes to invoke the
1418  * registered dump/write_open routine callback in Lua, it needs the ref number representing
1419  * the hooked function inside Lua. This will be stored in the thing pointed to
1420  * by the void* data here. This 'data' pointer will be copied into the
1421  * wtap_dumper struct's 'void* data' member when calling the dump_open function,
1422  * which is how wslua finally retrieves it. Unlike wtap_dumper's 'priv' member, its
1423  * 'data' member is not free'd in wtap_dump_close().
1424  */
1425 typedef struct wtap_wslua_file_info {
1426  int (*wslua_can_write_encap)(int, void*); /* a can_write_encap func for wslua uses */
1427  void* wslua_data; /* holds the wslua data */
1429 
1430 /*
1431  * For registering extensions used for file formats.
1432  *
1433  * These items are used in dialogs for opening files, so that
1434  * the user can ask to see all capture files (as identified
1435  * by file extension) or particular types of capture files.
1436  *
1437  * Each file type has a description, a flag indicating whether it's
1438  * a capture file or just some file whose contents we can dissect,
1439  * and a list of extensions the file might have.
1440  *
1441  * Some file types aren't real file types, they're just generic types,
1442  * such as "text file" or "XML file", that can be used for, among other
1443  * things, captures we can read, or for extensions such as ".cap" that
1444  * were unimaginatively chosen by several different sniffers for their
1445  * file formats.
1446  */
1448  /* the file type name */
1449  const char *name;
1450 
1451  /* TRUE if this is a capture file type */
1452  gboolean is_capture_file;
1453 
1454  /* a semicolon-separated list of file extensions used for this type */
1455  const char *extensions;
1456 };
1457 
1458 /*
1459  * For registering file types that we can open.
1460  *
1461  * Each file type has an open routine and an optional list of extensions
1462  * the file might have.
1463  *
1464  * The open routine should return:
1465  *
1466  * WTAP_OPEN_ERROR on an I/O error;
1467  *
1468  * WTAP_OPEN_MINE if the file it's reading is one of the types
1469  * it handles;
1470  *
1471  * WTAP_OPEN_NOT_MINE if the file it's reading isn't one of the
1472  * types it handles.
1473  *
1474  * If the routine handles this type of file, it should set the "file_type"
1475  * field in the "struct wtap" to the type of the file.
1476  *
1477  * Note that the routine does not have to free the private data pointer on
1478  * error. The caller takes care of that by calling wtap_close on error.
1479  * (See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8518)
1480  *
1481  * However, the caller does have to free the private data pointer when
1482  * returning WTAP_OPEN_NOT_MINE, since the next file type will be called
1483  * and will likely just overwrite the pointer.
1484  */
1485 typedef enum {
1486  WTAP_OPEN_NOT_MINE = 0,
1487  WTAP_OPEN_MINE = 1,
1488  WTAP_OPEN_ERROR = -1
1489 } wtap_open_return_val;
1490 
1491 typedef wtap_open_return_val (*wtap_open_routine_t)(struct wtap*, int *,
1492  char **);
1493 
1494 /*
1495  * Some file formats have defined magic numbers at fixed offsets from
1496  * the beginning of the file; those routines should return 1 if and
1497  * only if the file has the magic number at that offset. (pcapng
1498  * is a bit of a special case, as it has both the Section Header Block
1499  * type field and its byte-order magic field; it checks for both.)
1500  * Those file formats do not require a file name extension in order
1501  * to recognize them or to avoid recognizing other file types as that
1502  * type, and have no extensions specified for them.
1503  *
1504  * Other file formats don't have defined magic numbers at fixed offsets,
1505  * so a heuristic is required. If that file format has any file name
1506  * extensions used for it, a list of those extensions should be
1507  * specified, so that, if the name of the file being opened has an
1508  * extension, the file formats that use that extension are tried before
1509  * the ones that don't, to handle the case where a file of one type
1510  * might be recognized by the heuristics for a different file type.
1511  */
1512 
1513 typedef enum {
1514  OPEN_INFO_MAGIC = 0,
1515  OPEN_INFO_HEURISTIC = 1
1516 } wtap_open_type;
1517 
1518 WS_DLL_PUBLIC void init_open_routines(void);
1519 
1520 void cleanup_open_routines(void);
1521 
1522 struct open_info {
1523  const char *name;
1524  wtap_open_type type;
1525  wtap_open_routine_t open_routine;
1526  const char *extensions;
1527  gchar **extensions_set; /* populated using extensions member during initialization */
1528  void* wslua_data; /* should be NULL for C-code file readers */
1529 };
1530 WS_DLL_PUBLIC struct open_info *open_routines;
1531 
1532 /*
1533  * Types of comments.
1534  */
1535 #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
1536 #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
1537 #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
1538 
1540  /* the file type name */
1541  /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
1542  const char *name;
1543 
1544  /* the file type short name, used as a shortcut for the command line tools */
1545  /* should be NULL for all "pseudo" types that are only internally used and not read/writeable */
1546  const char *short_name;
1547 
1548  /* the default file extension, used to save this type */
1549  /* should be NULL if no default extension is known */
1550  const char *default_file_extension;
1551 
1552  /* a semicolon-separated list of additional file extensions */
1553  /* used for this type */
1554  /* should be NULL if no extensions, or no extensions other */
1555  /* than the default extension, are known */
1556  const char *additional_file_extensions;
1557 
1558  /* when writing this file format, is seeking required? */
1559  gboolean writing_must_seek;
1560 
1561  /* does this type support name resolution records? */
1562  /* should be FALSE is this file type doesn't support name resolution records */
1563  gboolean has_name_resolution;
1564 
1565  /* what types of comment does this file support? */
1566  guint32 supported_comment_types;
1567 
1568  /* can this type write this encapsulation format? */
1569  /* should be NULL is this file type doesn't have write support */
1570  int (*can_write_encap)(int);
1571 
1572  /* the function to open the capture file for writing */
1573  /* should be NULL is this file type don't have write support */
1574  int (*dump_open)(wtap_dumper *, int *);
1575 
1576  /* if can_write_encap returned WTAP_ERR_CHECK_WSLUA, then this is used instead */
1577  /* this should be NULL for everyone except Lua-based file writers */
1578  wtap_wslua_file_info_t *wslua_info;
1579 };
1580 
1581 #define WTAP_TYPE_AUTO 0
1582 
1588 WS_DLL_PUBLIC
1589 void wtap_init(gboolean load_wiretap_plugins);
1590 
1603 WS_DLL_PUBLIC
1604 struct wtap* wtap_open_offline(const char *filename, unsigned int type, int *err,
1605  gchar **err_info, gboolean do_random);
1606 
1612 WS_DLL_PUBLIC
1613 void wtap_cleareof(wtap *wth);
1614 
1619 typedef void (*wtap_new_ipv4_callback_t) (const guint addr, const gchar *name);
1620 WS_DLL_PUBLIC
1621 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
1622 
1623 typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const gchar *name);
1624 WS_DLL_PUBLIC
1625 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
1626 
1630 WS_DLL_PUBLIC
1631 gboolean wtap_read(wtap *wth, int *err, gchar **err_info,
1632  gint64 *data_offset);
1633 
1634 WS_DLL_PUBLIC
1635 gboolean wtap_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec,
1636  Buffer *buf, int *err, gchar **err_info);
1637 
1638 /*** get various information snippets about the current record ***/
1639 WS_DLL_PUBLIC
1640 wtap_rec *wtap_get_rec(wtap *wth);
1641 
1642 WS_DLL_PUBLIC
1643 guint8 *wtap_get_buf_ptr(wtap *wth);
1644 
1645 /*** initialize a wtap_rec structure ***/
1646 WS_DLL_PUBLIC
1647 void wtap_rec_init(wtap_rec *rec);
1648 
1649 /*** clean up a wtap_rec structure, freeing what wtap_rec_init() allocated */
1650 WS_DLL_PUBLIC
1651 void wtap_rec_cleanup(wtap_rec *rec);
1652 
1653 /*** get various information snippets about the current file ***/
1654 
1657 WS_DLL_PUBLIC
1658 gint64 wtap_read_so_far(wtap *wth);
1659 WS_DLL_PUBLIC
1660 gint64 wtap_file_size(wtap *wth, int *err);
1661 WS_DLL_PUBLIC
1662 gboolean wtap_iscompressed(wtap *wth);
1663 WS_DLL_PUBLIC
1664 guint wtap_snapshot_length(wtap *wth); /* per file */
1665 WS_DLL_PUBLIC
1666 int wtap_file_type_subtype(wtap *wth);
1667 WS_DLL_PUBLIC
1668 int wtap_file_encap(wtap *wth);
1669 WS_DLL_PUBLIC
1670 int wtap_file_tsprec(wtap *wth);
1671 
1684 WS_DLL_PUBLIC
1685 wtap_block_t wtap_file_get_shb(wtap *wth);
1686 
1700 WS_DLL_PUBLIC
1701 GArray* wtap_file_get_shb_for_new_file(wtap *wth);
1702 
1713 WS_DLL_PUBLIC
1714 void wtap_write_shb_comment(wtap *wth, gchar *comment);
1715 
1726 WS_DLL_PUBLIC
1727 wtapng_iface_descriptions_t *wtap_file_get_idb_info(wtap *wth);
1728 
1741 WS_DLL_PUBLIC
1742 void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info);
1743 
1755 WS_DLL_PUBLIC
1756 gchar *wtap_get_debug_if_descr(const wtap_block_t if_descr,
1757  const int indent,
1758  const char* line_end);
1759 
1772 WS_DLL_PUBLIC
1773 wtap_block_t wtap_file_get_nrb(wtap *wth);
1774 
1785 WS_DLL_PUBLIC
1786 GArray* wtap_file_get_nrb_for_new_file(wtap *wth);
1787 
1788 /*** close the file descriptors for the current file ***/
1789 WS_DLL_PUBLIC
1790 void wtap_fdclose(wtap *wth);
1791 
1792 /*** reopen the random file descriptor for the current file ***/
1793 WS_DLL_PUBLIC
1794 gboolean wtap_fdreopen(wtap *wth, const char *filename, int *err);
1795 
1797 WS_DLL_PUBLIC
1798 void wtap_sequential_close(wtap *wth);
1799 
1801 WS_DLL_PUBLIC
1802 void wtap_close(wtap *wth);
1803 
1804 /*** dump packets into a capture file ***/
1805 WS_DLL_PUBLIC
1806 gboolean wtap_dump_can_open(int filetype);
1807 
1812 WS_DLL_PUBLIC
1813 int wtap_dump_file_encap_type(const GArray *file_encaps);
1814 
1819 WS_DLL_PUBLIC
1820 gboolean wtap_dump_can_compress(int filetype);
1821 
1826 WS_DLL_PUBLIC
1827 gboolean wtap_dump_has_name_resolution(int filetype);
1828 
1833 WS_DLL_PUBLIC
1834 gboolean wtap_dump_supports_comment_types(int filetype, guint32 comment_types);
1835 
1836 WS_DLL_PUBLIC
1837 wtap_dumper* wtap_dump_open(const char *filename, int file_type_subtype, int encap,
1838  int snaplen, gboolean compressed, int *err);
1839 
1858 WS_DLL_PUBLIC
1859 wtap_dumper* wtap_dump_open_ng(const char *filename, int file_type_subtype, int encap,
1860  int snaplen, gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
1861  GArray* nrb_hdrs, int *err);
1862 
1863 WS_DLL_PUBLIC
1864 wtap_dumper* wtap_dump_open_tempfile(char **filenamep, const char *pfx,
1865  int file_type_subtype, int encap, int snaplen, gboolean compressed,
1866  int *err);
1867 
1888 WS_DLL_PUBLIC
1889 wtap_dumper* wtap_dump_open_tempfile_ng(char **filenamep, const char *pfx,
1890  int file_type_subtype, int encap, int snaplen, gboolean compressed,
1891  GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
1892  GArray* nrb_hdrs, int *err);
1893 
1894 WS_DLL_PUBLIC
1895 wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype, int encap, int snaplen,
1896  gboolean compressed, int *err);
1897 
1916 WS_DLL_PUBLIC
1917 wtap_dumper* wtap_dump_fdopen_ng(int fd, int file_type_subtype, int encap, int snaplen,
1918  gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
1919  GArray* nrb_hdrs, int *err);
1920 
1921 WS_DLL_PUBLIC
1922 wtap_dumper* wtap_dump_open_stdout(int file_type_subtype, int encap, int snaplen,
1923  gboolean compressed, int *err);
1924 
1942 WS_DLL_PUBLIC
1943 wtap_dumper* wtap_dump_open_stdout_ng(int file_type_subtype, int encap, int snaplen,
1944  gboolean compressed, GArray* shb_hdrs, wtapng_iface_descriptions_t *idb_inf,
1945  GArray* nrb_hdrs, int *err);
1946 
1947 WS_DLL_PUBLIC
1948 gboolean wtap_dump(wtap_dumper *, const wtap_rec *, const guint8 *,
1949  int *err, gchar **err_info);
1950 WS_DLL_PUBLIC
1951 void wtap_dump_flush(wtap_dumper *);
1952 WS_DLL_PUBLIC
1953 gint64 wtap_get_bytes_dumped(wtap_dumper *);
1954 WS_DLL_PUBLIC
1955 void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped);
1956 struct addrinfo;
1957 WS_DLL_PUBLIC
1958 gboolean wtap_addrinfo_list_empty(addrinfo_lists_t *addrinfo_lists);
1959 WS_DLL_PUBLIC
1960 gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
1961 WS_DLL_PUBLIC
1962 gboolean wtap_dump_get_needs_reload(wtap_dumper *wdh);
1963 
1968 WS_DLL_PUBLIC
1969 gboolean wtap_dump_close(wtap_dumper *wdh, int *err);
1970 
1975 WS_DLL_PUBLIC
1976 gboolean wtap_dump_can_write(const GArray *file_encaps, guint32 required_comment_types);
1977 
1983 WS_DLL_PUBLIC
1984 GArray *wtap_get_savable_file_types_subtypes(int file_type,
1985  const GArray *file_encaps, guint32 required_comment_types);
1986 
1987 /*** various string converter functions ***/
1988 WS_DLL_PUBLIC
1989 const char *wtap_file_type_subtype_string(int file_type_subtype);
1990 WS_DLL_PUBLIC
1991 const char *wtap_file_type_subtype_short_string(int file_type_subtype);
1992 WS_DLL_PUBLIC
1993 int wtap_short_string_to_file_type_subtype(const char *short_name);
1994 
1995 /*** various file extension functions ***/
1996 WS_DLL_PUBLIC
1997 GSList *wtap_get_all_capture_file_extensions_list(void);
1998 WS_DLL_PUBLIC
1999 const char *wtap_default_file_extension(int filetype);
2000 WS_DLL_PUBLIC
2001 GSList *wtap_get_file_extensions_list(int filetype, gboolean include_compressed);
2002 WS_DLL_PUBLIC
2003 void wtap_free_extensions_list(GSList *extensions);
2004 
2005 WS_DLL_PUBLIC
2006 const char *wtap_encap_string(int encap);
2007 WS_DLL_PUBLIC
2008 const char *wtap_encap_short_string(int encap);
2009 WS_DLL_PUBLIC
2010 int wtap_short_string_to_encap(const char *short_name);
2011 
2012 WS_DLL_PUBLIC
2013 const char* wtap_tsprec_string(int tsprec);
2014 
2015 WS_DLL_PUBLIC
2016 const char *wtap_strerror(int err);
2017 
2018 /*** get available number of file types and encapsulations ***/
2019 WS_DLL_PUBLIC
2020 int wtap_get_num_file_type_extensions(void);
2021 WS_DLL_PUBLIC
2022 int wtap_get_num_encap_types(void);
2023 WS_DLL_PUBLIC
2024 int wtap_get_num_file_types_subtypes(void);
2025 
2026 /*** get information for file type extension ***/
2027 WS_DLL_PUBLIC
2028 const char *wtap_get_file_extension_type_name(int extension_type);
2029 WS_DLL_PUBLIC
2030 GSList *wtap_get_file_extension_type_extensions(guint extension_type);
2031 
2032 /*** dynamically register new file types and encapsulations ***/
2033 WS_DLL_PUBLIC
2034 void wtap_register_file_type_extension(const struct file_extension_info *ei);
2035 
2036 #ifdef HAVE_PLUGINS
2037 typedef struct {
2038  void (*register_wtap_module)(void); /* routine to call to register a wiretap module */
2039 } wtap_plugin;
2040 
2041 WS_DLL_PUBLIC
2042 void wtap_register_plugin(const wtap_plugin *plug);
2043 #endif
2044 
2045 WS_DLL_PUBLIC
2046 void wtap_register_open_info(struct open_info *oi, const gboolean first_routine);
2047 WS_DLL_PUBLIC
2048 gboolean wtap_has_open_info(const gchar *name);
2049 WS_DLL_PUBLIC
2050 void wtap_deregister_open_info(const gchar *name);
2051 
2052 WS_DLL_PUBLIC
2053 unsigned int open_info_name_to_type(const char *name);
2054 WS_DLL_PUBLIC
2055 int wtap_register_file_type_subtypes(const struct file_type_subtype_info* fi, const int subtype);
2056 WS_DLL_PUBLIC
2057 void wtap_deregister_file_type_subtype(const int file_type_subtype);
2058 
2059 WS_DLL_PUBLIC
2060 int wtap_register_encap_type(const char* name, const char* short_name);
2061 
2062 /*** Cleanup the interal library structures */
2063 WS_DLL_PUBLIC
2064 void wtap_cleanup(void);
2065 
2069 #define WTAP_ERR_NOT_REGULAR_FILE -1
2070 
2072 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
2073 
2075 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
2076 
2078 #define WTAP_ERR_UNSUPPORTED -4
2079 
2082 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
2083 
2085 #define WTAP_ERR_CANT_OPEN -6
2086 
2088 #define WTAP_ERR_UNWRITABLE_FILE_TYPE -7
2089 
2091 #define WTAP_ERR_UNWRITABLE_ENCAP -8
2092 
2095 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
2096 
2098 #define WTAP_ERR_CANT_WRITE -10
2099 
2101 #define WTAP_ERR_CANT_CLOSE -11
2102 
2104 #define WTAP_ERR_SHORT_READ -12
2105 
2107 #define WTAP_ERR_BAD_FILE -13
2108 
2110 #define WTAP_ERR_SHORT_WRITE -14
2111 
2113 #define WTAP_ERR_UNC_OVERFLOW -15
2114 
2116 #define WTAP_ERR_RANDOM_OPEN_STDIN -16
2117 
2119 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17
2120  /* The filetype doesn't support output compression */
2121 
2122 #define WTAP_ERR_CANT_SEEK -18
2123 
2125 #define WTAP_ERR_CANT_SEEK_COMPRESSED -19
2126 
2128 #define WTAP_ERR_DECOMPRESS -20
2129 
2131 #define WTAP_ERR_INTERNAL -21
2132 
2134 #define WTAP_ERR_PACKET_TOO_LARGE -22
2135 
2138 #define WTAP_ERR_CHECK_WSLUA -23
2139 
2142 #define WTAP_ERR_UNWRITABLE_REC_TYPE -24
2143 
2145 #define WTAP_ERR_UNWRITABLE_REC_DATA -25
2146 
2148 #define WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED -26
2149 
2151 #ifdef __cplusplus
2152 }
2153 #endif /* __cplusplus */
2154 
2155 #endif /* __WTAP_H__ */
2156 
2157 /*
2158  * Editor modelines - http://www.wireshark.org/tools/modelines.html
2159  *
2160  * Local variables:
2161  * c-basic-offset: 4
2162  * tab-width: 8
2163  * indent-tabs-mode: nil
2164  * End:
2165  *
2166  * vi: set shiftwidth=4 tabstop=8 expandtab:
2167  * :indentSize=4:tabSize=8:noTabs=true:
2168  */
Definition: wtap.h:1043
Definition: wtap.h:1103
Definition: wtap.h:1447
Definition: wtap.h:545
Definition: wtap.h:422
Definition: wtap.h:1257
Definition: wtap.h:1126
Definition: wtap.h:1069
Definition: wtap.h:428
Definition: wtap-int.h:34
Definition: wtap.h:1344
Definition: wtap_opttypes.c:57
Definition: wtap.h:1157
Definition: wtap.h:610
Definition: wtap.h:1385
Definition: wtap.h:884
Definition: buffer.h:21
Definition: wtap.h:972
int tsprecision
Definition: wtap.h:1354
Definition: wtap.h:916
Definition: wtap.h:1074
Definition: wtap.h:793
Definition: wtap.h:1329
Definition: nstime.h:27
Definition: wtap.h:683
Definition: wtap.h:1539
Definition: wtap.h:906
Definition: wtap.h:1364
Definition: wtap.h:846
Definition: wtap.h:1081
GList * ipv6_addr_list
Definition: wtap.h:1404
Definition: wtap.h:1522
GArray * nrb_hdrs
Definition: wtap-int.h:44
Definition: wtap.h:1144
Definition: wtap.h:783
Definition: wtap.h:435
Definition: wtap.h:1243
guint64 section_length
Definition: wtap.h:1330
Definition: wtap.h:952
Definition: wtap.h:518
Definition: wtap.h:1351
Definition: wtap.h:961
Definition: wtap.h:931
Definition: wtap.h:665
Definition: wtap.h:898
Definition: wtap.h:977
Definition: wtap.h:1138
Definition: wtap.h:937
Definition: wtap.h:1392
Definition: wtap.h:1375
int wtap_encap
Definition: wtap.h:1352
GArray * interface_statistics
Definition: wtap.h:1359
Definition: wtap.h:1261
guint8 * if_filter_bpf_bytes
Definition: wtap.h:1369
Definition: wtap.h:776
GList * ipv4_addr_list
Definition: wtap.h:1403
Definition: wtap.h:633
Definition: wtap.h:560
Definition: wtap.h:878
Definition: wtap.h:1425
gchar * if_filter_str
Definition: wtap.h:1365
Definition: wtap.h:1274
Definition: wtap.h:1063
Definition: wtap.h:735
Definition: file_wrappers.c:78
Definition: wtap.h:1132
Definition: wtap-int.h:86
Definition: wtap.h:1402
Definition: wtap.h:1052
Definition: wtap.h:623