Wireshark  4.3.0
The Wireshark network protocol analyzer
wtap.h
Go to the documentation of this file.
1 
9 #ifndef __WTAP_H__
10 #define __WTAP_H__
11 
12 #include <wireshark.h>
13 #include <time.h>
14 #include <wsutil/buffer.h>
15 #include <wsutil/nstime.h>
16 #include <wsutil/inet_addr.h>
17 #include "wtap_opttypes.h"
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif /* __cplusplus */
22 
23 /* Encapsulation types. Choose names that truly reflect
24  * what is contained in the packet trace file.
25  *
26  * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
27  * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
28  * type for all packets in the file; this may cause those routines to
29  * fail if the capture file format being written can't support that.
30  * It's also returned by "wtap_file_encap()" for capture files that
31  * don't have a single encapsulation type for all packets in the file.
32  *
33  * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
34  * if it's handed an unknown encapsulation. It is also used by file
35  * types for encapsulations which are unsupported by libwiretap.
36  *
37  * WTAP_ENCAP_NONE is an initial value used by file types like pcapng
38  * that do not have a single file level encapsulation type. If and when
39  * something that indicate encapsulation is read, the encapsulation will
40  * change (possibly to WTAP_ENCAP_PER_PACKET) and appropriate IDBs will
41  * be generated. If a file type uses this value, it MUST provide IDBs
42  * (possibly fake) when the encapsulation changes; otherwise, it should
43  * return WTAP_ENCAP_UNKNOWN so that attempts to write an output file
44  * without reading the entire input file first fail gracefully.
45  *
46  * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
47  * MAC addresses you get from the hardware are bit-swapped. Ideally,
48  * the driver would tell us that, but I know of none that do, so, for
49  * now, we base it on the machine on which we're *reading* the
50  * capture, rather than on the machine on which the capture was taken
51  * (they're probably likely to be the same). We assume that they're
52  * bit-swapped on everything except for systems running Ultrix, Alpha
53  * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
54  * Digital decided to bit-swap addresses in the hardware or in the
55  * driver, and I guess BSDI bit-swapped them in the driver, given that
56  * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
57  * save file format, we'd use the WTAP_ENCAP values to flag the
58  * encapsulation of a packet, so there we'd at least be able to base
59  * it on the machine on which the capture was taken.
60  *
61  * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
62  * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
63  * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
64  * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
65  * presumably used on some BSD systems, which we turn into
66  * WTAP_ENCAP_ATM_RFC1483.
67  *
68  * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
69  * corresponds to
70  *
71  * 1) PPP-over-HDLC encapsulation, at least with some versions
72  * of ISDN4BSD (but not the current ones, it appears, unless
73  * I've missed something);
74  *
75  * 2) a 4-byte header containing the AF_ address family, in
76  * the byte order of the machine that saved the capture,
77  * for the packet, as used on many BSD systems for the
78  * loopback device and some other devices, or a 4-byte header
79  * containing the AF_ address family in network byte order,
80  * as used on recent OpenBSD systems for the loopback device;
81  *
82  * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
83  * type in the byte order from an Ethernet header, that being
84  * what older versions of "libpcap" on Linux turn the Ethernet
85  * header for loopback interfaces into (0.6.0 and later versions
86  * leave the Ethernet header alone and make it DLT_EN10MB). */
87 #define WTAP_ENCAP_NONE -2
88 #define WTAP_ENCAP_PER_PACKET -1
89 #define WTAP_ENCAP_UNKNOWN 0
90 #define WTAP_ENCAP_ETHERNET 1
91 #define WTAP_ENCAP_TOKEN_RING 2
92 #define WTAP_ENCAP_SLIP 3
93 #define WTAP_ENCAP_PPP 4
94 #define WTAP_ENCAP_FDDI 5
95 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
96 #define WTAP_ENCAP_RAW_IP 7
97 #define WTAP_ENCAP_ARCNET 8
98 #define WTAP_ENCAP_ARCNET_LINUX 9
99 #define WTAP_ENCAP_ATM_RFC1483 10
100 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
101 #define WTAP_ENCAP_LAPB 12
102 #define WTAP_ENCAP_ATM_PDUS 13
103 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
104 #define WTAP_ENCAP_NULL 15
105 #define WTAP_ENCAP_ASCEND 16
106 #define WTAP_ENCAP_ISDN 17
107 #define WTAP_ENCAP_IP_OVER_FC 18
108 #define WTAP_ENCAP_PPP_WITH_PHDR 19
109 #define WTAP_ENCAP_IEEE_802_11 20
110 #define WTAP_ENCAP_IEEE_802_11_PRISM 21
111 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
112 #define WTAP_ENCAP_IEEE_802_11_RADIOTAP 23
113 #define WTAP_ENCAP_IEEE_802_11_AVS 24
114 #define WTAP_ENCAP_SLL 25
115 #define WTAP_ENCAP_FRELAY 26
116 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
117 #define WTAP_ENCAP_CHDLC 28
118 #define WTAP_ENCAP_CISCO_IOS 29
119 #define WTAP_ENCAP_LOCALTALK 30
120 #define WTAP_ENCAP_OLD_PFLOG 31
121 #define WTAP_ENCAP_HHDLC 32
122 #define WTAP_ENCAP_DOCSIS 33
123 #define WTAP_ENCAP_COSINE 34
124 #define WTAP_ENCAP_WFLEET_HDLC 35
125 #define WTAP_ENCAP_SDLC 36
126 #define WTAP_ENCAP_TZSP 37
127 #define WTAP_ENCAP_ENC 38
128 #define WTAP_ENCAP_PFLOG 39
129 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
130 #define WTAP_ENCAP_BLUETOOTH_H4 41
131 #define WTAP_ENCAP_MTP2 42
132 #define WTAP_ENCAP_MTP3 43
133 #define WTAP_ENCAP_IRDA 44
134 #define WTAP_ENCAP_USER0 45
135 #define WTAP_ENCAP_USER1 46
136 #define WTAP_ENCAP_USER2 47
137 #define WTAP_ENCAP_USER3 48
138 #define WTAP_ENCAP_USER4 49
139 #define WTAP_ENCAP_USER5 50
140 #define WTAP_ENCAP_USER6 51
141 #define WTAP_ENCAP_USER7 52
142 #define WTAP_ENCAP_USER8 53
143 #define WTAP_ENCAP_USER9 54
144 #define WTAP_ENCAP_USER10 55
145 #define WTAP_ENCAP_USER11 56
146 #define WTAP_ENCAP_USER12 57
147 #define WTAP_ENCAP_USER13 58
148 #define WTAP_ENCAP_USER14 59
149 #define WTAP_ENCAP_USER15 60
150 #define WTAP_ENCAP_SYMANTEC 61
151 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
152 #define WTAP_ENCAP_BACNET_MS_TP 63
153 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
154 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
155 #define WTAP_ENCAP_GPRS_LLC 66
156 #define WTAP_ENCAP_JUNIPER_ATM1 67
157 #define WTAP_ENCAP_JUNIPER_ATM2 68
158 #define WTAP_ENCAP_REDBACK 69
159 #define WTAP_ENCAP_NETTL_RAW_IP 70
160 #define WTAP_ENCAP_NETTL_ETHERNET 71
161 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
162 #define WTAP_ENCAP_NETTL_FDDI 73
163 #define WTAP_ENCAP_NETTL_UNKNOWN 74
164 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
165 #define WTAP_ENCAP_JUNIPER_PPPOE 76
166 #define WTAP_ENCAP_GCOM_TIE1 77
167 #define WTAP_ENCAP_GCOM_SERIAL 78
168 #define WTAP_ENCAP_NETTL_X25 79
169 #define WTAP_ENCAP_K12 80
170 #define WTAP_ENCAP_JUNIPER_MLPPP 81
171 #define WTAP_ENCAP_JUNIPER_MLFR 82
172 #define WTAP_ENCAP_JUNIPER_ETHER 83
173 #define WTAP_ENCAP_JUNIPER_PPP 84
174 #define WTAP_ENCAP_JUNIPER_FRELAY 85
175 #define WTAP_ENCAP_JUNIPER_CHDLC 86
176 #define WTAP_ENCAP_JUNIPER_GGSN 87
177 #define WTAP_ENCAP_LINUX_LAPD 88
178 #define WTAP_ENCAP_CATAPULT_DCT2000 89
179 #define WTAP_ENCAP_BER 90
180 #define WTAP_ENCAP_JUNIPER_VP 91
181 #define WTAP_ENCAP_USB_FREEBSD 92
182 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
183 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
184 #define WTAP_ENCAP_USB_LINUX 95
185 #define WTAP_ENCAP_MPEG 96
186 #define WTAP_ENCAP_PPI 97
187 #define WTAP_ENCAP_ERF 98
188 #define WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99
189 #define WTAP_ENCAP_SITA 100
190 #define WTAP_ENCAP_SCCP 101
191 #define WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/
192 #define WTAP_ENCAP_IPMB_KONTRON 103
193 #define WTAP_ENCAP_IEEE802_15_4 104
194 #define WTAP_ENCAP_X2E_XORAYA 105
195 #define WTAP_ENCAP_FLEXRAY 106
196 #define WTAP_ENCAP_LIN 107
197 #define WTAP_ENCAP_MOST 108
198 #define WTAP_ENCAP_CAN20B 109
199 #define WTAP_ENCAP_LAYER1_EVENT 110
200 #define WTAP_ENCAP_X2E_SERIAL 111
201 #define WTAP_ENCAP_I2C_LINUX 112
202 #define WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113
203 #define WTAP_ENCAP_TNEF 114
204 #define WTAP_ENCAP_USB_LINUX_MMAPPED 115
205 #define WTAP_ENCAP_GSM_UM 116
206 #define WTAP_ENCAP_DPNSS 117
207 #define WTAP_ENCAP_PACKETLOGGER 118
208 #define WTAP_ENCAP_NSTRACE_1_0 119
209 #define WTAP_ENCAP_NSTRACE_2_0 120
210 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
211 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
212 #define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
213 #define WTAP_ENCAP_IPNET 124
214 #define WTAP_ENCAP_SOCKETCAN 125
215 #define WTAP_ENCAP_IEEE_802_11_NETMON 126
216 #define WTAP_ENCAP_IEEE802_15_4_NOFCS 127
217 #define WTAP_ENCAP_RAW_IPFIX 128
218 #define WTAP_ENCAP_RAW_IP4 129
219 #define WTAP_ENCAP_RAW_IP6 130
220 #define WTAP_ENCAP_LAPD 131
221 #define WTAP_ENCAP_DVBCI 132
222 #define WTAP_ENCAP_MUX27010 133
223 #define WTAP_ENCAP_MIME 134
224 #define WTAP_ENCAP_NETANALYZER 135
225 #define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
226 #define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
227 #define WTAP_ENCAP_MPEG_2_TS 138
228 #define WTAP_ENCAP_PPP_ETHER 139
229 #define WTAP_ENCAP_NFC_LLCP 140
230 #define WTAP_ENCAP_NFLOG 141
231 #define WTAP_ENCAP_V5_EF 142
232 #define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
233 #define WTAP_ENCAP_IXVERIWAVE 144
234 #define WTAP_ENCAP_SDH 145
235 #define WTAP_ENCAP_DBUS 146
236 #define WTAP_ENCAP_AX25_KISS 147
237 #define WTAP_ENCAP_AX25 148
238 #define WTAP_ENCAP_SCTP 149
239 #define WTAP_ENCAP_INFINIBAND 150
240 #define WTAP_ENCAP_JUNIPER_SVCS 151
241 #define WTAP_ENCAP_USBPCAP 152
242 #define WTAP_ENCAP_RTAC_SERIAL 153
243 #define WTAP_ENCAP_BLUETOOTH_LE_LL 154
244 #define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
245 #define WTAP_ENCAP_STANAG_4607 156
246 #define WTAP_ENCAP_STANAG_5066_D_PDU 157
247 #define WTAP_ENCAP_NETLINK 158
248 #define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
249 #define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
250 #define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
251 #define WTAP_ENCAP_NSTRACE_3_0 162
252 #define WTAP_ENCAP_LOGCAT 163
253 #define WTAP_ENCAP_LOGCAT_BRIEF 164
254 #define WTAP_ENCAP_LOGCAT_PROCESS 165
255 #define WTAP_ENCAP_LOGCAT_TAG 166
256 #define WTAP_ENCAP_LOGCAT_THREAD 167
257 #define WTAP_ENCAP_LOGCAT_TIME 168
258 #define WTAP_ENCAP_LOGCAT_THREADTIME 169
259 #define WTAP_ENCAP_LOGCAT_LONG 170
260 #define WTAP_ENCAP_PKTAP 171
261 #define WTAP_ENCAP_EPON 172
262 #define WTAP_ENCAP_IPMI_TRACE 173
263 #define WTAP_ENCAP_LOOP 174
264 #define WTAP_ENCAP_JSON 175
265 #define WTAP_ENCAP_NSTRACE_3_5 176
266 #define WTAP_ENCAP_ISO14443 177
267 #define WTAP_ENCAP_GFP_T 178
268 #define WTAP_ENCAP_GFP_F 179
269 #define WTAP_ENCAP_IP_OVER_IB_PCAP 180
270 #define WTAP_ENCAP_JUNIPER_VN 181
271 #define WTAP_ENCAP_USB_DARWIN 182
272 #define WTAP_ENCAP_LORATAP 183
273 #define WTAP_ENCAP_3MB_ETHERNET 184
274 #define WTAP_ENCAP_VSOCK 185
275 #define WTAP_ENCAP_NORDIC_BLE 186
276 #define WTAP_ENCAP_NETMON_NET_NETEVENT 187
277 #define WTAP_ENCAP_NETMON_HEADER 188
278 #define WTAP_ENCAP_NETMON_NET_FILTER 189
279 #define WTAP_ENCAP_NETMON_NETWORK_INFO_EX 190
280 #define WTAP_ENCAP_MA_WFP_CAPTURE_V4 191
281 #define WTAP_ENCAP_MA_WFP_CAPTURE_V6 192
282 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V4 193
283 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V6 194
284 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 195
285 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 196
286 #define WTAP_ENCAP_JUNIPER_ST 197
287 #define WTAP_ENCAP_ETHERNET_MPACKET 198
288 #define WTAP_ENCAP_DOCSIS31_XRA31 199
289 #define WTAP_ENCAP_DPAUXMON 200
290 #define WTAP_ENCAP_RUBY_MARSHAL 201
291 #define WTAP_ENCAP_RFC7468 202
292 #define WTAP_ENCAP_SYSTEMD_JOURNAL 203 /* Event, not a packet */
293 #define WTAP_ENCAP_EBHSCR 204
294 #define WTAP_ENCAP_VPP 205
295 #define WTAP_ENCAP_IEEE802_15_4_TAP 206
296 #define WTAP_ENCAP_LOG_3GPP 207
297 #define WTAP_ENCAP_USB_2_0 208
298 #define WTAP_ENCAP_MP4 209
299 #define WTAP_ENCAP_SLL2 210
300 #define WTAP_ENCAP_ZWAVE_SERIAL 211
301 #define WTAP_ENCAP_ETW 212
302 #define WTAP_ENCAP_ERI_ENB_LOG 213
303 #define WTAP_ENCAP_ZBNCP 214
304 #define WTAP_ENCAP_USB_2_0_LOW_SPEED 215
305 #define WTAP_ENCAP_USB_2_0_FULL_SPEED 216
306 #define WTAP_ENCAP_USB_2_0_HIGH_SPEED 217
307 #define WTAP_ENCAP_AUTOSAR_DLT 218
308 #define WTAP_ENCAP_AUERSWALD_LOG 219
309 #define WTAP_ENCAP_ATSC_ALP 220
310 #define WTAP_ENCAP_FIRA_UCI 221
311 #define WTAP_ENCAP_SILABS_DEBUG_CHANNEL 222
312 #define WTAP_ENCAP_MDB 223
313 #define WTAP_ENCAP_EMS 224
314 #define WTAP_ENCAP_DECT_NR 225
315 
316 /* After adding new item here, please also add new item to encap_table_base array */
317 
318 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
319 
320 /* Value to be used as a file type/subtype value if the type is unknown */
321 #define WTAP_FILE_TYPE_SUBTYPE_UNKNOWN -1
322 
323 /* timestamp precision (currently only these values are supported) */
324 #define WTAP_TSPREC_UNKNOWN -2
325 #define WTAP_TSPREC_PER_PACKET -1 /* as a per-file value, means per-packet */
326 /*
327  * These values are the number of digits of precision after the integral part.
328  * Thry're the same as WS_TSPREC values; we define them here so that
329  * tools/make-enums.py sees them.
330  */
331 #define WTAP_TSPREC_SEC 0
332 #define WTAP_TSPREC_100_MSEC 1
333 #define WTAP_TSPREC_DSEC 1 /* Backwards compatibility */
334 #define WTAP_TSPREC_10_MSEC 2
335 #define WTAP_TSPREC_CSEC 2 /* Backwards compatibility */
336 #define WTAP_TSPREC_MSEC 3
337 #define WTAP_TSPREC_100_USEC 4
338 #define WTAP_TSPREC_10_USEC 5
339 #define WTAP_TSPREC_USEC 6
340 #define WTAP_TSPREC_100_NSEC 7
341 #define WTAP_TSPREC_10_NSEC 8
342 #define WTAP_TSPREC_NSEC 9
343 /* if you add to the above, update wtap_tsprec_string() */
344 
345 /*
346  * Maximum packet sizes.
347  *
348  * For most link-layer types, we use 262144, which is currently
349  * libpcap's MAXIMUM_SNAPLEN.
350  *
351  * For WTAP_ENCAP_DBUS, the maximum is 128MiB, as per
352  *
353  * https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
354  *
355  * For WTAP_ENCAP_EBHSCR, the maximum is 8MiB, as per
356  *
357  * https://www.elektrobit.com/ebhscr
358  *
359  * For WTAP_ENCAP_USBPCAP, the maximum is 128MiB, as per
360  *
361  * https://gitlab.com/wireshark/wireshark/-/issues/15985
362  *
363  * We don't want to write out files that specify a maximum packet size
364  * greater than 262144 if we don't have to, as software reading those
365  * files might allocate a buffer much larger than necessary, wasting memory.
366  */
367 #define WTAP_MAX_PACKET_SIZE_STANDARD 262144U
368 #define WTAP_MAX_PACKET_SIZE_USBPCAP (128U*1024U*1024U)
369 #define WTAP_MAX_PACKET_SIZE_EBHSCR (32U*1024U*1024U)
370 #define WTAP_MAX_PACKET_SIZE_DBUS (128U*1024U*1024U)
371 
372 /*
373  * "Pseudo-headers" are used to supply to the clients of wiretap
374  * per-packet information that's not part of the packet payload
375  * proper.
376  *
377  * NOTE: do not use pseudo-header structures to hold information
378  * used by the code to read a particular capture file type; to
379  * keep that sort of state information, add a new structure for
380  * that private information to "wtap-int.h", add a pointer to that
381  * type of structure to the "capture" member of the "struct wtap"
382  * structure, and allocate one of those structures and set that member
383  * in the "open" routine for that capture file type if the open
384  * succeeds. See various other capture file type handlers for examples
385  * of that.
386  */
387 
388 
389 /* Packet "pseudo-header" information for Ethernet capture files. */
390 struct eth_phdr {
391  int fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
392 };
393 
394 /* Packet "pseudo-header" information for capture files for traffic
395  between DTE and DCE. */
396 #define FROM_DCE 0x80
397 struct dte_dce_phdr {
398  uint8_t flags; /* ENCAP_LAPB, ENCAP_V120, ENCAP_FRELAY: 1st bit means From DCE */
399 };
400 
401 /* Packet "pseudo-header" information for ISDN capture files. */
402 
403 /* Direction */
404 struct isdn_phdr {
405  bool uton;
406  uint8_t channel; /* 0 = D-channel; n = B-channel n */
407 };
408 
409 /* Packet "pseudo-header" for ATM capture files.
410  Not all of this information is supplied by all capture types.
411  These originally came from the Network General (DOS-based)
412  ATM Sniffer file format, but we've added some additional
413  items. */
414 
415 /*
416  * Status bits.
417  */
418 #define ATM_RAW_CELL 0x01 /* true if the packet is a single cell */
419 #define ATM_NO_HEC 0x02 /* true if the cell has HEC stripped out */
420 #define ATM_AAL2_NOPHDR 0x04 /* true if the AAL2 PDU has no pseudo-header */
421 #define ATM_REASSEMBLY_ERROR 0x08 /* true if this is an incompletely-reassembled PDU */
422 
423 /*
424  * AAL types.
425  */
426 #define AAL_UNKNOWN 0 /* AAL unknown */
427 #define AAL_1 1 /* AAL1 */
428 #define AAL_2 2 /* AAL2 */
429 #define AAL_3_4 3 /* AAL3/4 */
430 #define AAL_5 4 /* AAL5 */
431 #define AAL_USER 5 /* User AAL */
432 #define AAL_SIGNALLING 6 /* Signaling AAL */
433 #define AAL_OAMCELL 7 /* OAM cell */
434 
435 /*
436  * Traffic types.
437  */
438 #define TRAF_UNKNOWN 0 /* Unknown */
439 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
440 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
441 #define TRAF_LANE 3 /* LAN Emulation */
442 #define TRAF_ILMI 4 /* ILMI */
443 #define TRAF_FR 5 /* Frame Relay */
444 #define TRAF_SPANS 6 /* FORE SPANS */
445 #define TRAF_IPSILON 7 /* Ipsilon */
446 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
447 #define TRAF_GPRS_NS 9 /* GPRS Network Services */
448 #define TRAF_SSCOP 10 /* SSCOP */
449 
450 /*
451  * Traffic subtypes.
452  */
453 #define TRAF_ST_UNKNOWN 0 /* Unknown */
454 
455 /*
456  * For TRAF_VCMX:
457  */
458 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
459 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
460 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
461 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
462 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
463 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
464 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
465 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
466 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
467 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
468 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
469 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
470 
471 /*
472  * For TRAF_LANE:
473  */
474 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
475 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
476 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
477 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
478 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
479 
480 /*
481  * For TRAF_IPSILON:
482  */
483 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
484 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
485 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
486 
487 struct atm_phdr {
488  uint32_t flags; /* status flags */
489  uint8_t aal; /* AAL of the traffic */
490  uint8_t type; /* traffic type */
491  uint8_t subtype; /* traffic subtype */
492  uint16_t vpi; /* virtual path identifier */
493  uint16_t vci; /* virtual circuit identifier */
494  uint8_t aal2_cid; /* channel id */
495  uint16_t channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
496  uint16_t cells; /* number of cells */
497  uint16_t aal5t_u2u; /* user-to-user indicator */
498  uint16_t aal5t_len; /* length of the packet */
499  uint32_t aal5t_chksum; /* checksum for AAL5 packet */
500 };
501 
502 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
503  "wandisplay", and similar commands on Lucent/Ascend access equipment. */
504 
505 #define ASCEND_MAX_STR_LEN 64
506 
507 #define ASCEND_PFX_WDS_X 1
508 #define ASCEND_PFX_WDS_R 2
509 #define ASCEND_PFX_WDD 3
510 #define ASCEND_PFX_ISDN_X 4
511 #define ASCEND_PFX_ISDN_R 5
512 #define ASCEND_PFX_ETHER 6
513 
514 struct ascend_phdr {
515  uint16_t type; /* ASCEND_PFX_*, as defined above */
516  char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
517  uint32_t sess; /* Session number, from wandsession header */
518  char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
519  uint32_t chunk; /* Chunk number, from WDD header */
520  uint32_t task; /* Task number */
521 };
522 
523 /* Packet "pseudo-header" for point-to-point links with direction flags. */
524 struct p2p_phdr {
525  bool sent;
526 };
527 
528 /*
529  * Packet "pseudo-header" information for 802.11.
530  * Radio information is only present in this form for
531  * WTAP_ENCAP_IEEE_802_11_WITH_RADIO. This is used for file formats in
532  * which the radio information isn't provided as a pseudo-header in the
533  * packet data. It is also used by the dissectors for the pseudo-headers
534  * in the packet data to supply radio information, in a form independent
535  * of the file format and pseudo-header format, to the "802.11 radio"
536  * dissector.
537  *
538  * Signal strength, etc. information:
539  *
540  * Raw signal strength can be measured in milliwatts.
541  * It can also be represented as dBm, which is 10 times the log base 10
542  * of the signal strength in mW.
543  *
544  * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
545  * The actual RSSI value for a given signal strength is dependent on the
546  * vendor (and perhaps on the adapter). The maximum possible RSSI value
547  * is also dependent on the vendor and perhaps the adapter.
548  *
549  * The signal strength can be represented as a percentage, which is 100
550  * times the ratio of the RSSI and the maximum RSSI.
551  */
552 
553 /*
554  * PHY types.
555  */
556 #define PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */
557 #define PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */
558 #define PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */
559 #define PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */
560 #define PHDR_802_11_PHY_11B 4 /* 802.11b */
561 #define PHDR_802_11_PHY_11A 5 /* 802.11a */
562 #define PHDR_802_11_PHY_11G 6 /* 802.11g */
563 #define PHDR_802_11_PHY_11N 7 /* 802.11n */
564 #define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
565 #define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
566 #define PHDR_802_11_PHY_11AH 10 /* 802.11ah */
567 #define PHDR_802_11_PHY_11AX 11 /* 802.11ax */
568 #define PHDR_802_11_PHY_11BE 12 /* 802.11be - EHT */
569 
570 /*
571  * PHY-specific information.
572  */
573 
574 /*
575  * 802.11 legacy FHSS.
576  */
578  unsigned has_hop_set:1;
579  unsigned has_hop_pattern:1;
580  unsigned has_hop_index:1;
581 
582  uint8_t hop_set; /* Hop set */
583  uint8_t hop_pattern; /* Hop pattern */
584  uint8_t hop_index; /* Hop index */
585 };
586 
587 /*
588  * 802.11b.
589  */
590 struct ieee_802_11b {
591  /* Which of this information is present? */
592  unsigned has_short_preamble:1;
593 
594  bool short_preamble; /* Short preamble */
595 };
596 
597 /*
598  * 802.11a.
599  */
600 struct ieee_802_11a {
601  /* Which of this information is present? */
602  unsigned has_channel_type:1;
603  unsigned has_turbo_type:1;
604 
605  unsigned channel_type:2;
606  unsigned turbo_type:2;
607 };
608 
609 /*
610  * Channel type values.
611  */
612 #define PHDR_802_11A_CHANNEL_TYPE_NORMAL 0
613 #define PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1
614 #define PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2
615 
616 /*
617  * "Turbo" is an Atheros proprietary extension with 40 MHz-wide channels.
618  * It can be dynamic or static.
619  *
620  * See
621  *
622  * http://wifi-insider.com/atheros/turbo.htm
623  */
624 #define PHDR_802_11A_TURBO_TYPE_NORMAL 0
625 #define PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know whether it's static or dynamic */
626 #define PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2
627 #define PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3
628 
629 /*
630  * 802.11g.
631  *
632  * This should only be used for packets sent using OFDM; packets
633  * sent on an 11g network using DSSS should have the PHY set to
634  * 11b.
635  */
636 struct ieee_802_11g {
637  /* Which of this information is present? */
638  unsigned has_mode:1;
639 
640  uint32_t mode; /* Various proprietary extensions */
641 };
642 
643 /*
644  * Mode values.
645  */
646 #define PHDR_802_11G_MODE_NORMAL 0
647 #define PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */
648 
649 /*
650  * 802.11n.
651  */
652 struct ieee_802_11n {
653  /* Which of this information is present? */
654  unsigned has_mcs_index:1;
655  unsigned has_bandwidth:1;
656  unsigned has_short_gi:1;
657  unsigned has_greenfield:1;
658  unsigned has_fec:1;
659  unsigned has_stbc_streams:1;
660  unsigned has_ness:1;
661 
662  uint16_t mcs_index; /* MCS index */
663  unsigned bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
664  unsigned short_gi:1; /* True for short guard interval */
665  unsigned greenfield:1; /* True for greenfield, short for mixed */
666  unsigned fec:1; /* FEC: 0 = BCC, 1 = LDPC */
667  unsigned stbc_streams:2; /* Number of STBC streams */
668  unsigned ness; /* Number of extension spatial streams */
669 };
670 
671 /*
672  * Bandwidth values; used for both 11n and 11ac.
673  */
674 #define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
675 #define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
676 #define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */
677 #define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */
678 #define PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */
679 #define PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */
680 #define PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */
681 #define PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */
682 #define PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */
683 #define PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */
684 #define PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */
685 #define PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */
686 #define PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */
687 #define PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */
688 #define PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */
689 #define PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */
690 #define PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */
691 #define PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */
692 #define PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */
693 #define PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */
694 #define PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */
695 #define PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */
696 #define PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */
697 #define PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */
698 #define PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */
699 #define PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */
700 
701 /*
702  * 802.11ac.
703  */
705  /* Which of this information is present? */
706  unsigned has_stbc:1;
707  unsigned has_txop_ps_not_allowed:1;
708  unsigned has_short_gi:1;
709  unsigned has_short_gi_nsym_disambig:1;
710  unsigned has_ldpc_extra_ofdm_symbol:1;
711  unsigned has_beamformed:1;
712  unsigned has_bandwidth:1;
713  unsigned has_fec:1;
714  unsigned has_group_id:1;
715  unsigned has_partial_aid:1;
716 
717  unsigned stbc:1; /* 1 if all spatial streams have STBC */
718  unsigned txop_ps_not_allowed:1;
719  unsigned short_gi:1; /* True for short guard interval */
720  unsigned short_gi_nsym_disambig:1;
721  unsigned ldpc_extra_ofdm_symbol:1;
722  unsigned beamformed:1;
723  uint8_t bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
724  uint8_t mcs[4]; /* MCS index per user */
725  uint8_t nss[4]; /* NSS per user */
726  uint8_t fec; /* Bit array of FEC per user: 0 = BCC, 1 = LDPC */
727  uint8_t group_id;
728  uint16_t partial_aid;
729 };
730 
731 /*
732  * 802.11ad.
733  */
734 
735 /*
736  * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
737  */
738 
739 #define PHDR_802_11AD_MIN_FREQUENCY 57000
740 #define PHDR_802_11AD_MAX_FREQUENCY 71000
741 
742 #define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
743  ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
744 
746  /* Which of this information is present? */
747  unsigned has_mcs_index:1;
748 
749  uint8_t mcs; /* MCS index */
750 };
751 
752 /*
753  * 802.11ax (HE).
754  */
756  /* Which of this information is present? */
757  unsigned has_mcs_index:1;
758  unsigned has_bwru:1;
759  unsigned has_gi:1;
760 
761  uint8_t nsts:4; /* Number of Space-time Streams */
762  uint8_t mcs:4; /* MCS index */
763  uint8_t bwru:4; /* Bandwidth/RU allocation */
764  uint8_t gi:2; /* Guard Interval */
765 };
766 
767 /*
768  * 802.11be (EHT).
769  */
771  unsigned sta_id_known:1;
772  unsigned mcs_known:1;
773  unsigned coding_known:1;
774  unsigned rsv_known:1;
775  unsigned nsts_known:1;
776  unsigned bf_known:1;
777  unsigned spatial_config_known:1;
778  unsigned data_for_this_user:1;
779  unsigned sta_id:11;
780  unsigned ldpc_coding:1;
781  unsigned mcs:4;
782  unsigned nsts:4;
783  unsigned rsv:1;
784  unsigned beamform:1;
785  unsigned rsv2:2;
786 };
787 
789  /* Which of this information is present? */
790  unsigned has_ru_mru_size:1;
791  unsigned has_gi:1;
792  unsigned has_bandwidth:1;
793 
794  uint8_t bandwidth;
795  uint8_t ru_mru_size:4; /* RU/MRU allocation */
796  uint8_t gi:2; /* Guard Interval */
797  uint8_t num_users;
798  struct ieee_802_11be_user_info user[4]; /* Adding info for only upto 4 users */
799 };
800 
801 
803  struct ieee_802_11_fhss info_11_fhss;
804  struct ieee_802_11b info_11b;
805  struct ieee_802_11a info_11a;
806  struct ieee_802_11g info_11g;
807  struct ieee_802_11n info_11n;
808  struct ieee_802_11ac info_11ac;
809  struct ieee_802_11ad info_11ad;
810  struct ieee_802_11ax info_11ax;
811  struct ieee_802_11be info_11be;
812 };
813 
815  int fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
816  unsigned decrypted:1; /* true if frame is decrypted even if "protected" bit is set */
817  unsigned datapad:1; /* true if frame has padding between 802.11 header and payload */
818  unsigned no_a_msdus:1; /* true if we should ignore the A-MSDU bit */
819  unsigned phy; /* PHY type */
820  union ieee_802_11_phy_info phy_info;
821 
822  /* Which of this information is present? */
823  unsigned has_channel:1;
824  unsigned has_frequency:1;
825  unsigned has_data_rate:1;
826  unsigned has_signal_percent:1;
827  unsigned has_noise_percent:1;
828  unsigned has_signal_dbm:1;
829  unsigned has_noise_dbm:1;
830  unsigned has_signal_db:1;
831  unsigned has_noise_db:1;
832  unsigned has_tsf_timestamp:1;
833  unsigned has_aggregate_info:1; /* aggregate flags and ID */
834  unsigned has_zero_length_psdu_type:1; /* zero-length PSDU type */
835 
836  uint16_t channel; /* Channel number */
837  uint32_t frequency; /* Channel center frequency */
838  uint16_t data_rate; /* Data rate, in .5 Mb/s units */
839  uint8_t signal_percent; /* Signal level, as a percentage */
840  uint8_t noise_percent; /* Noise level, as a percentage */
841  int8_t signal_dbm; /* Signal level, in dBm */
842  int8_t noise_dbm; /* Noise level, in dBm */
843  uint8_t signal_db; /* Signal level, in dB from an arbitrary point */
844  uint8_t noise_db; /* Noise level, in dB from an arbitrary point */
845  uint64_t tsf_timestamp;
846  uint32_t aggregate_flags; /* A-MPDU flags */
847  uint32_t aggregate_id; /* ID for A-MPDU reassembly */
848  uint8_t zero_length_psdu_type; /* type of zero-length PSDU */
849 };
850 
851 /*
852  * A-MPDU flags.
853  */
854 #define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
855 #define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
856 
857 /*
858  * Zero-length PSDU types.
859  */
860 #define PHDR_802_11_SOUNDING_PSDU 0 /* sounding PPDU */
861 #define PHDR_802_11_DATA_NOT_CAPTURED 1 /* data not captured, (e.g. multi-user PPDU) */
862 #define PHDR_802_11_0_LENGTH_PSDU_VENDOR_SPECIFIC 0xff
863 
864 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
865 
866 #define COSINE_MAX_IF_NAME_LEN 128
867 
868 #define COSINE_ENCAP_TEST 1
869 #define COSINE_ENCAP_PPoATM 2
870 #define COSINE_ENCAP_PPoFR 3
871 #define COSINE_ENCAP_ATM 4
872 #define COSINE_ENCAP_FR 5
873 #define COSINE_ENCAP_HDLC 6
874 #define COSINE_ENCAP_PPP 7
875 #define COSINE_ENCAP_ETH 8
876 #define COSINE_ENCAP_UNKNOWN 99
877 
878 #define COSINE_DIR_TX 1
879 #define COSINE_DIR_RX 2
880 
881 struct cosine_phdr {
882  uint8_t encap; /* COSINE_ENCAP_* as defined above */
883  uint8_t direction; /* COSINE_DIR_*, as defined above */
884  char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
885  uint16_t pro; /* Protocol */
886  uint16_t off; /* Offset */
887  uint16_t pri; /* Priority */
888  uint16_t rm; /* Rate Marking */
889  uint16_t err; /* Error Code */
890 };
891 
892 /* Packet "pseudo-header" for IrDA capture files. */
893 
894 /*
895  * Direction of the packet
896  */
897 #define IRDA_INCOMING 0x0000
898 #define IRDA_OUTGOING 0x0004
899 
900 /*
901  * "Inline" log messages produced by IrCOMM2k on Windows
902  */
903 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
904 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
905 
906 /*
907  * Differentiate between frames and log messages
908  */
909 #define IRDA_CLASS_FRAME 0x0000
910 #define IRDA_CLASS_LOG 0x0100
911 #define IRDA_CLASS_MASK 0xFF00
912 
913 struct irda_phdr {
914  uint16_t pkttype; /* packet type */
915 };
916 
917 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
918 
919 struct nettl_phdr {
920  uint16_t subsys;
921  uint32_t devid;
922  uint32_t kind;
923  int32_t pid;
924  uint32_t uid;
925 };
926 
927 /* Packet "pseudo-header" for MTP2 files. */
928 
929 #define MTP2_ANNEX_A_NOT_USED 0
930 #define MTP2_ANNEX_A_USED 1
931 #define MTP2_ANNEX_A_USED_UNKNOWN 2
932 
933 struct mtp2_phdr {
934  uint8_t sent;
935  uint8_t annex_a_used;
936  uint16_t link_number;
937 };
938 
939 /* Packet "pseudo-header" for K12 files. */
940 
941 typedef union {
942  struct {
943  uint16_t vp;
944  uint16_t vc;
945  uint16_t cid;
946  } atm;
947 
948  uint32_t ds0mask;
950 
951 struct k12_phdr {
952  uint32_t input;
953  const char *input_name;
954  const char *stack_file;
955  uint32_t input_type;
956  k12_input_info_t input_info;
957  uint8_t *extra_info;
958  uint32_t extra_length;
959  void* stuff;
960 };
961 
962 #define K12_PORT_DS0S 0x00010008
963 #define K12_PORT_DS1 0x00100008
964 #define K12_PORT_ATMPVC 0x01020000
965 
966 struct lapd_phdr {
967  uint16_t pkttype; /* packet type */
968  uint8_t we_network;
969 };
970 
971 struct wtap;
973 {
974  union
975  {
976  struct isdn_phdr isdn;
977  struct atm_phdr atm;
978  struct p2p_phdr p2p;
979  } inner_pseudo_header;
980  int64_t seek_off;
981  struct wtap *wth;
982 };
983 
984 /*
985  * Endace Record Format pseudo header
986  */
987 struct erf_phdr {
988  uint64_t ts; /* Time stamp */
989  uint8_t type;
990  uint8_t flags;
991  uint16_t rlen;
992  uint16_t lctr;
993  uint16_t wlen;
994 };
995 
996 struct erf_ehdr {
997  uint64_t ehdr;
998 };
999 
1000 /*
1001  * ERF pseudo header with optional subheader
1002  * (Multichannel or Ethernet)
1003  */
1004 
1005 #define MAX_ERF_EHDR 16
1006 
1008  uint8_t offset;
1009  uint8_t pad;
1010 };
1011 
1012 struct erf_mc_phdr {
1013  struct erf_phdr phdr;
1014  struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
1015  union
1016  {
1017  struct wtap_erf_eth_hdr eth_hdr;
1018  uint32_t mc_hdr;
1019  uint32_t aal2_hdr;
1020  } subhdr;
1021 };
1022 
1023 #define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
1024 #define SITA_FRAME_DIR_RXED (0x01)
1025 #define SITA_FRAME_DIR (0x01) /* mask */
1026 #define SITA_ERROR_NO_BUFFER (0x80)
1027 
1028 #define SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */
1029 #define SITA_SIG_DTR (0x02)
1030 #define SITA_SIG_CTS (0x04)
1031 #define SITA_SIG_RTS (0x08)
1032 #define SITA_SIG_DCD (0x10)
1033 #define SITA_SIG_UNDEF1 (0x20)
1034 #define SITA_SIG_UNDEF2 (0x40)
1035 #define SITA_SIG_UNDEF3 (0x80)
1036 
1037 #define SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */
1038 #define SITA_ERROR_TX_CTS_LOST (0x02)
1039 #define SITA_ERROR_TX_UART_ERROR (0x04)
1040 #define SITA_ERROR_TX_RETX_LIMIT (0x08)
1041 #define SITA_ERROR_TX_UNDEF1 (0x10)
1042 #define SITA_ERROR_TX_UNDEF2 (0x20)
1043 #define SITA_ERROR_TX_UNDEF3 (0x40)
1044 #define SITA_ERROR_TX_UNDEF4 (0x80)
1045 
1046 #define SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */
1047 #define SITA_ERROR_RX_PARITY (0x02)
1048 #define SITA_ERROR_RX_COLLISION (0x04)
1049 #define SITA_ERROR_RX_FRAME_LONG (0x08)
1050 #define SITA_ERROR_RX_FRAME_SHORT (0x10)
1051 #define SITA_ERROR_RX_UNDEF1 (0x20)
1052 #define SITA_ERROR_RX_UNDEF2 (0x40)
1053 #define SITA_ERROR_RX_UNDEF3 (0x80)
1054 
1055 #define SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */
1056 #define SITA_ERROR_RX_ABORT (0x02)
1057 #define SITA_ERROR_RX_CD_LOST (0x04)
1058 #define SITA_ERROR_RX_DPLL (0x08)
1059 #define SITA_ERROR_RX_OVERRUN (0x10)
1060 #define SITA_ERROR_RX_FRAME_LEN_VIOL (0x20)
1061 #define SITA_ERROR_RX_CRC (0x40)
1062 #define SITA_ERROR_RX_BREAK (0x80)
1063 
1064 #define SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */
1065 #define SITA_PROTO_BOP_LAPB (0x01)
1066 #define SITA_PROTO_ETHERNET (0x02)
1067 #define SITA_PROTO_ASYNC_INTIO (0x03)
1068 #define SITA_PROTO_ASYNC_BLKIO (0x04)
1069 #define SITA_PROTO_ALC (0x05)
1070 #define SITA_PROTO_UTS (0x06)
1071 #define SITA_PROTO_PPP_HDLC (0x07)
1072 #define SITA_PROTO_SDLC (0x08)
1073 #define SITA_PROTO_TOKENRING (0x09)
1074 #define SITA_PROTO_I2C (0x10)
1075 #define SITA_PROTO_DPM_LINK (0x11)
1076 #define SITA_PROTO_BOP_FRL (0x12)
1077 
1078 struct sita_phdr {
1079  uint8_t sita_flags;
1080  uint8_t sita_signals;
1081  uint8_t sita_errors1;
1082  uint8_t sita_errors2;
1083  uint8_t sita_proto;
1084 };
1085 
1086 /*pseudo header for Bluetooth HCI*/
1087 struct bthci_phdr {
1088  bool sent;
1089  uint32_t channel;
1090 };
1091 
1092 #define BTHCI_CHANNEL_COMMAND 1
1093 #define BTHCI_CHANNEL_ACL 2
1094 #define BTHCI_CHANNEL_SCO 3
1095 #define BTHCI_CHANNEL_EVENT 4
1096 #define BTHCI_CHANNEL_ISO 5
1097 
1098 /* pseudo header for WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
1099 struct btmon_phdr {
1100  uint16_t adapter_id;
1101  uint16_t opcode;
1102 };
1103 
1104 /* pseudo header for WTAP_ENCAP_LAYER1_EVENT */
1106  bool uton;
1107 };
1108 
1109 /* * I2C pseudo header */
1110 struct i2c_phdr {
1111  uint8_t is_event;
1112  uint8_t bus;
1113  uint32_t flags;
1114 };
1115 
1116 /* pseudo header for WTAP_ENCAP_GSM_UM */
1117 struct gsm_um_phdr {
1118  bool uplink;
1119  uint8_t channel;
1120  /* The following are only populated for downlink */
1121  uint8_t bsic;
1122  uint16_t arfcn;
1123  uint32_t tdma_frame;
1124  uint8_t error;
1125  uint16_t timeshift;
1126 };
1127 
1128 #define GSM_UM_CHANNEL_UNKNOWN 0
1129 #define GSM_UM_CHANNEL_BCCH 1
1130 #define GSM_UM_CHANNEL_SDCCH 2
1131 #define GSM_UM_CHANNEL_SACCH 3
1132 #define GSM_UM_CHANNEL_FACCH 4
1133 #define GSM_UM_CHANNEL_CCCH 5
1134 #define GSM_UM_CHANNEL_RACH 6
1135 #define GSM_UM_CHANNEL_AGCH 7
1136 #define GSM_UM_CHANNEL_PCH 8
1137 
1138 /* Pseudo-header for nstrace packets */
1139 struct nstr_phdr {
1140  int64_t rec_offset;
1141  int32_t rec_len;
1142  uint8_t nicno_offset;
1143  uint8_t nicno_len;
1144  uint8_t dir_offset;
1145  uint8_t dir_len;
1146  uint16_t eth_offset;
1147  uint8_t pcb_offset;
1148  uint8_t l_pcb_offset;
1149  uint8_t rec_type;
1150  uint8_t vlantag_offset;
1151  uint8_t coreid_offset;
1152  uint8_t srcnodeid_offset;
1153  uint8_t destnodeid_offset;
1154  uint8_t clflags_offset;
1155  uint8_t src_vmname_len_offset;
1156  uint8_t dst_vmname_len_offset;
1157  uint8_t ns_activity_offset;
1158  uint8_t data_offset;
1159 };
1160 
1161 /* Packet "pseudo-header" for Nokia output */
1162 struct nokia_phdr {
1163  struct eth_phdr eth;
1164  uint8_t stuff[4]; /* mysterious stuff */
1165 };
1166 
1167 #define LLCP_PHDR_FLAG_SENT 0
1168 struct llcp_phdr {
1169  uint8_t adapter;
1170  uint8_t flags;
1171 };
1172 
1173 /* pseudo header for WTAP_ENCAP_LOGCAT */
1174 struct logcat_phdr {
1175  int version;
1176 };
1177 
1178 /* Packet "pseudo-header" information for header data from NetMon files. */
1179 
1180 struct netmon_phdr {
1181  uint8_t* title; /* Comment title, as a null-terminated UTF-8 string */
1182  uint32_t descLength; /* Number of bytes in the comment description */
1183  uint8_t* description; /* Comment description, in ASCII RTF */
1184  unsigned sub_encap; /* "Real" encap value for the record that will be used once pseudo header data is display */
1186  struct eth_phdr eth;
1187  struct atm_phdr atm;
1188  struct ieee_802_11_phdr ieee_802_11;
1189  } subheader;
1190 };
1191 
1192 /* File "pseudo-header" for BER data files. */
1193 struct ber_phdr {
1194  const char *pathname; /* Path name of file. */
1195 };
1196 
1198  struct eth_phdr eth;
1199  struct dte_dce_phdr dte_dce;
1200  struct isdn_phdr isdn;
1201  struct atm_phdr atm;
1202  struct ascend_phdr ascend;
1203  struct p2p_phdr p2p;
1204  struct ieee_802_11_phdr ieee_802_11;
1205  struct cosine_phdr cosine;
1206  struct irda_phdr irda;
1207  struct nettl_phdr nettl;
1208  struct mtp2_phdr mtp2;
1209  struct k12_phdr k12;
1210  struct lapd_phdr lapd;
1211  struct catapult_dct2000_phdr dct2000;
1212  struct erf_mc_phdr erf;
1213  struct sita_phdr sita;
1214  struct bthci_phdr bthci;
1215  struct btmon_phdr btmon;
1216  struct l1event_phdr l1event;
1217  struct i2c_phdr i2c;
1218  struct gsm_um_phdr gsm_um;
1219  struct nstr_phdr nstr;
1220  struct nokia_phdr nokia;
1221  struct llcp_phdr llcp;
1222  struct logcat_phdr logcat;
1223  struct netmon_phdr netmon;
1224  struct ber_phdr ber;
1225 };
1226 
1227 /*
1228  * Record type values.
1229  *
1230  * This list will expand over time, so don't assume everything will
1231  * forever be one of the types listed below.
1232  *
1233  * For file-type-specific records, the "ftsrec" field of the pseudo-header
1234  * contains a file-type-specific subtype value, such as a block type for
1235  * a pcapng file.
1236  *
1237  * An "event" is an indication that something happened during the capture
1238  * process, such as a status transition of some sort on the network.
1239  * These should, ideally, have a time stamp and, if they're relevant to
1240  * a particular interface on a multi-interface capture, should also have
1241  * an interface ID. The data for the event is file-type-specific and
1242  * subtype-specific. These should be dissected and displayed just as
1243  * packets are.
1244  *
1245  * A "report" supplies information not corresponding to an event;
1246  * for example, a pcapng Interface Statistics Block would be a report,
1247  * as it doesn't correspond to something happening on the network.
1248  * They may have a time stamp, and should be dissected and displayed
1249  * just as packets are.
1250  *
1251  * We distinguish between "events" and "reports" so that, for example,
1252  * the packet display can show the delta between a packet and an event
1253  * but not show the delta between a packet and a report, as the time
1254  * stamp of a report may not correspond to anything interesting on
1255  * the network but the time stamp of an event would.
1256  *
1257  * XXX - are there any file-type-specific records that *shouldn't* be
1258  * dissected and displayed? If so, they should be parsed and the
1259  * information in them stored somewhere, and used somewhere, whether
1260  * it's just used when saving the file in its native format or also
1261  * used to parse *other* file-type-specific records.
1262  *
1263  * These would be similar to, for example, pcapng Interface Description
1264  * Blocks, for which the position within the file is significant only
1265  * in that an IDB for an interface must appear before any packets from
1266  * the interface; the fact that an IDB appears at some point doesn't
1267  * necessarily mean something happened in the capture at that point.
1268  * Name Resolution Blocks are another example of such a record.
1269  *
1270  * (XXX - if you want to have a record that says "this interface first
1271  * showed up at this time", that needs to be a separate record type
1272  * from the IDB. We *could* add a "New Interface Description Block",
1273  * with a time stamp, for that purpose, but we'd *still* have to
1274  * provide IDBs for those interfaces, for compatibility with programs
1275  * that don't know about the NIDB. An ISB with only an isb_starttime
1276  * option would suffice for this purpose, so nothing needs to be
1277  * added to pcapng for this.)
1278  */
1279 #define REC_TYPE_PACKET 0
1280 #define REC_TYPE_FT_SPECIFIC_EVENT 1
1281 #define REC_TYPE_FT_SPECIFIC_REPORT 2
1282 #define REC_TYPE_SYSCALL 3
1283 #define REC_TYPE_SYSTEMD_JOURNAL_EXPORT 4
1284 #define REC_TYPE_CUSTOM_BLOCK 5
1286 typedef struct {
1287  uint32_t caplen; /* data length in the file */
1288  uint32_t len; /* data length on the wire */
1289  int pkt_encap; /* WTAP_ENCAP_ value for this packet */
1290  /* pcapng variables */
1291  uint32_t interface_id; /* identifier of the interface. */
1292  /* options */
1293 
1294  union wtap_pseudo_header pseudo_header;
1296 
1297 /*
1298  * The pcapng specification says "The word is encoded as an unsigned
1299  * 32-bit integer, using the endianness of the Section Header Block
1300  * scope it is in. In the following table, the bits are numbered with
1301  * 0 being the most-significant bit and 31 being the least-significant
1302  * bit of the 32-bit unsigned integer."
1303  *
1304  * From that, the direction, in bits 0 and 1, is at the *top* of the word.
1305  *
1306  * However, several implementations, such as:
1307  *
1308  * the Wireshark pcapng file reading code;
1309  *
1310  * macOS libpcap and tcpdump;
1311  *
1312  * text2pcap;
1313  *
1314  * and probably the software that generated the capture in bug 11665;
1315  *
1316  * treat 0 as the *least*-significant bit and bit 31 being the *most*-
1317  * significant bit of the flags word, and put the direction at the
1318  * *bottom* of the word.
1319  *
1320  * For now, we go with the known implementations.
1321  */
1322 
1323 /* Direction field of the packet flags */
1324 #define PACK_FLAGS_DIRECTION_MASK 0x00000003 /* unshifted */
1325 #define PACK_FLAGS_DIRECTION_SHIFT 0
1326 #define PACK_FLAGS_DIRECTION(pack_flags) (((pack_flags) & PACK_FLAGS_DIRECTION_MASK) >> PACK_FLAGS_DIRECTION_SHIFT)
1327 #define PACK_FLAGS_DIRECTION_UNKNOWN 0
1328 #define PACK_FLAGS_DIRECTION_INBOUND 1
1329 #define PACK_FLAGS_DIRECTION_OUTBOUND 2
1330 
1331 /* Reception type field of the packet flags */
1332 #define PACK_FLAGS_RECEPTION_TYPE_MASK 0x0000001C /* unshifted */
1333 #define PACK_FLAGS_RECEPTION_TYPE_SHIFT 2
1334 #define PACK_FLAGS_RECEPTION_TYPE(pack_flags) (((pack_flags) & PACK_FLAGS_RECEPTION_TYPE_MASK) >> PACK_FLAGS_RECEPTION_TYPE_SHIFT)
1335 #define PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED 0
1336 #define PACK_FLAGS_RECEPTION_TYPE_UNICAST 1
1337 #define PACK_FLAGS_RECEPTION_TYPE_MULTICAST 2
1338 #define PACK_FLAGS_RECEPTION_TYPE_BROADCAST 3
1339 #define PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS 4
1340 
1341 /* FCS length field of the packet flags */
1342 #define PACK_FLAGS_FCS_LENGTH_MASK 0x000001E0 /* unshifted */
1343 #define PACK_FLAGS_FCS_LENGTH_SHIFT 5
1344 #define PACK_FLAGS_FCS_LENGTH(pack_flags) (((pack_flags) & PACK_FLAGS_FCS_LENGTH_MASK) >> PACK_FLAGS_FCS_LENGTH_SHIFT)
1345 
1346 /* Reserved bits of the packet flags */
1347 #define PACK_FLAGS_RESERVED_MASK 0x0000FE00
1348 
1349 /* Link-layer-dependent errors of the packet flags */
1350 
1351 /* For Ethernet and possibly some other network types */
1352 #define PACK_FLAGS_CRC_ERROR 0x01000000
1353 #define PACK_FLAGS_PACKET_TOO_LONG 0x02000000
1354 #define PACK_FLAGS_PACKET_TOO_SHORT 0x04000000
1355 #define PACK_FLAGS_WRONG_INTER_FRAME_GAP 0x08000000
1356 #define PACK_FLAGS_UNALIGNED_FRAME 0x10000000
1357 #define PACK_FLAGS_START_FRAME_DELIMITER_ERROR 0x20000000
1358 #define PACK_FLAGS_PREAMBLE_ERROR 0x40000000
1359 #define PACK_FLAGS_SYMBOL_ERROR 0x80000000
1360 
1361 /* Construct a pack_flags value from its subfield values */
1362 #define PACK_FLAGS_VALUE(direction, reception_type, fcs_length, ll_dependent_errors) \
1363  (((direction) << 30) | \
1364  ((reception_type) << 27) | \
1365  ((fcs_length) << 23) | \
1366  (ll_dependent_errors))
1367 
1368 typedef struct {
1369  unsigned record_type; /* the type of record this is - file type-specific value */
1370  uint32_t record_len; /* length of the record */
1372 
1373 typedef struct {
1374  const char *pathname; /* Path name of file. */
1375  unsigned record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
1376  int byte_order;
1377  /* uint32_t sentinel; */
1378  uint64_t timestamp; /* ns since epoch - XXX dup of ts */
1379  uint64_t thread_id;
1380  uint32_t event_len; /* length of the event */
1381  uint32_t event_filelen; /* event data length in the file */
1382  uint16_t event_type;
1383  uint32_t nparams; /* number of parameters of the event */
1384  uint16_t cpu_id;
1385  /* ... Event ... */
1387 
1388 typedef struct {
1389  uint32_t record_len; /* length of the record */
1391 
1392 typedef struct {
1393  uint32_t length; /* length of the record */
1394  uint32_t pen; /* private enterprise number */
1395  bool copy_allowed; /* CB can be written */
1396  union {
1397  struct nflx {
1398  uint32_t type; /* block type */
1399  uint32_t skipped; /* Used if type == BBLOG_TYPE_SKIPPED_BLOCK */
1400  } nflx_custom_data_header;
1401  } custom_data_header;
1403 
1404 #define BBLOG_TYPE_EVENT_BLOCK 1
1405 #define BBLOG_TYPE_SKIPPED_BLOCK 2
1406 
1407 /*
1408  * The largest nstime.secs value that can be put into an unsigned
1409  * 32-bit quantity.
1410  *
1411  * We assume that time_t is signed; it is signed on Windows/MSVC and
1412  * on many UN*Xes.
1413  *
1414  * So, if time_t is 32-bit, we define this as INT32_MAX, as that's
1415  * the largest value a time_t can have, and it fits in an unsigned
1416  * 32-bit quantity. If it's 64-bit or larger, we define this as
1417  * UINT32_MAX, as, even if it's signed, it can be as large as
1418  * UINT32_MAX, and that's the largest value that can fit in
1419  * a 32-bit unsigned quantity.
1420  *
1421  * Comparing against this, rather than against G_MAXINT2, when checking
1422  * whether a time stamp will fit in a 32-bit unsigned integer seconds
1423  * field in a capture file being written avoids signed vs. unsigned
1424  * warnings if time_t is a signed 32-bit type.
1425  *
1426  * XXX - what if time_t is unsigned? Are there any platforms where
1427  * it is?
1428  */
1429 #define WTAP_NSTIME_32BIT_SECS_MAX ((time_t)(sizeof(time_t) > sizeof(int32_t) ? UINT32_MAX : INT32_MAX))
1430 
1431 typedef struct wtap_rec {
1432  unsigned rec_type; /* what type of record is this? */
1433  uint32_t presence_flags; /* what stuff do we have? */
1434  unsigned section_number; /* section, within file, containing this record */
1435  nstime_t ts; /* time stamp */
1436  int tsprec; /* WTAP_TSPREC_ value for this record */
1437  nstime_t ts_rel_cap; /* time stamp relative from capture start */
1438  bool ts_rel_cap_valid; /* is ts_rel_cap valid and can be used? */
1439  union {
1440  wtap_packet_header packet_header;
1441  wtap_ft_specific_header ft_specific_header;
1442  wtap_syscall_header syscall_header;
1443  wtap_systemd_journal_export_header systemd_journal_export_header;
1444  wtap_custom_block_header custom_block_header;
1445  } rec_header;
1446 
1447  wtap_block_t block ; /* packet block; holds comments and verdicts in its options */
1448  bool block_was_modified; /* true if ANY aspect of the block has been modified */
1449 
1450  /*
1451  * We use a Buffer so that we don't have to allocate and free
1452  * a buffer for the options for each record.
1453  */
1454  Buffer options_buf; /* file-type specific data */
1455 } wtap_rec;
1456 
1457 /*
1458  * Bits in presence_flags, indicating which of the fields we have.
1459  *
1460  * For the time stamp, we may need some more flags to indicate
1461  * whether the time stamp is an absolute date-and-time stamp, an
1462  * absolute time-only stamp (which can make relative time
1463  * calculations tricky, as you could in theory have two time
1464  * stamps separated by an unknown number of days), or a time stamp
1465  * relative to some unspecified time in the past (see mpeg.c).
1466  *
1467  * There is no presence flag for len - there has to be *some* length
1468  * value for the packet. (The "captured length" can be missing if
1469  * the file format doesn't report a captured length distinct from
1470  * the on-the-network length because the application(s) producing those
1471  * files don't support slicing packets.)
1472  *
1473  * There could be a presence flag for the packet encapsulation - if it's
1474  * absent, use the file encapsulation - but it's not clear that's useful;
1475  * we currently do that in the module for the file format.
1476  *
1477  * Only WTAP_HAS_TS and WTAP_HAS_SECTION_NUMBER apply to all record types.
1478  */
1479 #define WTAP_HAS_TS 0x00000001
1480 #define WTAP_HAS_CAP_LEN 0x00000002
1481 #define WTAP_HAS_INTERFACE_ID 0x00000004
1482 #define WTAP_HAS_SECTION_NUMBER 0x00000008
1484 #ifndef MAXNAMELEN
1485 #define MAXNAMELEN 64 /* max name length (hostname and port name) */
1486 #endif
1487 
1488 typedef struct hashipv4 {
1489  unsigned addr;
1490  uint8_t flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1491  char ip[WS_INET_ADDRSTRLEN];
1492  char name[MAXNAMELEN];
1493 } hashipv4_t;
1494 
1495 typedef struct hashipv6 {
1496  uint8_t addr[16];
1497  uint8_t flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1498  char ip6[WS_INET6_ADDRSTRLEN];
1499  char name[MAXNAMELEN];
1500 } hashipv6_t;
1501 
1505 typedef struct addrinfo_lists {
1509 
1526 typedef struct wtap_dump_params {
1527  int encap;
1528  int snaplen;
1529  int tsprec;
1530  GArray *shb_hdrs;
1531  const GArray *shb_iface_to_global;
1535  const GArray *nrbs_growing;
1538  GArray *dsbs_initial;
1539  const GArray *dsbs_growing;
1542  const GArray *mevs_growing;
1547 
1548 /* Zero-initializer for wtap_dump_params. */
1549 #define WTAP_DUMP_PARAMS_INIT {.snaplen=0}
1550 
1551 struct wtap_dumper;
1552 
1553 typedef struct wtap wtap;
1554 typedef struct wtap_dumper wtap_dumper;
1555 
1556 typedef struct wtap_reader *FILE_T;
1557 
1558 /* Similar to the wtap_open_routine_info for open routines, the following
1559  * wtap_wslua_file_info struct is used by wslua code for Lua-based file writers.
1560  *
1561  * This concept is necessary because when wslua goes to invoke the
1562  * registered dump/write_open routine callback in Lua, it needs the ref number representing
1563  * the hooked function inside Lua. This will be stored in the thing pointed to
1564  * by the void* data here. This 'data' pointer will be copied into the
1565  * wtap_dumper struct's 'void* data' member when calling the dump_open function,
1566  * which is how wslua finally retrieves it. Unlike wtap_dumper's 'priv' member, its
1567  * 'data' member is not free'd in wtap_dump_close().
1568  */
1569 typedef struct wtap_wslua_file_info {
1570  int (*wslua_can_write_encap)(int, void*); /* a can_write_encap func for wslua uses */
1571  void* wslua_data; /* holds the wslua data */
1573 
1574 /*
1575  * For registering extensions used for file formats.
1576  *
1577  * These items are used in dialogs for opening files, so that
1578  * the user can ask to see all capture files (as identified
1579  * by file extension) or particular types of capture files.
1580  *
1581  * Each item has a human-readable description of the file types
1582  * (possibly more than one!) that use all of this set of extensions,
1583  * a flag indicating whether it's a capture file or just some file
1584  * whose contents we can dissect, and a list of extensions files of
1585  * that type might have.
1586  *
1587  * Note that entries in this table do *not* necessarily correspoond
1588  * to single file types; for example, the entry that lists just "cap"
1589  * is for several file formats, all of which use the extension ".cap".
1590  *
1591  * Also note that a given extension may appear in multiple entries;
1592  * for example, "cap" (again!) is in an entry for some file types
1593  * that use only ".cap" and in entries for file types that use
1594  * ".cap" and some other extensions, and ".trc" is used both for
1595  * DOS Sniffer Token Ring captures ("trc") and EyeSDN USB ISDN
1596  * trace files ("tr{a}c{e}").
1597  *
1598  * Some entries aren't for capture file types, they're just generic types,
1599  * such as "text file" or "XML file", that can be used for, among other
1600  * things, captures we can read, or for file formats we can read in
1601  * order to dissect the contents of the file (think of this as "Fileshark",
1602  * which is a program that we really should have). Those are marked
1603  * specially, because, in file section dialogs, the user should be able
1604  * to select "All Capture Files" and get a set of extensions that are
1605  * associated with capture file formats, but not with files in other
1606  * formats that might or might not contain captured packets (such as
1607  * .txt or .xml") or formats that aren't capture files but that we
1608  * support as "we're being Fileshark now" (such as .jpeg). The routine
1609  * that constructs a list of extensions for "All Capture Files" omits
1610  * extensions for those entries.
1611  */
1613  /* the file type description */
1614  const char *name;
1615 
1616  /* true if this is a capture file type */
1617  bool is_capture_file;
1618 
1619  /* a semicolon-separated list of file extensions used for this type */
1620  const char *extensions;
1621 };
1622 
1623 /*
1624  * For registering file types that we can open.
1625  *
1626  * Each file type has an open routine.
1627  *
1628  * The open routine should return:
1629  *
1630  * WTAP_OPEN_ERROR on an I/O error;
1631  *
1632  * WTAP_OPEN_MINE if the file it's reading is one of the types
1633  * it handles;
1634  *
1635  * WTAP_OPEN_NOT_MINE if the file it's reading isn't one of the
1636  * types it handles.
1637  *
1638  * If the routine handles this type of file, it should set the
1639  * "file_type_subtype" field in the "struct wtap" to the type of the file.
1640  *
1641  * Note that the routine does not have to free the private data pointer on
1642  * error. The caller takes care of that by calling wtap_close on error.
1643  * (See https://gitlab.com/wireshark/wireshark/-/issues/8518)
1644  *
1645  * However, the caller does have to free the private data pointer when
1646  * returning WTAP_OPEN_NOT_MINE, since the next file type will be called
1647  * and will likely just overwrite the pointer.
1648  */
1649 typedef enum {
1650  WTAP_OPEN_NOT_MINE = 0,
1651  WTAP_OPEN_MINE = 1,
1652  WTAP_OPEN_ERROR = -1
1653 } wtap_open_return_val;
1654 
1655 typedef wtap_open_return_val (*wtap_open_routine_t)(struct wtap*, int *,
1656  char **);
1657 
1658 /*
1659  * Some file formats have defined magic numbers at fixed offsets from
1660  * the beginning of the file; those routines should return 1 if and
1661  * only if the file has the magic number at that offset. (pcapng
1662  * is a bit of a special case, as it has both the Section Header Block
1663  * type field and its byte-order magic field; it checks for both.)
1664  * Those file formats do not require a file name extension in order
1665  * to recognize them or to avoid recognizing other file types as that
1666  * type, and have no extensions specified for them.
1667  *
1668  * Other file formats don't have defined magic numbers at fixed offsets,
1669  * so a heuristic is required. If that file format has any file name
1670  * extensions used for it, a list of those extensions should be
1671  * specified, so that, if the name of the file being opened has an
1672  * extension, the file formats that use that extension are tried before
1673  * the ones that don't, to handle the case where a file of one type
1674  * might be recognized by the heuristics for a different file type.
1675  */
1676 typedef enum {
1677  OPEN_INFO_MAGIC = 0,
1678  OPEN_INFO_HEURISTIC = 1
1679 } wtap_open_type;
1680 
1681 WS_DLL_PUBLIC void init_open_routines(void);
1682 
1683 void cleanup_open_routines(void);
1684 
1685 /*
1686  * Information about a given file type that applies to all subtypes of
1687  * the file type.
1688  *
1689  * Each file type has:
1690  *
1691  * a human-readable description of the file type, for use in the
1692  * user interface;
1693  * a wtap_open_type indication of how the open routine
1694  * determines whether a file is of that type;
1695  * an open routine;
1696  * an optional list of extensions used for this file type;
1697  * data to be passed to Lua file readers - this should be NULL for
1698  * non-Lua (C) file readers.
1699  *
1700  * The list of file extensions is used as a hint when calling open routines
1701  * to open a file; heuristic open routines whose list of extensions includes
1702  * the file's extension are called before heuristic open routines whose
1703  * (possibly-empty) list of extensions doesn't contain the file's extension,
1704  * to reduce the chances that a file will be misidentified due to an heuristic
1705  * test with a weak heuristic being done before a heuristic test for the
1706  * file's type.
1707  *
1708  * The list of extensions should be NULL for magic-number open routines,
1709  * as it will not be used for any purpose (no such hinting is done).
1710  */
1711 struct open_info {
1712  const char *name; /* Description */
1713  wtap_open_type type; /* Open routine type */
1714  wtap_open_routine_t open_routine; /* Open routine */
1715  const char *extensions; /* List of extensions used for this file type */
1716  char **extensions_set; /* Array of those extensions; populated using extensions member during initialization */
1717  void* wslua_data; /* Data for Lua file readers */
1718 };
1719 WS_DLL_PUBLIC struct open_info *open_routines;
1720 
1721 /*
1722  * Types of comments.
1723  */
1724 #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
1725 #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
1726 #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
1727 
1728 /*
1729  * For a given option type in a certain block type, does a file format
1730  * not support it, support only one such option, or support multiple
1731  * such options?
1732  */
1733 typedef enum {
1734  OPTION_NOT_SUPPORTED,
1735  ONE_OPTION_SUPPORTED,
1736  MULTIPLE_OPTIONS_SUPPORTED
1737 } option_support_t;
1738 
1739 /*
1740  * Entry in a table of supported option types.
1741  */
1743  unsigned opt;
1744  option_support_t support; /* OPTION_NOT_SUPPORTED allowed, equivalent to absence */
1745 };
1746 
1747 #define OPTION_TYPES_SUPPORTED(option_type_array) \
1748  array_length(option_type_array), option_type_array
1749 
1750 #define NO_OPTIONS_SUPPORTED \
1751  0, NULL
1752 
1753 /*
1754  * For a given block type, does a file format not support it, support
1755  * only one such block, or support multiple such blocks?
1756  */
1757 typedef enum {
1758  BLOCK_NOT_SUPPORTED,
1759  ONE_BLOCK_SUPPORTED,
1760  MULTIPLE_BLOCKS_SUPPORTED
1761 } block_support_t;
1762 
1763 /*
1764  * Entry in a table of supported block types.
1765  */
1767  wtap_block_type_t type;
1768  block_support_t support; /* BLOCK_NOT_SUPPORTED allowed, equivalent to absence */
1769  size_t num_supported_options;
1770  const struct supported_option_type *supported_options;
1771 };
1772 
1773 #define BLOCKS_SUPPORTED(block_type_array) \
1774  array_length(block_type_array), block_type_array
1775 
1780  const char *description;
1781 
1786  const char *name;
1787 
1793 
1801 
1806 
1811 
1816 
1825  int (*can_write_encap)(int);
1826 
1831  bool (*dump_open)(wtap_dumper *, int *, char **);
1832 
1838 };
1839 
1840 #define WTAP_TYPE_AUTO 0
1841 
1847 WS_DLL_PUBLIC
1848 void wtap_init(bool load_wiretap_plugins);
1849 
1862 WS_DLL_PUBLIC
1863 struct wtap* wtap_open_offline(const char *filename, unsigned int type, int *err,
1864  char **err_info, bool do_random);
1865 
1871 WS_DLL_PUBLIC
1872 void wtap_cleareof(wtap *wth);
1873 
1878 typedef void (*wtap_new_ipv4_callback_t) (const unsigned addr, const char *name, const bool static_entry);
1879 WS_DLL_PUBLIC
1880 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
1881 
1882 typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const char *name, const bool static_entry);
1883 WS_DLL_PUBLIC
1884 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
1885 
1890 typedef void (*wtap_new_secrets_callback_t)(uint32_t secrets_type, const void *secrets, unsigned size);
1891 WS_DLL_PUBLIC
1892 void wtap_set_cb_new_secrets(wtap *wth, wtap_new_secrets_callback_t add_new_secrets);
1893 
1909 WS_DLL_PUBLIC
1910 bool wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err,
1911  char **err_info, int64_t *offset);
1912 
1929 WS_DLL_PUBLIC
1930 bool wtap_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec,
1931  Buffer *buf, int *err, char **err_info);
1932 
1933 /*** initialize a wtap_rec structure ***/
1934 WS_DLL_PUBLIC
1935 void wtap_rec_init(wtap_rec *rec);
1936 
1937 /*** Re-initialize a wtap_rec structure ***/
1938 WS_DLL_PUBLIC
1939 void wtap_rec_reset(wtap_rec *rec);
1940 
1941 /*** clean up a wtap_rec structure, freeing what wtap_rec_init() allocated */
1942 WS_DLL_PUBLIC
1943 void wtap_rec_cleanup(wtap_rec *rec);
1944 
1945 /*
1946  * Types of compression for a file, including "none".
1947  */
1948 typedef enum {
1949  WTAP_UNCOMPRESSED,
1950  WTAP_GZIP_COMPRESSED,
1951  WTAP_ZSTD_COMPRESSED,
1952  WTAP_LZ4_COMPRESSED
1953 } wtap_compression_type;
1954 
1955 WS_DLL_PUBLIC
1956 wtap_compression_type wtap_get_compression_type(wtap *wth);
1957 WS_DLL_PUBLIC
1958 const char *wtap_compression_type_description(wtap_compression_type compression_type);
1959 WS_DLL_PUBLIC
1960 const char *wtap_compression_type_extension(wtap_compression_type compression_type);
1961 WS_DLL_PUBLIC
1962 GSList *wtap_get_all_compression_type_extensions_list(void);
1963 
1964 /*** get various information snippets about the current file ***/
1965 
1968 WS_DLL_PUBLIC
1969 int64_t wtap_read_so_far(wtap *wth);
1970 WS_DLL_PUBLIC
1971 int64_t wtap_file_size(wtap *wth, int *err);
1972 WS_DLL_PUBLIC
1973 unsigned wtap_snapshot_length(wtap *wth); /* per file */
1974 WS_DLL_PUBLIC
1975 int wtap_file_type_subtype(wtap *wth);
1976 WS_DLL_PUBLIC
1977 int wtap_file_encap(wtap *wth);
1978 WS_DLL_PUBLIC
1979 int wtap_file_tsprec(wtap *wth);
1980 
1988 WS_DLL_PUBLIC
1989 unsigned wtap_file_get_num_shbs(wtap *wth);
1990 
2003 WS_DLL_PUBLIC
2004 wtap_block_t wtap_file_get_shb(wtap *wth, unsigned shb_num);
2005 
2016 WS_DLL_PUBLIC
2017 void wtap_write_shb_comment(wtap *wth, char *comment);
2018 
2030 WS_DLL_PUBLIC
2031 unsigned wtap_file_get_shb_global_interface_id(wtap *wth, unsigned shb_num, uint32_t interface_id);
2032 
2043 WS_DLL_PUBLIC
2045 
2055 WS_DLL_PUBLIC
2057 
2070 WS_DLL_PUBLIC
2072 
2084 WS_DLL_PUBLIC
2085 char *wtap_get_debug_if_descr(const wtap_block_t if_descr,
2086  const int indent,
2087  const char* line_end);
2088 
2101 WS_DLL_PUBLIC
2103 
2111 WS_DLL_PUBLIC
2112 unsigned wtap_file_get_num_dsbs(wtap *wth);
2113 
2124 WS_DLL_PUBLIC
2125 wtap_block_t wtap_file_get_dsb(wtap *wth, unsigned dsb_num);
2126 
2135 WS_DLL_PUBLIC
2136 void wtap_file_add_decryption_secrets(wtap *wth, const wtap_block_t dsb);
2137 
2146 WS_DLL_PUBLIC
2148 
2149 /*** close the file descriptors for the current file ***/
2150 WS_DLL_PUBLIC
2151 void wtap_fdclose(wtap *wth);
2152 
2153 /*** reopen the random file descriptor for the current file ***/
2154 WS_DLL_PUBLIC
2155 bool wtap_fdreopen(wtap *wth, const char *filename, int *err);
2156 
2158 WS_DLL_PUBLIC
2159 void wtap_sequential_close(wtap *wth);
2160 
2162 WS_DLL_PUBLIC
2163 void wtap_close(wtap *wth);
2164 
2165 /*** dump packets into a capture file ***/
2166 WS_DLL_PUBLIC
2167 bool wtap_dump_can_open(int filetype);
2168 
2173 WS_DLL_PUBLIC
2174 int wtap_dump_required_file_encap_type(const GArray *file_encaps);
2175 
2180 WS_DLL_PUBLIC
2181 bool wtap_dump_can_write_encap(int file_type_subtype, int encap);
2182 
2187 WS_DLL_PUBLIC
2188 bool wtap_dump_can_compress(int file_type_subtype);
2189 
2199 WS_DLL_PUBLIC
2200 void wtap_dump_params_init(wtap_dump_params *params, wtap *wth);
2201 
2216 WS_DLL_PUBLIC
2218 
2226 WS_DLL_PUBLIC
2228 
2236 WS_DLL_PUBLIC
2238 
2245 WS_DLL_PUBLIC
2247 
2260 WS_DLL_PUBLIC
2261 wtap_dumper* wtap_dump_open(const char *filename, int file_type_subtype,
2262  wtap_compression_type compression_type, const wtap_dump_params *params,
2263  int *err, char **err_info);
2264 
2280 WS_DLL_PUBLIC
2281 wtap_dumper* wtap_dump_open_tempfile(const char *tmpdir, char **filenamep,
2282  const char *pfx,
2283  int file_type_subtype, wtap_compression_type compression_type,
2284  const wtap_dump_params *params, int *err, char **err_info);
2285 
2298 WS_DLL_PUBLIC
2299 wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype,
2300  wtap_compression_type compression_type, const wtap_dump_params *params,
2301  int *err, char **err_info);
2302 
2314 WS_DLL_PUBLIC
2315 wtap_dumper* wtap_dump_open_stdout(int file_type_subtype,
2316  wtap_compression_type compression_type, const wtap_dump_params *params,
2317  int *err, char **err_info);
2318 
2319 /*
2320  * Add an IDB to the list of IDBs for a file we're writing.
2321  * Makes a copy of the IDB, so it can be freed after this call is made.
2322  *
2323  * @param wdh handle for the file we're writing.
2324  * @param idb the IDB to add
2325  * @param[out] err Will be set to an error code on failure.
2326  * @param[out] err_info for some errors, a string giving more details of
2327  * the error.
2328  * @return true on success, false on failure.
2329  */
2330 WS_DLL_PUBLIC
2331 bool wtap_dump_add_idb(wtap_dumper *wdh, wtap_block_t idb, int *err,
2332  char **err_info);
2333 WS_DLL_PUBLIC
2334 bool wtap_dump(wtap_dumper *, const wtap_rec *, const uint8_t *,
2335  int *err, char **err_info);
2336 WS_DLL_PUBLIC
2337 bool wtap_dump_flush(wtap_dumper *, int *);
2338 WS_DLL_PUBLIC
2339 int wtap_dump_file_type_subtype(wtap_dumper *wdh);
2340 WS_DLL_PUBLIC
2341 int64_t wtap_get_bytes_dumped(wtap_dumper *);
2342 WS_DLL_PUBLIC
2343 void wtap_set_bytes_dumped(wtap_dumper *wdh, int64_t bytes_dumped);
2344 struct addrinfo;
2345 WS_DLL_PUBLIC
2346 bool wtap_addrinfo_list_empty(addrinfo_lists_t *addrinfo_lists);
2347 WS_DLL_PUBLIC
2348 bool wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
2349 WS_DLL_PUBLIC
2350 void wtap_dump_discard_name_resolution(wtap_dumper *wdh);
2351 WS_DLL_PUBLIC
2352 void wtap_dump_discard_decryption_secrets(wtap_dumper *wdh);
2353 
2370 WS_DLL_PUBLIC
2371 bool wtap_dump_close(wtap_dumper *wdh, bool *needs_reload,
2372  int *err, char **err_info);
2373 
2378 WS_DLL_PUBLIC
2379 bool wtap_dump_can_write(const GArray *file_encaps, uint32_t required_comment_types);
2380 
2393 WS_DLL_PUBLIC
2394 void wtap_buffer_append_epdu_tag(Buffer *buf, uint16_t epdu_tag, const uint8_t *data, uint16_t data_len);
2395 
2404 WS_DLL_PUBLIC
2405 void wtap_buffer_append_epdu_uint(Buffer *buf, uint16_t epdu_tag, uint32_t val);
2406 
2415 WS_DLL_PUBLIC
2416 void wtap_buffer_append_epdu_string(Buffer *buf, uint16_t epdu_tag, const char *val);
2417 
2426 WS_DLL_PUBLIC
2428 
2429 /*
2430  * Sort the file types by name or by description?
2431  */
2432 typedef enum {
2433  FT_SORT_BY_NAME,
2434  FT_SORT_BY_DESCRIPTION
2435 } ft_sort_order;
2436 
2442 WS_DLL_PUBLIC
2443 GArray *wtap_get_savable_file_types_subtypes_for_file(int file_type_subtype,
2444  const GArray *file_encaps, uint32_t required_comment_types,
2445  ft_sort_order sort_order);
2446 
2450 WS_DLL_PUBLIC
2451 GArray *wtap_get_writable_file_types_subtypes(ft_sort_order sort_order);
2452 
2453 /*** various file type/subtype functions ***/
2454 WS_DLL_PUBLIC
2455 const char *wtap_file_type_subtype_description(int file_type_subtype);
2456 WS_DLL_PUBLIC
2457 const char *wtap_file_type_subtype_name(int file_type_subtype);
2458 WS_DLL_PUBLIC
2459 int wtap_name_to_file_type_subtype(const char *name);
2460 WS_DLL_PUBLIC
2461 int wtap_pcap_file_type_subtype(void);
2462 WS_DLL_PUBLIC
2463 int wtap_pcap_nsec_file_type_subtype(void);
2464 WS_DLL_PUBLIC
2465 int wtap_pcapng_file_type_subtype(void);
2466 
2471 WS_DLL_PUBLIC
2472 block_support_t wtap_file_type_subtype_supports_block(int file_type_subtype,
2473  wtap_block_type_t type);
2474 
2479 WS_DLL_PUBLIC
2480 option_support_t wtap_file_type_subtype_supports_option(int file_type_subtype,
2481  wtap_block_type_t type, unsigned opttype);
2482 
2483 /* Return a list of all extensions that are used by all capture file
2484  * types, including compressed extensions, e.g. not just "pcap" but
2485  * also "pcap.gz" if we can read gzipped files.
2486  *
2487  * "Capture files" means "include file types that correspond to
2488  * collections of network packets, but not file types that
2489  * store data that just happens to be transported over protocols
2490  * such as HTTP but that aren't collections of network packets",
2491  * so that it could be used for "All Capture Files" without picking
2492  * up JPEG files or files such as that - those aren't capture files,
2493  * and we *do* have them listed in the long list of individual file
2494  * types, so omitting them from "All Capture Files" is the right
2495  * thing to do.
2496  *
2497  * All strings in the list are allocated with g_malloc() and must be freed
2498  * with g_free().
2499  *
2500  * This is used to generate a list of extensions to look for if the user
2501  * chooses "All Capture Files" in a file open dialog.
2502  */
2503 WS_DLL_PUBLIC
2504 GSList *wtap_get_all_capture_file_extensions_list(void);
2505 
2506 /* Return a list of all extensions that are used by all file types that
2507  * we can read, including compressed extensions, e.g. not just "pcap" but
2508  * also "pcap.gz" if we can read gzipped files.
2509  *
2510  * "File type" means "include file types that correspond to collections
2511  * of network packets, as well as file types that store data that just
2512  * happens to be transported over protocols such as HTTP but that aren't
2513  * collections of network packets, and plain text files".
2514  *
2515  * All strings in the list are allocated with g_malloc() and must be freed
2516  * with g_free().
2517  */
2518 WS_DLL_PUBLIC
2519 GSList *wtap_get_all_file_extensions_list(void);
2520 
2521 /*
2522  * Free a list returned by wtap_get_file_extension_type_extensions(),
2523  * wtap_get_all_capture_file_extensions_list, wtap_get_file_extensions_list(),
2524  * or wtap_get_all_file_extensions_list().
2525  */
2526 WS_DLL_PUBLIC
2527 void wtap_free_extensions_list(GSList *extensions);
2528 
2529 /*
2530  * Return the default file extension to use with the specified file type
2531  * and subtype; that's just the extension, without any ".".
2532  */
2533 WS_DLL_PUBLIC
2534 const char *wtap_default_file_extension(int file_type_subtype);
2535 
2536 /* Return a list of file extensions that are used by the specified file type
2537  * and subtype.
2538  *
2539  * If include_compressed is true, the list will include compressed
2540  * extensions, e.g. not just "pcap" but also "pcap.gz" if we can read
2541  * gzipped files.
2542  *
2543  * All strings in the list are allocated with g_malloc() and must be freed
2544  * with g_free().
2545  */
2546 WS_DLL_PUBLIC
2547 GSList *wtap_get_file_extensions_list(int file_type_subtype, bool include_compressed);
2548 
2549 WS_DLL_PUBLIC
2550 const char *wtap_encap_name(int encap);
2551 WS_DLL_PUBLIC
2552 const char *wtap_encap_description(int encap);
2553 WS_DLL_PUBLIC
2554 int wtap_name_to_encap(const char *short_name);
2555 
2556 WS_DLL_PUBLIC
2557 const char* wtap_tsprec_string(int tsprec);
2558 
2559 WS_DLL_PUBLIC
2560 const char *wtap_strerror(int err);
2561 
2562 /*** get available number of file types and encapsulations ***/
2563 WS_DLL_PUBLIC
2564 int wtap_get_num_file_type_extensions(void);
2565 WS_DLL_PUBLIC
2566 int wtap_get_num_encap_types(void);
2567 
2568 /*** get information for file type extension ***/
2569 WS_DLL_PUBLIC
2570 const char *wtap_get_file_extension_type_name(int extension_type);
2571 WS_DLL_PUBLIC
2572 GSList *wtap_get_file_extension_type_extensions(unsigned extension_type);
2573 
2574 /*** dynamically register new file types and encapsulations ***/
2575 WS_DLL_PUBLIC
2576 void wtap_register_file_type_extension(const struct file_extension_info *ei);
2577 
2578 typedef struct {
2579  void (*register_wtap_module)(void); /* routine to call to register a wiretap module */
2580 } wtap_plugin;
2581 
2582 WS_DLL_PUBLIC
2583 void wtap_register_plugin(const wtap_plugin *plug);
2584 
2590 WS_DLL_PUBLIC
2591 int wtap_plugins_supported(void);
2592 
2593 WS_DLL_PUBLIC
2594 void wtap_register_open_info(struct open_info *oi, const bool first_routine);
2595 WS_DLL_PUBLIC
2596 bool wtap_has_open_info(const char *name);
2597 WS_DLL_PUBLIC
2598 bool wtap_uses_lua_filehandler(const wtap* wth);
2599 WS_DLL_PUBLIC
2600 void wtap_deregister_open_info(const char *name);
2601 
2602 WS_DLL_PUBLIC
2603 unsigned int open_info_name_to_type(const char *name);
2604 WS_DLL_PUBLIC
2605 int wtap_register_file_type_subtype(const struct file_type_subtype_info* fi);
2606 WS_DLL_PUBLIC
2607 void wtap_deregister_file_type_subtype(const int file_type_subtype);
2608 
2609 WS_DLL_PUBLIC
2610 int wtap_register_encap_type(const char *description, const char *name);
2611 
2612 /*** Cleanup the internal library structures */
2613 WS_DLL_PUBLIC
2614 void wtap_cleanup(void);
2615 
2619 #define WTAP_ERR_NOT_REGULAR_FILE -1
2622 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
2625 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
2628 #define WTAP_ERR_UNSUPPORTED -4
2632 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
2635 #define WTAP_ERR_CANT_OPEN -6
2638 #define WTAP_ERR_UNWRITABLE_FILE_TYPE -7
2641 #define WTAP_ERR_UNWRITABLE_ENCAP -8
2645 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
2648 #define WTAP_ERR_CANT_WRITE -10
2651 #define WTAP_ERR_CANT_CLOSE -11
2654 #define WTAP_ERR_SHORT_READ -12
2657 #define WTAP_ERR_BAD_FILE -13
2660 #define WTAP_ERR_SHORT_WRITE -14
2663 #define WTAP_ERR_UNC_OVERFLOW -15
2666 #define WTAP_ERR_RANDOM_OPEN_STDIN -16
2669 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17
2672 #define WTAP_ERR_CANT_SEEK -18
2675 #define WTAP_ERR_CANT_SEEK_COMPRESSED -19
2678 #define WTAP_ERR_DECOMPRESS -20
2681 #define WTAP_ERR_INTERNAL -21
2684 #define WTAP_ERR_PACKET_TOO_LARGE -22
2688 #define WTAP_ERR_CHECK_WSLUA -23
2692 #define WTAP_ERR_UNWRITABLE_REC_TYPE -24
2695 #define WTAP_ERR_UNWRITABLE_REC_DATA -25
2698 #define WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED -26
2701 #define WTAP_ERR_TIME_STAMP_NOT_SUPPORTED -27
2705 #ifdef __cplusplus
2706 }
2707 #endif /* __cplusplus */
2708 
2709 #endif /* __WTAP_H__ */
2710 
2711 /*
2712  * Editor modelines - https://www.wireshark.org/tools/modelines.html
2713  *
2714  * Local variables:
2715  * c-basic-offset: 4
2716  * tab-width: 8
2717  * indent-tabs-mode: nil
2718  * End:
2719  *
2720  * vi: set shiftwidth=4 tabstop=8 expandtab:
2721  * :indentSize=4:tabSize=8:noTabs=true:
2722  */
Definition: packet-eth.h:15
Definition: buffer.h:22
Definition: wtap.h:1505
GList * ipv6_addr_list
Definition: wtap.h:1507
GList * ipv4_addr_list
Definition: wtap.h:1506
Definition: wtap.h:514
Definition: wtap.h:487
Definition: wtap.h:1193
Definition: wtap.h:1087
Definition: wtap.h:1099
Definition: wtap.h:973
Definition: wtap.h:881
Definition: wtap.h:397
Definition: wtap.h:996
Definition: wtap.h:1012
Definition: wtap.h:987
Definition: wtap.h:390
Definition: wtap.h:1612
Definition: wtap.h:1776
wtap_wslua_file_info_t * wslua_info
Definition: wtap.h:1837
const char * name
Definition: wtap.h:1786
const char * additional_file_extensions
Definition: wtap.h:1800
int(* can_write_encap)(int)
Definition: wtap.h:1825
const struct supported_block_type * supported_blocks
Definition: wtap.h:1815
bool writing_must_seek
Definition: wtap.h:1805
const char * description
Definition: wtap.h:1780
bool(* dump_open)(wtap_dumper *, int *, char **)
Definition: wtap.h:1831
size_t num_supported_blocks
Definition: wtap.h:1810
const char * default_file_extension
Definition: wtap.h:1792
Definition: wtap.h:1117
Definition: wtap.h:1488
Definition: wtap.h:1495
Definition: wtap.h:1110
Definition: pcapio.c:113
Definition: wtap.h:577
Definition: wtap.h:814
Definition: wtap.h:600
Definition: wtap.h:704
Definition: wtap.h:745
Definition: wtap.h:755
Definition: wtap.h:590
Definition: wtap.h:770
Definition: wtap.h:788
Definition: wtap.h:636
Definition: wtap.h:652
Definition: tvbuff_lz77huff.c:32
Definition: wtap.h:913
Definition: wtap.h:404
Definition: wtap.h:951
Definition: wtap.h:1105
Definition: wtap.h:966
Definition: wtap.h:1168
Definition: wtap.h:1174
Definition: wtap.h:933
Definition: wtap.h:1180
Definition: wtap.h:919
Definition: wtap.h:1162
Definition: nstime.h:26
Definition: wtap.h:1139
Definition: wtap.h:1711
Definition: wtap.h:524
Definition: ngsniffer.c:80
Definition: wtap.h:1078
Definition: wtap.h:1766
Definition: wtap.h:1742
Definition: wtap_opttypes.c:85
Definition: wtap.h:1392
Definition: wtap.h:1526
const GArray * nrbs_growing
Definition: wtap.h:1535
const GArray * dsbs_growing
Definition: wtap.h:1539
int tsprec
Definition: wtap.h:1529
GArray * shb_hdrs
Definition: wtap.h:1530
int encap
Definition: wtap.h:1527
bool dont_copy_idbs
Definition: wtap.h:1545
GArray * dsbs_initial
Definition: wtap.h:1538
wtapng_iface_descriptions_t * idb_inf
Definition: wtap.h:1534
const GArray * mevs_growing
Definition: wtap.h:1542
const GArray * shb_iface_to_global
Definition: wtap.h:1531
int snaplen
Definition: wtap.h:1528
Definition: wtap-int.h:97
Definition: wtap.h:1007
Definition: wtap.h:1368
Definition: wtap.h:1286
Definition: wtap.h:2578
Definition: file_wrappers.c:177
Definition: wtap.h:1431
Definition: wtap.h:1373
Definition: wtap.h:1388
Definition: wtap.h:1569
Definition: wtap-int.h:37
Definition: wtap_opttypes.h:218
Definition: wtap.h:802
Definition: wtap.h:941
Definition: wtap.h:1197
struct wtap_dump_params wtap_dump_params
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_tempfile(const char *tmpdir, char **filenamep, const char *pfx, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Creates a dumper for a temporary file.
Definition: file_access.c:2440
WS_DLL_PUBLIC void wtap_buffer_append_epdu_tag(Buffer *buf, uint16_t epdu_tag, const uint8_t *data, uint16_t data_len)
Definition: wtap.c:2046
void(* wtap_new_secrets_callback_t)(uint32_t secrets_type, const void *secrets, unsigned size)
Definition: wtap.h:1890
WS_DLL_PUBLIC bool wtap_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec, Buffer *buf, int *err, char **err_info)
Definition: wtap.c:1916
WS_DLL_PUBLIC void wtap_init(bool load_wiretap_plugins)
Initialize the Wiretap library.
Definition: wtap.c:2127
WS_DLL_PUBLIC int wtap_plugins_supported(void)
Definition: wtap.c:52
WS_DLL_PUBLIC wtap_block_t wtap_file_get_shb(wtap *wth, unsigned shb_num)
Gets existing section header block, not for new file.
Definition: wtap.c:129
WS_DLL_PUBLIC void wtap_dump_params_cleanup(wtap_dump_params *params)
Definition: wtap.c:607
WS_DLL_PUBLIC bool wtap_dump_close(wtap_dumper *wdh, bool *needs_reload, int *err, char **err_info)
Definition: file_access.c:2666
WS_DLL_PUBLIC wtap_block_t wtap_get_next_interface_description(wtap *wth)
Gets next interface description.
Definition: wtap.c:193
WS_DLL_PUBLIC void wtap_buffer_append_epdu_string(Buffer *buf, uint16_t epdu_tag, const char *val)
Definition: wtap.c:2093
WS_DLL_PUBLIC void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info)
Free's a interface description block and all of its members.
Definition: wtap.c:362
WS_DLL_PUBLIC void wtap_dump_params_discard_decryption_secrets(wtap_dump_params *params)
Definition: wtap.c:594
WS_DLL_PUBLIC int wtap_dump_required_file_encap_type(const GArray *file_encaps)
Definition: file_access.c:1455
WS_DLL_PUBLIC void wtap_dump_params_discard_name_resolution(wtap_dump_params *params)
Definition: wtap.c:588
WS_DLL_PUBLIC void wtap_dump_params_init_no_idbs(wtap_dump_params *params, wtap *wth)
Definition: wtap.c:567
WS_DLL_PUBLIC void wtap_buffer_append_epdu_uint(Buffer *buf, uint16_t epdu_tag, uint32_t val)
Definition: wtap.c:2077
WS_DLL_PUBLIC unsigned wtap_file_get_shb_global_interface_id(wtap *wth, unsigned shb_num, uint32_t interface_id)
Gets the unique interface id for a SHB's interface.
Definition: wtap.c:138
WS_DLL_PUBLIC unsigned wtap_file_get_num_shbs(wtap *wth)
Gets number of section header blocks.
Definition: wtap.c:123
WS_DLL_PUBLIC void wtap_dump_params_init(wtap_dump_params *params, wtap *wth)
Definition: wtap.c:541
WS_DLL_PUBLIC GArray * wtap_get_writable_file_types_subtypes(ft_sort_order sort_order)
Definition: file_access.c:1733
WS_DLL_PUBLIC void wtap_write_shb_comment(wtap *wth, char *comment)
Sets or replaces the section header comment.
Definition: wtap.c:173
WS_DLL_PUBLIC GArray * wtap_get_savable_file_types_subtypes_for_file(int file_type_subtype, const GArray *file_encaps, uint32_t required_comment_types, ft_sort_order sort_order)
Definition: file_access.c:1621
WS_DLL_PUBLIC int64_t wtap_read_so_far(wtap *wth)
Definition: wtap.c:1867
WS_DLL_PUBLIC void wtap_file_add_decryption_secrets(wtap *wth, const wtap_block_t dsb)
Adds a Decryption Secrets Block to the open wiretap session.
Definition: wtap.c:234
WS_DLL_PUBLIC wtap_dumper * wtap_dump_fdopen(int fd, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Creates a dumper for an existing file descriptor.
Definition: file_access.c:2502
WS_DLL_PUBLIC void wtap_cleareof(wtap *wth)
Definition: wtap.c:1596
struct addrinfo_lists addrinfo_lists_t
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_stdout(int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Creates a dumper for the standard output.
Definition: file_access.c:2537
WS_DLL_PUBLIC unsigned wtap_file_get_num_dsbs(wtap *wth)
Gets number of decryption secrets blocks.
Definition: wtap.c:216
WS_DLL_PUBLIC void wtap_close(wtap *wth)
Definition: wtap.c:1566
WS_DLL_PUBLIC wtapng_iface_descriptions_t * wtap_file_get_idb_info(wtap *wth)
Gets existing interface descriptions.
Definition: wtap.c:181
WS_DLL_PUBLIC struct wtap * wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_info, bool do_random)
Definition: file_access.c:778
WS_DLL_PUBLIC bool wtap_dump_can_write_encap(int file_type_subtype, int encap)
Definition: file_access.c:1468
WS_DLL_PUBLIC bool wtap_dump_can_write(const GArray *file_encaps, uint32_t required_comment_types)
Definition: file_access.c:1570
WS_DLL_PUBLIC wtap_block_t wtap_file_get_dsb(wtap *wth, unsigned dsb_num)
Gets existing decryption secrets block, not for new file.
Definition: wtap.c:225
WS_DLL_PUBLIC bool wtap_dump_can_compress(int file_type_subtype)
Definition: file_access.c:2268
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open(const char *filename, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Opens a new capture file for writing.
Definition: file_access.c:2401
WS_DLL_PUBLIC bool wtap_file_discard_decryption_secrets(wtap *wth)
Definition: wtap.c:243
WS_DLL_PUBLIC bool wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, char **err_info, int64_t *offset)
Definition: wtap.c:1728
WS_DLL_PUBLIC char * wtap_get_debug_if_descr(const wtap_block_t if_descr, const int indent, const char *line_end)
Gets a debug string of an interface description.
Definition: wtap.c:372
WS_DLL_PUBLIC int wtap_buffer_append_epdu_end(Buffer *buf)
Definition: wtap.c:2110
WS_DLL_PUBLIC block_support_t wtap_file_type_subtype_supports_block(int file_type_subtype, wtap_block_type_t type)
Definition: file_access.c:1908
WS_DLL_PUBLIC wtap_block_t wtap_file_get_nrb(wtap *wth)
Gets existing name resolution block, not for new file.
Definition: wtap.c:511
WS_DLL_PUBLIC void wtap_sequential_close(wtap *wth)
Definition: wtap.c:1533
void(* wtap_new_ipv4_callback_t)(const unsigned addr, const char *name, const bool static_entry)
Definition: wtap.h:1878
WS_DLL_PUBLIC option_support_t wtap_file_type_subtype_supports_option(int file_type_subtype, wtap_block_type_t type, unsigned opttype)
Definition: file_access.c:1943