Wireshark  4.3.0
The Wireshark network protocol analyzer
wtap.h
Go to the documentation of this file.
1 
9 #ifndef __WTAP_H__
10 #define __WTAP_H__
11 
12 #include <wireshark.h>
13 #include <time.h>
14 #include <wsutil/buffer.h>
15 #include <wsutil/nstime.h>
16 #include <wsutil/inet_addr.h>
17 #include "wtap_opttypes.h"
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif /* __cplusplus */
22 
23 /* Encapsulation types. Choose names that truly reflect
24  * what is contained in the packet trace file.
25  *
26  * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
27  * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
28  * type for all packets in the file; this may cause those routines to
29  * fail if the capture file format being written can't support that.
30  * It's also returned by "wtap_file_encap()" for capture files that
31  * don't have a single encapsulation type for all packets in the file.
32  *
33  * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
34  * if it's handed an unknown encapsulation. It is also used by file
35  * types for encapsulations which are unsupported by libwiretap.
36  *
37  * WTAP_ENCAP_NONE is an initial value used by file types like pcapng
38  * that do not have a single file level encapsulation type. If and when
39  * something that indicate encapsulation is read, the encapsulation will
40  * change (possibly to WTAP_ENCAP_PER_PACKET) and appropriate IDBs will
41  * be generated. If a file type uses this value, it MUST provide IDBs
42  * (possibly fake) when the encapsulation changes; otherwise, it should
43  * return WTAP_ENCAP_UNKNOWN so that attempts to write an output file
44  * without reading the entire input file first fail gracefully.
45  *
46  * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
47  * MAC addresses you get from the hardware are bit-swapped. Ideally,
48  * the driver would tell us that, but I know of none that do, so, for
49  * now, we base it on the machine on which we're *reading* the
50  * capture, rather than on the machine on which the capture was taken
51  * (they're probably likely to be the same). We assume that they're
52  * bit-swapped on everything except for systems running Ultrix, Alpha
53  * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
54  * Digital decided to bit-swap addresses in the hardware or in the
55  * driver, and I guess BSDI bit-swapped them in the driver, given that
56  * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
57  * save file format, we'd use the WTAP_ENCAP values to flag the
58  * encapsulation of a packet, so there we'd at least be able to base
59  * it on the machine on which the capture was taken.
60  *
61  * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
62  * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
63  * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
64  * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
65  * presumably used on some BSD systems, which we turn into
66  * WTAP_ENCAP_ATM_RFC1483.
67  *
68  * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
69  * corresponds to
70  *
71  * 1) PPP-over-HDLC encapsulation, at least with some versions
72  * of ISDN4BSD (but not the current ones, it appears, unless
73  * I've missed something);
74  *
75  * 2) a 4-byte header containing the AF_ address family, in
76  * the byte order of the machine that saved the capture,
77  * for the packet, as used on many BSD systems for the
78  * loopback device and some other devices, or a 4-byte header
79  * containing the AF_ address family in network byte order,
80  * as used on recent OpenBSD systems for the loopback device;
81  *
82  * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
83  * type in the byte order from an Ethernet header, that being
84  * what older versions of "libpcap" on Linux turn the Ethernet
85  * header for loopback interfaces into (0.6.0 and later versions
86  * leave the Ethernet header alone and make it DLT_EN10MB). */
87 #define WTAP_ENCAP_NONE -2
88 #define WTAP_ENCAP_PER_PACKET -1
89 #define WTAP_ENCAP_UNKNOWN 0
90 #define WTAP_ENCAP_ETHERNET 1
91 #define WTAP_ENCAP_TOKEN_RING 2
92 #define WTAP_ENCAP_SLIP 3
93 #define WTAP_ENCAP_PPP 4
94 #define WTAP_ENCAP_FDDI 5
95 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
96 #define WTAP_ENCAP_RAW_IP 7
97 #define WTAP_ENCAP_ARCNET 8
98 #define WTAP_ENCAP_ARCNET_LINUX 9
99 #define WTAP_ENCAP_ATM_RFC1483 10
100 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
101 #define WTAP_ENCAP_LAPB 12
102 #define WTAP_ENCAP_ATM_PDUS 13
103 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
104 #define WTAP_ENCAP_NULL 15
105 #define WTAP_ENCAP_ASCEND 16
106 #define WTAP_ENCAP_ISDN 17
107 #define WTAP_ENCAP_IP_OVER_FC 18
108 #define WTAP_ENCAP_PPP_WITH_PHDR 19
109 #define WTAP_ENCAP_IEEE_802_11 20
110 #define WTAP_ENCAP_IEEE_802_11_PRISM 21
111 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
112 #define WTAP_ENCAP_IEEE_802_11_RADIOTAP 23
113 #define WTAP_ENCAP_IEEE_802_11_AVS 24
114 #define WTAP_ENCAP_SLL 25
115 #define WTAP_ENCAP_FRELAY 26
116 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
117 #define WTAP_ENCAP_CHDLC 28
118 #define WTAP_ENCAP_CISCO_IOS 29
119 #define WTAP_ENCAP_LOCALTALK 30
120 #define WTAP_ENCAP_OLD_PFLOG 31
121 #define WTAP_ENCAP_HHDLC 32
122 #define WTAP_ENCAP_DOCSIS 33
123 #define WTAP_ENCAP_COSINE 34
124 #define WTAP_ENCAP_WFLEET_HDLC 35
125 #define WTAP_ENCAP_SDLC 36
126 #define WTAP_ENCAP_TZSP 37
127 #define WTAP_ENCAP_ENC 38
128 #define WTAP_ENCAP_PFLOG 39
129 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
130 #define WTAP_ENCAP_BLUETOOTH_H4 41
131 #define WTAP_ENCAP_MTP2 42
132 #define WTAP_ENCAP_MTP3 43
133 #define WTAP_ENCAP_IRDA 44
134 #define WTAP_ENCAP_USER0 45
135 #define WTAP_ENCAP_USER1 46
136 #define WTAP_ENCAP_USER2 47
137 #define WTAP_ENCAP_USER3 48
138 #define WTAP_ENCAP_USER4 49
139 #define WTAP_ENCAP_USER5 50
140 #define WTAP_ENCAP_USER6 51
141 #define WTAP_ENCAP_USER7 52
142 #define WTAP_ENCAP_USER8 53
143 #define WTAP_ENCAP_USER9 54
144 #define WTAP_ENCAP_USER10 55
145 #define WTAP_ENCAP_USER11 56
146 #define WTAP_ENCAP_USER12 57
147 #define WTAP_ENCAP_USER13 58
148 #define WTAP_ENCAP_USER14 59
149 #define WTAP_ENCAP_USER15 60
150 #define WTAP_ENCAP_SYMANTEC 61
151 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
152 #define WTAP_ENCAP_BACNET_MS_TP 63
153 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
154 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
155 #define WTAP_ENCAP_GPRS_LLC 66
156 #define WTAP_ENCAP_JUNIPER_ATM1 67
157 #define WTAP_ENCAP_JUNIPER_ATM2 68
158 #define WTAP_ENCAP_REDBACK 69
159 #define WTAP_ENCAP_NETTL_RAW_IP 70
160 #define WTAP_ENCAP_NETTL_ETHERNET 71
161 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
162 #define WTAP_ENCAP_NETTL_FDDI 73
163 #define WTAP_ENCAP_NETTL_UNKNOWN 74
164 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
165 #define WTAP_ENCAP_JUNIPER_PPPOE 76
166 #define WTAP_ENCAP_GCOM_TIE1 77
167 #define WTAP_ENCAP_GCOM_SERIAL 78
168 #define WTAP_ENCAP_NETTL_X25 79
169 #define WTAP_ENCAP_K12 80
170 #define WTAP_ENCAP_JUNIPER_MLPPP 81
171 #define WTAP_ENCAP_JUNIPER_MLFR 82
172 #define WTAP_ENCAP_JUNIPER_ETHER 83
173 #define WTAP_ENCAP_JUNIPER_PPP 84
174 #define WTAP_ENCAP_JUNIPER_FRELAY 85
175 #define WTAP_ENCAP_JUNIPER_CHDLC 86
176 #define WTAP_ENCAP_JUNIPER_GGSN 87
177 #define WTAP_ENCAP_LINUX_LAPD 88
178 #define WTAP_ENCAP_CATAPULT_DCT2000 89
179 #define WTAP_ENCAP_BER 90
180 #define WTAP_ENCAP_JUNIPER_VP 91
181 #define WTAP_ENCAP_USB_FREEBSD 92
182 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
183 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
184 #define WTAP_ENCAP_USB_LINUX 95
185 #define WTAP_ENCAP_MPEG 96
186 #define WTAP_ENCAP_PPI 97
187 #define WTAP_ENCAP_ERF 98
188 #define WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99
189 #define WTAP_ENCAP_SITA 100
190 #define WTAP_ENCAP_SCCP 101
191 #define WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/
192 #define WTAP_ENCAP_IPMB_KONTRON 103
193 #define WTAP_ENCAP_IEEE802_15_4 104
194 #define WTAP_ENCAP_X2E_XORAYA 105
195 #define WTAP_ENCAP_FLEXRAY 106
196 #define WTAP_ENCAP_LIN 107
197 #define WTAP_ENCAP_MOST 108
198 #define WTAP_ENCAP_CAN20B 109
199 #define WTAP_ENCAP_LAYER1_EVENT 110
200 #define WTAP_ENCAP_X2E_SERIAL 111
201 #define WTAP_ENCAP_I2C_LINUX 112
202 #define WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113
203 #define WTAP_ENCAP_TNEF 114
204 #define WTAP_ENCAP_USB_LINUX_MMAPPED 115
205 #define WTAP_ENCAP_GSM_UM 116
206 #define WTAP_ENCAP_DPNSS 117
207 #define WTAP_ENCAP_PACKETLOGGER 118
208 #define WTAP_ENCAP_NSTRACE_1_0 119
209 #define WTAP_ENCAP_NSTRACE_2_0 120
210 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
211 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
212 #define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
213 #define WTAP_ENCAP_IPNET 124
214 #define WTAP_ENCAP_SOCKETCAN 125
215 #define WTAP_ENCAP_IEEE_802_11_NETMON 126
216 #define WTAP_ENCAP_IEEE802_15_4_NOFCS 127
217 #define WTAP_ENCAP_RAW_IPFIX 128
218 #define WTAP_ENCAP_RAW_IP4 129
219 #define WTAP_ENCAP_RAW_IP6 130
220 #define WTAP_ENCAP_LAPD 131
221 #define WTAP_ENCAP_DVBCI 132
222 #define WTAP_ENCAP_MUX27010 133
223 #define WTAP_ENCAP_MIME 134
224 #define WTAP_ENCAP_NETANALYZER 135
225 #define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
226 #define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
227 #define WTAP_ENCAP_MPEG_2_TS 138
228 #define WTAP_ENCAP_PPP_ETHER 139
229 #define WTAP_ENCAP_NFC_LLCP 140
230 #define WTAP_ENCAP_NFLOG 141
231 #define WTAP_ENCAP_V5_EF 142
232 #define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
233 #define WTAP_ENCAP_IXVERIWAVE 144
234 #define WTAP_ENCAP_SDH 145
235 #define WTAP_ENCAP_DBUS 146
236 #define WTAP_ENCAP_AX25_KISS 147
237 #define WTAP_ENCAP_AX25 148
238 #define WTAP_ENCAP_SCTP 149
239 #define WTAP_ENCAP_INFINIBAND 150
240 #define WTAP_ENCAP_JUNIPER_SVCS 151
241 #define WTAP_ENCAP_USBPCAP 152
242 #define WTAP_ENCAP_RTAC_SERIAL 153
243 #define WTAP_ENCAP_BLUETOOTH_LE_LL 154
244 #define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
245 #define WTAP_ENCAP_STANAG_4607 156
246 #define WTAP_ENCAP_STANAG_5066_D_PDU 157
247 #define WTAP_ENCAP_NETLINK 158
248 #define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
249 #define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
250 #define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
251 #define WTAP_ENCAP_NSTRACE_3_0 162
252 #define WTAP_ENCAP_LOGCAT 163
253 #define WTAP_ENCAP_LOGCAT_BRIEF 164
254 #define WTAP_ENCAP_LOGCAT_PROCESS 165
255 #define WTAP_ENCAP_LOGCAT_TAG 166
256 #define WTAP_ENCAP_LOGCAT_THREAD 167
257 #define WTAP_ENCAP_LOGCAT_TIME 168
258 #define WTAP_ENCAP_LOGCAT_THREADTIME 169
259 #define WTAP_ENCAP_LOGCAT_LONG 170
260 #define WTAP_ENCAP_PKTAP 171
261 #define WTAP_ENCAP_EPON 172
262 #define WTAP_ENCAP_IPMI_TRACE 173
263 #define WTAP_ENCAP_LOOP 174
264 #define WTAP_ENCAP_JSON 175
265 #define WTAP_ENCAP_NSTRACE_3_5 176
266 #define WTAP_ENCAP_ISO14443 177
267 #define WTAP_ENCAP_GFP_T 178
268 #define WTAP_ENCAP_GFP_F 179
269 #define WTAP_ENCAP_IP_OVER_IB_PCAP 180
270 #define WTAP_ENCAP_JUNIPER_VN 181
271 #define WTAP_ENCAP_USB_DARWIN 182
272 #define WTAP_ENCAP_LORATAP 183
273 #define WTAP_ENCAP_3MB_ETHERNET 184
274 #define WTAP_ENCAP_VSOCK 185
275 #define WTAP_ENCAP_NORDIC_BLE 186
276 #define WTAP_ENCAP_NETMON_NET_NETEVENT 187
277 #define WTAP_ENCAP_NETMON_HEADER 188
278 #define WTAP_ENCAP_NETMON_NET_FILTER 189
279 #define WTAP_ENCAP_NETMON_NETWORK_INFO_EX 190
280 #define WTAP_ENCAP_MA_WFP_CAPTURE_V4 191
281 #define WTAP_ENCAP_MA_WFP_CAPTURE_V6 192
282 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V4 193
283 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V6 194
284 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 195
285 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 196
286 #define WTAP_ENCAP_JUNIPER_ST 197
287 #define WTAP_ENCAP_ETHERNET_MPACKET 198
288 #define WTAP_ENCAP_DOCSIS31_XRA31 199
289 #define WTAP_ENCAP_DPAUXMON 200
290 #define WTAP_ENCAP_RUBY_MARSHAL 201
291 #define WTAP_ENCAP_RFC7468 202
292 #define WTAP_ENCAP_SYSTEMD_JOURNAL 203 /* Event, not a packet */
293 #define WTAP_ENCAP_EBHSCR 204
294 #define WTAP_ENCAP_VPP 205
295 #define WTAP_ENCAP_IEEE802_15_4_TAP 206
296 #define WTAP_ENCAP_LOG_3GPP 207
297 #define WTAP_ENCAP_USB_2_0 208
298 #define WTAP_ENCAP_MP4 209
299 #define WTAP_ENCAP_SLL2 210
300 #define WTAP_ENCAP_ZWAVE_SERIAL 211
301 #define WTAP_ENCAP_ETW 212
302 #define WTAP_ENCAP_ERI_ENB_LOG 213
303 #define WTAP_ENCAP_ZBNCP 214
304 #define WTAP_ENCAP_USB_2_0_LOW_SPEED 215
305 #define WTAP_ENCAP_USB_2_0_FULL_SPEED 216
306 #define WTAP_ENCAP_USB_2_0_HIGH_SPEED 217
307 #define WTAP_ENCAP_AUTOSAR_DLT 218
308 #define WTAP_ENCAP_AUERSWALD_LOG 219
309 #define WTAP_ENCAP_ATSC_ALP 220
310 #define WTAP_ENCAP_FIRA_UCI 221
311 #define WTAP_ENCAP_SILABS_DEBUG_CHANNEL 222
312 #define WTAP_ENCAP_MDB 223
313 
314 /* After adding new item here, please also add new item to encap_table_base array */
315 
316 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
317 
318 /* Value to be used as a file type/subtype value if the type is unknown */
319 #define WTAP_FILE_TYPE_SUBTYPE_UNKNOWN -1
320 
321 /* timestamp precision (currently only these values are supported) */
322 #define WTAP_TSPREC_UNKNOWN -2
323 #define WTAP_TSPREC_PER_PACKET -1 /* as a per-file value, means per-packet */
324 /*
325  * These values are the number of digits of precision after the integral part.
326  * Thry're the same as WS_TSPREC values; we define them here so that
327  * tools/make-enums.py sees them.
328  */
329 #define WTAP_TSPREC_SEC 0
330 #define WTAP_TSPREC_100_MSEC 1
331 #define WTAP_TSPREC_DSEC 1 /* Backwards compatibility */
332 #define WTAP_TSPREC_10_MSEC 2
333 #define WTAP_TSPREC_CSEC 2 /* Backwards compatibility */
334 #define WTAP_TSPREC_MSEC 3
335 #define WTAP_TSPREC_100_USEC 4
336 #define WTAP_TSPREC_10_USEC 5
337 #define WTAP_TSPREC_USEC 6
338 #define WTAP_TSPREC_100_NSEC 7
339 #define WTAP_TSPREC_10_NSEC 8
340 #define WTAP_TSPREC_NSEC 9
341 /* if you add to the above, update wtap_tsprec_string() */
342 
343 /*
344  * Maximum packet sizes.
345  *
346  * For most link-layer types, we use 262144, which is currently
347  * libpcap's MAXIMUM_SNAPLEN.
348  *
349  * For WTAP_ENCAP_DBUS, the maximum is 128MiB, as per
350  *
351  * https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
352  *
353  * For WTAP_ENCAP_EBHSCR, the maximum is 8MiB, as per
354  *
355  * https://www.elektrobit.com/ebhscr
356  *
357  * For WTAP_ENCAP_USBPCAP, the maximum is 128MiB, as per
358  *
359  * https://gitlab.com/wireshark/wireshark/-/issues/15985
360  *
361  * We don't want to write out files that specify a maximum packet size
362  * greater than 262144 if we don't have to, as software reading those
363  * files might allocate a buffer much larger than necessary, wasting memory.
364  */
365 #define WTAP_MAX_PACKET_SIZE_STANDARD 262144U
366 #define WTAP_MAX_PACKET_SIZE_USBPCAP (128U*1024U*1024U)
367 #define WTAP_MAX_PACKET_SIZE_EBHSCR (32U*1024U*1024U)
368 #define WTAP_MAX_PACKET_SIZE_DBUS (128U*1024U*1024U)
369 
370 /*
371  * "Pseudo-headers" are used to supply to the clients of wiretap
372  * per-packet information that's not part of the packet payload
373  * proper.
374  *
375  * NOTE: do not use pseudo-header structures to hold information
376  * used by the code to read a particular capture file type; to
377  * keep that sort of state information, add a new structure for
378  * that private information to "wtap-int.h", add a pointer to that
379  * type of structure to the "capture" member of the "struct wtap"
380  * structure, and allocate one of those structures and set that member
381  * in the "open" routine for that capture file type if the open
382  * succeeds. See various other capture file type handlers for examples
383  * of that.
384  */
385 
386 
387 /* Packet "pseudo-header" information for Ethernet capture files. */
388 struct eth_phdr {
389  gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
390 };
391 
392 /* Packet "pseudo-header" information for capture files for traffic
393  between DTE and DCE. */
394 #define FROM_DCE 0x80
395 struct dte_dce_phdr {
396  guint8 flags; /* ENCAP_LAPB, ENCAP_V120, ENCAP_FRELAY: 1st bit means From DCE */
397 };
398 
399 /* Packet "pseudo-header" information for ISDN capture files. */
400 
401 /* Direction */
402 struct isdn_phdr {
403  gboolean uton;
404  guint8 channel; /* 0 = D-channel; n = B-channel n */
405 };
406 
407 /* Packet "pseudo-header" for ATM capture files.
408  Not all of this information is supplied by all capture types.
409  These originally came from the Network General (DOS-based)
410  ATM Sniffer file format, but we've added some additional
411  items. */
412 
413 /*
414  * Status bits.
415  */
416 #define ATM_RAW_CELL 0x01 /* TRUE if the packet is a single cell */
417 #define ATM_NO_HEC 0x02 /* TRUE if the cell has HEC stripped out */
418 #define ATM_AAL2_NOPHDR 0x04 /* TRUE if the AAL2 PDU has no pseudo-header */
419 #define ATM_REASSEMBLY_ERROR 0x08 /* TRUE if this is an incompletely-reassembled PDU */
420 
421 /*
422  * AAL types.
423  */
424 #define AAL_UNKNOWN 0 /* AAL unknown */
425 #define AAL_1 1 /* AAL1 */
426 #define AAL_2 2 /* AAL2 */
427 #define AAL_3_4 3 /* AAL3/4 */
428 #define AAL_5 4 /* AAL5 */
429 #define AAL_USER 5 /* User AAL */
430 #define AAL_SIGNALLING 6 /* Signaling AAL */
431 #define AAL_OAMCELL 7 /* OAM cell */
432 
433 /*
434  * Traffic types.
435  */
436 #define TRAF_UNKNOWN 0 /* Unknown */
437 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
438 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
439 #define TRAF_LANE 3 /* LAN Emulation */
440 #define TRAF_ILMI 4 /* ILMI */
441 #define TRAF_FR 5 /* Frame Relay */
442 #define TRAF_SPANS 6 /* FORE SPANS */
443 #define TRAF_IPSILON 7 /* Ipsilon */
444 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
445 #define TRAF_GPRS_NS 9 /* GPRS Network Services */
446 #define TRAF_SSCOP 10 /* SSCOP */
447 
448 /*
449  * Traffic subtypes.
450  */
451 #define TRAF_ST_UNKNOWN 0 /* Unknown */
452 
453 /*
454  * For TRAF_VCMX:
455  */
456 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
457 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
458 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
459 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
460 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
461 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
462 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
463 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
464 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
465 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
466 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
467 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
468 
469 /*
470  * For TRAF_LANE:
471  */
472 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
473 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
474 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
475 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
476 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
477 
478 /*
479  * For TRAF_IPSILON:
480  */
481 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
482 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
483 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
484 
485 struct atm_phdr {
486  guint32 flags; /* status flags */
487  guint8 aal; /* AAL of the traffic */
488  guint8 type; /* traffic type */
489  guint8 subtype; /* traffic subtype */
490  guint16 vpi; /* virtual path identifier */
491  guint16 vci; /* virtual circuit identifier */
492  guint8 aal2_cid; /* channel id */
493  guint16 channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
494  guint16 cells; /* number of cells */
495  guint16 aal5t_u2u; /* user-to-user indicator */
496  guint16 aal5t_len; /* length of the packet */
497  guint32 aal5t_chksum; /* checksum for AAL5 packet */
498 };
499 
500 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
501  "wandisplay", and similar commands on Lucent/Ascend access equipment. */
502 
503 #define ASCEND_MAX_STR_LEN 64
504 
505 #define ASCEND_PFX_WDS_X 1
506 #define ASCEND_PFX_WDS_R 2
507 #define ASCEND_PFX_WDD 3
508 #define ASCEND_PFX_ISDN_X 4
509 #define ASCEND_PFX_ISDN_R 5
510 #define ASCEND_PFX_ETHER 6
511 
512 struct ascend_phdr {
513  guint16 type; /* ASCEND_PFX_*, as defined above */
514  char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
515  guint32 sess; /* Session number, from wandsession header */
516  char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
517  guint32 chunk; /* Chunk number, from WDD header */
518  guint32 task; /* Task number */
519 };
520 
521 /* Packet "pseudo-header" for point-to-point links with direction flags. */
522 struct p2p_phdr {
523  gboolean sent;
524 };
525 
526 /*
527  * Packet "pseudo-header" information for 802.11.
528  * Radio information is only present in this form for
529  * WTAP_ENCAP_IEEE_802_11_WITH_RADIO. This is used for file formats in
530  * which the radio information isn't provided as a pseudo-header in the
531  * packet data. It is also used by the dissectors for the pseudo-headers
532  * in the packet data to supply radio information, in a form independent
533  * of the file format and pseudo-header format, to the "802.11 radio"
534  * dissector.
535  *
536  * Signal strength, etc. information:
537  *
538  * Raw signal strength can be measured in milliwatts.
539  * It can also be represented as dBm, which is 10 times the log base 10
540  * of the signal strength in mW.
541  *
542  * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
543  * The actual RSSI value for a given signal strength is dependent on the
544  * vendor (and perhaps on the adapter). The maximum possible RSSI value
545  * is also dependent on the vendor and perhaps the adapter.
546  *
547  * The signal strength can be represented as a percentage, which is 100
548  * times the ratio of the RSSI and the maximum RSSI.
549  */
550 
551 /*
552  * PHY types.
553  */
554 #define PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */
555 #define PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */
556 #define PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */
557 #define PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */
558 #define PHDR_802_11_PHY_11B 4 /* 802.11b */
559 #define PHDR_802_11_PHY_11A 5 /* 802.11a */
560 #define PHDR_802_11_PHY_11G 6 /* 802.11g */
561 #define PHDR_802_11_PHY_11N 7 /* 802.11n */
562 #define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
563 #define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
564 #define PHDR_802_11_PHY_11AH 10 /* 802.11ah */
565 #define PHDR_802_11_PHY_11AX 11 /* 802.11ax */
566 #define PHDR_802_11_PHY_11BE 12 /* 802.11be - EHT */
567 
568 /*
569  * PHY-specific information.
570  */
571 
572 /*
573  * 802.11 legacy FHSS.
574  */
576  guint has_hop_set:1;
577  guint has_hop_pattern:1;
578  guint has_hop_index:1;
579 
580  guint8 hop_set; /* Hop set */
581  guint8 hop_pattern; /* Hop pattern */
582  guint8 hop_index; /* Hop index */
583 };
584 
585 /*
586  * 802.11b.
587  */
588 struct ieee_802_11b {
589  /* Which of this information is present? */
590  guint has_short_preamble:1;
591 
592  gboolean short_preamble; /* Short preamble */
593 };
594 
595 /*
596  * 802.11a.
597  */
598 struct ieee_802_11a {
599  /* Which of this information is present? */
600  guint has_channel_type:1;
601  guint has_turbo_type:1;
602 
603  guint channel_type:2;
604  guint turbo_type:2;
605 };
606 
607 /*
608  * Channel type values.
609  */
610 #define PHDR_802_11A_CHANNEL_TYPE_NORMAL 0
611 #define PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1
612 #define PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2
613 
614 /*
615  * "Turbo" is an Atheros proprietary extension with 40 MHz-wide channels.
616  * It can be dynamic or static.
617  *
618  * See
619  *
620  * http://wifi-insider.com/atheros/turbo.htm
621  */
622 #define PHDR_802_11A_TURBO_TYPE_NORMAL 0
623 #define PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know whether it's static or dynamic */
624 #define PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2
625 #define PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3
626 
627 /*
628  * 802.11g.
629  *
630  * This should only be used for packets sent using OFDM; packets
631  * sent on an 11g network using DSSS should have the PHY set to
632  * 11b.
633  */
634 struct ieee_802_11g {
635  /* Which of this information is present? */
636  guint has_mode:1;
637 
638  guint32 mode; /* Various proprietary extensions */
639 };
640 
641 /*
642  * Mode values.
643  */
644 #define PHDR_802_11G_MODE_NORMAL 0
645 #define PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */
646 
647 /*
648  * 802.11n.
649  */
650 struct ieee_802_11n {
651  /* Which of this information is present? */
652  guint has_mcs_index:1;
653  guint has_bandwidth:1;
654  guint has_short_gi:1;
655  guint has_greenfield:1;
656  guint has_fec:1;
657  guint has_stbc_streams:1;
658  guint has_ness:1;
659 
660  guint16 mcs_index; /* MCS index */
661  guint bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
662  guint short_gi:1; /* True for short guard interval */
663  guint greenfield:1; /* True for greenfield, short for mixed */
664  guint fec:1; /* FEC: 0 = BCC, 1 = LDPC */
665  guint stbc_streams:2; /* Number of STBC streams */
666  guint ness; /* Number of extension spatial streams */
667 };
668 
669 /*
670  * Bandwidth values; used for both 11n and 11ac.
671  */
672 #define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
673 #define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
674 #define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */
675 #define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */
676 #define PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */
677 #define PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */
678 #define PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */
679 #define PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */
680 #define PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */
681 #define PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */
682 #define PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */
683 #define PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */
684 #define PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */
685 #define PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */
686 #define PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */
687 #define PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */
688 #define PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */
689 #define PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */
690 #define PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */
691 #define PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */
692 #define PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */
693 #define PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */
694 #define PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */
695 #define PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */
696 #define PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */
697 #define PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */
698 
699 /*
700  * 802.11ac.
701  */
703  /* Which of this information is present? */
704  guint has_stbc:1;
705  guint has_txop_ps_not_allowed:1;
706  guint has_short_gi:1;
707  guint has_short_gi_nsym_disambig:1;
708  guint has_ldpc_extra_ofdm_symbol:1;
709  guint has_beamformed:1;
710  guint has_bandwidth:1;
711  guint has_fec:1;
712  guint has_group_id:1;
713  guint has_partial_aid:1;
714 
715  guint stbc:1; /* 1 if all spatial streams have STBC */
716  guint txop_ps_not_allowed:1;
717  guint short_gi:1; /* True for short guard interval */
718  guint short_gi_nsym_disambig:1;
719  guint ldpc_extra_ofdm_symbol:1;
720  guint beamformed:1;
721  guint8 bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
722  guint8 mcs[4]; /* MCS index per user */
723  guint8 nss[4]; /* NSS per user */
724  guint8 fec; /* Bit array of FEC per user: 0 = BCC, 1 = LDPC */
725  guint8 group_id;
726  guint16 partial_aid;
727 };
728 
729 /*
730  * 802.11ad.
731  */
732 
733 /*
734  * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
735  */
736 
737 #define PHDR_802_11AD_MIN_FREQUENCY 57000
738 #define PHDR_802_11AD_MAX_FREQUENCY 71000
739 
740 #define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
741  ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
742 
744  /* Which of this information is present? */
745  guint has_mcs_index:1;
746 
747  guint8 mcs; /* MCS index */
748 };
749 
750 /*
751  * 802.11ax (HE).
752  */
754  /* Which of this information is present? */
755  guint has_mcs_index:1;
756  guint has_bwru:1;
757  guint has_gi:1;
758 
759  guint8 nsts:4; /* Number of Space-time Streams */
760  guint8 mcs:4; /* MCS index */
761  guint8 bwru:4; /* Bandwidth/RU allocation */
762  guint8 gi:2; /* Guard Interval */
763 };
764 
766  struct ieee_802_11_fhss info_11_fhss;
767  struct ieee_802_11b info_11b;
768  struct ieee_802_11a info_11a;
769  struct ieee_802_11g info_11g;
770  struct ieee_802_11n info_11n;
771  struct ieee_802_11ac info_11ac;
772  struct ieee_802_11ad info_11ad;
773  struct ieee_802_11ax info_11ax;
774 };
775 
777  gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
778  guint decrypted:1; /* TRUE if frame is decrypted even if "protected" bit is set */
779  guint datapad:1; /* TRUE if frame has padding between 802.11 header and payload */
780  guint no_a_msdus:1; /* TRUE if we should ignore the A-MSDU bit */
781  guint phy; /* PHY type */
782  union ieee_802_11_phy_info phy_info;
783 
784  /* Which of this information is present? */
785  guint has_channel:1;
786  guint has_frequency:1;
787  guint has_data_rate:1;
788  guint has_signal_percent:1;
789  guint has_noise_percent:1;
790  guint has_signal_dbm:1;
791  guint has_noise_dbm:1;
792  guint has_signal_db:1;
793  guint has_noise_db:1;
794  guint has_tsf_timestamp:1;
795  guint has_aggregate_info:1; /* aggregate flags and ID */
796  guint has_zero_length_psdu_type:1; /* zero-length PSDU type */
797 
798  guint16 channel; /* Channel number */
799  guint32 frequency; /* Channel center frequency */
800  guint16 data_rate; /* Data rate, in .5 Mb/s units */
801  guint8 signal_percent; /* Signal level, as a percentage */
802  guint8 noise_percent; /* Noise level, as a percentage */
803  gint8 signal_dbm; /* Signal level, in dBm */
804  gint8 noise_dbm; /* Noise level, in dBm */
805  guint8 signal_db; /* Signal level, in dB from an arbitrary point */
806  guint8 noise_db; /* Noise level, in dB from an arbitrary point */
807  guint64 tsf_timestamp;
808  guint32 aggregate_flags; /* A-MPDU flags */
809  guint32 aggregate_id; /* ID for A-MPDU reassembly */
810  guint8 zero_length_psdu_type; /* type of zero-length PSDU */
811 };
812 
813 /*
814  * A-MPDU flags.
815  */
816 #define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
817 #define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
818 
819 /*
820  * Zero-length PSDU types.
821  */
822 #define PHDR_802_11_SOUNDING_PSDU 0 /* sounding PPDU */
823 #define PHDR_802_11_DATA_NOT_CAPTURED 1 /* data not captured, (e.g. multi-user PPDU) */
824 #define PHDR_802_11_0_LENGTH_PSDU_S1G_NDP 2 /* S1G NDP CMAC */
825 #define PHDR_802_11_0_LENGTH_PSDU_VENDOR_SPECIFIC 0xff
826 
827 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
828 
829 #define COSINE_MAX_IF_NAME_LEN 128
830 
831 #define COSINE_ENCAP_TEST 1
832 #define COSINE_ENCAP_PPoATM 2
833 #define COSINE_ENCAP_PPoFR 3
834 #define COSINE_ENCAP_ATM 4
835 #define COSINE_ENCAP_FR 5
836 #define COSINE_ENCAP_HDLC 6
837 #define COSINE_ENCAP_PPP 7
838 #define COSINE_ENCAP_ETH 8
839 #define COSINE_ENCAP_UNKNOWN 99
840 
841 #define COSINE_DIR_TX 1
842 #define COSINE_DIR_RX 2
843 
844 struct cosine_phdr {
845  guint8 encap; /* COSINE_ENCAP_* as defined above */
846  guint8 direction; /* COSINE_DIR_*, as defined above */
847  char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
848  guint16 pro; /* Protocol */
849  guint16 off; /* Offset */
850  guint16 pri; /* Priority */
851  guint16 rm; /* Rate Marking */
852  guint16 err; /* Error Code */
853 };
854 
855 /* Packet "pseudo-header" for IrDA capture files. */
856 
857 /*
858  * Direction of the packet
859  */
860 #define IRDA_INCOMING 0x0000
861 #define IRDA_OUTGOING 0x0004
862 
863 /*
864  * "Inline" log messages produced by IrCOMM2k on Windows
865  */
866 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
867 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
868 
869 /*
870  * Differentiate between frames and log messages
871  */
872 #define IRDA_CLASS_FRAME 0x0000
873 #define IRDA_CLASS_LOG 0x0100
874 #define IRDA_CLASS_MASK 0xFF00
875 
876 struct irda_phdr {
877  guint16 pkttype; /* packet type */
878 };
879 
880 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
881 
882 struct nettl_phdr {
883  guint16 subsys;
884  guint32 devid;
885  guint32 kind;
886  gint32 pid;
887  guint32 uid;
888 };
889 
890 /* Packet "pseudo-header" for MTP2 files. */
891 
892 #define MTP2_ANNEX_A_NOT_USED 0
893 #define MTP2_ANNEX_A_USED 1
894 #define MTP2_ANNEX_A_USED_UNKNOWN 2
895 
896 struct mtp2_phdr {
897  guint8 sent;
898  guint8 annex_a_used;
899  guint16 link_number;
900 };
901 
902 /* Packet "pseudo-header" for K12 files. */
903 
904 typedef union {
905  struct {
906  guint16 vp;
907  guint16 vc;
908  guint16 cid;
909  } atm;
910 
911  guint32 ds0mask;
913 
914 struct k12_phdr {
915  guint32 input;
916  const gchar *input_name;
917  const gchar *stack_file;
918  guint32 input_type;
919  k12_input_info_t input_info;
920  guint8 *extra_info;
921  guint32 extra_length;
922  void* stuff;
923 };
924 
925 #define K12_PORT_DS0S 0x00010008
926 #define K12_PORT_DS1 0x00100008
927 #define K12_PORT_ATMPVC 0x01020000
928 
929 struct lapd_phdr {
930  guint16 pkttype; /* packet type */
931  guint8 we_network;
932 };
933 
934 struct wtap;
936 {
937  union
938  {
939  struct isdn_phdr isdn;
940  struct atm_phdr atm;
941  struct p2p_phdr p2p;
942  } inner_pseudo_header;
943  gint64 seek_off;
944  struct wtap *wth;
945 };
946 
947 /*
948  * Endace Record Format pseudo header
949  */
950 struct erf_phdr {
951  guint64 ts; /* Time stamp */
952  guint8 type;
953  guint8 flags;
954  guint16 rlen;
955  guint16 lctr;
956  guint16 wlen;
957 };
958 
959 struct erf_ehdr {
960  guint64 ehdr;
961 };
962 
963 /*
964  * ERF pseudo header with optional subheader
965  * (Multichannel or Ethernet)
966  */
967 
968 #define MAX_ERF_EHDR 16
969 
971  guint8 offset;
972  guint8 pad;
973 };
974 
975 struct erf_mc_phdr {
976  struct erf_phdr phdr;
977  struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
978  union
979  {
980  struct wtap_erf_eth_hdr eth_hdr;
981  guint32 mc_hdr;
982  guint32 aal2_hdr;
983  } subhdr;
984 };
985 
986 #define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
987 #define SITA_FRAME_DIR_RXED (0x01)
988 #define SITA_FRAME_DIR (0x01) /* mask */
989 #define SITA_ERROR_NO_BUFFER (0x80)
990 
991 #define SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */
992 #define SITA_SIG_DTR (0x02)
993 #define SITA_SIG_CTS (0x04)
994 #define SITA_SIG_RTS (0x08)
995 #define SITA_SIG_DCD (0x10)
996 #define SITA_SIG_UNDEF1 (0x20)
997 #define SITA_SIG_UNDEF2 (0x40)
998 #define SITA_SIG_UNDEF3 (0x80)
999 
1000 #define SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */
1001 #define SITA_ERROR_TX_CTS_LOST (0x02)
1002 #define SITA_ERROR_TX_UART_ERROR (0x04)
1003 #define SITA_ERROR_TX_RETX_LIMIT (0x08)
1004 #define SITA_ERROR_TX_UNDEF1 (0x10)
1005 #define SITA_ERROR_TX_UNDEF2 (0x20)
1006 #define SITA_ERROR_TX_UNDEF3 (0x40)
1007 #define SITA_ERROR_TX_UNDEF4 (0x80)
1008 
1009 #define SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */
1010 #define SITA_ERROR_RX_PARITY (0x02)
1011 #define SITA_ERROR_RX_COLLISION (0x04)
1012 #define SITA_ERROR_RX_FRAME_LONG (0x08)
1013 #define SITA_ERROR_RX_FRAME_SHORT (0x10)
1014 #define SITA_ERROR_RX_UNDEF1 (0x20)
1015 #define SITA_ERROR_RX_UNDEF2 (0x40)
1016 #define SITA_ERROR_RX_UNDEF3 (0x80)
1017 
1018 #define SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */
1019 #define SITA_ERROR_RX_ABORT (0x02)
1020 #define SITA_ERROR_RX_CD_LOST (0x04)
1021 #define SITA_ERROR_RX_DPLL (0x08)
1022 #define SITA_ERROR_RX_OVERRUN (0x10)
1023 #define SITA_ERROR_RX_FRAME_LEN_VIOL (0x20)
1024 #define SITA_ERROR_RX_CRC (0x40)
1025 #define SITA_ERROR_RX_BREAK (0x80)
1026 
1027 #define SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */
1028 #define SITA_PROTO_BOP_LAPB (0x01)
1029 #define SITA_PROTO_ETHERNET (0x02)
1030 #define SITA_PROTO_ASYNC_INTIO (0x03)
1031 #define SITA_PROTO_ASYNC_BLKIO (0x04)
1032 #define SITA_PROTO_ALC (0x05)
1033 #define SITA_PROTO_UTS (0x06)
1034 #define SITA_PROTO_PPP_HDLC (0x07)
1035 #define SITA_PROTO_SDLC (0x08)
1036 #define SITA_PROTO_TOKENRING (0x09)
1037 #define SITA_PROTO_I2C (0x10)
1038 #define SITA_PROTO_DPM_LINK (0x11)
1039 #define SITA_PROTO_BOP_FRL (0x12)
1040 
1041 struct sita_phdr {
1042  guint8 sita_flags;
1043  guint8 sita_signals;
1044  guint8 sita_errors1;
1045  guint8 sita_errors2;
1046  guint8 sita_proto;
1047 };
1048 
1049 /*pseudo header for Bluetooth HCI*/
1050 struct bthci_phdr {
1051  gboolean sent;
1052  guint32 channel;
1053 };
1054 
1055 #define BTHCI_CHANNEL_COMMAND 1
1056 #define BTHCI_CHANNEL_ACL 2
1057 #define BTHCI_CHANNEL_SCO 3
1058 #define BTHCI_CHANNEL_EVENT 4
1059 #define BTHCI_CHANNEL_ISO 5
1060 
1061 /* pseudo header for WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
1062 struct btmon_phdr {
1063  guint16 adapter_id;
1064  guint16 opcode;
1065 };
1066 
1067 /* pseudo header for WTAP_ENCAP_LAYER1_EVENT */
1069  gboolean uton;
1070 };
1071 
1072 /* * I2C pseudo header */
1073 struct i2c_phdr {
1074  guint8 is_event;
1075  guint8 bus;
1076  guint32 flags;
1077 };
1078 
1079 /* pseudo header for WTAP_ENCAP_GSM_UM */
1080 struct gsm_um_phdr {
1081  gboolean uplink;
1082  guint8 channel;
1083  /* The following are only populated for downlink */
1084  guint8 bsic;
1085  guint16 arfcn;
1086  guint32 tdma_frame;
1087  guint8 error;
1088  guint16 timeshift;
1089 };
1090 
1091 #define GSM_UM_CHANNEL_UNKNOWN 0
1092 #define GSM_UM_CHANNEL_BCCH 1
1093 #define GSM_UM_CHANNEL_SDCCH 2
1094 #define GSM_UM_CHANNEL_SACCH 3
1095 #define GSM_UM_CHANNEL_FACCH 4
1096 #define GSM_UM_CHANNEL_CCCH 5
1097 #define GSM_UM_CHANNEL_RACH 6
1098 #define GSM_UM_CHANNEL_AGCH 7
1099 #define GSM_UM_CHANNEL_PCH 8
1100 
1101 /* Pseudo-header for nstrace packets */
1102 struct nstr_phdr {
1103  gint64 rec_offset;
1104  gint32 rec_len;
1105  guint8 nicno_offset;
1106  guint8 nicno_len;
1107  guint8 dir_offset;
1108  guint8 dir_len;
1109  guint16 eth_offset;
1110  guint8 pcb_offset;
1111  guint8 l_pcb_offset;
1112  guint8 rec_type;
1113  guint8 vlantag_offset;
1114  guint8 coreid_offset;
1115  guint8 srcnodeid_offset;
1116  guint8 destnodeid_offset;
1117  guint8 clflags_offset;
1118  guint8 src_vmname_len_offset;
1119  guint8 dst_vmname_len_offset;
1120  guint8 ns_activity_offset;
1121  guint8 data_offset;
1122 };
1123 
1124 /* Packet "pseudo-header" for Nokia output */
1125 struct nokia_phdr {
1126  struct eth_phdr eth;
1127  guint8 stuff[4]; /* mysterious stuff */
1128 };
1129 
1130 #define LLCP_PHDR_FLAG_SENT 0
1131 struct llcp_phdr {
1132  guint8 adapter;
1133  guint8 flags;
1134 };
1135 
1136 /* pseudo header for WTAP_ENCAP_LOGCAT */
1137 struct logcat_phdr {
1138  gint version;
1139 };
1140 
1141 /* Packet "pseudo-header" information for header data from NetMon files. */
1142 
1143 struct netmon_phdr {
1144  guint8* title; /* Comment title, as a null-terminated UTF-8 string */
1145  guint32 descLength; /* Number of bytes in the comment description */
1146  guint8* description; /* Comment description, in ASCII RTF */
1147  guint sub_encap; /* "Real" encap value for the record that will be used once pseudo header data is display */
1149  struct eth_phdr eth;
1150  struct atm_phdr atm;
1151  struct ieee_802_11_phdr ieee_802_11;
1152  } subheader;
1153 };
1154 
1155 /* File "pseudo-header" for BER data files. */
1156 struct ber_phdr {
1157  const char *pathname; /* Path name of file. */
1158 };
1159 
1161  struct eth_phdr eth;
1162  struct dte_dce_phdr dte_dce;
1163  struct isdn_phdr isdn;
1164  struct atm_phdr atm;
1165  struct ascend_phdr ascend;
1166  struct p2p_phdr p2p;
1167  struct ieee_802_11_phdr ieee_802_11;
1168  struct cosine_phdr cosine;
1169  struct irda_phdr irda;
1170  struct nettl_phdr nettl;
1171  struct mtp2_phdr mtp2;
1172  struct k12_phdr k12;
1173  struct lapd_phdr lapd;
1174  struct catapult_dct2000_phdr dct2000;
1175  struct erf_mc_phdr erf;
1176  struct sita_phdr sita;
1177  struct bthci_phdr bthci;
1178  struct btmon_phdr btmon;
1179  struct l1event_phdr l1event;
1180  struct i2c_phdr i2c;
1181  struct gsm_um_phdr gsm_um;
1182  struct nstr_phdr nstr;
1183  struct nokia_phdr nokia;
1184  struct llcp_phdr llcp;
1185  struct logcat_phdr logcat;
1186  struct netmon_phdr netmon;
1187  struct ber_phdr ber;
1188 };
1189 
1190 /*
1191  * Record type values.
1192  *
1193  * This list will expand over time, so don't assume everything will
1194  * forever be one of the types listed below.
1195  *
1196  * For file-type-specific records, the "ftsrec" field of the pseudo-header
1197  * contains a file-type-specific subtype value, such as a block type for
1198  * a pcapng file.
1199  *
1200  * An "event" is an indication that something happened during the capture
1201  * process, such as a status transition of some sort on the network.
1202  * These should, ideally, have a time stamp and, if they're relevant to
1203  * a particular interface on a multi-interface capture, should also have
1204  * an interface ID. The data for the event is file-type-specific and
1205  * subtype-specific. These should be dissected and displayed just as
1206  * packets are.
1207  *
1208  * A "report" supplies information not corresponding to an event;
1209  * for example, a pcapng Interface Statistics Block would be a report,
1210  * as it doesn't correspond to something happening on the network.
1211  * They may have a time stamp, and should be dissected and displayed
1212  * just as packets are.
1213  *
1214  * We distinguish between "events" and "reports" so that, for example,
1215  * the packet display can show the delta between a packet and an event
1216  * but not show the delta between a packet and a report, as the time
1217  * stamp of a report may not correspond to anything interesting on
1218  * the network but the time stamp of an event would.
1219  *
1220  * XXX - are there any file-type-specific records that *shouldn't* be
1221  * dissected and displayed? If so, they should be parsed and the
1222  * information in them stored somewhere, and used somewhere, whether
1223  * it's just used when saving the file in its native format or also
1224  * used to parse *other* file-type-specific records.
1225  *
1226  * These would be similar to, for example, pcapng Interface Description
1227  * Blocks, for which the position within the file is significant only
1228  * in that an IDB for an interface must appear before any packets from
1229  * the interface; the fact that an IDB appears at some point doesn't
1230  * necessarily mean something happened in the capture at that point.
1231  * Name Resolution Blocks are another example of such a record.
1232  *
1233  * (XXX - if you want to have a record that says "this interface first
1234  * showed up at this time", that needs to be a separate record type
1235  * from the IDB. We *could* add a "New Interface Description Block",
1236  * with a time stamp, for that purpose, but we'd *still* have to
1237  * provide IDBs for those interfaces, for compatibility with programs
1238  * that don't know about the NIDB. An ISB with only an isb_starttime
1239  * option would suffice for this purpose, so nothing needs to be
1240  * added to pcapng for this.)
1241  */
1242 #define REC_TYPE_PACKET 0
1243 #define REC_TYPE_FT_SPECIFIC_EVENT 1
1244 #define REC_TYPE_FT_SPECIFIC_REPORT 2
1245 #define REC_TYPE_SYSCALL 3
1246 #define REC_TYPE_SYSTEMD_JOURNAL_EXPORT 4
1247 #define REC_TYPE_CUSTOM_BLOCK 5
1249 typedef struct {
1250  guint32 caplen; /* data length in the file */
1251  guint32 len; /* data length on the wire */
1252  int pkt_encap; /* WTAP_ENCAP_ value for this packet */
1253  /* pcapng variables */
1254  guint32 interface_id; /* identifier of the interface. */
1255  /* options */
1256 
1257  union wtap_pseudo_header pseudo_header;
1259 
1260 /*
1261  * The pcapng specification says "The word is encoded as an unsigned
1262  * 32-bit integer, using the endianness of the Section Header Block
1263  * scope it is in. In the following table, the bits are numbered with
1264  * 0 being the most-significant bit and 31 being the least-significant
1265  * bit of the 32-bit unsigned integer."
1266  *
1267  * From that, the direction, in bits 0 and 1, is at the *top* of the word.
1268  *
1269  * However, several implementations, such as:
1270  *
1271  * the Wireshark pcapng file reading code;
1272  *
1273  * macOS libpcap and tcpdump;
1274  *
1275  * text2pcap;
1276  *
1277  * and probably the software that generated the capture in bug 11665;
1278  *
1279  * treat 0 as the *least*-significant bit and bit 31 being the *most*-
1280  * significant bit of the flags word, and put the direction at the
1281  * *bottom* of the word.
1282  *
1283  * For now, we go with the known implementations.
1284  */
1285 
1286 /* Direction field of the packet flags */
1287 #define PACK_FLAGS_DIRECTION_MASK 0x00000003 /* unshifted */
1288 #define PACK_FLAGS_DIRECTION_SHIFT 0
1289 #define PACK_FLAGS_DIRECTION(pack_flags) (((pack_flags) & PACK_FLAGS_DIRECTION_MASK) >> PACK_FLAGS_DIRECTION_SHIFT)
1290 #define PACK_FLAGS_DIRECTION_UNKNOWN 0
1291 #define PACK_FLAGS_DIRECTION_INBOUND 1
1292 #define PACK_FLAGS_DIRECTION_OUTBOUND 2
1293 
1294 /* Reception type field of the packet flags */
1295 #define PACK_FLAGS_RECEPTION_TYPE_MASK 0x0000001C /* unshifted */
1296 #define PACK_FLAGS_RECEPTION_TYPE_SHIFT 2
1297 #define PACK_FLAGS_RECEPTION_TYPE(pack_flags) (((pack_flags) & PACK_FLAGS_RECEPTION_TYPE_MASK) >> PACK_FLAGS_RECEPTION_TYPE_SHIFT)
1298 #define PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED 0
1299 #define PACK_FLAGS_RECEPTION_TYPE_UNICAST 1
1300 #define PACK_FLAGS_RECEPTION_TYPE_MULTICAST 2
1301 #define PACK_FLAGS_RECEPTION_TYPE_BROADCAST 3
1302 #define PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS 4
1303 
1304 /* FCS length field of the packet flags */
1305 #define PACK_FLAGS_FCS_LENGTH_MASK 0x000001E0 /* unshifted */
1306 #define PACK_FLAGS_FCS_LENGTH_SHIFT 5
1307 #define PACK_FLAGS_FCS_LENGTH(pack_flags) (((pack_flags) & PACK_FLAGS_FCS_LENGTH_MASK) >> PACK_FLAGS_FCS_LENGTH_SHIFT)
1308 
1309 /* Reserved bits of the packet flags */
1310 #define PACK_FLAGS_RESERVED_MASK 0x0000FE00
1311 
1312 /* Link-layer-dependent errors of the packet flags */
1313 
1314 /* For Ethernet and possibly some other network types */
1315 #define PACK_FLAGS_CRC_ERROR 0x01000000
1316 #define PACK_FLAGS_PACKET_TOO_LONG 0x02000000
1317 #define PACK_FLAGS_PACKET_TOO_SHORT 0x04000000
1318 #define PACK_FLAGS_WRONG_INTER_FRAME_GAP 0x08000000
1319 #define PACK_FLAGS_UNALIGNED_FRAME 0x10000000
1320 #define PACK_FLAGS_START_FRAME_DELIMITER_ERROR 0x20000000
1321 #define PACK_FLAGS_PREAMBLE_ERROR 0x40000000
1322 #define PACK_FLAGS_SYMBOL_ERROR 0x80000000
1323 
1324 /* Construct a pack_flags value from its subfield values */
1325 #define PACK_FLAGS_VALUE(direction, reception_type, fcs_length, ll_dependent_errors) \
1326  (((direction) << 30) | \
1327  ((reception_type) << 27) | \
1328  ((fcs_length) << 23) | \
1329  (ll_dependent_errors))
1330 
1331 typedef struct {
1332  guint record_type; /* the type of record this is - file type-specific value */
1333  guint32 record_len; /* length of the record */
1335 
1336 typedef struct {
1337  const char *pathname; /* Path name of file. */
1338  guint record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
1339  int byte_order;
1340  /* guint32 sentinel; */
1341  guint64 timestamp; /* ns since epoch - XXX dup of ts */
1342  guint64 thread_id;
1343  guint32 event_len; /* length of the event */
1344  guint32 event_filelen; /* event data length in the file */
1345  guint16 event_type;
1346  guint32 nparams; /* number of parameters of the event */
1347  guint16 cpu_id;
1348  /* ... Event ... */
1350 
1351 typedef struct {
1352  guint32 record_len; /* length of the record */
1354 
1355 typedef struct {
1356  guint32 length; /* length of the record */
1357  guint32 pen; /* private enterprise number */
1358  gboolean copy_allowed; /* CB can be written */
1359  union {
1360  struct nflx {
1361  guint32 type; /* block type */
1362  guint32 skipped; /* Used if type == BBLOG_TYPE_SKIPPED_BLOCK */
1363  } nflx_custom_data_header;
1364  } custom_data_header;
1366 
1367 #define BBLOG_TYPE_EVENT_BLOCK 1
1368 #define BBLOG_TYPE_SKIPPED_BLOCK 2
1369 
1370 /*
1371  * The largest nstime.secs value that can be put into an unsigned
1372  * 32-bit quantity.
1373  *
1374  * We assume that time_t is signed; it is signed on Windows/MSVC and
1375  * on many UN*Xes.
1376  *
1377  * So, if time_t is 32-bit, we define this as G_MAXINT32, as that's
1378  * the largest value a time_t can have, and it fits in an unsigned
1379  * 32-bit quantity. If it's 64-bit or larger, we define this as
1380  * G_MAXUINT32, as, even if it's signed, it can be as large as
1381  * G_MAXUINT32, and that's the largest value that can fit in
1382  * a 32-bit unsigned quantity.
1383  *
1384  * Comparing against this, rather than against G_MAXINT2, when checking
1385  * whether a time stamp will fit in a 32-bit unsigned integer seconds
1386  * field in a capture file being written avoids signed vs. unsigned
1387  * warnings if time_t is a signed 32-bit type.
1388  *
1389  * XXX - what if time_t is unsigned? Are there any platforms where
1390  * it is?
1391  */
1392 #define WTAP_NSTIME_32BIT_SECS_MAX ((time_t)(sizeof(time_t) > sizeof(gint32) ? G_MAXUINT32 : G_MAXINT32))
1393 
1394 typedef struct wtap_rec {
1395  guint rec_type; /* what type of record is this? */
1396  guint32 presence_flags; /* what stuff do we have? */
1397  guint section_number; /* section, within file, containing this record */
1398  nstime_t ts; /* time stamp */
1399  int tsprec; /* WTAP_TSPREC_ value for this record */
1400  nstime_t ts_rel_cap; /* time stamp relative from capture start */
1401  gboolean ts_rel_cap_valid; /* is ts_rel_cap valid and can be used? */
1402  union {
1403  wtap_packet_header packet_header;
1404  wtap_ft_specific_header ft_specific_header;
1405  wtap_syscall_header syscall_header;
1406  wtap_systemd_journal_export_header systemd_journal_export_header;
1407  wtap_custom_block_header custom_block_header;
1408  } rec_header;
1409 
1410  wtap_block_t block ; /* packet block; holds comments and verdicts in its options */
1411  gboolean block_was_modified; /* TRUE if ANY aspect of the block has been modified */
1412 
1413  /*
1414  * We use a Buffer so that we don't have to allocate and free
1415  * a buffer for the options for each record.
1416  */
1417  Buffer options_buf; /* file-type specific data */
1418 } wtap_rec;
1419 
1420 /*
1421  * Bits in presence_flags, indicating which of the fields we have.
1422  *
1423  * For the time stamp, we may need some more flags to indicate
1424  * whether the time stamp is an absolute date-and-time stamp, an
1425  * absolute time-only stamp (which can make relative time
1426  * calculations tricky, as you could in theory have two time
1427  * stamps separated by an unknown number of days), or a time stamp
1428  * relative to some unspecified time in the past (see mpeg.c).
1429  *
1430  * There is no presence flag for len - there has to be *some* length
1431  * value for the packet. (The "captured length" can be missing if
1432  * the file format doesn't report a captured length distinct from
1433  * the on-the-network length because the application(s) producing those
1434  * files don't support slicing packets.)
1435  *
1436  * There could be a presence flag for the packet encapsulation - if it's
1437  * absent, use the file encapsulation - but it's not clear that's useful;
1438  * we currently do that in the module for the file format.
1439  *
1440  * Only WTAP_HAS_TS and WTAP_HAS_SECTION_NUMBER apply to all record types.
1441  */
1442 #define WTAP_HAS_TS 0x00000001
1443 #define WTAP_HAS_CAP_LEN 0x00000002
1444 #define WTAP_HAS_INTERFACE_ID 0x00000004
1445 #define WTAP_HAS_SECTION_NUMBER 0x00000008
1447 #ifndef MAXNAMELEN
1448 #define MAXNAMELEN 64 /* max name length (hostname and port name) */
1449 #endif
1450 
1451 typedef struct hashipv4 {
1452  guint addr;
1453  guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1454  gchar ip[WS_INET_ADDRSTRLEN];
1455  gchar name[MAXNAMELEN];
1456 } hashipv4_t;
1457 
1458 typedef struct hashipv6 {
1459  guint8 addr[16];
1460  guint8 flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1461  gchar ip6[WS_INET6_ADDRSTRLEN];
1462  gchar name[MAXNAMELEN];
1463 } hashipv6_t;
1464 
1468 typedef struct addrinfo_lists {
1472 
1488 typedef struct wtap_dump_params {
1489  int encap;
1490  int snaplen;
1491  int tsprec;
1492  GArray *shb_hdrs;
1494  const GArray *nrbs_growing;
1497  GArray *dsbs_initial;
1498  const GArray *dsbs_growing;
1501  const GArray *mevs_growing;
1504  gboolean dont_copy_idbs;
1506 
1507 /* Zero-initializer for wtap_dump_params. */
1508 #define WTAP_DUMP_PARAMS_INIT {.snaplen=0}
1509 
1510 struct wtap_dumper;
1511 
1512 typedef struct wtap wtap;
1513 typedef struct wtap_dumper wtap_dumper;
1514 
1515 typedef struct wtap_reader *FILE_T;
1516 
1517 /* Similar to the wtap_open_routine_info for open routines, the following
1518  * wtap_wslua_file_info struct is used by wslua code for Lua-based file writers.
1519  *
1520  * This concept is necessary because when wslua goes to invoke the
1521  * registered dump/write_open routine callback in Lua, it needs the ref number representing
1522  * the hooked function inside Lua. This will be stored in the thing pointed to
1523  * by the void* data here. This 'data' pointer will be copied into the
1524  * wtap_dumper struct's 'void* data' member when calling the dump_open function,
1525  * which is how wslua finally retrieves it. Unlike wtap_dumper's 'priv' member, its
1526  * 'data' member is not free'd in wtap_dump_close().
1527  */
1528 typedef struct wtap_wslua_file_info {
1529  int (*wslua_can_write_encap)(int, void*); /* a can_write_encap func for wslua uses */
1530  void* wslua_data; /* holds the wslua data */
1532 
1533 /*
1534  * For registering extensions used for file formats.
1535  *
1536  * These items are used in dialogs for opening files, so that
1537  * the user can ask to see all capture files (as identified
1538  * by file extension) or particular types of capture files.
1539  *
1540  * Each item has a human-readable description of the file types
1541  * (possibly more than one!) that use all of this set of extensions,
1542  * a flag indicating whether it's a capture file or just some file
1543  * whose contents we can dissect, and a list of extensions files of
1544  * that type might have.
1545  *
1546  * Note that entries in this table do *not* necessarily correspoond
1547  * to single file types; for example, the entry that lists just "cap"
1548  * is for several file formats, all of which use the extension ".cap".
1549  *
1550  * Also note that a given extension may appear in multiple entries;
1551  * for example, "cap" (again!) is in an entry for some file types
1552  * that use only ".cap" and in entries for file types that use
1553  * ".cap" and some other extensions, and ".trc" is used both for
1554  * DOS Sniffer Token Ring captures ("trc") and EyeSDN USB ISDN
1555  * trace files ("tr{a}c{e}").
1556  *
1557  * Some entries aren't for capture file types, they're just generic types,
1558  * such as "text file" or "XML file", that can be used for, among other
1559  * things, captures we can read, or for file formats we can read in
1560  * order to dissect the contents of the file (think of this as "Fileshark",
1561  * which is a program that we really should have). Those are marked
1562  * specially, because, in file section dialogs, the user should be able
1563  * to select "All Capture Files" and get a set of extensions that are
1564  * associated with capture file formats, but not with files in other
1565  * formats that might or might not contain captured packets (such as
1566  * .txt or .xml") or formats that aren't capture files but that we
1567  * support as "we're being Fileshark now" (such as .jpeg). The routine
1568  * that constructs a list of extensions for "All Capture Files" omits
1569  * extensions for those entries.
1570  */
1572  /* the file type description */
1573  const char *name;
1574 
1575  /* TRUE if this is a capture file type */
1576  gboolean is_capture_file;
1577 
1578  /* a semicolon-separated list of file extensions used for this type */
1579  const char *extensions;
1580 };
1581 
1582 /*
1583  * For registering file types that we can open.
1584  *
1585  * Each file type has an open routine.
1586  *
1587  * The open routine should return:
1588  *
1589  * WTAP_OPEN_ERROR on an I/O error;
1590  *
1591  * WTAP_OPEN_MINE if the file it's reading is one of the types
1592  * it handles;
1593  *
1594  * WTAP_OPEN_NOT_MINE if the file it's reading isn't one of the
1595  * types it handles.
1596  *
1597  * If the routine handles this type of file, it should set the
1598  * "file_type_subtype" field in the "struct wtap" to the type of the file.
1599  *
1600  * Note that the routine does not have to free the private data pointer on
1601  * error. The caller takes care of that by calling wtap_close on error.
1602  * (See https://gitlab.com/wireshark/wireshark/-/issues/8518)
1603  *
1604  * However, the caller does have to free the private data pointer when
1605  * returning WTAP_OPEN_NOT_MINE, since the next file type will be called
1606  * and will likely just overwrite the pointer.
1607  */
1608 typedef enum {
1609  WTAP_OPEN_NOT_MINE = 0,
1610  WTAP_OPEN_MINE = 1,
1611  WTAP_OPEN_ERROR = -1
1612 } wtap_open_return_val;
1613 
1614 typedef wtap_open_return_val (*wtap_open_routine_t)(struct wtap*, int *,
1615  char **);
1616 
1617 /*
1618  * Some file formats have defined magic numbers at fixed offsets from
1619  * the beginning of the file; those routines should return 1 if and
1620  * only if the file has the magic number at that offset. (pcapng
1621  * is a bit of a special case, as it has both the Section Header Block
1622  * type field and its byte-order magic field; it checks for both.)
1623  * Those file formats do not require a file name extension in order
1624  * to recognize them or to avoid recognizing other file types as that
1625  * type, and have no extensions specified for them.
1626  *
1627  * Other file formats don't have defined magic numbers at fixed offsets,
1628  * so a heuristic is required. If that file format has any file name
1629  * extensions used for it, a list of those extensions should be
1630  * specified, so that, if the name of the file being opened has an
1631  * extension, the file formats that use that extension are tried before
1632  * the ones that don't, to handle the case where a file of one type
1633  * might be recognized by the heuristics for a different file type.
1634  */
1635 typedef enum {
1636  OPEN_INFO_MAGIC = 0,
1637  OPEN_INFO_HEURISTIC = 1
1638 } wtap_open_type;
1639 
1640 WS_DLL_PUBLIC void init_open_routines(void);
1641 
1642 void cleanup_open_routines(void);
1643 
1644 /*
1645  * Information about a given file type that applies to all subtypes of
1646  * the file type.
1647  *
1648  * Each file type has:
1649  *
1650  * a human-readable description of the file type, for use in the
1651  * user interface;
1652  * a wtap_open_type indication of how the open routine
1653  * determines whether a file is of that type;
1654  * an open routine;
1655  * an optional list of extensions used for this file type;
1656  * data to be passed to Lua file readers - this should be NULL for
1657  * non-Lua (C) file readers.
1658  *
1659  * The list of file extensions is used as a hint when calling open routines
1660  * to open a file; heuristic open routines whose list of extensions includes
1661  * the file's extension are called before heuristic open routines whose
1662  * (possibly-empty) list of extensions doesn't contain the file's extension,
1663  * to reduce the chances that a file will be misidentified due to an heuristic
1664  * test with a weak heuristic being done before a heuristic test for the
1665  * file's type.
1666  *
1667  * The list of extensions should be NULL for magic-number open routines,
1668  * as it will not be used for any purpose (no such hinting is done).
1669  */
1670 struct open_info {
1671  const char *name; /* Description */
1672  wtap_open_type type; /* Open routine type */
1673  wtap_open_routine_t open_routine; /* Open routine */
1674  const char *extensions; /* List of extensions used for this file type */
1675  gchar **extensions_set; /* Array of those extensions; populated using extensions member during initialization */
1676  void* wslua_data; /* Data for Lua file readers */
1677 };
1678 WS_DLL_PUBLIC struct open_info *open_routines;
1679 
1680 /*
1681  * Types of comments.
1682  */
1683 #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
1684 #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
1685 #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
1686 
1687 /*
1688  * For a given option type in a certain block type, does a file format
1689  * not support it, support only one such option, or support multiple
1690  * such options?
1691  */
1692 typedef enum {
1693  OPTION_NOT_SUPPORTED,
1694  ONE_OPTION_SUPPORTED,
1695  MULTIPLE_OPTIONS_SUPPORTED
1696 } option_support_t;
1697 
1698 /*
1699  * Entry in a table of supported option types.
1700  */
1702  guint opt;
1703  option_support_t support; /* OPTION_NOT_SUPPORTED allowed, equivalent to absence */
1704 };
1705 
1706 #define OPTION_TYPES_SUPPORTED(option_type_array) \
1707  sizeof option_type_array / sizeof option_type_array[0], option_type_array
1708 
1709 #define NO_OPTIONS_SUPPORTED \
1710  0, NULL
1711 
1712 /*
1713  * For a given block type, does a file format not support it, support
1714  * only one such block, or support multiple such blocks?
1715  */
1716 typedef enum {
1717  BLOCK_NOT_SUPPORTED,
1718  ONE_BLOCK_SUPPORTED,
1719  MULTIPLE_BLOCKS_SUPPORTED
1720 } block_support_t;
1721 
1722 /*
1723  * Entry in a table of supported block types.
1724  */
1726  wtap_block_type_t type;
1727  block_support_t support; /* BLOCK_NOT_SUPPORTED allowed, equivalent to absence */
1728  size_t num_supported_options;
1729  const struct supported_option_type *supported_options;
1730 };
1731 
1732 #define BLOCKS_SUPPORTED(block_type_array) \
1733  sizeof block_type_array / sizeof block_type_array[0], block_type_array
1734 
1739  const char *description;
1740 
1745  const char *name;
1746 
1752 
1760 
1765 
1770 
1775 
1780  int (*can_write_encap)(int);
1781 
1786  int (*dump_open)(wtap_dumper *, int *, gchar **);
1787 
1793 };
1794 
1795 #define WTAP_TYPE_AUTO 0
1796 
1802 WS_DLL_PUBLIC
1803 void wtap_init(gboolean load_wiretap_plugins);
1804 
1817 WS_DLL_PUBLIC
1818 struct wtap* wtap_open_offline(const char *filename, unsigned int type, int *err,
1819  gchar **err_info, gboolean do_random);
1820 
1826 WS_DLL_PUBLIC
1827 void wtap_cleareof(wtap *wth);
1828 
1833 typedef void (*wtap_new_ipv4_callback_t) (const guint addr, const gchar *name, const gboolean static_entry);
1834 WS_DLL_PUBLIC
1835 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
1836 
1837 typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const gchar *name, const gboolean static_entry);
1838 WS_DLL_PUBLIC
1839 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
1840 
1845 typedef void (*wtap_new_secrets_callback_t)(guint32 secrets_type, const void *secrets, guint size);
1846 WS_DLL_PUBLIC
1847 void wtap_set_cb_new_secrets(wtap *wth, wtap_new_secrets_callback_t add_new_secrets);
1848 
1864 WS_DLL_PUBLIC
1865 gboolean wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err,
1866  gchar **err_info, gint64 *offset);
1867 
1884 WS_DLL_PUBLIC
1885 gboolean wtap_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec,
1886  Buffer *buf, int *err, gchar **err_info);
1887 
1888 /*** initialize a wtap_rec structure ***/
1889 WS_DLL_PUBLIC
1890 void wtap_rec_init(wtap_rec *rec);
1891 
1892 /*** Re-initialize a wtap_rec structure ***/
1893 WS_DLL_PUBLIC
1894 void wtap_rec_reset(wtap_rec *rec);
1895 
1896 /*** clean up a wtap_rec structure, freeing what wtap_rec_init() allocated */
1897 WS_DLL_PUBLIC
1898 void wtap_rec_cleanup(wtap_rec *rec);
1899 
1900 /*
1901  * Types of compression for a file, including "none".
1902  */
1903 typedef enum {
1904  WTAP_UNCOMPRESSED,
1905  WTAP_GZIP_COMPRESSED,
1906  WTAP_ZSTD_COMPRESSED,
1907  WTAP_LZ4_COMPRESSED
1908 } wtap_compression_type;
1909 
1910 WS_DLL_PUBLIC
1911 wtap_compression_type wtap_get_compression_type(wtap *wth);
1912 WS_DLL_PUBLIC
1913 const char *wtap_compression_type_description(wtap_compression_type compression_type);
1914 WS_DLL_PUBLIC
1915 const char *wtap_compression_type_extension(wtap_compression_type compression_type);
1916 WS_DLL_PUBLIC
1917 GSList *wtap_get_all_compression_type_extensions_list(void);
1918 
1919 /*** get various information snippets about the current file ***/
1920 
1923 WS_DLL_PUBLIC
1924 gint64 wtap_read_so_far(wtap *wth);
1925 WS_DLL_PUBLIC
1926 gint64 wtap_file_size(wtap *wth, int *err);
1927 WS_DLL_PUBLIC
1928 guint wtap_snapshot_length(wtap *wth); /* per file */
1929 WS_DLL_PUBLIC
1930 int wtap_file_type_subtype(wtap *wth);
1931 WS_DLL_PUBLIC
1932 int wtap_file_encap(wtap *wth);
1933 WS_DLL_PUBLIC
1934 int wtap_file_tsprec(wtap *wth);
1935 
1943 WS_DLL_PUBLIC
1944 guint wtap_file_get_num_shbs(wtap *wth);
1945 
1958 WS_DLL_PUBLIC
1959 wtap_block_t wtap_file_get_shb(wtap *wth, guint shb_num);
1960 
1971 WS_DLL_PUBLIC
1972 void wtap_write_shb_comment(wtap *wth, gchar *comment);
1973 
1984 WS_DLL_PUBLIC
1986 
1996 WS_DLL_PUBLIC
1998 
2011 WS_DLL_PUBLIC
2013 
2025 WS_DLL_PUBLIC
2026 gchar *wtap_get_debug_if_descr(const wtap_block_t if_descr,
2027  const int indent,
2028  const char* line_end);
2029 
2042 WS_DLL_PUBLIC
2044 
2053 WS_DLL_PUBLIC
2054 void wtap_file_add_decryption_secrets(wtap *wth, const wtap_block_t dsb);
2055 
2064 WS_DLL_PUBLIC
2066 
2067 /*** close the file descriptors for the current file ***/
2068 WS_DLL_PUBLIC
2069 void wtap_fdclose(wtap *wth);
2070 
2071 /*** reopen the random file descriptor for the current file ***/
2072 WS_DLL_PUBLIC
2073 gboolean wtap_fdreopen(wtap *wth, const char *filename, int *err);
2074 
2076 WS_DLL_PUBLIC
2077 void wtap_sequential_close(wtap *wth);
2078 
2080 WS_DLL_PUBLIC
2081 void wtap_close(wtap *wth);
2082 
2083 /*** dump packets into a capture file ***/
2084 WS_DLL_PUBLIC
2085 gboolean wtap_dump_can_open(int filetype);
2086 
2091 WS_DLL_PUBLIC
2092 int wtap_dump_required_file_encap_type(const GArray *file_encaps);
2093 
2098 WS_DLL_PUBLIC
2099 gboolean wtap_dump_can_write_encap(int file_type_subtype, int encap);
2100 
2105 WS_DLL_PUBLIC
2106 gboolean wtap_dump_can_compress(int file_type_subtype);
2107 
2117 WS_DLL_PUBLIC
2118 void wtap_dump_params_init(wtap_dump_params *params, wtap *wth);
2119 
2134 WS_DLL_PUBLIC
2136 
2144 WS_DLL_PUBLIC
2146 
2154 WS_DLL_PUBLIC
2156 
2163 WS_DLL_PUBLIC
2165 
2178 WS_DLL_PUBLIC
2179 wtap_dumper* wtap_dump_open(const char *filename, int file_type_subtype,
2180  wtap_compression_type compression_type, const wtap_dump_params *params,
2181  int *err, gchar **err_info);
2182 
2198 WS_DLL_PUBLIC
2199 wtap_dumper* wtap_dump_open_tempfile(const char *tmpdir, char **filenamep,
2200  const char *pfx,
2201  int file_type_subtype, wtap_compression_type compression_type,
2202  const wtap_dump_params *params, int *err, gchar **err_info);
2203 
2216 WS_DLL_PUBLIC
2217 wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype,
2218  wtap_compression_type compression_type, const wtap_dump_params *params,
2219  int *err, gchar **err_info);
2220 
2232 WS_DLL_PUBLIC
2233 wtap_dumper* wtap_dump_open_stdout(int file_type_subtype,
2234  wtap_compression_type compression_type, const wtap_dump_params *params,
2235  int *err, gchar **err_info);
2236 
2237 /*
2238  * Add an IDB to the list of IDBs for a file we're writing.
2239  * Makes a copy of the IDB, so it can be freed after this call is made.
2240  *
2241  * @param wdh handle for the file we're writing.
2242  * @param idb the IDB to add
2243  * @param[out] err Will be set to an error code on failure.
2244  * @param[out] err_info for some errors, a string giving more details of
2245  * the error.
2246  * @return TRUE on success, FALSE on failure.
2247  */
2248 WS_DLL_PUBLIC
2249 gboolean wtap_dump_add_idb(wtap_dumper *wdh, wtap_block_t idb, int *err,
2250  gchar **err_info);
2251 WS_DLL_PUBLIC
2252 gboolean wtap_dump(wtap_dumper *, const wtap_rec *, const guint8 *,
2253  int *err, gchar **err_info);
2254 WS_DLL_PUBLIC
2255 gboolean wtap_dump_flush(wtap_dumper *, int *);
2256 WS_DLL_PUBLIC
2257 int wtap_dump_file_type_subtype(wtap_dumper *wdh);
2258 WS_DLL_PUBLIC
2259 gint64 wtap_get_bytes_dumped(wtap_dumper *);
2260 WS_DLL_PUBLIC
2261 void wtap_set_bytes_dumped(wtap_dumper *wdh, gint64 bytes_dumped);
2262 struct addrinfo;
2263 WS_DLL_PUBLIC
2264 gboolean wtap_addrinfo_list_empty(addrinfo_lists_t *addrinfo_lists);
2265 WS_DLL_PUBLIC
2266 gboolean wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
2267 WS_DLL_PUBLIC
2268 void wtap_dump_discard_name_resolution(wtap_dumper *wdh);
2269 WS_DLL_PUBLIC
2270 void wtap_dump_discard_decryption_secrets(wtap_dumper *wdh);
2271 
2288 WS_DLL_PUBLIC
2289 gboolean wtap_dump_close(wtap_dumper *wdh, gboolean *needs_reload,
2290  int *err, gchar **err_info);
2291 
2296 WS_DLL_PUBLIC
2297 gboolean wtap_dump_can_write(const GArray *file_encaps, guint32 required_comment_types);
2298 
2311 WS_DLL_PUBLIC
2312 void wtap_buffer_append_epdu_tag(Buffer *buf, guint16 epdu_tag, const guint8 *data, guint16 data_len);
2313 
2322 WS_DLL_PUBLIC
2323 void wtap_buffer_append_epdu_uint(Buffer *buf, guint16 epdu_tag, guint32 val);
2324 
2333 WS_DLL_PUBLIC
2334 void wtap_buffer_append_epdu_string(Buffer *buf, guint16 epdu_tag, const char *val);
2335 
2344 WS_DLL_PUBLIC
2346 
2347 /*
2348  * Sort the file types by name or by description?
2349  */
2350 typedef enum {
2351  FT_SORT_BY_NAME,
2352  FT_SORT_BY_DESCRIPTION
2353 } ft_sort_order;
2354 
2360 WS_DLL_PUBLIC
2361 GArray *wtap_get_savable_file_types_subtypes_for_file(int file_type_subtype,
2362  const GArray *file_encaps, guint32 required_comment_types,
2363  ft_sort_order sort_order);
2364 
2368 WS_DLL_PUBLIC
2369 GArray *wtap_get_writable_file_types_subtypes(ft_sort_order sort_order);
2370 
2371 /*** various file type/subtype functions ***/
2372 WS_DLL_PUBLIC
2373 const char *wtap_file_type_subtype_description(int file_type_subtype);
2374 WS_DLL_PUBLIC
2375 const char *wtap_file_type_subtype_name(int file_type_subtype);
2376 WS_DLL_PUBLIC
2377 int wtap_name_to_file_type_subtype(const char *name);
2378 WS_DLL_PUBLIC
2379 int wtap_pcap_file_type_subtype(void);
2380 WS_DLL_PUBLIC
2381 int wtap_pcap_nsec_file_type_subtype(void);
2382 WS_DLL_PUBLIC
2383 int wtap_pcapng_file_type_subtype(void);
2384 
2389 WS_DLL_PUBLIC
2390 block_support_t wtap_file_type_subtype_supports_block(int file_type_subtype,
2391  wtap_block_type_t type);
2392 
2397 WS_DLL_PUBLIC
2398 option_support_t wtap_file_type_subtype_supports_option(int file_type_subtype,
2399  wtap_block_type_t type, guint opttype);
2400 
2401 /* Return a list of all extensions that are used by all capture file
2402  * types, including compressed extensions, e.g. not just "pcap" but
2403  * also "pcap.gz" if we can read gzipped files.
2404  *
2405  * "Capture files" means "include file types that correspond to
2406  * collections of network packets, but not file types that
2407  * store data that just happens to be transported over protocols
2408  * such as HTTP but that aren't collections of network packets",
2409  * so that it could be used for "All Capture Files" without picking
2410  * up JPEG files or files such as that - those aren't capture files,
2411  * and we *do* have them listed in the long list of individual file
2412  * types, so omitting them from "All Capture Files" is the right
2413  * thing to do.
2414  *
2415  * All strings in the list are allocated with g_malloc() and must be freed
2416  * with g_free().
2417  *
2418  * This is used to generate a list of extensions to look for if the user
2419  * chooses "All Capture Files" in a file open dialog.
2420  */
2421 WS_DLL_PUBLIC
2422 GSList *wtap_get_all_capture_file_extensions_list(void);
2423 
2424 /* Return a list of all extensions that are used by all file types that
2425  * we can read, including compressed extensions, e.g. not just "pcap" but
2426  * also "pcap.gz" if we can read gzipped files.
2427  *
2428  * "File type" means "include file types that correspond to collections
2429  * of network packets, as well as file types that store data that just
2430  * happens to be transported over protocols such as HTTP but that aren't
2431  * collections of network packets, and plain text files".
2432  *
2433  * All strings in the list are allocated with g_malloc() and must be freed
2434  * with g_free().
2435  */
2436 WS_DLL_PUBLIC
2437 GSList *wtap_get_all_file_extensions_list(void);
2438 
2439 /*
2440  * Free a list returned by wtap_get_file_extension_type_extensions(),
2441  * wtap_get_all_capture_file_extensions_list, wtap_get_file_extensions_list(),
2442  * or wtap_get_all_file_extensions_list().
2443  */
2444 WS_DLL_PUBLIC
2445 void wtap_free_extensions_list(GSList *extensions);
2446 
2447 /*
2448  * Return the default file extension to use with the specified file type
2449  * and subtype; that's just the extension, without any ".".
2450  */
2451 WS_DLL_PUBLIC
2452 const char *wtap_default_file_extension(int file_type_subtype);
2453 
2454 /* Return a list of file extensions that are used by the specified file type
2455  * and subtype.
2456  *
2457  * If include_compressed is TRUE, the list will include compressed
2458  * extensions, e.g. not just "pcap" but also "pcap.gz" if we can read
2459  * gzipped files.
2460  *
2461  * All strings in the list are allocated with g_malloc() and must be freed
2462  * with g_free().
2463  */
2464 WS_DLL_PUBLIC
2465 GSList *wtap_get_file_extensions_list(int file_type_subtype, gboolean include_compressed);
2466 
2467 WS_DLL_PUBLIC
2468 const char *wtap_encap_name(int encap);
2469 WS_DLL_PUBLIC
2470 const char *wtap_encap_description(int encap);
2471 WS_DLL_PUBLIC
2472 int wtap_name_to_encap(const char *short_name);
2473 
2474 WS_DLL_PUBLIC
2475 const char* wtap_tsprec_string(int tsprec);
2476 
2477 WS_DLL_PUBLIC
2478 const char *wtap_strerror(int err);
2479 
2480 /*** get available number of file types and encapsulations ***/
2481 WS_DLL_PUBLIC
2482 int wtap_get_num_file_type_extensions(void);
2483 WS_DLL_PUBLIC
2484 int wtap_get_num_encap_types(void);
2485 
2486 /*** get information for file type extension ***/
2487 WS_DLL_PUBLIC
2488 const char *wtap_get_file_extension_type_name(int extension_type);
2489 WS_DLL_PUBLIC
2490 GSList *wtap_get_file_extension_type_extensions(guint extension_type);
2491 
2492 /*** dynamically register new file types and encapsulations ***/
2493 WS_DLL_PUBLIC
2494 void wtap_register_file_type_extension(const struct file_extension_info *ei);
2495 
2496 typedef struct {
2497  void (*register_wtap_module)(void); /* routine to call to register a wiretap module */
2498 } wtap_plugin;
2499 
2500 WS_DLL_PUBLIC
2501 void wtap_register_plugin(const wtap_plugin *plug);
2502 
2508 WS_DLL_PUBLIC
2509 int wtap_plugins_supported(void);
2510 
2511 WS_DLL_PUBLIC
2512 void wtap_register_open_info(struct open_info *oi, const gboolean first_routine);
2513 WS_DLL_PUBLIC
2514 gboolean wtap_has_open_info(const gchar *name);
2515 WS_DLL_PUBLIC
2516 gboolean wtap_uses_lua_filehandler(const wtap* wth);
2517 WS_DLL_PUBLIC
2518 void wtap_deregister_open_info(const gchar *name);
2519 
2520 WS_DLL_PUBLIC
2521 unsigned int open_info_name_to_type(const char *name);
2522 WS_DLL_PUBLIC
2523 int wtap_register_file_type_subtype(const struct file_type_subtype_info* fi);
2524 WS_DLL_PUBLIC
2525 void wtap_deregister_file_type_subtype(const int file_type_subtype);
2526 
2527 WS_DLL_PUBLIC
2528 int wtap_register_encap_type(const char *description, const char *name);
2529 
2530 /*** Cleanup the internal library structures */
2531 WS_DLL_PUBLIC
2532 void wtap_cleanup(void);
2533 
2537 #define WTAP_ERR_NOT_REGULAR_FILE -1
2540 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
2543 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
2546 #define WTAP_ERR_UNSUPPORTED -4
2550 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
2553 #define WTAP_ERR_CANT_OPEN -6
2556 #define WTAP_ERR_UNWRITABLE_FILE_TYPE -7
2559 #define WTAP_ERR_UNWRITABLE_ENCAP -8
2563 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
2566 #define WTAP_ERR_CANT_WRITE -10
2569 #define WTAP_ERR_CANT_CLOSE -11
2572 #define WTAP_ERR_SHORT_READ -12
2575 #define WTAP_ERR_BAD_FILE -13
2578 #define WTAP_ERR_SHORT_WRITE -14
2581 #define WTAP_ERR_UNC_OVERFLOW -15
2584 #define WTAP_ERR_RANDOM_OPEN_STDIN -16
2587 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17
2590 #define WTAP_ERR_CANT_SEEK -18
2593 #define WTAP_ERR_CANT_SEEK_COMPRESSED -19
2596 #define WTAP_ERR_DECOMPRESS -20
2599 #define WTAP_ERR_INTERNAL -21
2602 #define WTAP_ERR_PACKET_TOO_LARGE -22
2606 #define WTAP_ERR_CHECK_WSLUA -23
2610 #define WTAP_ERR_UNWRITABLE_REC_TYPE -24
2613 #define WTAP_ERR_UNWRITABLE_REC_DATA -25
2616 #define WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED -26
2619 #define WTAP_ERR_TIME_STAMP_NOT_SUPPORTED -27
2623 #ifdef __cplusplus
2624 }
2625 #endif /* __cplusplus */
2626 
2627 #endif /* __WTAP_H__ */
2628 
2629 /*
2630  * Editor modelines - https://www.wireshark.org/tools/modelines.html
2631  *
2632  * Local variables:
2633  * c-basic-offset: 4
2634  * tab-width: 8
2635  * indent-tabs-mode: nil
2636  * End:
2637  *
2638  * vi: set shiftwidth=4 tabstop=8 expandtab:
2639  * :indentSize=4:tabSize=8:noTabs=true:
2640  */
Definition: packet-eth.h:13
Definition: buffer.h:22
Definition: wtap.h:1468
GList * ipv6_addr_list
Definition: wtap.h:1470
GList * ipv4_addr_list
Definition: wtap.h:1469
Definition: wtap.h:512
Definition: wtap.h:485
Definition: wtap.h:1156
Definition: wtap.h:1050
Definition: wtap.h:1062
Definition: wtap.h:936
Definition: wtap.h:844
Definition: wtap.h:395
Definition: wtap.h:959
Definition: wtap.h:975
Definition: wtap.h:950
Definition: wtap.h:388
Definition: wtap.h:1571
Definition: wtap.h:1735
wtap_wslua_file_info_t * wslua_info
Definition: wtap.h:1792
int(* dump_open)(wtap_dumper *, int *, gchar **)
Definition: wtap.h:1786
const char * name
Definition: wtap.h:1745
const char * additional_file_extensions
Definition: wtap.h:1759
int(* can_write_encap)(int)
Definition: wtap.h:1780
const struct supported_block_type * supported_blocks
Definition: wtap.h:1774
const char * description
Definition: wtap.h:1739
gboolean writing_must_seek
Definition: wtap.h:1764
size_t num_supported_blocks
Definition: wtap.h:1769
const char * default_file_extension
Definition: wtap.h:1751
Definition: wtap.h:1080
Definition: wtap.h:1451
Definition: wtap.h:1458
Definition: wtap.h:1073
Definition: pcapio.c:113
Definition: wtap.h:575
Definition: wtap.h:776
Definition: wtap.h:598
Definition: wtap.h:702
Definition: wtap.h:743
Definition: wtap.h:753
Definition: wtap.h:588
Definition: wtap.h:634
Definition: wtap.h:650
Definition: tvbuff_lz77huff.c:32
Definition: wtap.h:876
Definition: wtap.h:402
Definition: wtap.h:914
Definition: wtap.h:1068
Definition: wtap.h:929
Definition: wtap.h:1131
Definition: wtap.h:1137
Definition: wtap.h:896
Definition: wtap.h:1143
Definition: wtap.h:882
Definition: wtap.h:1125
Definition: nstime.h:26
Definition: wtap.h:1102
Definition: wtap.h:1670
Definition: wtap.h:522
Definition: ngsniffer.c:80
Definition: wtap.h:1041
Definition: wtap.h:1725
Definition: wtap.h:1701
Definition: wtap_opttypes.c:86
Definition: wtap.h:1355
Definition: wtap.h:1488
const GArray * nrbs_growing
Definition: wtap.h:1494
const GArray * dsbs_growing
Definition: wtap.h:1498
int tsprec
Definition: wtap.h:1491
gboolean dont_copy_idbs
Definition: wtap.h:1504
GArray * shb_hdrs
Definition: wtap.h:1492
int encap
Definition: wtap.h:1489
GArray * dsbs_initial
Definition: wtap.h:1497
wtapng_iface_descriptions_t * idb_inf
Definition: wtap.h:1493
const GArray * mevs_growing
Definition: wtap.h:1501
int snaplen
Definition: wtap.h:1490
Definition: wtap-int.h:95
Definition: wtap.h:970
Definition: wtap.h:1331
Definition: wtap.h:1249
Definition: wtap.h:2496
Definition: file_wrappers.c:168
Definition: wtap.h:1394
Definition: wtap.h:1336
Definition: wtap.h:1351
Definition: wtap.h:1528
Definition: wtap-int.h:36
Definition: wtap_opttypes.h:212
Definition: wtap.h:765
Definition: wtap.h:904
Definition: wtap.h:1160
WS_DLL_PUBLIC void wtap_init(gboolean load_wiretap_plugins)
Initialize the Wiretap library.
Definition: wtap.c:2082
struct wtap_dump_params wtap_dump_params
WS_DLL_PUBLIC gboolean wtap_dump_can_compress(int file_type_subtype)
Definition: file_access.c:2253
WS_DLL_PUBLIC option_support_t wtap_file_type_subtype_supports_option(int file_type_subtype, wtap_block_type_t type, guint opttype)
Definition: file_access.c:1928
WS_DLL_PUBLIC gboolean wtap_seek_read(wtap *wth, gint64 seek_off, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info)
Definition: wtap.c:1871
WS_DLL_PUBLIC int wtap_plugins_supported(void)
Definition: wtap.c:52
WS_DLL_PUBLIC void wtap_dump_params_cleanup(wtap_dump_params *params)
Definition: wtap.c:569
WS_DLL_PUBLIC gboolean wtap_file_discard_decryption_secrets(wtap *wth)
Definition: wtap.c:214
WS_DLL_PUBLIC wtap_block_t wtap_get_next_interface_description(wtap *wth)
Gets next interface description.
Definition: wtap.c:182
WS_DLL_PUBLIC wtap_block_t wtap_file_get_shb(wtap *wth, guint shb_num)
Gets existing section header block, not for new file.
Definition: wtap.c:129
WS_DLL_PUBLIC void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info)
Free's a interface description block and all of its members.
Definition: wtap.c:333
WS_DLL_PUBLIC guint wtap_file_get_num_shbs(wtap *wth)
Gets number of section header blocks.
Definition: wtap.c:123
WS_DLL_PUBLIC void wtap_buffer_append_epdu_string(Buffer *buf, guint16 epdu_tag, const char *val)
Definition: wtap.c:2048
WS_DLL_PUBLIC void wtap_dump_params_discard_decryption_secrets(wtap_dump_params *params)
Definition: wtap.c:556
WS_DLL_PUBLIC int wtap_dump_required_file_encap_type(const GArray *file_encaps)
Definition: file_access.c:1440
void(* wtap_new_ipv4_callback_t)(const guint addr, const gchar *name, const gboolean static_entry)
Definition: wtap.h:1833
WS_DLL_PUBLIC gboolean wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info, gint64 *offset)
Definition: wtap.c:1683
WS_DLL_PUBLIC void wtap_dump_params_discard_name_resolution(wtap_dump_params *params)
Definition: wtap.c:550
WS_DLL_PUBLIC void wtap_write_shb_comment(wtap *wth, gchar *comment)
Sets or replaces the section header comment.
Definition: wtap.c:162
WS_DLL_PUBLIC void wtap_dump_params_init_no_idbs(wtap_dump_params *params, wtap *wth)
Definition: wtap.c:530
void(* wtap_new_secrets_callback_t)(guint32 secrets_type, const void *secrets, guint size)
Definition: wtap.h:1845
WS_DLL_PUBLIC void wtap_dump_params_init(wtap_dump_params *params, wtap *wth)
Definition: wtap.c:505
WS_DLL_PUBLIC GArray * wtap_get_writable_file_types_subtypes(ft_sort_order sort_order)
Definition: file_access.c:1718
WS_DLL_PUBLIC GArray * wtap_get_savable_file_types_subtypes_for_file(int file_type_subtype, const GArray *file_encaps, guint32 required_comment_types, ft_sort_order sort_order)
Definition: file_access.c:1606
WS_DLL_PUBLIC void wtap_buffer_append_epdu_uint(Buffer *buf, guint16 epdu_tag, guint32 val)
Definition: wtap.c:2032
WS_DLL_PUBLIC gboolean wtap_dump_close(wtap_dumper *wdh, gboolean *needs_reload, int *err, gchar **err_info)
Definition: file_access.c:2650
WS_DLL_PUBLIC gboolean wtap_dump_can_write(const GArray *file_encaps, guint32 required_comment_types)
Definition: file_access.c:1555
WS_DLL_PUBLIC gint wtap_buffer_append_epdu_end(Buffer *buf)
Definition: wtap.c:2065
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_tempfile(const char *tmpdir, char **filenamep, const char *pfx, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, gchar **err_info)
Creates a dumper for a temporary file.
Definition: file_access.c:2424
WS_DLL_PUBLIC gboolean wtap_dump_can_write_encap(int file_type_subtype, int encap)
Definition: file_access.c:1453
WS_DLL_PUBLIC void wtap_file_add_decryption_secrets(wtap *wth, const wtap_block_t dsb)
Adds a Decryption Secrets Block to the open wiretap session.
Definition: wtap.c:205
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open(const char *filename, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, gchar **err_info)
Opens a new capture file for writing.
Definition: file_access.c:2385
WS_DLL_PUBLIC gint64 wtap_read_so_far(wtap *wth)
Definition: wtap.c:1822
WS_DLL_PUBLIC void wtap_cleareof(wtap *wth)
Definition: wtap.c:1551
struct addrinfo_lists addrinfo_lists_t
WS_DLL_PUBLIC void wtap_close(wtap *wth)
Definition: wtap.c:1522
WS_DLL_PUBLIC wtapng_iface_descriptions_t * wtap_file_get_idb_info(wtap *wth)
Gets existing interface descriptions.
Definition: wtap.c:170
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_stdout(int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, gchar **err_info)
Creates a dumper for the standard output.
Definition: file_access.c:2521
WS_DLL_PUBLIC gchar * wtap_get_debug_if_descr(const wtap_block_t if_descr, const int indent, const char *line_end)
Gets a debug string of an interface description.
Definition: wtap.c:343
WS_DLL_PUBLIC void wtap_buffer_append_epdu_tag(Buffer *buf, guint16 epdu_tag, const guint8 *data, guint16 data_len)
Definition: wtap.c:2001
WS_DLL_PUBLIC wtap_dumper * wtap_dump_fdopen(int fd, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, gchar **err_info)
Creates a dumper for an existing file descriptor.
Definition: file_access.c:2486
WS_DLL_PUBLIC block_support_t wtap_file_type_subtype_supports_block(int file_type_subtype, wtap_block_type_t type)
Definition: file_access.c:1893
WS_DLL_PUBLIC wtap_block_t wtap_file_get_nrb(wtap *wth)
Gets existing name resolution block, not for new file.
Definition: wtap.c:475
WS_DLL_PUBLIC void wtap_sequential_close(wtap *wth)
Definition: wtap.c:1489
WS_DLL_PUBLIC struct wtap * wtap_open_offline(const char *filename, unsigned int type, int *err, gchar **err_info, gboolean do_random)