Wireshark  4.3.0
The Wireshark network protocol analyzer
wtap.h
Go to the documentation of this file.
1 
9 #ifndef __WTAP_H__
10 #define __WTAP_H__
11 
12 #include <wireshark.h>
13 #include <time.h>
14 #include <wsutil/buffer.h>
15 #include <wsutil/nstime.h>
16 #include <wsutil/inet_addr.h>
17 #include "wtap_opttypes.h"
18 
19 #ifdef __cplusplus
20 extern "C" {
21 #endif /* __cplusplus */
22 
23 /* Encapsulation types. Choose names that truly reflect
24  * what is contained in the packet trace file.
25  *
26  * WTAP_ENCAP_PER_PACKET is a value passed to "wtap_dump_open()" or
27  * "wtap_dump_fdopen()" to indicate that there is no single encapsulation
28  * type for all packets in the file; this may cause those routines to
29  * fail if the capture file format being written can't support that.
30  * It's also returned by "wtap_file_encap()" for capture files that
31  * don't have a single encapsulation type for all packets in the file.
32  *
33  * WTAP_ENCAP_UNKNOWN is returned by "wtap_pcap_encap_to_wtap_encap()"
34  * if it's handed an unknown encapsulation. It is also used by file
35  * types for encapsulations which are unsupported by libwiretap.
36  *
37  * WTAP_ENCAP_NONE is an initial value used by file types like pcapng
38  * that do not have a single file level encapsulation type. If and when
39  * something that indicate encapsulation is read, the encapsulation will
40  * change (possibly to WTAP_ENCAP_PER_PACKET) and appropriate IDBs will
41  * be generated. If a file type uses this value, it MUST provide IDBs
42  * (possibly fake) when the encapsulation changes; otherwise, it should
43  * return WTAP_ENCAP_UNKNOWN so that attempts to write an output file
44  * without reading the entire input file first fail gracefully.
45  *
46  * WTAP_ENCAP_FDDI_BITSWAPPED is for FDDI captures on systems where the
47  * MAC addresses you get from the hardware are bit-swapped. Ideally,
48  * the driver would tell us that, but I know of none that do, so, for
49  * now, we base it on the machine on which we're *reading* the
50  * capture, rather than on the machine on which the capture was taken
51  * (they're probably likely to be the same). We assume that they're
52  * bit-swapped on everything except for systems running Ultrix, Alpha
53  * systems, and BSD/OS systems (that's what "tcpdump" does; I guess
54  * Digital decided to bit-swap addresses in the hardware or in the
55  * driver, and I guess BSDI bit-swapped them in the driver, given that
56  * BSD/OS generally runs on Boring Old PC's). If we create a wiretap
57  * save file format, we'd use the WTAP_ENCAP values to flag the
58  * encapsulation of a packet, so there we'd at least be able to base
59  * it on the machine on which the capture was taken.
60  *
61  * WTAP_ENCAP_LINUX_ATM_CLIP is the encapsulation you get with the
62  * ATM on Linux code from <http://linux-atm.sourceforge.net/>;
63  * that code adds a DLT_ATM_CLIP DLT_ code of 19, and that
64  * encapsulation isn't the same as the DLT_ATM_RFC1483 encapsulation
65  * presumably used on some BSD systems, which we turn into
66  * WTAP_ENCAP_ATM_RFC1483.
67  *
68  * WTAP_ENCAP_NULL corresponds to DLT_NULL from "libpcap". This
69  * corresponds to
70  *
71  * 1) PPP-over-HDLC encapsulation, at least with some versions
72  * of ISDN4BSD (but not the current ones, it appears, unless
73  * I've missed something);
74  *
75  * 2) a 4-byte header containing the AF_ address family, in
76  * the byte order of the machine that saved the capture,
77  * for the packet, as used on many BSD systems for the
78  * loopback device and some other devices, or a 4-byte header
79  * containing the AF_ address family in network byte order,
80  * as used on recent OpenBSD systems for the loopback device;
81  *
82  * 3) a 4-byte header containing 2 octets of 0 and an Ethernet
83  * type in the byte order from an Ethernet header, that being
84  * what older versions of "libpcap" on Linux turn the Ethernet
85  * header for loopback interfaces into (0.6.0 and later versions
86  * leave the Ethernet header alone and make it DLT_EN10MB). */
87 #define WTAP_ENCAP_NONE -2
88 #define WTAP_ENCAP_PER_PACKET -1
89 #define WTAP_ENCAP_UNKNOWN 0
90 #define WTAP_ENCAP_ETHERNET 1
91 #define WTAP_ENCAP_TOKEN_RING 2
92 #define WTAP_ENCAP_SLIP 3
93 #define WTAP_ENCAP_PPP 4
94 #define WTAP_ENCAP_FDDI 5
95 #define WTAP_ENCAP_FDDI_BITSWAPPED 6
96 #define WTAP_ENCAP_RAW_IP 7
97 #define WTAP_ENCAP_ARCNET 8
98 #define WTAP_ENCAP_ARCNET_LINUX 9
99 #define WTAP_ENCAP_ATM_RFC1483 10
100 #define WTAP_ENCAP_LINUX_ATM_CLIP 11
101 #define WTAP_ENCAP_LAPB 12
102 #define WTAP_ENCAP_ATM_PDUS 13
103 #define WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14
104 #define WTAP_ENCAP_NULL 15
105 #define WTAP_ENCAP_ASCEND 16
106 #define WTAP_ENCAP_ISDN 17
107 #define WTAP_ENCAP_IP_OVER_FC 18
108 #define WTAP_ENCAP_PPP_WITH_PHDR 19
109 #define WTAP_ENCAP_IEEE_802_11 20
110 #define WTAP_ENCAP_IEEE_802_11_PRISM 21
111 #define WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22
112 #define WTAP_ENCAP_IEEE_802_11_RADIOTAP 23
113 #define WTAP_ENCAP_IEEE_802_11_AVS 24
114 #define WTAP_ENCAP_SLL 25
115 #define WTAP_ENCAP_FRELAY 26
116 #define WTAP_ENCAP_FRELAY_WITH_PHDR 27
117 #define WTAP_ENCAP_CHDLC 28
118 #define WTAP_ENCAP_CISCO_IOS 29
119 #define WTAP_ENCAP_LOCALTALK 30
120 #define WTAP_ENCAP_OLD_PFLOG 31
121 #define WTAP_ENCAP_HHDLC 32
122 #define WTAP_ENCAP_DOCSIS 33
123 #define WTAP_ENCAP_COSINE 34
124 #define WTAP_ENCAP_WFLEET_HDLC 35
125 #define WTAP_ENCAP_SDLC 36
126 #define WTAP_ENCAP_TZSP 37
127 #define WTAP_ENCAP_ENC 38
128 #define WTAP_ENCAP_PFLOG 39
129 #define WTAP_ENCAP_CHDLC_WITH_PHDR 40
130 #define WTAP_ENCAP_BLUETOOTH_H4 41
131 #define WTAP_ENCAP_MTP2 42
132 #define WTAP_ENCAP_MTP3 43
133 #define WTAP_ENCAP_IRDA 44
134 #define WTAP_ENCAP_USER0 45
135 #define WTAP_ENCAP_USER1 46
136 #define WTAP_ENCAP_USER2 47
137 #define WTAP_ENCAP_USER3 48
138 #define WTAP_ENCAP_USER4 49
139 #define WTAP_ENCAP_USER5 50
140 #define WTAP_ENCAP_USER6 51
141 #define WTAP_ENCAP_USER7 52
142 #define WTAP_ENCAP_USER8 53
143 #define WTAP_ENCAP_USER9 54
144 #define WTAP_ENCAP_USER10 55
145 #define WTAP_ENCAP_USER11 56
146 #define WTAP_ENCAP_USER12 57
147 #define WTAP_ENCAP_USER13 58
148 #define WTAP_ENCAP_USER14 59
149 #define WTAP_ENCAP_USER15 60
150 #define WTAP_ENCAP_SYMANTEC 61
151 #define WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62
152 #define WTAP_ENCAP_BACNET_MS_TP 63
153 #define WTAP_ENCAP_NETTL_RAW_ICMP 64
154 #define WTAP_ENCAP_NETTL_RAW_ICMPV6 65
155 #define WTAP_ENCAP_GPRS_LLC 66
156 #define WTAP_ENCAP_JUNIPER_ATM1 67
157 #define WTAP_ENCAP_JUNIPER_ATM2 68
158 #define WTAP_ENCAP_REDBACK 69
159 #define WTAP_ENCAP_NETTL_RAW_IP 70
160 #define WTAP_ENCAP_NETTL_ETHERNET 71
161 #define WTAP_ENCAP_NETTL_TOKEN_RING 72
162 #define WTAP_ENCAP_NETTL_FDDI 73
163 #define WTAP_ENCAP_NETTL_UNKNOWN 74
164 #define WTAP_ENCAP_MTP2_WITH_PHDR 75
165 #define WTAP_ENCAP_JUNIPER_PPPOE 76
166 #define WTAP_ENCAP_GCOM_TIE1 77
167 #define WTAP_ENCAP_GCOM_SERIAL 78
168 #define WTAP_ENCAP_NETTL_X25 79
169 #define WTAP_ENCAP_K12 80
170 #define WTAP_ENCAP_JUNIPER_MLPPP 81
171 #define WTAP_ENCAP_JUNIPER_MLFR 82
172 #define WTAP_ENCAP_JUNIPER_ETHER 83
173 #define WTAP_ENCAP_JUNIPER_PPP 84
174 #define WTAP_ENCAP_JUNIPER_FRELAY 85
175 #define WTAP_ENCAP_JUNIPER_CHDLC 86
176 #define WTAP_ENCAP_JUNIPER_GGSN 87
177 #define WTAP_ENCAP_LINUX_LAPD 88
178 #define WTAP_ENCAP_CATAPULT_DCT2000 89
179 #define WTAP_ENCAP_BER 90
180 #define WTAP_ENCAP_JUNIPER_VP 91
181 #define WTAP_ENCAP_USB_FREEBSD 92
182 #define WTAP_ENCAP_IEEE802_16_MAC_CPS 93
183 #define WTAP_ENCAP_NETTL_RAW_TELNET 94
184 #define WTAP_ENCAP_USB_LINUX 95
185 #define WTAP_ENCAP_MPEG 96
186 #define WTAP_ENCAP_PPI 97
187 #define WTAP_ENCAP_ERF 98
188 #define WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99
189 #define WTAP_ENCAP_SITA 100
190 #define WTAP_ENCAP_SCCP 101
191 #define WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/
192 #define WTAP_ENCAP_IPMB_KONTRON 103
193 #define WTAP_ENCAP_IEEE802_15_4 104
194 #define WTAP_ENCAP_X2E_XORAYA 105
195 #define WTAP_ENCAP_FLEXRAY 106
196 #define WTAP_ENCAP_LIN 107
197 #define WTAP_ENCAP_MOST 108
198 #define WTAP_ENCAP_CAN20B 109
199 #define WTAP_ENCAP_LAYER1_EVENT 110
200 #define WTAP_ENCAP_X2E_SERIAL 111
201 #define WTAP_ENCAP_I2C_LINUX 112
202 #define WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113
203 #define WTAP_ENCAP_TNEF 114
204 #define WTAP_ENCAP_USB_LINUX_MMAPPED 115
205 #define WTAP_ENCAP_GSM_UM 116
206 #define WTAP_ENCAP_DPNSS 117
207 #define WTAP_ENCAP_PACKETLOGGER 118
208 #define WTAP_ENCAP_NSTRACE_1_0 119
209 #define WTAP_ENCAP_NSTRACE_2_0 120
210 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2 121
211 #define WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122
212 #define WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/
213 #define WTAP_ENCAP_IPNET 124
214 #define WTAP_ENCAP_SOCKETCAN 125
215 #define WTAP_ENCAP_IEEE_802_11_NETMON 126
216 #define WTAP_ENCAP_IEEE802_15_4_NOFCS 127
217 #define WTAP_ENCAP_RAW_IPFIX 128
218 #define WTAP_ENCAP_RAW_IP4 129
219 #define WTAP_ENCAP_RAW_IP6 130
220 #define WTAP_ENCAP_LAPD 131
221 #define WTAP_ENCAP_DVBCI 132
222 #define WTAP_ENCAP_MUX27010 133
223 #define WTAP_ENCAP_MIME 134
224 #define WTAP_ENCAP_NETANALYZER 135
225 #define WTAP_ENCAP_NETANALYZER_TRANSPARENT 136
226 #define WTAP_ENCAP_IP_OVER_IB_SNOOP 137
227 #define WTAP_ENCAP_MPEG_2_TS 138
228 #define WTAP_ENCAP_PPP_ETHER 139
229 #define WTAP_ENCAP_NFC_LLCP 140
230 #define WTAP_ENCAP_NFLOG 141
231 #define WTAP_ENCAP_V5_EF 142
232 #define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
233 #define WTAP_ENCAP_IXVERIWAVE 144
234 #define WTAP_ENCAP_SDH 145
235 #define WTAP_ENCAP_DBUS 146
236 #define WTAP_ENCAP_AX25_KISS 147
237 #define WTAP_ENCAP_AX25 148
238 #define WTAP_ENCAP_SCTP 149
239 #define WTAP_ENCAP_INFINIBAND 150
240 #define WTAP_ENCAP_JUNIPER_SVCS 151
241 #define WTAP_ENCAP_USBPCAP 152
242 #define WTAP_ENCAP_RTAC_SERIAL 153
243 #define WTAP_ENCAP_BLUETOOTH_LE_LL 154
244 #define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
245 #define WTAP_ENCAP_STANAG_4607 156
246 #define WTAP_ENCAP_STANAG_5066_D_PDU 157
247 #define WTAP_ENCAP_NETLINK 158
248 #define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
249 #define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
250 #define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
251 #define WTAP_ENCAP_NSTRACE_3_0 162
252 #define WTAP_ENCAP_LOGCAT 163
253 #define WTAP_ENCAP_LOGCAT_BRIEF 164
254 #define WTAP_ENCAP_LOGCAT_PROCESS 165
255 #define WTAP_ENCAP_LOGCAT_TAG 166
256 #define WTAP_ENCAP_LOGCAT_THREAD 167
257 #define WTAP_ENCAP_LOGCAT_TIME 168
258 #define WTAP_ENCAP_LOGCAT_THREADTIME 169
259 #define WTAP_ENCAP_LOGCAT_LONG 170
260 #define WTAP_ENCAP_PKTAP 171
261 #define WTAP_ENCAP_EPON 172
262 #define WTAP_ENCAP_IPMI_TRACE 173
263 #define WTAP_ENCAP_LOOP 174
264 #define WTAP_ENCAP_JSON 175
265 #define WTAP_ENCAP_NSTRACE_3_5 176
266 #define WTAP_ENCAP_ISO14443 177
267 #define WTAP_ENCAP_GFP_T 178
268 #define WTAP_ENCAP_GFP_F 179
269 #define WTAP_ENCAP_IP_OVER_IB_PCAP 180
270 #define WTAP_ENCAP_JUNIPER_VN 181
271 #define WTAP_ENCAP_USB_DARWIN 182
272 #define WTAP_ENCAP_LORATAP 183
273 #define WTAP_ENCAP_3MB_ETHERNET 184
274 #define WTAP_ENCAP_VSOCK 185
275 #define WTAP_ENCAP_NORDIC_BLE 186
276 #define WTAP_ENCAP_NETMON_NET_NETEVENT 187
277 #define WTAP_ENCAP_NETMON_HEADER 188
278 #define WTAP_ENCAP_NETMON_NET_FILTER 189
279 #define WTAP_ENCAP_NETMON_NETWORK_INFO_EX 190
280 #define WTAP_ENCAP_MA_WFP_CAPTURE_V4 191
281 #define WTAP_ENCAP_MA_WFP_CAPTURE_V6 192
282 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V4 193
283 #define WTAP_ENCAP_MA_WFP_CAPTURE_2V6 194
284 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 195
285 #define WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 196
286 #define WTAP_ENCAP_JUNIPER_ST 197
287 #define WTAP_ENCAP_ETHERNET_MPACKET 198
288 #define WTAP_ENCAP_DOCSIS31_XRA31 199
289 #define WTAP_ENCAP_DPAUXMON 200
290 #define WTAP_ENCAP_RUBY_MARSHAL 201
291 #define WTAP_ENCAP_RFC7468 202
292 #define WTAP_ENCAP_SYSTEMD_JOURNAL 203 /* Event, not a packet */
293 #define WTAP_ENCAP_EBHSCR 204
294 #define WTAP_ENCAP_VPP 205
295 #define WTAP_ENCAP_IEEE802_15_4_TAP 206
296 #define WTAP_ENCAP_LOG_3GPP 207
297 #define WTAP_ENCAP_USB_2_0 208
298 #define WTAP_ENCAP_MP4 209
299 #define WTAP_ENCAP_SLL2 210
300 #define WTAP_ENCAP_ZWAVE_SERIAL 211
301 #define WTAP_ENCAP_ETW 212
302 #define WTAP_ENCAP_ERI_ENB_LOG 213
303 #define WTAP_ENCAP_ZBNCP 214
304 #define WTAP_ENCAP_USB_2_0_LOW_SPEED 215
305 #define WTAP_ENCAP_USB_2_0_FULL_SPEED 216
306 #define WTAP_ENCAP_USB_2_0_HIGH_SPEED 217
307 #define WTAP_ENCAP_AUTOSAR_DLT 218
308 #define WTAP_ENCAP_AUERSWALD_LOG 219
309 #define WTAP_ENCAP_ATSC_ALP 220
310 #define WTAP_ENCAP_FIRA_UCI 221
311 #define WTAP_ENCAP_SILABS_DEBUG_CHANNEL 222
312 #define WTAP_ENCAP_MDB 223
313 #define WTAP_ENCAP_EMS 224
314 #define WTAP_ENCAP_DECT_NR 225
315 
316 /* After adding new item here, please also add new item to encap_table_base array */
317 
318 #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()
319 
320 /* Value to be used as a file type/subtype value if the type is unknown */
321 #define WTAP_FILE_TYPE_SUBTYPE_UNKNOWN -1
322 
323 /* timestamp precision (currently only these values are supported) */
324 #define WTAP_TSPREC_UNKNOWN -2
325 #define WTAP_TSPREC_PER_PACKET -1 /* as a per-file value, means per-packet */
326 /*
327  * These values are the number of digits of precision after the integral part.
328  * Thry're the same as WS_TSPREC values; we define them here so that
329  * tools/make-enums.py sees them.
330  */
331 #define WTAP_TSPREC_SEC 0
332 #define WTAP_TSPREC_100_MSEC 1
333 #define WTAP_TSPREC_DSEC 1 /* Backwards compatibility */
334 #define WTAP_TSPREC_10_MSEC 2
335 #define WTAP_TSPREC_CSEC 2 /* Backwards compatibility */
336 #define WTAP_TSPREC_MSEC 3
337 #define WTAP_TSPREC_100_USEC 4
338 #define WTAP_TSPREC_10_USEC 5
339 #define WTAP_TSPREC_USEC 6
340 #define WTAP_TSPREC_100_NSEC 7
341 #define WTAP_TSPREC_10_NSEC 8
342 #define WTAP_TSPREC_NSEC 9
343 /* if you add to the above, update wtap_tsprec_string() */
344 
345 /*
346  * Maximum packet sizes.
347  *
348  * For most link-layer types, we use 262144, which is currently
349  * libpcap's MAXIMUM_SNAPLEN.
350  *
351  * For WTAP_ENCAP_DBUS, the maximum is 128MiB, as per
352  *
353  * https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
354  *
355  * For WTAP_ENCAP_EBHSCR, the maximum is 8MiB, as per
356  *
357  * https://www.elektrobit.com/ebhscr
358  *
359  * For WTAP_ENCAP_USBPCAP, the maximum is 128MiB, as per
360  *
361  * https://gitlab.com/wireshark/wireshark/-/issues/15985
362  *
363  * We don't want to write out files that specify a maximum packet size
364  * greater than 262144 if we don't have to, as software reading those
365  * files might allocate a buffer much larger than necessary, wasting memory.
366  */
367 #define WTAP_MAX_PACKET_SIZE_STANDARD 262144U
368 #define WTAP_MAX_PACKET_SIZE_USBPCAP (128U*1024U*1024U)
369 #define WTAP_MAX_PACKET_SIZE_EBHSCR (32U*1024U*1024U)
370 #define WTAP_MAX_PACKET_SIZE_DBUS (128U*1024U*1024U)
371 
372 /*
373  * "Pseudo-headers" are used to supply to the clients of wiretap
374  * per-packet information that's not part of the packet payload
375  * proper.
376  *
377  * NOTE: do not use pseudo-header structures to hold information
378  * used by the code to read a particular capture file type; to
379  * keep that sort of state information, add a new structure for
380  * that private information to "wtap-int.h", add a pointer to that
381  * type of structure to the "capture" member of the "struct wtap"
382  * structure, and allocate one of those structures and set that member
383  * in the "open" routine for that capture file type if the open
384  * succeeds. See various other capture file type handlers for examples
385  * of that.
386  */
387 
388 
389 /* Packet "pseudo-header" information for Ethernet capture files. */
390 struct eth_phdr {
391  int fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
392 };
393 
394 /* Packet "pseudo-header" information for capture files for traffic
395  between DTE and DCE. */
396 #define FROM_DCE 0x80
397 struct dte_dce_phdr {
398  uint8_t flags; /* ENCAP_LAPB, ENCAP_V120, ENCAP_FRELAY: 1st bit means From DCE */
399 };
400 
401 /* Packet "pseudo-header" information for ISDN capture files. */
402 
403 /* Direction */
404 struct isdn_phdr {
405  bool uton;
406  uint8_t channel; /* 0 = D-channel; n = B-channel n */
407 };
408 
409 /* Packet "pseudo-header" for ATM capture files.
410  Not all of this information is supplied by all capture types.
411  These originally came from the Network General (DOS-based)
412  ATM Sniffer file format, but we've added some additional
413  items. */
414 
415 /*
416  * Status bits.
417  */
418 #define ATM_RAW_CELL 0x01 /* true if the packet is a single cell */
419 #define ATM_NO_HEC 0x02 /* true if the cell has HEC stripped out */
420 #define ATM_AAL2_NOPHDR 0x04 /* true if the AAL2 PDU has no pseudo-header */
421 #define ATM_REASSEMBLY_ERROR 0x08 /* true if this is an incompletely-reassembled PDU */
422 
423 /*
424  * AAL types.
425  */
426 #define AAL_UNKNOWN 0 /* AAL unknown */
427 #define AAL_1 1 /* AAL1 */
428 #define AAL_2 2 /* AAL2 */
429 #define AAL_3_4 3 /* AAL3/4 */
430 #define AAL_5 4 /* AAL5 */
431 #define AAL_USER 5 /* User AAL */
432 #define AAL_SIGNALLING 6 /* Signaling AAL */
433 #define AAL_OAMCELL 7 /* OAM cell */
434 
435 /*
436  * Traffic types.
437  */
438 #define TRAF_UNKNOWN 0 /* Unknown */
439 #define TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */
440 #define TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */
441 #define TRAF_LANE 3 /* LAN Emulation */
442 #define TRAF_ILMI 4 /* ILMI */
443 #define TRAF_FR 5 /* Frame Relay */
444 #define TRAF_SPANS 6 /* FORE SPANS */
445 #define TRAF_IPSILON 7 /* Ipsilon */
446 #define TRAF_UMTS_FP 8 /* UMTS Frame Protocol */
447 #define TRAF_GPRS_NS 9 /* GPRS Network Services */
448 #define TRAF_SSCOP 10 /* SSCOP */
449 
450 /*
451  * Traffic subtypes.
452  */
453 #define TRAF_ST_UNKNOWN 0 /* Unknown */
454 
455 /*
456  * For TRAF_VCMX:
457  */
458 #define TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */
459 #define TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */
460 #define TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */
461 #define TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */
462 #define TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */
463 #define TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */
464 #define TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */
465 #define TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */
466 #define TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */
467 #define TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */
468 #define TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */
469 #define TRAF_ST_VCMX_BPDU 13 /* BPDU */
470 
471 /*
472  * For TRAF_LANE:
473  */
474 #define TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */
475 #define TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */
476 #define TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */
477 #define TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */
478 #define TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */
479 
480 /*
481  * For TRAF_IPSILON:
482  */
483 #define TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */
484 #define TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */
485 #define TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */
486 
487 struct atm_phdr {
488  uint32_t flags; /* status flags */
489  uint8_t aal; /* AAL of the traffic */
490  uint8_t type; /* traffic type */
491  uint8_t subtype; /* traffic subtype */
492  uint16_t vpi; /* virtual path identifier */
493  uint16_t vci; /* virtual circuit identifier */
494  uint8_t aal2_cid; /* channel id */
495  uint16_t channel; /* link: 0 for DTE->DCE, 1 for DCE->DTE */
496  uint16_t cells; /* number of cells */
497  uint16_t aal5t_u2u; /* user-to-user indicator */
498  uint16_t aal5t_len; /* length of the packet */
499  uint32_t aal5t_chksum; /* checksum for AAL5 packet */
500 };
501 
502 /* Packet "pseudo-header" for the output from "wandsession", "wannext",
503  "wandisplay", and similar commands on Lucent/Ascend access equipment. */
504 
505 #define ASCEND_MAX_STR_LEN 64
506 
507 #define ASCEND_PFX_WDS_X 1
508 #define ASCEND_PFX_WDS_R 2
509 #define ASCEND_PFX_WDD 3
510 #define ASCEND_PFX_ISDN_X 4
511 #define ASCEND_PFX_ISDN_R 5
512 #define ASCEND_PFX_ETHER 6
513 
514 struct ascend_phdr {
515  uint16_t type; /* ASCEND_PFX_*, as defined above */
516  char user[ASCEND_MAX_STR_LEN]; /* Username, from wandsession header */
517  uint32_t sess; /* Session number, from wandsession header */
518  char call_num[ASCEND_MAX_STR_LEN]; /* Called number, from WDD header */
519  uint32_t chunk; /* Chunk number, from WDD header */
520  uint32_t task; /* Task number */
521 };
522 
523 /* Packet "pseudo-header" for point-to-point links with direction flags. */
524 struct p2p_phdr {
525  bool sent;
526 };
527 
528 /*
529  * Packet "pseudo-header" information for 802.11.
530  * Radio information is only present in this form for
531  * WTAP_ENCAP_IEEE_802_11_WITH_RADIO. This is used for file formats in
532  * which the radio information isn't provided as a pseudo-header in the
533  * packet data. It is also used by the dissectors for the pseudo-headers
534  * in the packet data to supply radio information, in a form independent
535  * of the file format and pseudo-header format, to the "802.11 radio"
536  * dissector.
537  *
538  * Signal strength, etc. information:
539  *
540  * Raw signal strength can be measured in milliwatts.
541  * It can also be represented as dBm, which is 10 times the log base 10
542  * of the signal strength in mW.
543  *
544  * The Receive Signal Strength Indicator is an integer in the range 0 to 255.
545  * The actual RSSI value for a given signal strength is dependent on the
546  * vendor (and perhaps on the adapter). The maximum possible RSSI value
547  * is also dependent on the vendor and perhaps the adapter.
548  *
549  * The signal strength can be represented as a percentage, which is 100
550  * times the ratio of the RSSI and the maximum RSSI.
551  */
552 
553 /*
554  * PHY types.
555  */
556 #define PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */
557 #define PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */
558 #define PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */
559 #define PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */
560 #define PHDR_802_11_PHY_11B 4 /* 802.11b */
561 #define PHDR_802_11_PHY_11A 5 /* 802.11a */
562 #define PHDR_802_11_PHY_11G 6 /* 802.11g */
563 #define PHDR_802_11_PHY_11N 7 /* 802.11n */
564 #define PHDR_802_11_PHY_11AC 8 /* 802.11ac */
565 #define PHDR_802_11_PHY_11AD 9 /* 802.11ad */
566 #define PHDR_802_11_PHY_11AH 10 /* 802.11ah */
567 #define PHDR_802_11_PHY_11AX 11 /* 802.11ax */
568 #define PHDR_802_11_PHY_11BE 12 /* 802.11be - EHT */
569 
570 /*
571  * PHY-specific information.
572  */
573 
574 /*
575  * 802.11 legacy FHSS.
576  */
578  unsigned has_hop_set:1;
579  unsigned has_hop_pattern:1;
580  unsigned has_hop_index:1;
581 
582  uint8_t hop_set; /* Hop set */
583  uint8_t hop_pattern; /* Hop pattern */
584  uint8_t hop_index; /* Hop index */
585 };
586 
587 /*
588  * 802.11b.
589  */
590 struct ieee_802_11b {
591  /* Which of this information is present? */
592  unsigned has_short_preamble:1;
593 
594  bool short_preamble; /* Short preamble */
595 };
596 
597 /*
598  * 802.11a.
599  */
600 struct ieee_802_11a {
601  /* Which of this information is present? */
602  unsigned has_channel_type:1;
603  unsigned has_turbo_type:1;
604 
605  unsigned channel_type:2;
606  unsigned turbo_type:2;
607 };
608 
609 /*
610  * Channel type values.
611  */
612 #define PHDR_802_11A_CHANNEL_TYPE_NORMAL 0
613 #define PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1
614 #define PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2
615 
616 /*
617  * "Turbo" is an Atheros proprietary extension with 40 MHz-wide channels.
618  * It can be dynamic or static.
619  *
620  * See
621  *
622  * http://wifi-insider.com/atheros/turbo.htm
623  */
624 #define PHDR_802_11A_TURBO_TYPE_NORMAL 0
625 #define PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know whether it's static or dynamic */
626 #define PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2
627 #define PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3
628 
629 /*
630  * 802.11g.
631  *
632  * This should only be used for packets sent using OFDM; packets
633  * sent on an 11g network using DSSS should have the PHY set to
634  * 11b.
635  */
636 struct ieee_802_11g {
637  /* Which of this information is present? */
638  unsigned has_mode:1;
639 
640  uint32_t mode; /* Various proprietary extensions */
641 };
642 
643 /*
644  * Mode values.
645  */
646 #define PHDR_802_11G_MODE_NORMAL 0
647 #define PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */
648 
649 /*
650  * 802.11n.
651  */
652 struct ieee_802_11n {
653  /* Which of this information is present? */
654  unsigned has_mcs_index:1;
655  unsigned has_bandwidth:1;
656  unsigned has_short_gi:1;
657  unsigned has_greenfield:1;
658  unsigned has_fec:1;
659  unsigned has_stbc_streams:1;
660  unsigned has_ness:1;
661 
662  uint16_t mcs_index; /* MCS index */
663  unsigned bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
664  unsigned short_gi:1; /* True for short guard interval */
665  unsigned greenfield:1; /* True for greenfield, short for mixed */
666  unsigned fec:1; /* FEC: 0 = BCC, 1 = LDPC */
667  unsigned stbc_streams:2; /* Number of STBC streams */
668  unsigned ness; /* Number of extension spatial streams */
669 };
670 
671 /*
672  * Bandwidth values; used for both 11n and 11ac.
673  */
674 #define PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */
675 #define PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */
676 #define PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */
677 #define PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */
678 #define PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */
679 #define PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */
680 #define PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */
681 #define PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */
682 #define PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */
683 #define PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */
684 #define PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */
685 #define PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */
686 #define PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */
687 #define PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */
688 #define PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */
689 #define PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */
690 #define PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */
691 #define PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */
692 #define PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */
693 #define PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */
694 #define PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */
695 #define PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */
696 #define PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */
697 #define PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */
698 #define PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */
699 #define PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */
700 
701 /*
702  * 802.11ac.
703  */
705  /* Which of this information is present? */
706  unsigned has_stbc:1;
707  unsigned has_txop_ps_not_allowed:1;
708  unsigned has_short_gi:1;
709  unsigned has_short_gi_nsym_disambig:1;
710  unsigned has_ldpc_extra_ofdm_symbol:1;
711  unsigned has_beamformed:1;
712  unsigned has_bandwidth:1;
713  unsigned has_fec:1;
714  unsigned has_group_id:1;
715  unsigned has_partial_aid:1;
716 
717  unsigned stbc:1; /* 1 if all spatial streams have STBC */
718  unsigned txop_ps_not_allowed:1;
719  unsigned short_gi:1; /* True for short guard interval */
720  unsigned short_gi_nsym_disambig:1;
721  unsigned ldpc_extra_ofdm_symbol:1;
722  unsigned beamformed:1;
723  uint8_t bandwidth; /* Bandwidth = 20 MHz, 40 MHz, etc. */
724  uint8_t mcs[4]; /* MCS index per user */
725  uint8_t nss[4]; /* NSS per user */
726  uint8_t fec; /* Bit array of FEC per user: 0 = BCC, 1 = LDPC */
727  uint8_t group_id;
728  uint16_t partial_aid;
729 };
730 
731 /*
732  * 802.11ad.
733  */
734 
735 /*
736  * Min and Max frequencies for 802.11ad and a macro for checking for 802.11ad.
737  */
738 
739 #define PHDR_802_11AD_MIN_FREQUENCY 57000
740 #define PHDR_802_11AD_MAX_FREQUENCY 71000
741 
742 #define IS_80211AD(frequency) (((frequency) >= PHDR_802_11AD_MIN_FREQUENCY) &&\
743  ((frequency) <= PHDR_802_11AD_MAX_FREQUENCY))
744 
746  /* Which of this information is present? */
747  unsigned has_mcs_index:1;
748 
749  uint8_t mcs; /* MCS index */
750 };
751 
752 /*
753  * 802.11ax (HE).
754  */
756  /* Which of this information is present? */
757  unsigned has_mcs_index:1;
758  unsigned has_bwru:1;
759  unsigned has_gi:1;
760 
761  uint8_t nsts:4; /* Number of Space-time Streams */
762  uint8_t mcs:4; /* MCS index */
763  uint8_t bwru:4; /* Bandwidth/RU allocation */
764  uint8_t gi:2; /* Guard Interval */
765 };
766 
768  struct ieee_802_11_fhss info_11_fhss;
769  struct ieee_802_11b info_11b;
770  struct ieee_802_11a info_11a;
771  struct ieee_802_11g info_11g;
772  struct ieee_802_11n info_11n;
773  struct ieee_802_11ac info_11ac;
774  struct ieee_802_11ad info_11ad;
775  struct ieee_802_11ax info_11ax;
776 };
777 
779  int fcs_len; /* Number of bytes of FCS - -1 means "unknown" */
780  unsigned decrypted:1; /* true if frame is decrypted even if "protected" bit is set */
781  unsigned datapad:1; /* true if frame has padding between 802.11 header and payload */
782  unsigned no_a_msdus:1; /* true if we should ignore the A-MSDU bit */
783  unsigned phy; /* PHY type */
784  union ieee_802_11_phy_info phy_info;
785 
786  /* Which of this information is present? */
787  unsigned has_channel:1;
788  unsigned has_frequency:1;
789  unsigned has_data_rate:1;
790  unsigned has_signal_percent:1;
791  unsigned has_noise_percent:1;
792  unsigned has_signal_dbm:1;
793  unsigned has_noise_dbm:1;
794  unsigned has_signal_db:1;
795  unsigned has_noise_db:1;
796  unsigned has_tsf_timestamp:1;
797  unsigned has_aggregate_info:1; /* aggregate flags and ID */
798  unsigned has_zero_length_psdu_type:1; /* zero-length PSDU type */
799 
800  uint16_t channel; /* Channel number */
801  uint32_t frequency; /* Channel center frequency */
802  uint16_t data_rate; /* Data rate, in .5 Mb/s units */
803  uint8_t signal_percent; /* Signal level, as a percentage */
804  uint8_t noise_percent; /* Noise level, as a percentage */
805  int8_t signal_dbm; /* Signal level, in dBm */
806  int8_t noise_dbm; /* Noise level, in dBm */
807  uint8_t signal_db; /* Signal level, in dB from an arbitrary point */
808  uint8_t noise_db; /* Noise level, in dB from an arbitrary point */
809  uint64_t tsf_timestamp;
810  uint32_t aggregate_flags; /* A-MPDU flags */
811  uint32_t aggregate_id; /* ID for A-MPDU reassembly */
812  uint8_t zero_length_psdu_type; /* type of zero-length PSDU */
813 };
814 
815 /*
816  * A-MPDU flags.
817  */
818 #define PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */
819 #define PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */
820 
821 /*
822  * Zero-length PSDU types.
823  */
824 #define PHDR_802_11_SOUNDING_PSDU 0 /* sounding PPDU */
825 #define PHDR_802_11_DATA_NOT_CAPTURED 1 /* data not captured, (e.g. multi-user PPDU) */
826 #define PHDR_802_11_0_LENGTH_PSDU_VENDOR_SPECIFIC 0xff
827 
828 /* Packet "pseudo-header" for the output from CoSine L2 debug output. */
829 
830 #define COSINE_MAX_IF_NAME_LEN 128
831 
832 #define COSINE_ENCAP_TEST 1
833 #define COSINE_ENCAP_PPoATM 2
834 #define COSINE_ENCAP_PPoFR 3
835 #define COSINE_ENCAP_ATM 4
836 #define COSINE_ENCAP_FR 5
837 #define COSINE_ENCAP_HDLC 6
838 #define COSINE_ENCAP_PPP 7
839 #define COSINE_ENCAP_ETH 8
840 #define COSINE_ENCAP_UNKNOWN 99
841 
842 #define COSINE_DIR_TX 1
843 #define COSINE_DIR_RX 2
844 
845 struct cosine_phdr {
846  uint8_t encap; /* COSINE_ENCAP_* as defined above */
847  uint8_t direction; /* COSINE_DIR_*, as defined above */
848  char if_name[COSINE_MAX_IF_NAME_LEN]; /* Encap & Logical I/F name */
849  uint16_t pro; /* Protocol */
850  uint16_t off; /* Offset */
851  uint16_t pri; /* Priority */
852  uint16_t rm; /* Rate Marking */
853  uint16_t err; /* Error Code */
854 };
855 
856 /* Packet "pseudo-header" for IrDA capture files. */
857 
858 /*
859  * Direction of the packet
860  */
861 #define IRDA_INCOMING 0x0000
862 #define IRDA_OUTGOING 0x0004
863 
864 /*
865  * "Inline" log messages produced by IrCOMM2k on Windows
866  */
867 #define IRDA_LOG_MESSAGE 0x0100 /* log message */
868 #define IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */
869 
870 /*
871  * Differentiate between frames and log messages
872  */
873 #define IRDA_CLASS_FRAME 0x0000
874 #define IRDA_CLASS_LOG 0x0100
875 #define IRDA_CLASS_MASK 0xFF00
876 
877 struct irda_phdr {
878  uint16_t pkttype; /* packet type */
879 };
880 
881 /* Packet "pseudo-header" for nettl (HP-UX) capture files. */
882 
883 struct nettl_phdr {
884  uint16_t subsys;
885  uint32_t devid;
886  uint32_t kind;
887  int32_t pid;
888  uint32_t uid;
889 };
890 
891 /* Packet "pseudo-header" for MTP2 files. */
892 
893 #define MTP2_ANNEX_A_NOT_USED 0
894 #define MTP2_ANNEX_A_USED 1
895 #define MTP2_ANNEX_A_USED_UNKNOWN 2
896 
897 struct mtp2_phdr {
898  uint8_t sent;
899  uint8_t annex_a_used;
900  uint16_t link_number;
901 };
902 
903 /* Packet "pseudo-header" for K12 files. */
904 
905 typedef union {
906  struct {
907  uint16_t vp;
908  uint16_t vc;
909  uint16_t cid;
910  } atm;
911 
912  uint32_t ds0mask;
914 
915 struct k12_phdr {
916  uint32_t input;
917  const char *input_name;
918  const char *stack_file;
919  uint32_t input_type;
920  k12_input_info_t input_info;
921  uint8_t *extra_info;
922  uint32_t extra_length;
923  void* stuff;
924 };
925 
926 #define K12_PORT_DS0S 0x00010008
927 #define K12_PORT_DS1 0x00100008
928 #define K12_PORT_ATMPVC 0x01020000
929 
930 struct lapd_phdr {
931  uint16_t pkttype; /* packet type */
932  uint8_t we_network;
933 };
934 
935 struct wtap;
937 {
938  union
939  {
940  struct isdn_phdr isdn;
941  struct atm_phdr atm;
942  struct p2p_phdr p2p;
943  } inner_pseudo_header;
944  int64_t seek_off;
945  struct wtap *wth;
946 };
947 
948 /*
949  * Endace Record Format pseudo header
950  */
951 struct erf_phdr {
952  uint64_t ts; /* Time stamp */
953  uint8_t type;
954  uint8_t flags;
955  uint16_t rlen;
956  uint16_t lctr;
957  uint16_t wlen;
958 };
959 
960 struct erf_ehdr {
961  uint64_t ehdr;
962 };
963 
964 /*
965  * ERF pseudo header with optional subheader
966  * (Multichannel or Ethernet)
967  */
968 
969 #define MAX_ERF_EHDR 16
970 
972  uint8_t offset;
973  uint8_t pad;
974 };
975 
976 struct erf_mc_phdr {
977  struct erf_phdr phdr;
978  struct erf_ehdr ehdr_list[MAX_ERF_EHDR];
979  union
980  {
981  struct wtap_erf_eth_hdr eth_hdr;
982  uint32_t mc_hdr;
983  uint32_t aal2_hdr;
984  } subhdr;
985 };
986 
987 #define SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */
988 #define SITA_FRAME_DIR_RXED (0x01)
989 #define SITA_FRAME_DIR (0x01) /* mask */
990 #define SITA_ERROR_NO_BUFFER (0x80)
991 
992 #define SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */
993 #define SITA_SIG_DTR (0x02)
994 #define SITA_SIG_CTS (0x04)
995 #define SITA_SIG_RTS (0x08)
996 #define SITA_SIG_DCD (0x10)
997 #define SITA_SIG_UNDEF1 (0x20)
998 #define SITA_SIG_UNDEF2 (0x40)
999 #define SITA_SIG_UNDEF3 (0x80)
1000 
1001 #define SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */
1002 #define SITA_ERROR_TX_CTS_LOST (0x02)
1003 #define SITA_ERROR_TX_UART_ERROR (0x04)
1004 #define SITA_ERROR_TX_RETX_LIMIT (0x08)
1005 #define SITA_ERROR_TX_UNDEF1 (0x10)
1006 #define SITA_ERROR_TX_UNDEF2 (0x20)
1007 #define SITA_ERROR_TX_UNDEF3 (0x40)
1008 #define SITA_ERROR_TX_UNDEF4 (0x80)
1009 
1010 #define SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */
1011 #define SITA_ERROR_RX_PARITY (0x02)
1012 #define SITA_ERROR_RX_COLLISION (0x04)
1013 #define SITA_ERROR_RX_FRAME_LONG (0x08)
1014 #define SITA_ERROR_RX_FRAME_SHORT (0x10)
1015 #define SITA_ERROR_RX_UNDEF1 (0x20)
1016 #define SITA_ERROR_RX_UNDEF2 (0x40)
1017 #define SITA_ERROR_RX_UNDEF3 (0x80)
1018 
1019 #define SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */
1020 #define SITA_ERROR_RX_ABORT (0x02)
1021 #define SITA_ERROR_RX_CD_LOST (0x04)
1022 #define SITA_ERROR_RX_DPLL (0x08)
1023 #define SITA_ERROR_RX_OVERRUN (0x10)
1024 #define SITA_ERROR_RX_FRAME_LEN_VIOL (0x20)
1025 #define SITA_ERROR_RX_CRC (0x40)
1026 #define SITA_ERROR_RX_BREAK (0x80)
1027 
1028 #define SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */
1029 #define SITA_PROTO_BOP_LAPB (0x01)
1030 #define SITA_PROTO_ETHERNET (0x02)
1031 #define SITA_PROTO_ASYNC_INTIO (0x03)
1032 #define SITA_PROTO_ASYNC_BLKIO (0x04)
1033 #define SITA_PROTO_ALC (0x05)
1034 #define SITA_PROTO_UTS (0x06)
1035 #define SITA_PROTO_PPP_HDLC (0x07)
1036 #define SITA_PROTO_SDLC (0x08)
1037 #define SITA_PROTO_TOKENRING (0x09)
1038 #define SITA_PROTO_I2C (0x10)
1039 #define SITA_PROTO_DPM_LINK (0x11)
1040 #define SITA_PROTO_BOP_FRL (0x12)
1041 
1042 struct sita_phdr {
1043  uint8_t sita_flags;
1044  uint8_t sita_signals;
1045  uint8_t sita_errors1;
1046  uint8_t sita_errors2;
1047  uint8_t sita_proto;
1048 };
1049 
1050 /*pseudo header for Bluetooth HCI*/
1051 struct bthci_phdr {
1052  bool sent;
1053  uint32_t channel;
1054 };
1055 
1056 #define BTHCI_CHANNEL_COMMAND 1
1057 #define BTHCI_CHANNEL_ACL 2
1058 #define BTHCI_CHANNEL_SCO 3
1059 #define BTHCI_CHANNEL_EVENT 4
1060 #define BTHCI_CHANNEL_ISO 5
1061 
1062 /* pseudo header for WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR */
1063 struct btmon_phdr {
1064  uint16_t adapter_id;
1065  uint16_t opcode;
1066 };
1067 
1068 /* pseudo header for WTAP_ENCAP_LAYER1_EVENT */
1070  bool uton;
1071 };
1072 
1073 /* * I2C pseudo header */
1074 struct i2c_phdr {
1075  uint8_t is_event;
1076  uint8_t bus;
1077  uint32_t flags;
1078 };
1079 
1080 /* pseudo header for WTAP_ENCAP_GSM_UM */
1081 struct gsm_um_phdr {
1082  bool uplink;
1083  uint8_t channel;
1084  /* The following are only populated for downlink */
1085  uint8_t bsic;
1086  uint16_t arfcn;
1087  uint32_t tdma_frame;
1088  uint8_t error;
1089  uint16_t timeshift;
1090 };
1091 
1092 #define GSM_UM_CHANNEL_UNKNOWN 0
1093 #define GSM_UM_CHANNEL_BCCH 1
1094 #define GSM_UM_CHANNEL_SDCCH 2
1095 #define GSM_UM_CHANNEL_SACCH 3
1096 #define GSM_UM_CHANNEL_FACCH 4
1097 #define GSM_UM_CHANNEL_CCCH 5
1098 #define GSM_UM_CHANNEL_RACH 6
1099 #define GSM_UM_CHANNEL_AGCH 7
1100 #define GSM_UM_CHANNEL_PCH 8
1101 
1102 /* Pseudo-header for nstrace packets */
1103 struct nstr_phdr {
1104  int64_t rec_offset;
1105  int32_t rec_len;
1106  uint8_t nicno_offset;
1107  uint8_t nicno_len;
1108  uint8_t dir_offset;
1109  uint8_t dir_len;
1110  uint16_t eth_offset;
1111  uint8_t pcb_offset;
1112  uint8_t l_pcb_offset;
1113  uint8_t rec_type;
1114  uint8_t vlantag_offset;
1115  uint8_t coreid_offset;
1116  uint8_t srcnodeid_offset;
1117  uint8_t destnodeid_offset;
1118  uint8_t clflags_offset;
1119  uint8_t src_vmname_len_offset;
1120  uint8_t dst_vmname_len_offset;
1121  uint8_t ns_activity_offset;
1122  uint8_t data_offset;
1123 };
1124 
1125 /* Packet "pseudo-header" for Nokia output */
1126 struct nokia_phdr {
1127  struct eth_phdr eth;
1128  uint8_t stuff[4]; /* mysterious stuff */
1129 };
1130 
1131 #define LLCP_PHDR_FLAG_SENT 0
1132 struct llcp_phdr {
1133  uint8_t adapter;
1134  uint8_t flags;
1135 };
1136 
1137 /* pseudo header for WTAP_ENCAP_LOGCAT */
1138 struct logcat_phdr {
1139  int version;
1140 };
1141 
1142 /* Packet "pseudo-header" information for header data from NetMon files. */
1143 
1144 struct netmon_phdr {
1145  uint8_t* title; /* Comment title, as a null-terminated UTF-8 string */
1146  uint32_t descLength; /* Number of bytes in the comment description */
1147  uint8_t* description; /* Comment description, in ASCII RTF */
1148  unsigned sub_encap; /* "Real" encap value for the record that will be used once pseudo header data is display */
1150  struct eth_phdr eth;
1151  struct atm_phdr atm;
1152  struct ieee_802_11_phdr ieee_802_11;
1153  } subheader;
1154 };
1155 
1156 /* File "pseudo-header" for BER data files. */
1157 struct ber_phdr {
1158  const char *pathname; /* Path name of file. */
1159 };
1160 
1162  struct eth_phdr eth;
1163  struct dte_dce_phdr dte_dce;
1164  struct isdn_phdr isdn;
1165  struct atm_phdr atm;
1166  struct ascend_phdr ascend;
1167  struct p2p_phdr p2p;
1168  struct ieee_802_11_phdr ieee_802_11;
1169  struct cosine_phdr cosine;
1170  struct irda_phdr irda;
1171  struct nettl_phdr nettl;
1172  struct mtp2_phdr mtp2;
1173  struct k12_phdr k12;
1174  struct lapd_phdr lapd;
1175  struct catapult_dct2000_phdr dct2000;
1176  struct erf_mc_phdr erf;
1177  struct sita_phdr sita;
1178  struct bthci_phdr bthci;
1179  struct btmon_phdr btmon;
1180  struct l1event_phdr l1event;
1181  struct i2c_phdr i2c;
1182  struct gsm_um_phdr gsm_um;
1183  struct nstr_phdr nstr;
1184  struct nokia_phdr nokia;
1185  struct llcp_phdr llcp;
1186  struct logcat_phdr logcat;
1187  struct netmon_phdr netmon;
1188  struct ber_phdr ber;
1189 };
1190 
1191 /*
1192  * Record type values.
1193  *
1194  * This list will expand over time, so don't assume everything will
1195  * forever be one of the types listed below.
1196  *
1197  * For file-type-specific records, the "ftsrec" field of the pseudo-header
1198  * contains a file-type-specific subtype value, such as a block type for
1199  * a pcapng file.
1200  *
1201  * An "event" is an indication that something happened during the capture
1202  * process, such as a status transition of some sort on the network.
1203  * These should, ideally, have a time stamp and, if they're relevant to
1204  * a particular interface on a multi-interface capture, should also have
1205  * an interface ID. The data for the event is file-type-specific and
1206  * subtype-specific. These should be dissected and displayed just as
1207  * packets are.
1208  *
1209  * A "report" supplies information not corresponding to an event;
1210  * for example, a pcapng Interface Statistics Block would be a report,
1211  * as it doesn't correspond to something happening on the network.
1212  * They may have a time stamp, and should be dissected and displayed
1213  * just as packets are.
1214  *
1215  * We distinguish between "events" and "reports" so that, for example,
1216  * the packet display can show the delta between a packet and an event
1217  * but not show the delta between a packet and a report, as the time
1218  * stamp of a report may not correspond to anything interesting on
1219  * the network but the time stamp of an event would.
1220  *
1221  * XXX - are there any file-type-specific records that *shouldn't* be
1222  * dissected and displayed? If so, they should be parsed and the
1223  * information in them stored somewhere, and used somewhere, whether
1224  * it's just used when saving the file in its native format or also
1225  * used to parse *other* file-type-specific records.
1226  *
1227  * These would be similar to, for example, pcapng Interface Description
1228  * Blocks, for which the position within the file is significant only
1229  * in that an IDB for an interface must appear before any packets from
1230  * the interface; the fact that an IDB appears at some point doesn't
1231  * necessarily mean something happened in the capture at that point.
1232  * Name Resolution Blocks are another example of such a record.
1233  *
1234  * (XXX - if you want to have a record that says "this interface first
1235  * showed up at this time", that needs to be a separate record type
1236  * from the IDB. We *could* add a "New Interface Description Block",
1237  * with a time stamp, for that purpose, but we'd *still* have to
1238  * provide IDBs for those interfaces, for compatibility with programs
1239  * that don't know about the NIDB. An ISB with only an isb_starttime
1240  * option would suffice for this purpose, so nothing needs to be
1241  * added to pcapng for this.)
1242  */
1243 #define REC_TYPE_PACKET 0
1244 #define REC_TYPE_FT_SPECIFIC_EVENT 1
1245 #define REC_TYPE_FT_SPECIFIC_REPORT 2
1246 #define REC_TYPE_SYSCALL 3
1247 #define REC_TYPE_SYSTEMD_JOURNAL_EXPORT 4
1248 #define REC_TYPE_CUSTOM_BLOCK 5
1250 typedef struct {
1251  uint32_t caplen; /* data length in the file */
1252  uint32_t len; /* data length on the wire */
1253  int pkt_encap; /* WTAP_ENCAP_ value for this packet */
1254  /* pcapng variables */
1255  uint32_t interface_id; /* identifier of the interface. */
1256  /* options */
1257 
1258  union wtap_pseudo_header pseudo_header;
1260 
1261 /*
1262  * The pcapng specification says "The word is encoded as an unsigned
1263  * 32-bit integer, using the endianness of the Section Header Block
1264  * scope it is in. In the following table, the bits are numbered with
1265  * 0 being the most-significant bit and 31 being the least-significant
1266  * bit of the 32-bit unsigned integer."
1267  *
1268  * From that, the direction, in bits 0 and 1, is at the *top* of the word.
1269  *
1270  * However, several implementations, such as:
1271  *
1272  * the Wireshark pcapng file reading code;
1273  *
1274  * macOS libpcap and tcpdump;
1275  *
1276  * text2pcap;
1277  *
1278  * and probably the software that generated the capture in bug 11665;
1279  *
1280  * treat 0 as the *least*-significant bit and bit 31 being the *most*-
1281  * significant bit of the flags word, and put the direction at the
1282  * *bottom* of the word.
1283  *
1284  * For now, we go with the known implementations.
1285  */
1286 
1287 /* Direction field of the packet flags */
1288 #define PACK_FLAGS_DIRECTION_MASK 0x00000003 /* unshifted */
1289 #define PACK_FLAGS_DIRECTION_SHIFT 0
1290 #define PACK_FLAGS_DIRECTION(pack_flags) (((pack_flags) & PACK_FLAGS_DIRECTION_MASK) >> PACK_FLAGS_DIRECTION_SHIFT)
1291 #define PACK_FLAGS_DIRECTION_UNKNOWN 0
1292 #define PACK_FLAGS_DIRECTION_INBOUND 1
1293 #define PACK_FLAGS_DIRECTION_OUTBOUND 2
1294 
1295 /* Reception type field of the packet flags */
1296 #define PACK_FLAGS_RECEPTION_TYPE_MASK 0x0000001C /* unshifted */
1297 #define PACK_FLAGS_RECEPTION_TYPE_SHIFT 2
1298 #define PACK_FLAGS_RECEPTION_TYPE(pack_flags) (((pack_flags) & PACK_FLAGS_RECEPTION_TYPE_MASK) >> PACK_FLAGS_RECEPTION_TYPE_SHIFT)
1299 #define PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED 0
1300 #define PACK_FLAGS_RECEPTION_TYPE_UNICAST 1
1301 #define PACK_FLAGS_RECEPTION_TYPE_MULTICAST 2
1302 #define PACK_FLAGS_RECEPTION_TYPE_BROADCAST 3
1303 #define PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS 4
1304 
1305 /* FCS length field of the packet flags */
1306 #define PACK_FLAGS_FCS_LENGTH_MASK 0x000001E0 /* unshifted */
1307 #define PACK_FLAGS_FCS_LENGTH_SHIFT 5
1308 #define PACK_FLAGS_FCS_LENGTH(pack_flags) (((pack_flags) & PACK_FLAGS_FCS_LENGTH_MASK) >> PACK_FLAGS_FCS_LENGTH_SHIFT)
1309 
1310 /* Reserved bits of the packet flags */
1311 #define PACK_FLAGS_RESERVED_MASK 0x0000FE00
1312 
1313 /* Link-layer-dependent errors of the packet flags */
1314 
1315 /* For Ethernet and possibly some other network types */
1316 #define PACK_FLAGS_CRC_ERROR 0x01000000
1317 #define PACK_FLAGS_PACKET_TOO_LONG 0x02000000
1318 #define PACK_FLAGS_PACKET_TOO_SHORT 0x04000000
1319 #define PACK_FLAGS_WRONG_INTER_FRAME_GAP 0x08000000
1320 #define PACK_FLAGS_UNALIGNED_FRAME 0x10000000
1321 #define PACK_FLAGS_START_FRAME_DELIMITER_ERROR 0x20000000
1322 #define PACK_FLAGS_PREAMBLE_ERROR 0x40000000
1323 #define PACK_FLAGS_SYMBOL_ERROR 0x80000000
1324 
1325 /* Construct a pack_flags value from its subfield values */
1326 #define PACK_FLAGS_VALUE(direction, reception_type, fcs_length, ll_dependent_errors) \
1327  (((direction) << 30) | \
1328  ((reception_type) << 27) | \
1329  ((fcs_length) << 23) | \
1330  (ll_dependent_errors))
1331 
1332 typedef struct {
1333  unsigned record_type; /* the type of record this is - file type-specific value */
1334  uint32_t record_len; /* length of the record */
1336 
1337 typedef struct {
1338  const char *pathname; /* Path name of file. */
1339  unsigned record_type; /* XXX match ft_specific_record_phdr so that we chain off of packet-pcapng_block for now. */
1340  int byte_order;
1341  /* uint32_t sentinel; */
1342  uint64_t timestamp; /* ns since epoch - XXX dup of ts */
1343  uint64_t thread_id;
1344  uint32_t event_len; /* length of the event */
1345  uint32_t event_filelen; /* event data length in the file */
1346  uint16_t event_type;
1347  uint32_t nparams; /* number of parameters of the event */
1348  uint16_t cpu_id;
1349  /* ... Event ... */
1351 
1352 typedef struct {
1353  uint32_t record_len; /* length of the record */
1355 
1356 typedef struct {
1357  uint32_t length; /* length of the record */
1358  uint32_t pen; /* private enterprise number */
1359  bool copy_allowed; /* CB can be written */
1360  union {
1361  struct nflx {
1362  uint32_t type; /* block type */
1363  uint32_t skipped; /* Used if type == BBLOG_TYPE_SKIPPED_BLOCK */
1364  } nflx_custom_data_header;
1365  } custom_data_header;
1367 
1368 #define BBLOG_TYPE_EVENT_BLOCK 1
1369 #define BBLOG_TYPE_SKIPPED_BLOCK 2
1370 
1371 /*
1372  * The largest nstime.secs value that can be put into an unsigned
1373  * 32-bit quantity.
1374  *
1375  * We assume that time_t is signed; it is signed on Windows/MSVC and
1376  * on many UN*Xes.
1377  *
1378  * So, if time_t is 32-bit, we define this as INT32_MAX, as that's
1379  * the largest value a time_t can have, and it fits in an unsigned
1380  * 32-bit quantity. If it's 64-bit or larger, we define this as
1381  * UINT32_MAX, as, even if it's signed, it can be as large as
1382  * UINT32_MAX, and that's the largest value that can fit in
1383  * a 32-bit unsigned quantity.
1384  *
1385  * Comparing against this, rather than against G_MAXINT2, when checking
1386  * whether a time stamp will fit in a 32-bit unsigned integer seconds
1387  * field in a capture file being written avoids signed vs. unsigned
1388  * warnings if time_t is a signed 32-bit type.
1389  *
1390  * XXX - what if time_t is unsigned? Are there any platforms where
1391  * it is?
1392  */
1393 #define WTAP_NSTIME_32BIT_SECS_MAX ((time_t)(sizeof(time_t) > sizeof(int32_t) ? UINT32_MAX : INT32_MAX))
1394 
1395 typedef struct wtap_rec {
1396  unsigned rec_type; /* what type of record is this? */
1397  uint32_t presence_flags; /* what stuff do we have? */
1398  unsigned section_number; /* section, within file, containing this record */
1399  nstime_t ts; /* time stamp */
1400  int tsprec; /* WTAP_TSPREC_ value for this record */
1401  nstime_t ts_rel_cap; /* time stamp relative from capture start */
1402  bool ts_rel_cap_valid; /* is ts_rel_cap valid and can be used? */
1403  union {
1404  wtap_packet_header packet_header;
1405  wtap_ft_specific_header ft_specific_header;
1406  wtap_syscall_header syscall_header;
1407  wtap_systemd_journal_export_header systemd_journal_export_header;
1408  wtap_custom_block_header custom_block_header;
1409  } rec_header;
1410 
1411  wtap_block_t block ; /* packet block; holds comments and verdicts in its options */
1412  bool block_was_modified; /* true if ANY aspect of the block has been modified */
1413 
1414  /*
1415  * We use a Buffer so that we don't have to allocate and free
1416  * a buffer for the options for each record.
1417  */
1418  Buffer options_buf; /* file-type specific data */
1419 } wtap_rec;
1420 
1421 /*
1422  * Bits in presence_flags, indicating which of the fields we have.
1423  *
1424  * For the time stamp, we may need some more flags to indicate
1425  * whether the time stamp is an absolute date-and-time stamp, an
1426  * absolute time-only stamp (which can make relative time
1427  * calculations tricky, as you could in theory have two time
1428  * stamps separated by an unknown number of days), or a time stamp
1429  * relative to some unspecified time in the past (see mpeg.c).
1430  *
1431  * There is no presence flag for len - there has to be *some* length
1432  * value for the packet. (The "captured length" can be missing if
1433  * the file format doesn't report a captured length distinct from
1434  * the on-the-network length because the application(s) producing those
1435  * files don't support slicing packets.)
1436  *
1437  * There could be a presence flag for the packet encapsulation - if it's
1438  * absent, use the file encapsulation - but it's not clear that's useful;
1439  * we currently do that in the module for the file format.
1440  *
1441  * Only WTAP_HAS_TS and WTAP_HAS_SECTION_NUMBER apply to all record types.
1442  */
1443 #define WTAP_HAS_TS 0x00000001
1444 #define WTAP_HAS_CAP_LEN 0x00000002
1445 #define WTAP_HAS_INTERFACE_ID 0x00000004
1446 #define WTAP_HAS_SECTION_NUMBER 0x00000008
1448 #ifndef MAXNAMELEN
1449 #define MAXNAMELEN 64 /* max name length (hostname and port name) */
1450 #endif
1451 
1452 typedef struct hashipv4 {
1453  unsigned addr;
1454  uint8_t flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1455  char ip[WS_INET_ADDRSTRLEN];
1456  char name[MAXNAMELEN];
1457 } hashipv4_t;
1458 
1459 typedef struct hashipv6 {
1460  uint8_t addr[16];
1461  uint8_t flags; /* B0 dummy_entry, B1 resolve, B2 If the address is used in the trace */
1462  char ip6[WS_INET6_ADDRSTRLEN];
1463  char name[MAXNAMELEN];
1464 } hashipv6_t;
1465 
1469 typedef struct addrinfo_lists {
1473 
1490 typedef struct wtap_dump_params {
1491  int encap;
1492  int snaplen;
1493  int tsprec;
1494  GArray *shb_hdrs;
1495  const GArray *shb_iface_to_global;
1499  const GArray *nrbs_growing;
1502  GArray *dsbs_initial;
1503  const GArray *dsbs_growing;
1506  const GArray *mevs_growing;
1511 
1512 /* Zero-initializer for wtap_dump_params. */
1513 #define WTAP_DUMP_PARAMS_INIT {.snaplen=0}
1514 
1515 struct wtap_dumper;
1516 
1517 typedef struct wtap wtap;
1518 typedef struct wtap_dumper wtap_dumper;
1519 
1520 typedef struct wtap_reader *FILE_T;
1521 
1522 /* Similar to the wtap_open_routine_info for open routines, the following
1523  * wtap_wslua_file_info struct is used by wslua code for Lua-based file writers.
1524  *
1525  * This concept is necessary because when wslua goes to invoke the
1526  * registered dump/write_open routine callback in Lua, it needs the ref number representing
1527  * the hooked function inside Lua. This will be stored in the thing pointed to
1528  * by the void* data here. This 'data' pointer will be copied into the
1529  * wtap_dumper struct's 'void* data' member when calling the dump_open function,
1530  * which is how wslua finally retrieves it. Unlike wtap_dumper's 'priv' member, its
1531  * 'data' member is not free'd in wtap_dump_close().
1532  */
1533 typedef struct wtap_wslua_file_info {
1534  int (*wslua_can_write_encap)(int, void*); /* a can_write_encap func for wslua uses */
1535  void* wslua_data; /* holds the wslua data */
1537 
1538 /*
1539  * For registering extensions used for file formats.
1540  *
1541  * These items are used in dialogs for opening files, so that
1542  * the user can ask to see all capture files (as identified
1543  * by file extension) or particular types of capture files.
1544  *
1545  * Each item has a human-readable description of the file types
1546  * (possibly more than one!) that use all of this set of extensions,
1547  * a flag indicating whether it's a capture file or just some file
1548  * whose contents we can dissect, and a list of extensions files of
1549  * that type might have.
1550  *
1551  * Note that entries in this table do *not* necessarily correspoond
1552  * to single file types; for example, the entry that lists just "cap"
1553  * is for several file formats, all of which use the extension ".cap".
1554  *
1555  * Also note that a given extension may appear in multiple entries;
1556  * for example, "cap" (again!) is in an entry for some file types
1557  * that use only ".cap" and in entries for file types that use
1558  * ".cap" and some other extensions, and ".trc" is used both for
1559  * DOS Sniffer Token Ring captures ("trc") and EyeSDN USB ISDN
1560  * trace files ("tr{a}c{e}").
1561  *
1562  * Some entries aren't for capture file types, they're just generic types,
1563  * such as "text file" or "XML file", that can be used for, among other
1564  * things, captures we can read, or for file formats we can read in
1565  * order to dissect the contents of the file (think of this as "Fileshark",
1566  * which is a program that we really should have). Those are marked
1567  * specially, because, in file section dialogs, the user should be able
1568  * to select "All Capture Files" and get a set of extensions that are
1569  * associated with capture file formats, but not with files in other
1570  * formats that might or might not contain captured packets (such as
1571  * .txt or .xml") or formats that aren't capture files but that we
1572  * support as "we're being Fileshark now" (such as .jpeg). The routine
1573  * that constructs a list of extensions for "All Capture Files" omits
1574  * extensions for those entries.
1575  */
1577  /* the file type description */
1578  const char *name;
1579 
1580  /* true if this is a capture file type */
1581  bool is_capture_file;
1582 
1583  /* a semicolon-separated list of file extensions used for this type */
1584  const char *extensions;
1585 };
1586 
1587 /*
1588  * For registering file types that we can open.
1589  *
1590  * Each file type has an open routine.
1591  *
1592  * The open routine should return:
1593  *
1594  * WTAP_OPEN_ERROR on an I/O error;
1595  *
1596  * WTAP_OPEN_MINE if the file it's reading is one of the types
1597  * it handles;
1598  *
1599  * WTAP_OPEN_NOT_MINE if the file it's reading isn't one of the
1600  * types it handles.
1601  *
1602  * If the routine handles this type of file, it should set the
1603  * "file_type_subtype" field in the "struct wtap" to the type of the file.
1604  *
1605  * Note that the routine does not have to free the private data pointer on
1606  * error. The caller takes care of that by calling wtap_close on error.
1607  * (See https://gitlab.com/wireshark/wireshark/-/issues/8518)
1608  *
1609  * However, the caller does have to free the private data pointer when
1610  * returning WTAP_OPEN_NOT_MINE, since the next file type will be called
1611  * and will likely just overwrite the pointer.
1612  */
1613 typedef enum {
1614  WTAP_OPEN_NOT_MINE = 0,
1615  WTAP_OPEN_MINE = 1,
1616  WTAP_OPEN_ERROR = -1
1617 } wtap_open_return_val;
1618 
1619 typedef wtap_open_return_val (*wtap_open_routine_t)(struct wtap*, int *,
1620  char **);
1621 
1622 /*
1623  * Some file formats have defined magic numbers at fixed offsets from
1624  * the beginning of the file; those routines should return 1 if and
1625  * only if the file has the magic number at that offset. (pcapng
1626  * is a bit of a special case, as it has both the Section Header Block
1627  * type field and its byte-order magic field; it checks for both.)
1628  * Those file formats do not require a file name extension in order
1629  * to recognize them or to avoid recognizing other file types as that
1630  * type, and have no extensions specified for them.
1631  *
1632  * Other file formats don't have defined magic numbers at fixed offsets,
1633  * so a heuristic is required. If that file format has any file name
1634  * extensions used for it, a list of those extensions should be
1635  * specified, so that, if the name of the file being opened has an
1636  * extension, the file formats that use that extension are tried before
1637  * the ones that don't, to handle the case where a file of one type
1638  * might be recognized by the heuristics for a different file type.
1639  */
1640 typedef enum {
1641  OPEN_INFO_MAGIC = 0,
1642  OPEN_INFO_HEURISTIC = 1
1643 } wtap_open_type;
1644 
1645 WS_DLL_PUBLIC void init_open_routines(void);
1646 
1647 void cleanup_open_routines(void);
1648 
1649 /*
1650  * Information about a given file type that applies to all subtypes of
1651  * the file type.
1652  *
1653  * Each file type has:
1654  *
1655  * a human-readable description of the file type, for use in the
1656  * user interface;
1657  * a wtap_open_type indication of how the open routine
1658  * determines whether a file is of that type;
1659  * an open routine;
1660  * an optional list of extensions used for this file type;
1661  * data to be passed to Lua file readers - this should be NULL for
1662  * non-Lua (C) file readers.
1663  *
1664  * The list of file extensions is used as a hint when calling open routines
1665  * to open a file; heuristic open routines whose list of extensions includes
1666  * the file's extension are called before heuristic open routines whose
1667  * (possibly-empty) list of extensions doesn't contain the file's extension,
1668  * to reduce the chances that a file will be misidentified due to an heuristic
1669  * test with a weak heuristic being done before a heuristic test for the
1670  * file's type.
1671  *
1672  * The list of extensions should be NULL for magic-number open routines,
1673  * as it will not be used for any purpose (no such hinting is done).
1674  */
1675 struct open_info {
1676  const char *name; /* Description */
1677  wtap_open_type type; /* Open routine type */
1678  wtap_open_routine_t open_routine; /* Open routine */
1679  const char *extensions; /* List of extensions used for this file type */
1680  char **extensions_set; /* Array of those extensions; populated using extensions member during initialization */
1681  void* wslua_data; /* Data for Lua file readers */
1682 };
1683 WS_DLL_PUBLIC struct open_info *open_routines;
1684 
1685 /*
1686  * Types of comments.
1687  */
1688 #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */
1689 #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */
1690 #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */
1691 
1692 /*
1693  * For a given option type in a certain block type, does a file format
1694  * not support it, support only one such option, or support multiple
1695  * such options?
1696  */
1697 typedef enum {
1698  OPTION_NOT_SUPPORTED,
1699  ONE_OPTION_SUPPORTED,
1700  MULTIPLE_OPTIONS_SUPPORTED
1701 } option_support_t;
1702 
1703 /*
1704  * Entry in a table of supported option types.
1705  */
1707  unsigned opt;
1708  option_support_t support; /* OPTION_NOT_SUPPORTED allowed, equivalent to absence */
1709 };
1710 
1711 #define OPTION_TYPES_SUPPORTED(option_type_array) \
1712  array_length(option_type_array), option_type_array
1713 
1714 #define NO_OPTIONS_SUPPORTED \
1715  0, NULL
1716 
1717 /*
1718  * For a given block type, does a file format not support it, support
1719  * only one such block, or support multiple such blocks?
1720  */
1721 typedef enum {
1722  BLOCK_NOT_SUPPORTED,
1723  ONE_BLOCK_SUPPORTED,
1724  MULTIPLE_BLOCKS_SUPPORTED
1725 } block_support_t;
1726 
1727 /*
1728  * Entry in a table of supported block types.
1729  */
1731  wtap_block_type_t type;
1732  block_support_t support; /* BLOCK_NOT_SUPPORTED allowed, equivalent to absence */
1733  size_t num_supported_options;
1734  const struct supported_option_type *supported_options;
1735 };
1736 
1737 #define BLOCKS_SUPPORTED(block_type_array) \
1738  array_length(block_type_array), block_type_array
1739 
1744  const char *description;
1745 
1750  const char *name;
1751 
1757 
1765 
1770 
1775 
1780 
1789  int (*can_write_encap)(int);
1790 
1795  bool (*dump_open)(wtap_dumper *, int *, char **);
1796 
1802 };
1803 
1804 #define WTAP_TYPE_AUTO 0
1805 
1811 WS_DLL_PUBLIC
1812 void wtap_init(bool load_wiretap_plugins);
1813 
1826 WS_DLL_PUBLIC
1827 struct wtap* wtap_open_offline(const char *filename, unsigned int type, int *err,
1828  char **err_info, bool do_random);
1829 
1835 WS_DLL_PUBLIC
1836 void wtap_cleareof(wtap *wth);
1837 
1842 typedef void (*wtap_new_ipv4_callback_t) (const unsigned addr, const char *name, const bool static_entry);
1843 WS_DLL_PUBLIC
1844 void wtap_set_cb_new_ipv4(wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4);
1845 
1846 typedef void (*wtap_new_ipv6_callback_t) (const void *addrp, const char *name, const bool static_entry);
1847 WS_DLL_PUBLIC
1848 void wtap_set_cb_new_ipv6(wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6);
1849 
1854 typedef void (*wtap_new_secrets_callback_t)(uint32_t secrets_type, const void *secrets, unsigned size);
1855 WS_DLL_PUBLIC
1856 void wtap_set_cb_new_secrets(wtap *wth, wtap_new_secrets_callback_t add_new_secrets);
1857 
1873 WS_DLL_PUBLIC
1874 bool wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err,
1875  char **err_info, int64_t *offset);
1876 
1893 WS_DLL_PUBLIC
1894 bool wtap_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec,
1895  Buffer *buf, int *err, char **err_info);
1896 
1897 /*** initialize a wtap_rec structure ***/
1898 WS_DLL_PUBLIC
1899 void wtap_rec_init(wtap_rec *rec);
1900 
1901 /*** Re-initialize a wtap_rec structure ***/
1902 WS_DLL_PUBLIC
1903 void wtap_rec_reset(wtap_rec *rec);
1904 
1905 /*** clean up a wtap_rec structure, freeing what wtap_rec_init() allocated */
1906 WS_DLL_PUBLIC
1907 void wtap_rec_cleanup(wtap_rec *rec);
1908 
1909 /*
1910  * Types of compression for a file, including "none".
1911  */
1912 typedef enum {
1913  WTAP_UNCOMPRESSED,
1914  WTAP_GZIP_COMPRESSED,
1915  WTAP_ZSTD_COMPRESSED,
1916  WTAP_LZ4_COMPRESSED
1917 } wtap_compression_type;
1918 
1919 WS_DLL_PUBLIC
1920 wtap_compression_type wtap_get_compression_type(wtap *wth);
1921 WS_DLL_PUBLIC
1922 const char *wtap_compression_type_description(wtap_compression_type compression_type);
1923 WS_DLL_PUBLIC
1924 const char *wtap_compression_type_extension(wtap_compression_type compression_type);
1925 WS_DLL_PUBLIC
1926 GSList *wtap_get_all_compression_type_extensions_list(void);
1927 
1928 /*** get various information snippets about the current file ***/
1929 
1932 WS_DLL_PUBLIC
1933 int64_t wtap_read_so_far(wtap *wth);
1934 WS_DLL_PUBLIC
1935 int64_t wtap_file_size(wtap *wth, int *err);
1936 WS_DLL_PUBLIC
1937 unsigned wtap_snapshot_length(wtap *wth); /* per file */
1938 WS_DLL_PUBLIC
1939 int wtap_file_type_subtype(wtap *wth);
1940 WS_DLL_PUBLIC
1941 int wtap_file_encap(wtap *wth);
1942 WS_DLL_PUBLIC
1943 int wtap_file_tsprec(wtap *wth);
1944 
1952 WS_DLL_PUBLIC
1953 unsigned wtap_file_get_num_shbs(wtap *wth);
1954 
1967 WS_DLL_PUBLIC
1968 wtap_block_t wtap_file_get_shb(wtap *wth, unsigned shb_num);
1969 
1980 WS_DLL_PUBLIC
1981 void wtap_write_shb_comment(wtap *wth, char *comment);
1982 
1994 WS_DLL_PUBLIC
1995 unsigned wtap_file_get_shb_global_interface_id(wtap *wth, unsigned shb_num, uint32_t interface_id);
1996 
2007 WS_DLL_PUBLIC
2009 
2019 WS_DLL_PUBLIC
2021 
2034 WS_DLL_PUBLIC
2036 
2048 WS_DLL_PUBLIC
2049 char *wtap_get_debug_if_descr(const wtap_block_t if_descr,
2050  const int indent,
2051  const char* line_end);
2052 
2065 WS_DLL_PUBLIC
2067 
2075 WS_DLL_PUBLIC
2076 unsigned wtap_file_get_num_dsbs(wtap *wth);
2077 
2088 WS_DLL_PUBLIC
2089 wtap_block_t wtap_file_get_dsb(wtap *wth, unsigned dsb_num);
2090 
2099 WS_DLL_PUBLIC
2100 void wtap_file_add_decryption_secrets(wtap *wth, const wtap_block_t dsb);
2101 
2110 WS_DLL_PUBLIC
2112 
2113 /*** close the file descriptors for the current file ***/
2114 WS_DLL_PUBLIC
2115 void wtap_fdclose(wtap *wth);
2116 
2117 /*** reopen the random file descriptor for the current file ***/
2118 WS_DLL_PUBLIC
2119 bool wtap_fdreopen(wtap *wth, const char *filename, int *err);
2120 
2122 WS_DLL_PUBLIC
2123 void wtap_sequential_close(wtap *wth);
2124 
2126 WS_DLL_PUBLIC
2127 void wtap_close(wtap *wth);
2128 
2129 /*** dump packets into a capture file ***/
2130 WS_DLL_PUBLIC
2131 bool wtap_dump_can_open(int filetype);
2132 
2137 WS_DLL_PUBLIC
2138 int wtap_dump_required_file_encap_type(const GArray *file_encaps);
2139 
2144 WS_DLL_PUBLIC
2145 bool wtap_dump_can_write_encap(int file_type_subtype, int encap);
2146 
2151 WS_DLL_PUBLIC
2152 bool wtap_dump_can_compress(int file_type_subtype);
2153 
2163 WS_DLL_PUBLIC
2164 void wtap_dump_params_init(wtap_dump_params *params, wtap *wth);
2165 
2180 WS_DLL_PUBLIC
2182 
2190 WS_DLL_PUBLIC
2192 
2200 WS_DLL_PUBLIC
2202 
2209 WS_DLL_PUBLIC
2211 
2224 WS_DLL_PUBLIC
2225 wtap_dumper* wtap_dump_open(const char *filename, int file_type_subtype,
2226  wtap_compression_type compression_type, const wtap_dump_params *params,
2227  int *err, char **err_info);
2228 
2244 WS_DLL_PUBLIC
2245 wtap_dumper* wtap_dump_open_tempfile(const char *tmpdir, char **filenamep,
2246  const char *pfx,
2247  int file_type_subtype, wtap_compression_type compression_type,
2248  const wtap_dump_params *params, int *err, char **err_info);
2249 
2262 WS_DLL_PUBLIC
2263 wtap_dumper* wtap_dump_fdopen(int fd, int file_type_subtype,
2264  wtap_compression_type compression_type, const wtap_dump_params *params,
2265  int *err, char **err_info);
2266 
2278 WS_DLL_PUBLIC
2279 wtap_dumper* wtap_dump_open_stdout(int file_type_subtype,
2280  wtap_compression_type compression_type, const wtap_dump_params *params,
2281  int *err, char **err_info);
2282 
2283 /*
2284  * Add an IDB to the list of IDBs for a file we're writing.
2285  * Makes a copy of the IDB, so it can be freed after this call is made.
2286  *
2287  * @param wdh handle for the file we're writing.
2288  * @param idb the IDB to add
2289  * @param[out] err Will be set to an error code on failure.
2290  * @param[out] err_info for some errors, a string giving more details of
2291  * the error.
2292  * @return true on success, false on failure.
2293  */
2294 WS_DLL_PUBLIC
2295 bool wtap_dump_add_idb(wtap_dumper *wdh, wtap_block_t idb, int *err,
2296  char **err_info);
2297 WS_DLL_PUBLIC
2298 bool wtap_dump(wtap_dumper *, const wtap_rec *, const uint8_t *,
2299  int *err, char **err_info);
2300 WS_DLL_PUBLIC
2301 bool wtap_dump_flush(wtap_dumper *, int *);
2302 WS_DLL_PUBLIC
2303 int wtap_dump_file_type_subtype(wtap_dumper *wdh);
2304 WS_DLL_PUBLIC
2305 int64_t wtap_get_bytes_dumped(wtap_dumper *);
2306 WS_DLL_PUBLIC
2307 void wtap_set_bytes_dumped(wtap_dumper *wdh, int64_t bytes_dumped);
2308 struct addrinfo;
2309 WS_DLL_PUBLIC
2310 bool wtap_addrinfo_list_empty(addrinfo_lists_t *addrinfo_lists);
2311 WS_DLL_PUBLIC
2312 bool wtap_dump_set_addrinfo_list(wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists);
2313 WS_DLL_PUBLIC
2314 void wtap_dump_discard_name_resolution(wtap_dumper *wdh);
2315 WS_DLL_PUBLIC
2316 void wtap_dump_discard_decryption_secrets(wtap_dumper *wdh);
2317 
2334 WS_DLL_PUBLIC
2335 bool wtap_dump_close(wtap_dumper *wdh, bool *needs_reload,
2336  int *err, char **err_info);
2337 
2342 WS_DLL_PUBLIC
2343 bool wtap_dump_can_write(const GArray *file_encaps, uint32_t required_comment_types);
2344 
2357 WS_DLL_PUBLIC
2358 void wtap_buffer_append_epdu_tag(Buffer *buf, uint16_t epdu_tag, const uint8_t *data, uint16_t data_len);
2359 
2368 WS_DLL_PUBLIC
2369 void wtap_buffer_append_epdu_uint(Buffer *buf, uint16_t epdu_tag, uint32_t val);
2370 
2379 WS_DLL_PUBLIC
2380 void wtap_buffer_append_epdu_string(Buffer *buf, uint16_t epdu_tag, const char *val);
2381 
2390 WS_DLL_PUBLIC
2392 
2393 /*
2394  * Sort the file types by name or by description?
2395  */
2396 typedef enum {
2397  FT_SORT_BY_NAME,
2398  FT_SORT_BY_DESCRIPTION
2399 } ft_sort_order;
2400 
2406 WS_DLL_PUBLIC
2407 GArray *wtap_get_savable_file_types_subtypes_for_file(int file_type_subtype,
2408  const GArray *file_encaps, uint32_t required_comment_types,
2409  ft_sort_order sort_order);
2410 
2414 WS_DLL_PUBLIC
2415 GArray *wtap_get_writable_file_types_subtypes(ft_sort_order sort_order);
2416 
2417 /*** various file type/subtype functions ***/
2418 WS_DLL_PUBLIC
2419 const char *wtap_file_type_subtype_description(int file_type_subtype);
2420 WS_DLL_PUBLIC
2421 const char *wtap_file_type_subtype_name(int file_type_subtype);
2422 WS_DLL_PUBLIC
2423 int wtap_name_to_file_type_subtype(const char *name);
2424 WS_DLL_PUBLIC
2425 int wtap_pcap_file_type_subtype(void);
2426 WS_DLL_PUBLIC
2427 int wtap_pcap_nsec_file_type_subtype(void);
2428 WS_DLL_PUBLIC
2429 int wtap_pcapng_file_type_subtype(void);
2430 
2435 WS_DLL_PUBLIC
2436 block_support_t wtap_file_type_subtype_supports_block(int file_type_subtype,
2437  wtap_block_type_t type);
2438 
2443 WS_DLL_PUBLIC
2444 option_support_t wtap_file_type_subtype_supports_option(int file_type_subtype,
2445  wtap_block_type_t type, unsigned opttype);
2446 
2447 /* Return a list of all extensions that are used by all capture file
2448  * types, including compressed extensions, e.g. not just "pcap" but
2449  * also "pcap.gz" if we can read gzipped files.
2450  *
2451  * "Capture files" means "include file types that correspond to
2452  * collections of network packets, but not file types that
2453  * store data that just happens to be transported over protocols
2454  * such as HTTP but that aren't collections of network packets",
2455  * so that it could be used for "All Capture Files" without picking
2456  * up JPEG files or files such as that - those aren't capture files,
2457  * and we *do* have them listed in the long list of individual file
2458  * types, so omitting them from "All Capture Files" is the right
2459  * thing to do.
2460  *
2461  * All strings in the list are allocated with g_malloc() and must be freed
2462  * with g_free().
2463  *
2464  * This is used to generate a list of extensions to look for if the user
2465  * chooses "All Capture Files" in a file open dialog.
2466  */
2467 WS_DLL_PUBLIC
2468 GSList *wtap_get_all_capture_file_extensions_list(void);
2469 
2470 /* Return a list of all extensions that are used by all file types that
2471  * we can read, including compressed extensions, e.g. not just "pcap" but
2472  * also "pcap.gz" if we can read gzipped files.
2473  *
2474  * "File type" means "include file types that correspond to collections
2475  * of network packets, as well as file types that store data that just
2476  * happens to be transported over protocols such as HTTP but that aren't
2477  * collections of network packets, and plain text files".
2478  *
2479  * All strings in the list are allocated with g_malloc() and must be freed
2480  * with g_free().
2481  */
2482 WS_DLL_PUBLIC
2483 GSList *wtap_get_all_file_extensions_list(void);
2484 
2485 /*
2486  * Free a list returned by wtap_get_file_extension_type_extensions(),
2487  * wtap_get_all_capture_file_extensions_list, wtap_get_file_extensions_list(),
2488  * or wtap_get_all_file_extensions_list().
2489  */
2490 WS_DLL_PUBLIC
2491 void wtap_free_extensions_list(GSList *extensions);
2492 
2493 /*
2494  * Return the default file extension to use with the specified file type
2495  * and subtype; that's just the extension, without any ".".
2496  */
2497 WS_DLL_PUBLIC
2498 const char *wtap_default_file_extension(int file_type_subtype);
2499 
2500 /* Return a list of file extensions that are used by the specified file type
2501  * and subtype.
2502  *
2503  * If include_compressed is true, the list will include compressed
2504  * extensions, e.g. not just "pcap" but also "pcap.gz" if we can read
2505  * gzipped files.
2506  *
2507  * All strings in the list are allocated with g_malloc() and must be freed
2508  * with g_free().
2509  */
2510 WS_DLL_PUBLIC
2511 GSList *wtap_get_file_extensions_list(int file_type_subtype, bool include_compressed);
2512 
2513 WS_DLL_PUBLIC
2514 const char *wtap_encap_name(int encap);
2515 WS_DLL_PUBLIC
2516 const char *wtap_encap_description(int encap);
2517 WS_DLL_PUBLIC
2518 int wtap_name_to_encap(const char *short_name);
2519 
2520 WS_DLL_PUBLIC
2521 const char* wtap_tsprec_string(int tsprec);
2522 
2523 WS_DLL_PUBLIC
2524 const char *wtap_strerror(int err);
2525 
2526 /*** get available number of file types and encapsulations ***/
2527 WS_DLL_PUBLIC
2528 int wtap_get_num_file_type_extensions(void);
2529 WS_DLL_PUBLIC
2530 int wtap_get_num_encap_types(void);
2531 
2532 /*** get information for file type extension ***/
2533 WS_DLL_PUBLIC
2534 const char *wtap_get_file_extension_type_name(int extension_type);
2535 WS_DLL_PUBLIC
2536 GSList *wtap_get_file_extension_type_extensions(unsigned extension_type);
2537 
2538 /*** dynamically register new file types and encapsulations ***/
2539 WS_DLL_PUBLIC
2540 void wtap_register_file_type_extension(const struct file_extension_info *ei);
2541 
2542 typedef struct {
2543  void (*register_wtap_module)(void); /* routine to call to register a wiretap module */
2544 } wtap_plugin;
2545 
2546 WS_DLL_PUBLIC
2547 void wtap_register_plugin(const wtap_plugin *plug);
2548 
2554 WS_DLL_PUBLIC
2555 int wtap_plugins_supported(void);
2556 
2557 WS_DLL_PUBLIC
2558 void wtap_register_open_info(struct open_info *oi, const bool first_routine);
2559 WS_DLL_PUBLIC
2560 bool wtap_has_open_info(const char *name);
2561 WS_DLL_PUBLIC
2562 bool wtap_uses_lua_filehandler(const wtap* wth);
2563 WS_DLL_PUBLIC
2564 void wtap_deregister_open_info(const char *name);
2565 
2566 WS_DLL_PUBLIC
2567 unsigned int open_info_name_to_type(const char *name);
2568 WS_DLL_PUBLIC
2569 int wtap_register_file_type_subtype(const struct file_type_subtype_info* fi);
2570 WS_DLL_PUBLIC
2571 void wtap_deregister_file_type_subtype(const int file_type_subtype);
2572 
2573 WS_DLL_PUBLIC
2574 int wtap_register_encap_type(const char *description, const char *name);
2575 
2576 /*** Cleanup the internal library structures */
2577 WS_DLL_PUBLIC
2578 void wtap_cleanup(void);
2579 
2583 #define WTAP_ERR_NOT_REGULAR_FILE -1
2586 #define WTAP_ERR_RANDOM_OPEN_PIPE -2
2589 #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3
2592 #define WTAP_ERR_UNSUPPORTED -4
2596 #define WTAP_ERR_CANT_WRITE_TO_PIPE -5
2599 #define WTAP_ERR_CANT_OPEN -6
2602 #define WTAP_ERR_UNWRITABLE_FILE_TYPE -7
2605 #define WTAP_ERR_UNWRITABLE_ENCAP -8
2609 #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9
2612 #define WTAP_ERR_CANT_WRITE -10
2615 #define WTAP_ERR_CANT_CLOSE -11
2618 #define WTAP_ERR_SHORT_READ -12
2621 #define WTAP_ERR_BAD_FILE -13
2624 #define WTAP_ERR_SHORT_WRITE -14
2627 #define WTAP_ERR_UNC_OVERFLOW -15
2630 #define WTAP_ERR_RANDOM_OPEN_STDIN -16
2633 #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17
2636 #define WTAP_ERR_CANT_SEEK -18
2639 #define WTAP_ERR_CANT_SEEK_COMPRESSED -19
2642 #define WTAP_ERR_DECOMPRESS -20
2645 #define WTAP_ERR_INTERNAL -21
2648 #define WTAP_ERR_PACKET_TOO_LARGE -22
2652 #define WTAP_ERR_CHECK_WSLUA -23
2656 #define WTAP_ERR_UNWRITABLE_REC_TYPE -24
2659 #define WTAP_ERR_UNWRITABLE_REC_DATA -25
2662 #define WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED -26
2665 #define WTAP_ERR_TIME_STAMP_NOT_SUPPORTED -27
2669 #ifdef __cplusplus
2670 }
2671 #endif /* __cplusplus */
2672 
2673 #endif /* __WTAP_H__ */
2674 
2675 /*
2676  * Editor modelines - https://www.wireshark.org/tools/modelines.html
2677  *
2678  * Local variables:
2679  * c-basic-offset: 4
2680  * tab-width: 8
2681  * indent-tabs-mode: nil
2682  * End:
2683  *
2684  * vi: set shiftwidth=4 tabstop=8 expandtab:
2685  * :indentSize=4:tabSize=8:noTabs=true:
2686  */
Definition: packet-eth.h:15
Definition: buffer.h:22
Definition: wtap.h:1469
GList * ipv6_addr_list
Definition: wtap.h:1471
GList * ipv4_addr_list
Definition: wtap.h:1470
Definition: wtap.h:514
Definition: wtap.h:487
Definition: wtap.h:1157
Definition: wtap.h:1051
Definition: wtap.h:1063
Definition: wtap.h:937
Definition: wtap.h:845
Definition: wtap.h:397
Definition: wtap.h:960
Definition: wtap.h:976
Definition: wtap.h:951
Definition: wtap.h:390
Definition: wtap.h:1576
Definition: wtap.h:1740
wtap_wslua_file_info_t * wslua_info
Definition: wtap.h:1801
const char * name
Definition: wtap.h:1750
const char * additional_file_extensions
Definition: wtap.h:1764
int(* can_write_encap)(int)
Definition: wtap.h:1789
const struct supported_block_type * supported_blocks
Definition: wtap.h:1779
bool writing_must_seek
Definition: wtap.h:1769
const char * description
Definition: wtap.h:1744
bool(* dump_open)(wtap_dumper *, int *, char **)
Definition: wtap.h:1795
size_t num_supported_blocks
Definition: wtap.h:1774
const char * default_file_extension
Definition: wtap.h:1756
Definition: wtap.h:1081
Definition: wtap.h:1452
Definition: wtap.h:1459
Definition: wtap.h:1074
Definition: pcapio.c:113
Definition: wtap.h:577
Definition: wtap.h:778
Definition: wtap.h:600
Definition: wtap.h:704
Definition: wtap.h:745
Definition: wtap.h:755
Definition: wtap.h:590
Definition: wtap.h:636
Definition: wtap.h:652
Definition: tvbuff_lz77huff.c:32
Definition: wtap.h:877
Definition: wtap.h:404
Definition: wtap.h:915
Definition: wtap.h:1069
Definition: wtap.h:930
Definition: wtap.h:1132
Definition: wtap.h:1138
Definition: wtap.h:897
Definition: wtap.h:1144
Definition: wtap.h:883
Definition: wtap.h:1126
Definition: nstime.h:26
Definition: wtap.h:1103
Definition: wtap.h:1675
Definition: wtap.h:524
Definition: ngsniffer.c:80
Definition: wtap.h:1042
Definition: wtap.h:1730
Definition: wtap.h:1706
Definition: wtap_opttypes.c:85
Definition: wtap.h:1356
Definition: wtap.h:1490
const GArray * nrbs_growing
Definition: wtap.h:1499
const GArray * dsbs_growing
Definition: wtap.h:1503
int tsprec
Definition: wtap.h:1493
GArray * shb_hdrs
Definition: wtap.h:1494
int encap
Definition: wtap.h:1491
bool dont_copy_idbs
Definition: wtap.h:1509
GArray * dsbs_initial
Definition: wtap.h:1502
wtapng_iface_descriptions_t * idb_inf
Definition: wtap.h:1498
const GArray * mevs_growing
Definition: wtap.h:1506
const GArray * shb_iface_to_global
Definition: wtap.h:1495
int snaplen
Definition: wtap.h:1492
Definition: wtap-int.h:97
Definition: wtap.h:971
Definition: wtap.h:1332
Definition: wtap.h:1250
Definition: wtap.h:2542
Definition: file_wrappers.c:168
Definition: wtap.h:1395
Definition: wtap.h:1337
Definition: wtap.h:1352
Definition: wtap.h:1533
Definition: wtap-int.h:37
Definition: wtap_opttypes.h:218
Definition: wtap.h:767
Definition: wtap.h:905
Definition: wtap.h:1161
struct wtap_dump_params wtap_dump_params
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_tempfile(const char *tmpdir, char **filenamep, const char *pfx, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Creates a dumper for a temporary file.
Definition: file_access.c:2440
WS_DLL_PUBLIC void wtap_buffer_append_epdu_tag(Buffer *buf, uint16_t epdu_tag, const uint8_t *data, uint16_t data_len)
Definition: wtap.c:2046
void(* wtap_new_secrets_callback_t)(uint32_t secrets_type, const void *secrets, unsigned size)
Definition: wtap.h:1854
WS_DLL_PUBLIC bool wtap_seek_read(wtap *wth, int64_t seek_off, wtap_rec *rec, Buffer *buf, int *err, char **err_info)
Definition: wtap.c:1916
WS_DLL_PUBLIC void wtap_init(bool load_wiretap_plugins)
Initialize the Wiretap library.
Definition: wtap.c:2127
WS_DLL_PUBLIC int wtap_plugins_supported(void)
Definition: wtap.c:52
WS_DLL_PUBLIC wtap_block_t wtap_file_get_shb(wtap *wth, unsigned shb_num)
Gets existing section header block, not for new file.
Definition: wtap.c:129
WS_DLL_PUBLIC void wtap_dump_params_cleanup(wtap_dump_params *params)
Definition: wtap.c:607
WS_DLL_PUBLIC bool wtap_dump_close(wtap_dumper *wdh, bool *needs_reload, int *err, char **err_info)
Definition: file_access.c:2666
WS_DLL_PUBLIC wtap_block_t wtap_get_next_interface_description(wtap *wth)
Gets next interface description.
Definition: wtap.c:193
WS_DLL_PUBLIC void wtap_buffer_append_epdu_string(Buffer *buf, uint16_t epdu_tag, const char *val)
Definition: wtap.c:2093
WS_DLL_PUBLIC void wtap_free_idb_info(wtapng_iface_descriptions_t *idb_info)
Free's a interface description block and all of its members.
Definition: wtap.c:362
WS_DLL_PUBLIC void wtap_dump_params_discard_decryption_secrets(wtap_dump_params *params)
Definition: wtap.c:594
WS_DLL_PUBLIC int wtap_dump_required_file_encap_type(const GArray *file_encaps)
Definition: file_access.c:1455
WS_DLL_PUBLIC void wtap_dump_params_discard_name_resolution(wtap_dump_params *params)
Definition: wtap.c:588
WS_DLL_PUBLIC void wtap_dump_params_init_no_idbs(wtap_dump_params *params, wtap *wth)
Definition: wtap.c:567
WS_DLL_PUBLIC void wtap_buffer_append_epdu_uint(Buffer *buf, uint16_t epdu_tag, uint32_t val)
Definition: wtap.c:2077
WS_DLL_PUBLIC unsigned wtap_file_get_shb_global_interface_id(wtap *wth, unsigned shb_num, uint32_t interface_id)
Gets the unique interface id for a SHB's interface.
Definition: wtap.c:138
WS_DLL_PUBLIC unsigned wtap_file_get_num_shbs(wtap *wth)
Gets number of section header blocks.
Definition: wtap.c:123
WS_DLL_PUBLIC void wtap_dump_params_init(wtap_dump_params *params, wtap *wth)
Definition: wtap.c:541
WS_DLL_PUBLIC GArray * wtap_get_writable_file_types_subtypes(ft_sort_order sort_order)
Definition: file_access.c:1733
WS_DLL_PUBLIC void wtap_write_shb_comment(wtap *wth, char *comment)
Sets or replaces the section header comment.
Definition: wtap.c:173
WS_DLL_PUBLIC GArray * wtap_get_savable_file_types_subtypes_for_file(int file_type_subtype, const GArray *file_encaps, uint32_t required_comment_types, ft_sort_order sort_order)
Definition: file_access.c:1621
WS_DLL_PUBLIC int64_t wtap_read_so_far(wtap *wth)
Definition: wtap.c:1867
WS_DLL_PUBLIC void wtap_file_add_decryption_secrets(wtap *wth, const wtap_block_t dsb)
Adds a Decryption Secrets Block to the open wiretap session.
Definition: wtap.c:234
WS_DLL_PUBLIC wtap_dumper * wtap_dump_fdopen(int fd, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Creates a dumper for an existing file descriptor.
Definition: file_access.c:2502
WS_DLL_PUBLIC void wtap_cleareof(wtap *wth)
Definition: wtap.c:1596
struct addrinfo_lists addrinfo_lists_t
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_stdout(int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Creates a dumper for the standard output.
Definition: file_access.c:2537
WS_DLL_PUBLIC unsigned wtap_file_get_num_dsbs(wtap *wth)
Gets number of decryption secrets blocks.
Definition: wtap.c:216
WS_DLL_PUBLIC void wtap_close(wtap *wth)
Definition: wtap.c:1566
WS_DLL_PUBLIC wtapng_iface_descriptions_t * wtap_file_get_idb_info(wtap *wth)
Gets existing interface descriptions.
Definition: wtap.c:181
WS_DLL_PUBLIC struct wtap * wtap_open_offline(const char *filename, unsigned int type, int *err, char **err_info, bool do_random)
Definition: file_access.c:778
WS_DLL_PUBLIC bool wtap_dump_can_write_encap(int file_type_subtype, int encap)
Definition: file_access.c:1468
WS_DLL_PUBLIC bool wtap_dump_can_write(const GArray *file_encaps, uint32_t required_comment_types)
Definition: file_access.c:1570
WS_DLL_PUBLIC wtap_block_t wtap_file_get_dsb(wtap *wth, unsigned dsb_num)
Gets existing decryption secrets block, not for new file.
Definition: wtap.c:225
WS_DLL_PUBLIC bool wtap_dump_can_compress(int file_type_subtype)
Definition: file_access.c:2268
WS_DLL_PUBLIC wtap_dumper * wtap_dump_open(const char *filename, int file_type_subtype, wtap_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info)
Opens a new capture file for writing.
Definition: file_access.c:2401
WS_DLL_PUBLIC bool wtap_file_discard_decryption_secrets(wtap *wth)
Definition: wtap.c:243
WS_DLL_PUBLIC bool wtap_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, char **err_info, int64_t *offset)
Definition: wtap.c:1728
WS_DLL_PUBLIC char * wtap_get_debug_if_descr(const wtap_block_t if_descr, const int indent, const char *line_end)
Gets a debug string of an interface description.
Definition: wtap.c:372
WS_DLL_PUBLIC int wtap_buffer_append_epdu_end(Buffer *buf)
Definition: wtap.c:2110
WS_DLL_PUBLIC block_support_t wtap_file_type_subtype_supports_block(int file_type_subtype, wtap_block_type_t type)
Definition: file_access.c:1908
WS_DLL_PUBLIC wtap_block_t wtap_file_get_nrb(wtap *wth)
Gets existing name resolution block, not for new file.
Definition: wtap.c:511
WS_DLL_PUBLIC void wtap_sequential_close(wtap *wth)
Definition: wtap.c:1533
void(* wtap_new_ipv4_callback_t)(const unsigned addr, const char *name, const bool static_entry)
Definition: wtap.h:1842
WS_DLL_PUBLIC option_support_t wtap_file_type_subtype_supports_option(int file_type_subtype, wtap_block_type_t type, unsigned opttype)
Definition: file_access.c:1943