diff options
| author | Michael Mann <mmann78@netscape.net> | 2016-01-25 20:17:21 -0500 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2016-02-23 00:39:38 +0000 |
| commit | 08d49ff2e06cb35dc9084735aa60c83686afdd9c (patch) | |
| tree | 93d55773a42d4a1cf64b6544c6e2f3ec03ef4f4e /wiretap/pcapng.h | |
| parent | 37acf433dbb2ef1d443c9ee09a315b0b4ce136d8 (diff) | |
| download | wireshark-08d49ff2e06cb35dc9084735aa60c83686afdd9c.tar.gz | |
Making wiretap option blocks more generic.
This was inspired by https://code.wireshark.org/review/9729/, but takes it in a different direction where all options are put into an array, regardless of whether they are "standard" or "custom". It should be easier to add "custom" options in this design. Some, but not all blocks have been converted.
Descriptions of some of the block options have been moved from wtap.h to pcapng.h as it seems to be the one that implements the description of the blocks.
Also what could be added/refactored is registering block behavior.
Change-Id: I3dffa38f0bb088f98749a4f97a3b7655baa4aa6a
Reviewed-on: https://code.wireshark.org/review/13667
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'wiretap/pcapng.h')
| -rw-r--r-- | wiretap/pcapng.h | 89 |
1 files changed, 88 insertions, 1 deletions
diff --git a/wiretap/pcapng.h b/wiretap/pcapng.h index a568ab1a94..7827a83482 100644 --- a/wiretap/pcapng.h +++ b/wiretap/pcapng.h @@ -22,9 +22,96 @@ #define __W_PCAPNG_H__ #include <glib.h> -#include <wtap.h> +#include "wtap.h" #include "ws_symbol_export.h" +/* Option codes: 16-bit field */ +#define OPT_EOFOPT 0x0000 +#define OPT_COMMENT 0x0001 /**< NULL if not available */ + +/* Section Header block (SHB) */ +#define OPT_SHB_HARDWARE 0x0002 /**< NULL if not available + * UTF-8 string containing the description of the + * hardware used to create this section. + */ +#define OPT_SHB_OS 0x0003 /**< NULL if not available, UTF-8 string containing the + * name of the operating system used to create this section. + */ +#define OPT_SHB_USERAPPL 0x0004 /**< NULL if not available, UTF-8 string containing the + * name of the application used to create this section. + */ + +/* Interface Description block (IDB) */ +#define OPT_IDB_NAME 0x0002 /**< NULL if not available, A UTF-8 string containing the name + * of the device used to capture data. + * "eth0" / "\Device\NPF_{AD1CE675-96D0-47C5-ADD0-2504B9126B68}" + */ +#define OPT_IDB_DESCR 0x0003 /**< NULL if not available, A UTF-8 string containing the description + * of the device used to capture data. + * "Broadcom NetXtreme" / "First Ethernet Interface" + */ +#define OPT_IDB_IP4ADDR 0x0004 /**< XXX: if_IPv4addr Interface network address and netmask. + * This option can be repeated multiple times within the same Interface Description Block + * when multiple IPv4 addresses are assigned to the interface. + * 192 168 1 1 255 255 255 0 + */ +#define OPT_IDB_IP6ADDR 0x0005 /* XXX: if_IPv6addr Interface network address and prefix length (stored in the last byte). + * This option can be repeated multiple times within the same Interface + * Description Block when multiple IPv6 addresses are assigned to the interface. + * 2001:0db8:85a3:08d3:1319:8a2e:0370:7344/64 is written (in hex) as + * "20 01 0d b8 85 a3 08 d3 13 19 8a 2e 03 70 73 44 40"*/ +#define OPT_IDB_MACADDR 0x0006 /* XXX: if_MACaddr Interface Hardware MAC address (48 bits). */ +#define OPT_IDB_EUIADDR 0x0007 /* XXX: if_EUIaddr Interface Hardware EUI address (64 bits) */ +#define OPT_IDB_SPEED 0x0008 /**< 0xFFFFFFFF if unknown + * Interface speed (in bps). 100000000 for 100Mbps + */ +#define OPT_IDB_TSRESOL 0x0009 /**< Resolution of timestamps. If the Most Significant Bit is equal to zero, + * the remaining bits indicates the resolution of the timestamp as as a + * negative power of 10 (e.g. 6 means microsecond resolution, timestamps + * are the number of microseconds since 1/1/1970). If the Most Significant Bit + * is equal to one, the remaining bits indicates the resolution has a + * negative power of 2 (e.g. 10 means 1/1024 of second). + * If this option is not present, a resolution of 10^-6 is assumed + * (i.e. timestamps have the same resolution of the standard 'libpcap' timestamps). + */ +#define OPT_IDB_TZONE 0x000A /* XXX: if_tzone Time zone for GMT support (TODO: specify better). */ +#define OPT_IDB_FILTER 0x000B /**< The filter (e.g. "capture only TCP traffic") used to capture traffic. + * The first byte of the Option Data keeps a code of the filter used + * (e.g. if this is a libpcap string, or BPF bytecode, and more). + * More details about this format will be presented in Appendix XXX (TODO). + * (TODO: better use different options for different fields? + * e.g. if_filter_pcap, if_filter_bpf, ...) 00 "tcp port 23 and host 10.0.0.5" + */ +#define OPT_IDB_OS 0x000C /**< NULL if not available, A UTF-8 string containing the name of the operating system of the + * machine in which this interface is installed. + * This can be different from the same information that can be + * contained by the Section Header Block + * (Section 3.1 (Section Header Block (mandatory))) because + * the capture can have been done on a remote machine. + * "Windows XP SP2" / "openSUSE 10.2" + */ +#define OPT_IDB_FCSLEN 0x000D /**< An integer value that specified the length of the + * Frame Check Sequence (in bits) for this interface. + * For link layers whose FCS length can change during time, + * the Packet Block Flags Word can be used (see Appendix A (Packet Block Flags Word)) + */ +#define OPT_IDB_TSOFFSET 0x000E /**< XXX: A 64 bits integer value that specifies an offset (in seconds) + * that must be added to the timestamp of each packet to obtain + * the absolute timestamp of a packet. If the option is missing, + * the timestamps stored in the packet must be considered absolute + * timestamps. The time zone of the offset can be specified with the + * option if_tzone. TODO: won't a if_tsoffset_low for fractional + * second offsets be useful for highly syncronized capture systems? + */ + +#define OPT_ISB_STARTTIME 0x0002 +#define OPT_ISB_ENDTIME 0x0003 +#define OPT_ISB_IFRECV 0x0004 +#define OPT_ISB_IFDROP 0x0005 +#define OPT_ISB_FILTERACCEPT 0x0006 +#define OPT_ISB_OSDROP 0x0007 +#define OPT_ISB_USRDELIV 0x0008 + wtap_open_return_val pcapng_open(wtap *wth, int *err, gchar **err_info); gboolean pcapng_dump_open(wtap_dumper *wdh, int *err); int pcapng_dump_can_write_encap(int encap); |