source: lib/libtrace.h.in @ e5f1431

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since e5f1431 was e5f1431, checked in by Shane Alcock <salcock@…>, 15 years ago

Updated build system to require version number changes in only two places
(format)_set_direction no longer takes a const libtrace_packet_t
Removed unnecessary #include <dagformat.h> from linktypes.c
libtrace.h and libtrace.doxygen are now .h.in files - a la libtrace2

  • Property mode set to 100644
File size: 42.6 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2004 The University of Waikato, Hamilton, New Zealand.
5 * Authors: Daniel Lawson
6 *          Perry Lorier
7 *         
8 * All rights reserved.
9 *
10 * This code has been developed by the University of Waikato WAND
11 * research group. For further information please see http://www.wand.net.nz/
12 *
13 * libtrace is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * libtrace is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with libtrace; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26 *
27 * $Id: libtrace.h 773 2006-05-01 12:58:09Z perry $
28 *
29 */
30
31#ifndef LIBTRACE_H
32#define LIBTRACE_H
33
34/** @file
35 *
36 * @brief Trace file processing library header
37 *
38 * @author Daniel Lawson
39 * @author Perry Lorier
40 *
41 * @version $Id: libtrace.h 773 2006-05-01 12:58:09Z perry $
42 *
43 * This library provides a per packet interface into a trace file, or a live
44 * captures.  It supports ERF, DAG cards, WAG cards, WAG's event format,
45 * pcap etc.
46 *
47 * @par Usage
48 * See the example/ directory in the source distribution for some simple examples
49 * @par Linking
50 * To use this library you need to link against libtrace by passing -ltrace
51 * to your linker. You may also need to link against a version of libpcap
52 * and of zlib which are compiled for largefile support (if you wish to access
53 * traces larger than 2 GB). This is left as an exercise for the reader. Debian
54 * Woody, at least, does not support large file offsets.
55 *
56 */
57
58#include <sys/types.h>
59#ifdef _MSC_VER
60    /* define the following from MSVC's internal types */
61    typedef             __int8  int8_t;
62    typedef             __int16 int16_t;
63    typedef             __int32 int32_t;
64    typedef             __int64 int64_t;
65    typedef unsigned    __int8  uint8_t;
66    typedef unsigned    __int16 uint16_t;
67    typedef unsigned    __int32 uint32_t;
68    typedef unsigned    __int64 uint64_t;
69        #ifdef BUILDING_DLL
70                #define DLLEXPORT __declspec(dllexport)
71        #else
72                #define DLLEXPORT __declspec(dllimport)
73        #endif
74        #define DLLLOCAL
75#else
76        #ifdef HAVE_GCCVISIBILITYPATCH
77                #define DLLEXPORT __attribute__ (visibility("default"))
78                #define DLLLOCAL __attribute__ (visibility("hidden"))
79        #else
80                #define DLLEXPORT
81                #define DLLLOCAL
82        #endif
83#endif
84
85#ifdef WIN32
86#   include <winsock2.h>
87#   include <ws2tcpip.h>
88    typedef short sa_family_t;
89    /* Make up for a lack of stdbool.h */
90#    define bool signed char
91#    define false 0
92#    define true 1
93#    if !defined(ssize_t)
94     /* XXX: Not 64-bit safe! */
95#    define ssize_t int
96#    endif   
97#else
98#    include <netinet/in.h>
99#    include <stdbool.h>
100#endif
101
102/** API version as 2 byte hex digits, eg 0xXXYYZZ */
103#define LIBTRACE_API_VERSION \
104            ((@LIBTRACE_MAJOR@<<16)|(@LIBTRACE_MID@<<8)|(@LIBTRACE_MINOR@))
105
106#ifdef __cplusplus
107extern "C" {
108#endif
109
110/* Function does not depend on anything but its
111 * parameters, used to hint gcc's optimisations
112 */
113#if __GNUC__ >= 3
114#  define SIMPLE_FUNCTION __attribute__((pure))
115#  define UNUSED __attribute__((unused))
116#  define PACKED __attribute__((packed))
117#  define CONSTRUCTOR __attribute__((constructor))
118#else
119#  define SIMPLE_FUNCTION
120#  define UNUSED
121#  define PACKED __declspec(align(1))
122#  define CONSTRUCTOR
123#endif
124       
125/** Opaque structure holding information about an output trace */
126typedef struct libtrace_out_t libtrace_out_t;
127       
128/** Opaque structure holding information about a trace */
129typedef struct libtrace_t libtrace_t;
130       
131/** Opaque structure holding information about a bpf filter */
132typedef struct libtrace_filter_t libtrace_filter_t;
133
134/** if a packet has memory allocated
135 * If the packet has allocated it's own memory it's buffer_control should
136 * be TRACE_CTRL_PACKET, when the packet is destroyed it's memory will be
137 * free()'d.  If it's doing zerocopy out of memory owned by something else
138 * it should be TRACE_CTRL_EXTERNAL.
139 * @note the letters p and e are magic numbers used to detect if the packet
140 * wasn't created properly
141 */
142typedef enum {
143        TRACE_CTRL_PACKET='p',
144        TRACE_CTRL_EXTERNAL='e'
145} buf_control_t;
146/** Structure holding information about a packet */
147#define LIBTRACE_PACKET_BUFSIZE 65536
148
149/** The libtrace structure, applications shouldn't be meddling around in here
150 */
151typedef struct libtrace_packet_t {
152        struct libtrace_t *trace; /**< pointer to the trace */
153        void *header;           /**< pointer to the framing header */
154        void *payload;          /**< pointer to the link layer */
155        buf_control_t buf_control; /**< who owns the memory */
156        void *buffer;           /**< allocated buffer */
157        size_t size;            /**< trace_get_framing_length()
158                                 * +trace_get_capture_length() */
159        uint32_t type;          /**< rt protocol type for the packet */
160} libtrace_packet_t;
161
162/** libtrace error information */
163typedef struct trace_err_t{
164        int err_num;            /**< error code */
165        char problem[255];      /**< the format, uri etc that caused the error for reporting purposes */
166} libtrace_err_t;
167
168/** Enumeration of error codes */
169enum {
170        /** No Error has occured.... yet. */
171        TRACE_ERR_NOERROR       = 0,
172        /** The URI passed to trace_create() is unsupported, or badly formed */
173        TRACE_ERR_BAD_FORMAT    = -1,
174        /** The trace failed to initialise */
175        TRACE_ERR_INIT_FAILED   = -2,
176        /** Unknown config option */
177        TRACE_ERR_UNKNOWN_OPTION= -3,
178        /** Option known, but unsupported by this format */
179        TRACE_ERR_OPTION_UNAVAIL= -6,
180        /** This output uri cannot write packets of this type */
181        TRACE_ERR_NO_CONVERSION = -4,
182        /** This packet is corrupt, or unusable for the action required */
183        TRACE_ERR_BAD_PACKET    = -5,
184        /** This feature is unsupported */
185        TRACE_ERR_UNSUPPORTED   = -7
186};
187
188typedef enum {
189        TRACE_DLT_NULL = 0,
190        TRACE_DLT_EN10MB = 1,
191        TRACE_DLT_ATM_RFC1483 = 11,
192        TRACE_DLT_IEEE802_11 = 105,
193        TRACE_DLT_LINUX_SLL = 113,
194        TRACE_DLT_PFLOG = 117
195} libtrace_dlt_t ;
196
197/** Link layer types
198 * This enumates the various different link types that libtrace understands
199 */
200typedef enum {
201       TRACE_TYPE_HDLC_POS = 1,
202       TRACE_TYPE_ETH,                  /**< 802.3 style Ethernet */
203       TRACE_TYPE_ATM,
204       TRACE_TYPE_AAL5,
205       TRACE_TYPE_80211,                /**< 802.11 frames */
206       TRACE_TYPE_NONE,                 /**< Raw IP frames */
207       TRACE_TYPE_LINUX_SLL,            /**< Linux "null" framing */
208       TRACE_TYPE_PFLOG,                /**< FreeBSD's PFlug */
209       TRACE_TYPE_POS,
210       TRACE_TYPE_80211_PRISM = 12
211     } libtrace_linktype_t;
212
213/** Trace directions
214 * Note that these are the directions used by convention, more directions
215 * are possible, not just these 3, and that they may not conform to this
216 * convention.
217 */
218typedef enum {
219        TRACE_DIR_OUTGOING = 0,         /**< Packets originating "outside" */
220        TRACE_DIR_INCOMING = 1,         /**< Packets originating "inside" */
221        TRACE_DIR_OTHER    = 2          /**< Packets with an unknown direction, or one that's unknown */
222} libtrace_direction_t;
223
224/** @name Protocol structures
225 * These convenience structures are here as they are portable ways of dealing
226 * with various protocols.
227 * @{
228 */
229
230#ifdef WIN32
231#pragma pack(push)
232#pragma pack(1)
233#endif
234
235/** Structure for dealing with IP packets */
236typedef struct libtrace_ip
237{
238#if BYTE_ORDER == LITTLE_ENDIAN
239    uint8_t ip_hl:4;            /**< header length */
240    uint8_t ip_v:4;             /**< version */
241#elif BYTE_ORDER == BIG_ENDIAN
242    uint8_t ip_v:4;             /**< version */
243    uint8_t ip_hl:4;            /**< header length */
244#else
245#   error "Adjust your <bits/endian.h> defines"
246#endif
247    uint8_t  ip_tos;                    /**< type of service */
248    uint16_t ip_len;                    /**< total length */
249    int16_t  ip_id;                     /**< identification */
250#if BYTE_ORDER == LITTLE_ENDIAN
251    uint16_t ip_off:12;         /**< fragment offset */
252    uint16_t ip_mf:1;           /**< more fragments flag */
253    uint16_t ip_df:1;           /**< dont fragment flag */
254    uint16_t ip_rf:1;           /**< reserved fragment flag */
255#elif BYTE_ORDER == BIG_ENDIAN
256    uint16_t ip_rf:1;
257    uint16_t ip_df:1;
258    uint16_t ip_mf:1;
259    uint16_t ip_off:12;
260#else
261#   error "Adjust your <bits/endian.h> defines"
262#endif
263    uint8_t  ip_ttl;                    /**< time to live */
264    uint8_t  ip_p;                      /**< protocol */
265    uint16_t ip_sum;                    /**< checksum */
266    struct in_addr ip_src;              /**< source address */
267    struct in_addr ip_dst;              /**< dest address */
268} PACKED libtrace_ip_t;
269
270typedef struct libtrace_ip6_ext
271{
272        uint8_t nxt;
273        uint8_t len;
274} PACKED libtrace_ip6_ext_t;
275
276/** IPv6 header structure */
277typedef struct libtrace_ip6
278{
279    uint32_t flow;
280    uint16_t plen;                      /**< Payload length */
281    uint8_t nxt;                        /**< Next header */
282    uint8_t hlim;                       /**< Hop limit */
283    struct in6_addr ip_src;             /**< source address */
284    struct in6_addr ip_dst;             /**< dest address */
285} PACKED libtrace_ip6_t;
286
287/** Structure for dealing with TCP packets */
288typedef struct libtrace_tcp
289  {
290    uint16_t source;            /**< Source Port */
291    uint16_t dest;              /**< Destination port */
292    uint32_t seq;               /**< Sequence number */
293    uint32_t ack_seq;           /**< Acknowledgement Number */
294#  if BYTE_ORDER == LITTLE_ENDIAN
295    uint8_t res1:4;     /**< Reserved bits */
296    uint8_t doff:4;     /**< data offset */     
297    uint8_t fin:1;              /**< FIN */
298    uint8_t syn:1;              /**< SYN flag */
299    uint8_t rst:1;              /**< RST flag */
300    uint8_t psh:1;              /**< PuSH flag */
301    uint8_t ack:1;              /**< ACK flag */
302    uint8_t urg:1;              /**< URG flag */
303    uint8_t res2:2;     /**< Reserved */
304#  elif BYTE_ORDER == BIG_ENDIAN
305    uint8_t doff:4;     /**< Data offset */
306    uint8_t res1:4;     /**< Reserved bits */
307    uint8_t res2:2;     /**< Reserved */
308    uint8_t urg:1;              /**< URG flag */
309    uint8_t ack:1;              /**< ACK flag */
310    uint8_t psh:1;              /**< PuSH flag */
311    uint8_t rst:1;              /**< RST flag */
312    uint8_t syn:1;              /**< SYN flag */
313    uint8_t fin:1;              /**< FIN flag */
314#  else
315#   error "Adjust your <bits/endian.h> defines"
316#  endif
317    uint16_t window;            /**< Window Size */
318    uint16_t check;             /**< Checksum */
319    uint16_t urg_ptr;           /**< Urgent Pointer */
320} PACKED libtrace_tcp_t;
321
322/** UDP Header for dealing with UDP packets */
323typedef struct libtrace_udp {
324  uint16_t      source;         /**< Source port */
325  uint16_t      dest;           /**< Destination port */
326  uint16_t      len;            /**< Length */
327  uint16_t      check;          /**< Checksum */
328} PACKED libtrace_udp_t;
329
330/** ICMP Header for dealing with icmp packets */
331typedef struct libtrace_icmp
332{
333  uint8_t type;         /**< message type */
334  uint8_t code;         /**< type sub-code */
335  uint16_t checksum;            /**< checksum */
336  union
337  {
338    struct
339    {
340      uint16_t  id;
341      uint16_t  sequence;
342    } echo;                     /**< echo datagram */
343    uint32_t    gateway;        /**< gateway address */
344    struct
345    {
346      uint16_t  unused;
347      uint16_t  mtu;
348    } frag;                     /**< path mtu discovery */
349  } un;                         /**< Union for payloads of various icmp codes */
350} PACKED libtrace_icmp_t;
351
352/** LLC/SNAP header */
353typedef struct libtrace_llcsnap
354{
355/* LLC */
356  uint8_t dsap;                 /**< Destination Service Access Point */
357  uint8_t ssap;                 /**< Source Service Access Point */
358  uint8_t control;
359/* SNAP */
360  uint32_t oui:24;              /**< Organisationally Unique Identifier (scope)*/
361  uint16_t type;                /**< Protocol within OUI */
362} PACKED libtrace_llcsnap_t;
363
364/** 802.3 frame */
365typedef struct libtrace_ether
366{
367  uint8_t ether_dhost[6];       /**< destination ether addr */
368  uint8_t ether_shost[6];       /**< source ether addr */
369  uint16_t ether_type;          /**< packet type ID field (next-header) */
370} PACKED libtrace_ether_t;
371
372/** 802.1Q frame */
373typedef struct libtrace_8021q
374{
375  uint16_t vlan_pri:3;   /**< vlan user priority */
376  uint16_t vlan_cfi:1;   /**< vlan format indicator,
377                                   * 0 for ethernet, 1 for token ring */
378  uint16_t vlan_id:12;   /**< vlan id */
379  uint16_t vlan_ether_type;      /**< vlan sub-packet type ID field
380                                   * (next-header)*/
381} PACKED libtrace_8021q_t;
382
383/** ATM cell */
384typedef struct libtrace_atm_cell
385{
386  uint32_t gfc:4;               /**< Generic Flow Control */
387  uint32_t vpi:8;               /**< Virtual Path Identifier */
388  uint32_t vci:8;               /**< Virtual Channel Identifier */
389  uint32_t pt:3;                /**< Payload Type */
390  uint32_t clp:1;               /**< Cell Loss Priority */
391  uint32_t hec:8;               /**< Header Error Control */
392} PACKED libtrace_atm_cell_t;
393
394/** POS header */
395typedef struct libtrace_pos
396{
397 uint16_t header;
398 uint16_t ether_type;           /**< ether type */
399} PACKED libtrace_pos_t;
400
401/** 802.11 header */
402typedef struct libtrace_80211_t {
403        uint16_t      protocol:2;
404        uint16_t      type:2;
405        uint16_t      subtype:4;
406        uint16_t      to_ds:1;          /**< Packet to Distribution Service */
407        uint16_t      from_ds:1;        /**< Packet from Distribution Service */
408        uint16_t      more_frag:1;      /**< Packet has more fragments */
409        uint16_t      retry:1;          /**< Packet is a retry */
410        uint16_t      power:1;
411        uint16_t      more_data:1;
412        uint16_t      wep:1;
413        uint16_t      order:1;
414        uint16_t     duration;
415        uint8_t      mac1[6];
416        uint8_t      mac2[6];
417        uint8_t      mac3[6];
418        uint16_t     SeqCtl;
419        uint8_t      mac4[6];
420} PACKED libtrace_80211_t;
421
422#ifdef WIN32
423#pragma pack(pop)
424#endif
425
426
427/*@}*/
428
429/** Prints help information for libtrace
430 *
431 * Function prints out some basic help information regarding libtrace,
432 * and then prints out the help() function registered with each input module
433 */
434DLLEXPORT void trace_help();
435
436/** Gets the output format for a given output trace
437 *
438 * @param libtrace      the output trace to get the name of the format fo
439 * @return callee-owned null-terminated char* containing the output format
440 *
441 */
442DLLEXPORT SIMPLE_FUNCTION
443char *trace_get_output_format(const libtrace_out_t *libtrace);
444
445/** @name Trace management
446 * These members deal with creating, configuring, starting, pausing and
447 * cleaning up a trace object
448 *@{
449 */
450
451/** Create a trace file from a URI
452 *
453 * @param uri containing a valid libtrace URI
454 * @return opaque pointer to a libtrace_t
455 *
456 * Valid URI's are:
457 *  - erf:/path/to/erf/file
458 *  - erf:/path/to/erf/file.gz
459 *  - erf:/path/to/rtclient/socket
460 *  - erf:-  (stdin)
461 *  - dag:/dev/dagcard                 
462 *  - pcapint:pcapinterface                (eg: pcap:eth0)
463 *  - pcap:/path/to/pcap/file
464 *  - pcap:-
465 *  - rtclient:hostname
466 *  - rtclient:hostname:port
467 *  - wag:-
468 *  - wag:/path/to/wag/file
469 *  - wag:/path/to/wag/file.gz
470 *  - wag:/path/to/wag/socket
471 *
472 *  If an error occured when attempting to open the trace file, an error
473 *  trace is returned and trace_get_error should be called to find out
474 *  if an error occured, and what that error was.  The trace is created in the
475 *  configuration state, you must call trace_start to start the capture.
476 */
477DLLEXPORT libtrace_t *trace_create(const char *uri);
478
479/** Creates a "dummy" trace file that has only the format type set.
480 *
481 * @return opaque pointer to a (sparsely initialised) libtrace_t
482 *
483 * IMPORTANT: Do not attempt to call trace_read_packet or other such functions
484 * with the dummy trace. Its intended purpose is to act as a packet->trace for
485 * libtrace_packet_t's that are not associated with a libtrace_t structure.
486 */
487DLLEXPORT libtrace_t *trace_create_dead(const char *uri);
488
489/** Creates a trace output file from a URI.
490 *
491 * @param uri   the uri string describing the output format and destination
492 * @return opaque pointer to a libtrace_output_t
493 * @author Shane Alcock
494 *
495 * Valid URI's are:
496 *  - gzerf:/path/to/erf/file.gz
497 *  - gzerf:/path/to/erf/file
498 *  - rtserver:hostname
499 *  - rtserver:hostname:port
500 *
501 *  If an error occured when attempting to open the output trace, NULL is returned
502 *  and trace_errno is set. Use trace_perror() to get more information
503 */
504DLLEXPORT libtrace_out_t *trace_create_output(const char *uri);
505
506/** Start the capture
507 * @param libtrace      The trace to start
508 * @return 0 on success
509 *
510 * This does the actual work with starting the trace capture, and applying
511 * all the config options.  This may fail.
512 */
513DLLEXPORT int trace_start(libtrace_t *libtrace);
514
515/** Pause the capture
516 * @param libtrace      The trace to pause
517 * @return 0 on success
518 *
519 * This stops a capture in progress and returns you to the configuration
520 * state.  Any packets that arrive after trace_pause() has been called
521 * will be discarded.  To resume capture, call trace_start().
522 */
523DLLEXPORT int trace_pause(libtrace_t *libtrace);
524
525/** Start an output trace
526 * @param libtrace      The trace to start
527 * @return 0 on success
528 *
529 * This does the actual work with starting a trace for write.  This generally
530 * creates the file.
531 */
532DLLEXPORT int trace_start_output(libtrace_out_t *libtrace);
533
534/** Valid trace capture options */
535typedef enum {
536        TRACE_OPTION_SNAPLEN, /**< Number of bytes captured */
537        TRACE_OPTION_PROMISC, /**< Capture packets to other hosts */
538        TRACE_OPTION_FILTER   /**< Apply this filter to all packets recieved */
539} trace_option_t;
540
541/** Sets an input config option
542 * @param libtrace      the trace object to apply the option to
543 * @param option        the option to set
544 * @param value         the value to set the option to
545 * @return -1 if option configuration failed, 0 otherwise
546 * This should be called after trace_create, and before trace_start
547 */
548DLLEXPORT int trace_config(libtrace_t *libtrace,
549                trace_option_t option,
550                void *value);
551
552typedef enum {
553        TRACE_OPTION_OUTPUT_FILEFLAGS, /**< File flags to open the trace file
554                                        * with.  eg O_APPEND
555                                        */
556        TRACE_OPTION_OUTPUT_COMPRESS   /**< Compression level, eg 6. */
557} trace_option_output_t;
558
559/** Sets an output config option
560 *
561 * @param libtrace      the output trace object to apply the option to
562 * @param option        the option to set
563 * @param value         the value to set the option to
564 * @return -1 if option configuration failed, 0 otherwise
565 * This should be called after trace_create_output, and before
566 * trace_start_output
567 */
568DLLEXPORT int trace_config_output(libtrace_out_t *libtrace,
569                trace_option_output_t option,
570                void *value
571                );
572
573/** Close a trace file, freeing up any resources it may have been using
574 *
575 */
576DLLEXPORT void trace_destroy(libtrace_t *trace);
577
578/** Close a trace file, freeing up any resources it may have been using
579 * @param trace         trace file to be destroyed
580 */
581DLLEXPORT void trace_destroy_dead(libtrace_t *trace);
582
583/** Close a trace output file, freeing up any resources it may have been using
584 * @param trace         the output trace file to be destroyed
585 *
586 * @author Shane Alcock
587 */
588DLLEXPORT void trace_destroy_output(libtrace_out_t *trace);
589
590/** Check (and clear) the current error state of an input trace
591 * @param trace         the trace file to check the error state on
592 * @return Error report
593 * This reads and returns the current error state and sets the current error
594 * to "no error".
595 */
596DLLEXPORT libtrace_err_t trace_get_err(libtrace_t *trace);
597
598/** Return if there is an error
599 * @param trace         the trace file to check the error state on
600 * This does not clear the error status, and only returns true or false.
601 */
602DLLEXPORT bool trace_is_err(libtrace_t *trace);
603
604/** Output an error message to stderr and clear the error status.
605 * @param trace         the trace with the error to output
606 * @param msg           the message to prefix to the error
607 * This function does clear the error status.
608 */
609DLLEXPORT void trace_perror(libtrace_t *trace, const char *msg,...);
610
611/** Check (and clear) the current error state of an output trace
612 * @param trace         the output trace file to check the error state on
613 * @return Error report
614 * This reads and returns the current error state and sets the current error
615 * to "no error".
616 */
617DLLEXPORT libtrace_err_t trace_get_err_output(libtrace_out_t *trace);
618
619/** Return if there is an error
620 * @param trace         the trace file to check the error state on
621 * This does not clear the error status, and only returns true or false.
622 */
623DLLEXPORT bool trace_is_err_output(libtrace_out_t *trace);
624
625/** Output an error message to stderr and clear the error status.
626 * @param trace         the trace with the error to output
627 * @param msg           the message to prefix to the error
628 * This function does clear the error status.
629 */
630DLLEXPORT void trace_perror_output(libtrace_out_t *trace, const char *msg,...);
631
632
633/*@}*/
634
635/** @name Reading/Writing packets
636 * These members deal with creating, reading and writing packets
637 *
638 * @{
639 */
640
641/** Create a new packet object
642 *
643 * @return a pointer to an initialised libtrace_packet_t object
644 */
645DLLEXPORT libtrace_packet_t *trace_create_packet();
646
647/** Copy a packet
648 * @param packet        the source packet to copy
649 * @return a new packet which has the same content as the source packet
650 * @note This always involves a copy, which can be slow.  Use of this
651 * function should be avoided where possible.
652 * @par The reason you would want to use this function is that a zerocopied
653 * packet from a device is using the devices memory which may be a limited
654 * resource.  Copying the packet will cause it to be copied into the systems
655 * memory.
656 */
657DLLEXPORT libtrace_packet_t *trace_copy_packet(const libtrace_packet_t *packet);
658
659/** Destroy a packet object
660 *
661 * sideeffect: sets packet to NULL
662 */
663DLLEXPORT void trace_destroy_packet(libtrace_packet_t **packet);
664
665
666/** Read one packet from the trace into buffer
667 *
668 * @param trace         the libtrace opaque pointer
669 * @param packet        the packet opaque pointer
670 * @return 0 on EOF, negative value on error, number of bytes read when
671 * successful.
672 *
673 * @note the number of bytes read is usually (but not always) the same as
674 * trace_get_framing_length()+trace_get_capture_length() depending on the
675 * trace format.
676 * @note the trace must have been started with trace_start before calling
677 * this function
678 */
679DLLEXPORT int trace_read_packet(libtrace_t *trace, libtrace_packet_t *packet);
680
681/** Event types
682 * see \ref libtrace_eventobj_t and \ref trace_event
683 */
684typedef enum {
685        TRACE_EVENT_IOWAIT,     /**< Need to block on fd */
686        TRACE_EVENT_SLEEP,      /**< Sleep for some time */
687        TRACE_EVENT_PACKET,     /**< packet has arrived */
688        TRACE_EVENT_TERMINATE   /**< End of trace */
689} libtrace_event_t;
690
691/** structure returned by libtrace_event explaining what the current event is */
692typedef struct libtrace_eventobj_t {
693        libtrace_event_t type; /**< event type (iowait,sleep,packet) */
694        int fd;                /**< if IOWAIT, the fd to sleep on */
695        double seconds;        /**< if SLEEP, the amount of time to sleep for
696                                */
697        int size;              /**< if PACKET, the value returned from
698                                *  trace_read_packet
699                                */
700} libtrace_eventobj_t;
701
702/** process a libtrace event
703 * @param trace the libtrace opaque pointer
704 * @param packet the libtrace_packet opaque pointer
705 * @return libtrace_event struct containing the type, and potential
706 *      fd or seconds to sleep on
707 *
708 * Type can be:
709 *  TRACE_EVENT_IOWAIT  Waiting on I/O on fd
710 *  TRACE_EVENT_SLEEP   Next event in seconds
711 *  TRACE_EVENT_PACKET  Packet arrived in buffer with size size
712 *  TRACE_EVENT_TERMINATE Trace terminated (perhaps with an error condition)
713 */
714DLLEXPORT libtrace_eventobj_t trace_event(libtrace_t *trace,
715                libtrace_packet_t *packet);
716
717
718/** Write one packet out to the output trace
719 *
720 * @param trace         the libtrace_out opaque pointer
721 * @param packet        the packet opaque pointer
722 * @return the number of bytes written out, if zero or negative then an error has occured.
723 */
724DLLEXPORT int trace_write_packet(libtrace_out_t *trace, const libtrace_packet_t *packet);
725/*@}*/
726
727/** @name Protocol decodes
728 * These functions locate and return a pointer to various headers inside a
729 * packet
730 * @{
731 */
732
733/** get a pointer to the link layer
734 * @param packet        the packet opaque pointer
735 *
736 * @return a pointer to the link layer, or NULL if there is no link layer
737 *
738 * @note you should call getLinkType() to find out what type of link layer
739 * this is
740 */
741DLLEXPORT SIMPLE_FUNCTION
742void *trace_get_link(const libtrace_packet_t *packet);
743
744/** get a pointer to the IP header (if any)
745 * @param packet        the packet opaque pointer
746 *
747 * @return a pointer to the IP header, or NULL if there is not an IP packet
748 */
749DLLEXPORT SIMPLE_FUNCTION
750libtrace_ip_t *trace_get_ip(libtrace_packet_t *packet);
751
752/** Gets a pointer to the transport layer header (if any)
753 * @param packet        a pointer to a libtrace_packet structure
754 * @param[out] proto    transport layer protocol
755 *
756 * @return a pointer to the transport layer header, or NULL if there is no header
757 *
758 * @note proto may be NULL if proto is unneeded.
759 */
760DLLEXPORT void *trace_get_transport(libtrace_packet_t *packet, uint8_t *proto,
761                uint32_t *remaining);
762
763/** Gets a pointer to the payload given a pointer to the IP header
764 * @param ip            The IP Header
765 * @param[out] proto    An output variable of the IP protocol
766 * @param[in,out] remaining Updated with the number of bytes remaining
767 *
768 * @return a pointer to the transport layer header, or NULL if header isn't present.
769 *
770 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
771 * of bytes captured of the IP header and beyond.  It will be updated after this
772 * function to the number of bytes remaining after the IP header (and any IP options)
773 * have been removed.
774 *
775 * proto may be NULL if not needed.
776 *
777 * @note This is similar to trace_get_transport_from_ip in libtrace2
778 */
779DLLEXPORT void *trace_get_payload_from_ip(libtrace_ip_t *ip, uint8_t *proto,
780                uint32_t *remaining);
781
782/** Gets a pointer to the payload given a pointer to a tcp header
783 * @param tcp           The tcp Header
784 * @param[in,out] remaining Updated with the number of bytes remaining
785 *
786 * @return a pointer to the tcp payload, or NULL if the payload isn't present.
787 *
788 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
789 * of bytes captured of the TCP header and beyond.  It will be updated after this
790 * function to the number of bytes remaining after the TCP header (and any TCP options)
791 * have been removed.
792 *
793 * @note This is similar to trace_get_transport_from_ip in libtrace2
794 */
795DLLEXPORT void *trace_get_payload_from_tcp(libtrace_tcp_t *tcp, uint32_t *remaining);
796
797/** Gets a pointer to the payload given a pointer to a udp header
798 * @param udp           The udp Header
799 * @param[in,out] remaining Updated with the number of bytes remaining
800 *
801 * @return a pointer to the udp payload, or NULL if the payload isn't present.
802 *
803 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
804 * of bytes captured of the TCP header and beyond.  It will be updated after this
805 * function to the number of bytes remaining after the TCP header (and any TCP options)
806 * have been removed.
807 *
808 * @note This is similar trace_get_transport_from_ip in libtrace2
809 */
810DLLEXPORT void *trace_get_payload_from_udp(libtrace_udp_t *udp, uint32_t *remaining);
811
812/** Gets a pointer to the payload given a pointer to a icmp header
813 * @param icmp          The icmp Header
814 * @param[in,out] remaining Updated with the number of bytes remaining
815 *
816 * @return a pointer to the icmp payload, or NULL if the payload isn't present.
817 *
818 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
819 * of bytes captured of the TCP header and beyond.  It will be updated after this
820 * function to the number of bytes remaining after the TCP header (and any TCP options)
821 * have been removed.
822 *
823 * @note This is similar to trace_get_payload_from_icmp in libtrace2
824 */
825DLLEXPORT void *trace_get_payload_from_icmp(libtrace_icmp_t *icmp, uint32_t *skipped);
826
827/** get a pointer to the TCP header (if any)
828 * @param packet        the packet opaque pointer
829 *
830 * @return a pointer to the TCP header, or NULL if there is not a TCP packet
831 */
832DLLEXPORT SIMPLE_FUNCTION
833libtrace_tcp_t *trace_get_tcp(libtrace_packet_t *packet);
834
835/** get a pointer to the TCP header (if any) given a pointer to the IP header
836 * @param ip            The IP header
837 * @param[in,out] remaining Updated with the number of bytes remaining
838 *
839 * @return a pointer to the TCP header, or NULL if this is not a TCP packet
840 *
841 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
842 * of bytes captured of the TCP header and beyond.  It will be updated after this
843 * function to the number of bytes remaining after the TCP header (and any TCP options)
844 * have been removed.
845 *
846 * @note The last parameter has changed from libtrace2
847 */
848DLLEXPORT SIMPLE_FUNCTION
849libtrace_tcp_t *trace_get_tcp_from_ip(libtrace_ip_t *ip, uint32_t *remaining);
850
851/** get a pointer to the UDP header (if any)
852 * @param packet        the packet opaque pointer
853 *
854 * @return a pointer to the UDP header, or NULL if this is not a UDP packet
855 */
856DLLEXPORT SIMPLE_FUNCTION
857libtrace_udp_t *trace_get_udp(libtrace_packet_t *packet);
858
859/** get a pointer to the UDP header (if any) given a pointer to the IP header
860 * @param       ip      The IP header
861 * @param[in,out] remaining Updated with the number of bytes remaining
862 *
863 * @return a pointer to the UDP header, or NULL if this is not an UDP packet
864 *
865 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
866 * of bytes captured of the TCP header and beyond.  It will be updated after this
867 * function to the number of bytes remaining after the TCP header (and any TCP options)
868 * have been removed.
869 *
870 * @note Beware the change from libtrace2 from skipped to remaining
871 */
872DLLEXPORT SIMPLE_FUNCTION
873libtrace_udp_t *trace_get_udp_from_ip(libtrace_ip_t *ip,uint32_t *remaining);
874
875/** get a pointer to the ICMP header (if any)
876 * @param packet        the packet opaque pointer
877 *
878 * @return a pointer to the ICMP header, or NULL if this is not a ICMP packet
879 */
880DLLEXPORT SIMPLE_FUNCTION
881libtrace_icmp_t *trace_get_icmp(libtrace_packet_t *packet);
882
883/** get a pointer to the ICMP header (if any) given a pointer to the IP header
884 * @param ip            The IP header
885 * @param[in,out] remaining Updated with the number of bytes remaining
886 *
887 * @return a pointer to the ICMP header, or NULL if this is not an ICMP packet
888 *
889 * Remaining may be NULL.  If Remaining is not NULL it must point to the number
890 * of bytes captured of the TCP header and beyond.  It will be updated after this
891 * function to the number of bytes remaining after the TCP header (and any TCP options)
892 * have been removed.
893 *
894 * @note Beware the change from libtrace2 from skipped to remaining
895 */
896DLLEXPORT SIMPLE_FUNCTION
897libtrace_icmp_t *trace_get_icmp_from_ip(libtrace_ip_t *ip,uint32_t *remaining);
898
899/** Get the destination MAC addres
900 * @param packet        the packet opaque pointer
901 * @return a pointer to the destination mac, (or NULL if there is no
902 * destination MAC)
903 */
904DLLEXPORT SIMPLE_FUNCTION
905uint8_t *trace_get_destination_mac(libtrace_packet_t *packet);
906
907/** Get the source MAC addres
908 * @param packet        the packet opaque pointer
909 * @return a pointer to the source mac, (or NULL if there is no source MAC)
910 */
911DLLEXPORT SIMPLE_FUNCTION
912uint8_t *trace_get_source_mac(libtrace_packet_t *packet);
913
914/** Get the source addres
915 * @param packet        the packet opaque pointer
916 * @param addr          a pointer to a sockaddr to store the address in, or NULL to use
917 *                      static storage.
918 * @return NULL if there is no source address, or a sockaddr holding a v4 or v6 address
919 */
920DLLEXPORT SIMPLE_FUNCTION
921struct sockaddr *trace_get_source_address(const libtrace_packet_t *packet,
922                struct sockaddr *addr);
923
924/** Get the source addres
925 * @param packet        the packet opaque pointer
926 * @param addr          a pointer to a sockaddr to store the address in, or NULL to use
927 *                      static storage.
928 * @return NULL if there is no source address, or a sockaddr holding a v4 or v6 address
929 */
930DLLEXPORT SIMPLE_FUNCTION
931struct sockaddr *trace_get_destination_address(const libtrace_packet_t *packet,
932                struct sockaddr *addr);
933
934/*@}*/
935
936/** parse an ip or tcp option
937 * @param[in,out] ptr   the pointer to the current option
938 * @param[in,out] len   the length of the remaining buffer
939 * @param[out] type     the type of the option
940 * @param[out] optlen   the length of the option
941 * @param[out] data     the data of the option
942 *
943 * @return bool true if there is another option (and the fields are filled in)
944 *               or false if this was the last option.
945 *
946 * This updates ptr to point to the next option after this one, and updates
947 * len to be the number of bytes remaining in the options area.  Type is updated
948 * to be the code of this option, and data points to the data of this option,
949 * with optlen saying how many bytes there are.
950 *
951 * @note Beware of fragmented packets.
952 */
953DLLEXPORT int trace_get_next_option(unsigned char **ptr,int *len,
954                        unsigned char *type,
955                        unsigned char *optlen,
956                        unsigned char **data);
957
958
959/** @name Time
960 * These functions deal with time that a packet arrived and return it
961 * in various formats
962 * @{
963 */
964/** Get the current time in DAG time format
965 * @param packet        the packet opaque pointer
966 *
967 * @return a 64 bit timestamp in DAG ERF format (upper 32 bits are the seconds
968 * past 1970-01-01, the lower 32bits are partial seconds)
969 * @author Daniel Lawson
970 */
971DLLEXPORT SIMPLE_FUNCTION
972uint64_t trace_get_erf_timestamp(const libtrace_packet_t *packet);
973
974/** Get the current time in struct timeval
975 * @param packet        the packet opaque pointer
976 *
977 * @return time that this packet was seen in a struct timeval
978 * @author Daniel Lawson
979 * @author Perry Lorier
980 */
981DLLEXPORT SIMPLE_FUNCTION
982struct timeval trace_get_timeval(const libtrace_packet_t *packet);
983
984/** Get the current time in floating point seconds
985 * @param packet        the packet opaque pointer
986 *
987 * @return time that this packet was seen in 64bit floating point seconds
988 * @author Daniel Lawson
989 * @author Perry Lorier
990 */
991DLLEXPORT SIMPLE_FUNCTION
992double trace_get_seconds(const libtrace_packet_t *packet);
993
994/** Seek within a trace
995 * @param trace         trace to seek
996 * @param seconds       time to seek to
997 * @return 0 on success.
998 * Make the next packet read to be the first packet to occur at or after the
999 * time searched for.  This must be called in the configuration state (ie,
1000 * before trace_start() or after trace_pause().
1001 * @note This function may be extremely slow.
1002 */
1003DLLEXPORT int trace_seek_seconds(libtrace_t *trace, double seconds);
1004
1005/** Seek within a trace
1006 * @param trace         trace to seek
1007 * @param tv            time to seek to
1008 * @return 0 on success.
1009 * Make the next packet read to be the first packet to occur at or after the
1010 * time searched for.  This must be called in the configuration state (ie,
1011 * before trace_start() or after trace_pause().
1012 * @note This function may be extremely slow.
1013 */
1014DLLEXPORT int trace_seek_timeval(libtrace_t *trace, struct timeval tv);
1015
1016/** Seek within a trace
1017 * @param trace         trace to seek
1018 * @param ts            erf timestamp
1019 * @return 0 on success.
1020 * Make the next packet read to be the first packet to occur at or after the
1021 * time searched for.  This must be called in the configuration state (ie,
1022 * before trace_start() or after trace_pause().
1023 * @note This function may be extremely slow.
1024 */
1025DLLEXPORT int trace_seek_erf_timestamp(libtrace_t *trace, uint64_t ts);
1026
1027/*@}*/
1028
1029/** @name Sizes
1030 * This section deals with finding or setting the various different lengths
1031 * a packet can have
1032 * @{
1033 */
1034/** Get the size of the packet in the trace
1035 * @param packet        the packet opaque pointer
1036 * @return the size of the packet in the trace
1037 * @author Perry Lorier
1038 * @note Due to this being a header capture, or anonymisation, this may not
1039 * be the same size as the original packet.  See get_wire_length() for the
1040 * original size of the packet.
1041 * @note This can (and often is) different for different packets in a trace!
1042 * @note This is sometimes called the "snaplen".
1043 * @note The return size refers to the network-level payload of the packet and
1044 * does not include any capture headers. For example, an Ethernet packet with
1045 * an empty TCP packet will return sizeof(ethernet_header) + sizeof(ip_header)
1046 * + sizeof(tcp_header).
1047 */
1048DLLEXPORT SIMPLE_FUNCTION
1049size_t trace_get_capture_length(const libtrace_packet_t *packet);
1050
1051/** Get the size of the packet as it was seen on the wire.
1052 * @param packet        the packet opaque pointer
1053 * @return the size of the packet as it was on the wire.
1054 * @note Due to the trace being a header capture, or anonymisation this may
1055 * not be the same as the Capture Len.
1056 * @note trace_getwire_length \em{includes} FCS.
1057 */
1058DLLEXPORT SIMPLE_FUNCTION
1059size_t trace_get_wire_length(const libtrace_packet_t *packet);
1060
1061/** Get the length of the capture framing headers.
1062 * @param packet        the packet opaque pointer
1063 * @return the size of the packet as it was on the wire.
1064 * @author Perry Lorier
1065 * @author Daniel Lawson
1066 * @note this length corresponds to the difference between the size of a
1067 * captured packet in memory, and the captured length of the packet
1068 */
1069DLLEXPORT SIMPLE_FUNCTION
1070size_t trace_get_framing_length(const libtrace_packet_t *packet);
1071
1072/** Truncate ("snap") the packet at the suggested length
1073 * @param packet        the packet opaque pointer
1074 * @param size          the new length of the packet
1075 * @return the new capture length of the packet, or the original capture
1076 * length of the packet if unchanged
1077 */
1078DLLEXPORT size_t trace_set_capture_length(libtrace_packet_t *packet, size_t size);
1079
1080/*@}*/
1081
1082
1083/** Get the type of the link layer
1084 * @param packet        the packet opaque pointer
1085 * @return libtrace_linktype_t
1086 * @author Perry Lorier
1087 * @author Daniel Lawson
1088 */
1089DLLEXPORT SIMPLE_FUNCTION
1090libtrace_linktype_t trace_get_link_type(const libtrace_packet_t *packet);
1091
1092/** Set the direction flag, if it has one
1093 * @param packet        the packet opaque pointer
1094 * @param direction     the new direction
1095 * @returns -1 on error, or the direction that was set.
1096 */
1097DLLEXPORT libtrace_direction_t trace_set_direction(libtrace_packet_t *packet, libtrace_direction_t direction);
1098
1099/** Get the direction flag, if it has one
1100 * @param packet        the packet opaque pointer
1101 * @return a value containing the direction flag, or -1 if this is not supported
1102 * The direction is defined as 0 for packets originating locally (ie, outbound)
1103 * and 1 for packets originating remotely (ie, inbound).
1104 * Other values are possible, which might be overloaded to mean special things
1105 * for a special trace.
1106 * @author Daniel Lawson
1107 */
1108DLLEXPORT SIMPLE_FUNCTION
1109libtrace_direction_t trace_get_direction(const libtrace_packet_t *packet);
1110
1111/** @name BPF
1112 * This section deals with using Berkley Packet Filters
1113 * @{
1114 */
1115/** setup a BPF filter
1116 * @param filterstring a char * containing the bpf filter string
1117 * @return opaque pointer pointer to a libtrace_filter_t object
1118 * @author Daniel Lawson
1119 * @note The filter is not actually compiled at this point, so no correctness
1120 * tests are performed here. trace_bpf_setfilter will always return ok, but
1121 * if the filter is poorly constructed an error will be generated when the
1122 * filter is actually used
1123 */
1124DLLEXPORT SIMPLE_FUNCTION
1125libtrace_filter_t *trace_bpf_setfilter(const char *filterstring);
1126
1127/** apply a BPF filter
1128 * @param filter        the filter opaque pointer
1129 * @param packet        the packet opaque pointer
1130 * @return 1 if the filter matches, 0 if it doesn't.
1131 * @note Due to the way BPF filters are built, the filter is not actually
1132 * compiled until the first time trace_bpf_filter is called. If your filter is
1133 * incorrect, it will generate an error message and assert, exiting the
1134 * program. This behaviour may change to more graceful handling of this error
1135 * in the future.
1136 */
1137DLLEXPORT int trace_bpf_filter(libtrace_filter_t *filter,
1138                const libtrace_packet_t *packet);
1139
1140/** destory of BPF filter
1141 * @param filter        the filter opaque pointer
1142 * Deallocate all the resources associated with a BPF filter
1143 */
1144DLLEXPORT void trace_destroy_bpf(libtrace_filter_t *filter);
1145/*@}*/
1146
1147/** @name Portability
1148 * This section has functions that causes annoyances to portability for one
1149 * reason or another.
1150 * @{
1151 */
1152
1153/** Convert an ethernet address to a string
1154 * @param addr  Ethernet address in network byte order
1155 * @param buf   Buffer to store the ascii representation, or NULL
1156 * @return buf, or if buf is NULL then a statically allocated buffer.
1157 *
1158 * This function is similar to the GNU ether_ntoa_r function, with a few
1159 * minor differences.  if NULL is passed as buf, then the function will
1160 * use an internal static buffer, if NULL isn't passed then the function
1161 * will use that buffer instead.
1162 *
1163 * @note the type of addr isn't struct ether_addr as it is with ether_ntoa_r,
1164 * however it is bit compatible so that a cast will work.
1165 */
1166DLLEXPORT char *trace_ether_ntoa(const uint8_t *addr, char *buf);
1167
1168/** Convert a string to an ethernet address
1169 * @param buf   Ethernet address in hex format delimited with :'s.
1170 * @param addr  buffer to store the binary representation, or NULL
1171 * @return addr, or if addr is NULL, then a statically allocated buffer.
1172 *
1173 * This function is similar to the GNU ether_aton_r function, with a few
1174 * minor differences.  if NULL is passed as addr, then the function will
1175 * use an internal static buffer, if NULL isn't passed then the function will
1176 * use that buffer instead.
1177 *
1178 * @note the type of addr isn't struct ether_addr as it is with ether_aton_r,
1179 * however it is bit compatible so that a cast will work.
1180 */
1181DLLEXPORT uint8_t *trace_ether_aton(const char *buf, uint8_t *addr);
1182
1183/*@}*/
1184
1185
1186/** Which port is the server port */
1187typedef enum {
1188        USE_DEST,       /**< Destination port is the server port */
1189        USE_SOURCE      /**< Source port is the server port */
1190} serverport_t;
1191
1192/** Get the source port
1193 * @param packet        the packet to read from
1194 * @return a port in \em HOST byte order, or equivilent to ports for this
1195 * protocol, or 0 if this protocol has no ports.
1196 * @author Perry Lorier
1197 */
1198DLLEXPORT SIMPLE_FUNCTION
1199uint16_t trace_get_source_port(const libtrace_packet_t *packet);
1200
1201/** Get the destination port
1202 * @param packet        the packet to read from
1203 * @return a port in \em HOST byte order, or equivilent to ports for this
1204 * protocol, or 0 if this protocol has no ports.
1205 * @author Perry Lorier
1206 */
1207DLLEXPORT SIMPLE_FUNCTION
1208uint16_t trace_get_destination_port(const libtrace_packet_t *packet);
1209
1210/** hint at the server port in specified protocol
1211 * @param protocol      the IP layer protocol, eg 6 (tcp), 17 (udp)
1212 * @param source        the source port from the packet
1213 * @param dest          the destination port from the packet
1214 * @return one of USE_SOURCE or USE_DEST depending on which one you should use
1215 * @note ports must be in \em HOST byte order!
1216 * @author Daniel Lawson
1217 */
1218DLLEXPORT SIMPLE_FUNCTION
1219int8_t trace_get_server_port(uint8_t protocol, uint16_t source, uint16_t dest);
1220
1221/** Takes a uri and splits it into a format and uridata component.
1222 * Primarily for internal use but made available for external use.
1223 * @param uri           the uri to be parsed
1224 * @param format        destination location for the format component of the uri
1225 * @return 0 if an error occured, otherwise return the uridata component
1226 * @author Shane Alcock
1227 */
1228DLLEXPORT const char *trace_parse_uri(const char *uri, char **format);
1229
1230/** RT protocol base format identifiers
1231 * This is used to say what kind of packet is being sent over the rt protocol
1232 */
1233enum base_format_t {
1234        TRACE_FORMAT_ERF          =1,
1235        TRACE_FORMAT_PCAP         =2,
1236        TRACE_FORMAT_PCAPFILE     =3,
1237        TRACE_FORMAT_WAG          =4,
1238        TRACE_FORMAT_RT           =5,
1239        TRACE_FORMAT_LEGACY_ATM   =6,
1240        TRACE_FORMAT_LEGACY_POS   =7,
1241        TRACE_FORMAT_LEGACY_ETH   =8,
1242        TRACE_FORMAT_LINUX_NATIVE =9
1243};
1244
1245/** Gets the framing header type for a given packet.
1246 * @param packet        the packet opaque pointer
1247 * @return the format of the packet
1248 */
1249DLLEXPORT
1250enum base_format_t trace_get_format(struct libtrace_packet_t *packet);
1251
1252#ifdef __cplusplus
1253} /* extern "C" */
1254#endif /* #ifdef __cplusplus */
1255#endif /* LIBTRACE_H_ */
Note: See TracBrowser for help on using the repository browser.