source: lib/libtrace.h @ a773a3b

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since a773a3b was a773a3b, checked in by Daniel Lawson <dlawson@…>, 16 years ago

it's == it is. You wanted its.

  • Property mode set to 100644
File size: 22.7 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2004 The University of Waikato, Hamilton, New Zealand.
5 * Authors: Daniel Lawson
6 *          Perry Lorier
7 *         
8 * All rights reserved.
9 *
10 * This code has been developed by the University of Waikato WAND
11 * research group. For further information please see http://www.wand.net.nz/
12 *
13 * libtrace is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * libtrace is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with libtrace; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26 *
27 * $Id$
28 *
29 */
30
31#ifndef LIBTRACE_H
32#define LIBTRACE_H
33
34#include <sys/types.h>
35#include <netinet/in.h>
36
37/** API version as 2 byte hex digits, eg 0xXXYYZZ */
38#define LIBTRACE_API_VERSION 0x020016  /* 2.0.22 */
39
40#ifdef __cplusplus
41extern "C" { 
42#endif
43
44/* HAVE_ATTR_PURE is replaced by autoconf */
45
46#define HAVE_ATTR_PURE 0
47
48/* Function does not depend on anything but its
49 * parameters, used to hint gcc's optimisations
50 */
51#if HAVE_ATTR_PURE
52#  define SIMPLE_FUNCTION __attribute__((pure))
53#else
54#  define SIMPLE_FUNCTION
55#endif
56       
57
58/** @file
59 *
60 * @brief Trace file processing library header
61 *
62 * @author Daniel Lawson
63 * @author Perry Lorier
64 *
65 * @version $Id$
66 *
67 * This library provides a per packet interface into a trace file, or a live
68 * captures.  It supports ERF, DAG cards, WAG cards, WAG's event format,
69 * pcap etc.
70 *
71 * @par Usage
72 * See the example/ directory in the source distribution for some simple examples
73 * @par Linking
74 * To use this library you need to link against libtrace by passing -ltrace
75 * to your linker. You may also need to link against a version of libpcap
76 * and of zlib which are compiled for largefile support (if you wish to access
77 * traces larger than 2 GB). This is left as an exercise for the reader. Debian
78 * Woody, at least, does not support large file offsets.
79 *
80 */
81
82#define COLLECTOR_PORT 3435
83
84       
85/** Opaque structure holding information about an output trace */
86struct libtrace_out_t;
87       
88/** Opaque structure holding information about a trace */
89struct libtrace_t;
90       
91/** Opaque structure holding information about a bpf filter */
92struct libtrace_filter_t;
93
94/** Structure holding information about a packet */
95#define LIBTRACE_PACKET_BUFSIZE 65536
96struct libtrace_packet_t {
97        struct libtrace_t *trace;
98        //void *buffer;
99        char buffer[LIBTRACE_PACKET_BUFSIZE];
100        size_t size;
101        uint32_t status;
102};
103                     
104
105/** Enumeration of error codes */
106enum {E_NOERROR, E_BAD_FORMAT, E_NO_INIT, E_NO_INIT_OUT, E_URI_LONG, E_URI_NOCOLON, E_INIT_FAILED };
107
108/** Structure for dealing with IP packets */
109struct libtrace_ip
110{
111#if BYTE_ORDER == LITTLE_ENDIAN
112    unsigned int ip_hl:4;               /**< header length */
113    unsigned int ip_v:4;                /**< version */
114#elif BYTE_ORDER == BIG_ENDIAN
115    unsigned int ip_v:4;                /**< version */
116    unsigned int ip_hl:4;               /**< header length */
117#else
118#   error "Adjust your <bits/endian.h> defines"
119#endif
120    u_int8_t ip_tos;                    /**< type of service */
121    u_short ip_len;                     /**< total length */
122    u_short ip_id;                      /**< identification */
123    u_short ip_off;                     /**< fragment offset field */
124#define IP_RF 0x8000                    /**< reserved fragment flag */
125#define IP_DF 0x4000                    /**< dont fragment flag */
126#define IP_MF 0x2000                    /**< more fragments flag */
127#define IP_OFFMASK 0x1fff               /**< mask for fragmenting bits */
128    u_int8_t ip_ttl;                    /**< time to live */
129    u_int8_t ip_p;                      /**< protocol */
130    u_short ip_sum;                     /**< checksum */
131    struct in_addr ip_src;              /**< source address */
132    struct in_addr ip_dst;              /**< dest address */
133} __attribute__ ((packed));
134
135/** Structure for dealing with TCP packets */
136struct libtrace_tcp
137  {
138    u_int16_t source;           /**< Source Port */
139    u_int16_t dest;             /**< Destination port */
140    u_int32_t seq;              /**< Sequence number */
141    u_int32_t ack_seq;          /**< Acknowledgement Number */
142#  if BYTE_ORDER == LITTLE_ENDIAN
143    u_int16_t res1:4;           /**< Reserved bits */
144    u_int16_t doff:4;           
145    u_int16_t fin:1;            /**< FIN */
146    u_int16_t syn:1;            /**< SYN flag */
147    u_int16_t rst:1;            /**< RST flag */
148    u_int16_t psh:1;            /**< PuSH flag */
149    u_int16_t ack:1;            /**< ACK flag */
150    u_int16_t urg:1;            /**< URG flag */
151    u_int16_t res2:2;           /**< Reserved */
152#  elif BYTE_ORDER == BIG_ENDIAN
153    u_int16_t doff:4;           
154    u_int16_t res1:4;           /**< Reserved bits */
155    u_int16_t res2:2;           /**< Reserved */
156    u_int16_t urg:1;            /**< URG flag */
157    u_int16_t ack:1;            /**< ACK flag */
158    u_int16_t psh:1;            /**< PuSH flag */
159    u_int16_t rst:1;            /**< RST flag */
160    u_int16_t syn:1;            /**< SYN flag */
161    u_int16_t fin:1;            /**< FIN flag */
162#  else
163#   error "Adjust your <bits/endian.h> defines"
164#  endif
165    u_int16_t window;           /**< Window Size */
166    u_int16_t check;            /**< Checksum */
167    u_int16_t urg_ptr;          /**< Urgent Pointer */
168} __attribute__ ((packed));
169
170/** UDP Header for dealing with UDP packets */
171struct libtrace_udp {
172  u_int16_t     source;         /**< Source port */
173  u_int16_t     dest;           /**< Destination port */
174  u_int16_t     len;            /**< Length */
175  u_int16_t     check;          /**< Checksum */
176} __attribute__ ((packed));
177
178/** ICMP Header for dealing with icmp packets */
179struct libtrace_icmp
180{
181  u_int8_t type;                /**< message type */
182  u_int8_t code;                /**< type sub-code */
183  u_int16_t checksum;           /**< checksum */
184  union
185  {
186    struct
187    {
188      u_int16_t id;
189      u_int16_t sequence;
190    } echo;                     /**< echo datagram */
191    u_int32_t   gateway;        /**< gateway address */
192    struct
193    {
194      u_int16_t unused;
195      u_int16_t mtu;
196    } frag;                     /**< path mtu discovery */
197  } un;                         /**< Union for payloads of various icmp codes */
198} __attribute__ ((packed));
199
200/** 802.3 frame */
201struct libtrace_ether
202{
203  u_int8_t ether_dhost[6];      /* destination ether addr */
204  u_int8_t ether_shost[6];      /* source ether addr */
205  u_int16_t ether_type;         /* packet type ID field (next-header) */
206} __attribute__ ((packed));
207
208/** 802.1Q frame */
209struct libtrace_8021q
210{
211  u_int8_t  ether_dhost[6];      /* destination eth addr */
212  u_int8_t  ether_shost[6];      /* source ether addr    */
213  u_int16_t ether_type;          /* packet type ID field , 0x8100 for VLAN */
214  u_int16_t vlan_pri:3;          /* vlan user priority */
215  u_int16_t vlan_cfi:1;          /* vlan format indicator, 0 for ethernet, 1 for token ring */
216  u_int16_t vlan_id:12;          /* vlan id */
217  u_int16_t vlan_ether_type;     /* vlan sub-packet type ID field (next-header)*/
218} __attribute__ ((packed));
219
220/** Prints help information for libtrace
221 *
222 * Function prints out some basic help information regarding libtrace,
223 * and then prints out the help() function registered with each input module
224 */
225void trace_help();
226
227/** Gets the output format for a given output trace
228 *
229 * @param libtrace      the output trace to get the name of the format fo
230 * @returns callee-owned null-terminated char* containing the output format
231 *
232 */
233SIMPLE_FUNCTION
234char *trace_get_output_format(const struct libtrace_out_t *libtrace);
235
236/** Prints error information
237 *
238 * Prints out a descriptive error message for the currently set trace_err value
239 */
240void trace_perror(const char *caller);
241
242/** Create a trace file from a URI
243 *
244 * @param uri containing a valid libtrace URI
245 * @returns opaque pointer to a libtrace_t
246 *
247 * Valid URI's are:
248 *  - erf:/path/to/erf/file
249 *  - erf:/path/to/erf/file.gz
250 *  - erf:/path/to/rtclient/socket
251 *  - erf:-  (stdin)
252 *  - dag:/dev/dagcard                 
253 *  - pcapint:pcapinterface                (eg: pcap:eth0)
254 *  - pcap:/path/to/pcap/file
255 *  - pcap:-
256 *  - rtclient:hostname
257 *  - rtclient:hostname:port
258 *  - wag:-
259 *  - wag:/path/to/wag/file
260 *  - wag:/path/to/wag/file.gz
261 *  - wag:/path/to/wag/socket
262 *
263 *  If an error occured when attempting to open the trace file, NULL is returned
264 *  and trace_errno is set. Use trace_perror() to get more information
265 */
266struct libtrace_t *trace_create(const char *uri);
267
268/** Creates a "dummy" trace file that has only the format type set.
269 *
270 * @returns opaque pointer to a (sparsely initialised) libtrace_t
271 *
272 * IMPORTANT: Do not attempt to call trace_read_packet or other such functions with
273 * the dummy trace. Its intended purpose is to act as a packet->trace for libtrace_packet_t's
274 * that are not associated with a libtrace_t structure.
275 */
276struct libtrace_t *trace_create_dead(const char *uri);
277
278/** Creates a trace output file from a URI.
279 *
280 * @param uri   the uri string describing the output format and destination
281 * @returns opaque pointer to a libtrace_output_t
282 * @author Shane Alcock
283 *
284 * Valid URI's are:
285 *  - gzerf:/path/to/erf/file.gz
286 *  - gzerf:/path/to/erf/file
287 *  - rtserver:hostname
288 *  - rtserver:hostname:port
289 *
290 *  If an error occured when attempting to open the output trace, NULL is returned
291 *  and trace_errno is set. Use trace_perror() to get more information
292 */
293struct libtrace_out_t *trace_output_create(const char *uri);
294
295/** Parses an output options string and calls the appropriate function to deal with output options.
296 *
297 * @param libtrace      the output trace object to apply the options to
298 * @param options       the options string
299 * @returns -1 if option configuration failed, 0 otherwise
300 *
301 * @author Shane Alcock
302 */
303int trace_output_config(struct libtrace_out_t *libtrace, char *options);
304
305/** Close a trace file, freeing up any resources it may have been using
306 *
307 */
308void trace_destroy(struct libtrace_t *trace);
309
310/** Close a trace file, freeing up any resources it may have been using
311 * @param trace         trace file to be destroyed
312 */
313void trace_destroy_dead(struct libtrace_t *trace);
314
315/** Close a trace output file, freeing up any resources it may have been using
316 *
317 * @param trace         the output trace file to be destroyed
318 *
319 * @author Shane Alcock
320 */
321void trace_output_destroy(struct libtrace_out_t *trace);
322
323/** Read one packet from the trace into buffer
324 *
325 * @param trace         the libtrace opaque pointer
326 * @param packet        the packet opaque pointer
327 * @returns 0 on EOF, negative value on error
328 *
329 */
330int trace_read_packet(struct libtrace_t *trace, struct libtrace_packet_t *packet);
331
332/** Write one packet out to the output trace
333 *
334 * @param trace         the libtrace_out opaque pointer
335 * @param packet        the packet opaque pointer
336 * @returns the number of bytes written out, if zero or negative then an error has occured.
337 */
338int trace_write_packet(struct libtrace_out_t *trace, const struct libtrace_packet_t *packet);
339
340/** get a pointer to the link layer
341 * @param packet        the packet opaque pointer
342 *
343 * @returns a pointer to the link layer, or NULL if there is no link layer
344 *
345 * @note you should call getLinkType() to find out what type of link layer
346 * this is
347 */
348SIMPLE_FUNCTION
349void *trace_get_link(const struct libtrace_packet_t *packet);
350
351/** get a pointer to the IP header (if any)
352 * @param packet        the packet opaque pointer
353 *
354 * @returns a pointer to the IP header, or NULL if there is not an IP packet
355 */
356SIMPLE_FUNCTION
357struct libtrace_ip *trace_get_ip(const struct libtrace_packet_t *packet);
358
359/** get a pointer to the TCP header (if any)
360 * @param packet        the packet opaque pointer
361 *
362 * @returns a pointer to the TCP header, or NULL if there is not a TCP packet
363 */
364SIMPLE_FUNCTION
365struct libtrace_tcp *trace_get_tcp(const struct libtrace_packet_t *packet);
366
367/** get a pointer to the TCP header (if any) given a pointer to the IP header
368 * @param ip            The IP header
369 * @param[out] skipped  An output variable of the number of bytes skipped
370 *
371 * @returns a pointer to the TCP header, or NULL if this is not a TCP packet
372 *
373 * Skipped can be NULL, in which case it will be ignored by the program.
374 *
375 * @author Perry Lorier
376 */
377SIMPLE_FUNCTION
378struct libtrace_tcp *trace_get_tcp_from_ip(const struct libtrace_ip *ip,int *skipped);
379
380/** get a pointer to the UDP header (if any)
381 * @param packet        the packet opaque pointer
382 *
383 * @returns a pointer to the UDP header, or NULL if this is not a UDP packet
384 */
385SIMPLE_FUNCTION
386struct libtrace_udp *trace_get_udp(const struct libtrace_packet_t *packet);
387
388/** get a pointer to the UDP header (if any) given a pointer to the IP header
389 * @param       ip      The IP header
390 * @param[out]  skipped An output variable of the number of bytes skipped
391 *
392 * @returns a pointer to the UDP header, or NULL if this is not an UDP packet
393 *
394 * Skipped may be NULL, in which case it will be ignored by this function.
395 */
396SIMPLE_FUNCTION
397struct libtrace_udp *trace_get_udp_from_ip(const struct libtrace_ip *ip,int *skipped);
398
399/** get a pointer to the ICMP header (if any)
400 * @param packet        the packet opaque pointer
401 *
402 * @returns a pointer to the ICMP header, or NULL if this is not a ICMP packet
403 */
404SIMPLE_FUNCTION
405struct libtrace_icmp *trace_get_icmp(const struct libtrace_packet_t *packet);
406
407/** get a pointer to the ICMP header (if any) given a pointer to the IP header
408 * @param ip            The IP header
409 * @param[out] skipped  An output variable of the number of bytes skipped
410 *
411 * @returns a pointer to the ICMP header, or NULL if this is not an ICMP packet
412 *
413 * Skipped may be NULL, in which case it will be ignored by this function
414 */
415SIMPLE_FUNCTION
416struct libtrace_icmp *trace_get_icmp_from_ip(const struct libtrace_ip *ip,int *skipped);
417
418/** parse an ip or tcp option
419 * @param[in,out] ptr   the pointer to the current option
420 * @param[in,out] len   the length of the remaining buffer
421 * @param[out] type     the type of the option
422 * @param[out] optlen   the length of the option
423 * @param[out] data     the data of the option
424 *
425 * @returns bool true if there is another option (and the fields are filled in)
426 *               or false if this was the last option.
427 *
428 * This updates ptr to point to the next option after this one, and updates
429 * len to be the number of bytes remaining in the options area.  Type is updated
430 * to be the code of this option, and data points to the data of this option,
431 * with optlen saying how many bytes there are.
432 *
433 * @note Beware of fragmented packets.
434 */
435int trace_get_next_option(unsigned char **ptr,int *len,
436                        unsigned char *type,
437                        unsigned char *optlen,
438                        unsigned char **data);
439
440
441/** Get the current time in DAG time format
442 * @param packet        the packet opaque pointer
443 *
444 * @returns a 64 bit timestamp in DAG ERF format (upper 32 bits are the seconds
445 * past 1970-01-01, the lower 32bits are partial seconds)
446 * @author Daniel Lawson
447 */
448SIMPLE_FUNCTION
449uint64_t trace_get_erf_timestamp(const struct libtrace_packet_t *packet);
450
451/** Get the current time in struct timeval
452 * @param packet        the packet opaque pointer
453 *
454 * @returns time that this packet was seen in a struct timeval
455 * @author Daniel Lawson
456 * @author Perry Lorier
457 */ 
458SIMPLE_FUNCTION
459struct timeval trace_get_timeval(const struct libtrace_packet_t *packet);
460
461/** Get the current time in floating point seconds
462 * @param packet        the packet opaque pointer
463 *
464 * @returns time that this packet was seen in 64bit floating point seconds
465 * @author Daniel Lawson
466 * @author Perry Lorier
467 */
468SIMPLE_FUNCTION
469double trace_get_seconds(const struct libtrace_packet_t *packet);
470
471/** Get the size of the packet in the trace
472 * @param packet        the packet opaque pointer
473 * @returns the size of the packet in the trace
474 * @author Perry Lorier
475 * @note Due to this being a header capture, or anonymisation, this may not
476 * be the same size as the original packet.  See get_wire_length() for the original
477 * size of the packet.
478 * @note This can (and often is) different for different packets in a trace!
479 * @par
480 *  This is sometimes called the "snaplen".
481 */
482SIMPLE_FUNCTION
483int trace_get_capture_length(const struct libtrace_packet_t *packet);
484
485/** Get the size of the packet as it was seen on the wire.
486 * @param packet        the packet opaque pointer
487 * @returns the size of the packet as it was on the wire.
488 * @author Perry Lorier
489 * @author Daniel Lawson
490 * @note Due to the trace being a header capture, or anonymisation this may
491 * not be the same as the Capture Len.
492 */ 
493SIMPLE_FUNCTION
494int trace_get_wire_length(const struct libtrace_packet_t *packet);
495
496/** Link layer types
497 * This enumates the various different link types that libtrace understands
498 */
499typedef enum { 
500       TRACE_TYPE_LEGACY,       
501       TRACE_TYPE_HDLC_POS, 
502       TRACE_TYPE_ETH,                  /**< 802.3 style Ethernet */
503       TRACE_TYPE_ATM,
504       TRACE_TYPE_80211,                /**< 802.11 frames */
505       TRACE_TYPE_NONE,
506       TRACE_TYPE_LINUX_SLL,            /**< Linux "null" framing */
507       TRACE_TYPE_PFLOG,                /**< FreeBSD's PFlug */
508       TRACE_TYPE_LEGACY_DEFAULT,
509       TRACE_TYPE_LEGACY_POS,
510       TRACE_TYPE_LEGACY_ATM,
511       TRACE_TYPE_LEGACY_ETH
512     } libtrace_linktype_t;
513
514/** Get the type of the link layer
515 * @param packet        the packet opaque pointer
516 * @returns libtrace_linktype_t
517 * @author Perry Lorier
518 * @author Daniel Lawson
519 */
520SIMPLE_FUNCTION
521inline libtrace_linktype_t trace_get_link_type(const struct libtrace_packet_t *packet);
522
523/** Get the destination MAC addres
524 * @param packet        the packet opaque pointer
525 * @returns a pointer to the destination mac, (or NULL if there is no
526 * destination MAC)
527 * @author Perry Lorier
528 */
529SIMPLE_FUNCTION
530uint8_t *trace_get_destination_mac(const struct libtrace_packet_t *packet);
531
532/** Get the source MAC addres
533 * @param packet        the packet opaque pointer
534 * @returns a pointer to the source mac, (or NULL if there is no source MAC)
535 * @author Perry Lorier
536 */
537SIMPLE_FUNCTION
538uint8_t *trace_get_source_mac(const struct libtrace_packet_t *packet);
539
540/** Truncate the packet at the suggested length
541 * @param packet        the packet opaque pointer
542 * @param size          the new length of the packet
543 * @returns the new length of the packet, or the original length of the
544 * packet if unchanged
545 * @author Daniel Lawson
546 */
547size_t trace_set_capture_length(struct libtrace_packet_t *packet, size_t size);
548
549/** Set the direction flag, if it has one
550 * @param packet        the packet opaque pointer
551 * @param direction     the new direction (0,1,2,3)
552 * @returns a signed value containing the direction flag, or -1 if this is not supported
553 * @author Daniel Lawson
554 */
555int8_t trace_set_direction(struct libtrace_packet_t *packet, int8_t direction);
556
557/** Get the direction flag, if it has one
558 * @param packet        the packet opaque pointer
559 * @returns a signed value containing the direction flag, or -1 if this is not supported
560 * The direction is defined as 0 for packets originating locally (ie, outbound)
561 * and 1 for packets originating remotely (ie, inbound).
562 * Other values are possible, which might be overloaded to mean special things
563 * for a special trace.
564 * @author Daniel Lawson
565 */
566SIMPLE_FUNCTION
567int8_t trace_get_direction(const struct libtrace_packet_t *packet);
568
569/** Event types
570 * see \ref libtrace_eventobj_t and \ref trace_event
571 */
572typedef enum {
573        TRACE_EVENT_IOWAIT,     /**< Need to block on fd */
574        TRACE_EVENT_SLEEP,      /**< Sleep for some time */
575        TRACE_EVENT_PACKET,     /**< packet has arrived */
576        TRACE_EVENT_TERMINATE   /**< End of trace */
577} libtrace_event_t;
578
579/** structure returned by libtrace_event explaining what the current event is */
580struct libtrace_eventobj_t {
581        libtrace_event_t type; /**< event type (iowait,sleep,packet) */
582        int fd;                /**< if IOWAIT, the fd to sleep on */
583        double seconds;        /**< if SLEEP, the amount of time to sleep for */
584        int size;              /**< if PACKET, the value returned from trace_read_packet */
585};
586
587/** process a libtrace event
588 * @param trace the libtrace opaque pointer
589 * @param packet the libtrace_packet opaque pointer
590 * @returns libtrace_event struct containing the type, and potential
591 *      fd or seconds to sleep on
592 *
593 * Type can be:
594 *  TRACE_EVENT_IOWAIT  Waiting on I/O on fd
595 *  TRACE_EVENT_SLEEP   Next event in seconds
596 *  TRACE_EVENT_PACKET  Packet arrived in buffer with size size
597 *  TRACE_EVENT_TERMINATE Trace terminated (perhaps with an error condition)
598 */
599struct libtrace_eventobj_t trace_event(struct libtrace_t *trace,
600                struct libtrace_packet_t *packet);
601
602/** setup a BPF filter
603 * @param filterstring a char * containing the bpf filter string
604 * @returns opaque pointer pointer to a libtrace_filter_t object
605 * @author Daniel Lawson
606 * @note The filter is not actually compiled at this point, so no correctness
607 * tests are performed here. trace_bpf_setfilter will always return ok, but
608 * if the filter is poorly constructed an error will be generated when the
609 * filter is actually used
610 */
611SIMPLE_FUNCTION
612struct libtrace_filter_t *trace_bpf_setfilter(const char *filterstring);
613
614/** apply a BPF filter
615 * @param filter        the filter opaque pointer
616 * @param packet        the packet opaque pointer
617 * @returns 0 if the filter fails, 1 if it succeeds
618 * @author Daniel Lawson
619 * @note Due to the way BPF filters are built, the filter is not actually compiled
620 * until the first time trace_bpf_filter is called. If your filter is incorrect, it will generate an error message and assert, exiting the program. This behaviour may change to more graceful handling of this error in the future.
621 */
622int trace_bpf_filter(struct libtrace_filter_t *filter,
623                const struct libtrace_packet_t *packet);
624
625
626/** Which port is the server port */
627typedef enum {
628        USE_DEST,       /**< Destination port is the server port */
629        USE_SOURCE      /**< Source port is the server port */
630} serverport_t;
631
632/** Get the source port
633 * @param packet        the packet to read from
634 * @returns a port in \em HOST byte order, or equivilent to ports for this
635 * protocol, or 0 if this protocol has no ports.
636 * @author Perry Lorier
637 */
638SIMPLE_FUNCTION
639uint16_t trace_get_source_port(const struct libtrace_packet_t *packet);
640
641/** Get the destination port
642 * @param packet        the packet to read from
643 * @returns a port in \em HOST byte order, or equivilent to ports for this
644 * protocol, or 0 if this protocol has no ports.
645 * @author Perry Lorier
646 */
647SIMPLE_FUNCTION
648uint16_t trace_get_destination_port(const struct libtrace_packet_t *packet);
649
650/** hint at the server port in specified protocol
651 * @param protocol      the IP layer protocol, eg 6 (tcp), 17 (udp)
652 * @param source        the source port from the packet
653 * @param dest          the destination port from the packet
654 * @returns one of USE_SOURCE or USE_DEST depending on which one you should use
655 * @note ports must be in \em HOST byte order!
656 * @author Daniel Lawson
657 */
658SIMPLE_FUNCTION
659int8_t trace_get_server_port(uint8_t protocol, uint16_t source, uint16_t dest);
660
661/** Takes a uri and splits it into a format and uridata component.
662 * Primarily for internal use but made available for external use.
663 * @param uri           the uri to be parsed
664 * @param format        destination location for the format component of the uri
665 * @returns 0 if an error occured, otherwise returns the uridata component
666 * @author Shane Alcock
667 */
668const char *trace_parse_uri(const char *uri, char **format);
669#ifdef __cplusplus
670} // extern "C"
671#endif // #ifdef __cplusplus
672#endif // LIBTRACE_H_
Note: See TracBrowser for help on using the repository browser.