source: lib/libtrace_int.h @ 1aa4bf7

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since 1aa4bf7 was 1aa4bf7, checked in by Perry Lorier <perry@…>, 12 years ago

Support using timespec's for dealing with traces

  • Property mode set to 100644
File size: 18.7 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2007,2008 The University of Waikato, Hamilton, New Zealand.
5 * Authors: Daniel Lawson
6 *          Perry Lorier
7 *         
8 * All rights reserved.
9 *
10 * This code has been developed by the University of Waikato WAND
11 * research group. For further information please see http://www.wand.net.nz/
12 *
13 * libtrace is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * libtrace is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with libtrace; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26 *
27 * $Id$
28 *
29 */
30/** @file */
31
32#ifndef LIBTRACE_INT_H
33#define LIBTRACE_INT_H
34
35#ifdef __cplusplus
36extern "C" {
37#endif
38
39#include "common.h"
40#include "config.h"
41#include "libtrace.h"
42#include "wandio.h"
43
44#ifdef _MSC_VER
45// warning: deprecated function
46#pragma warning(disable:4996)
47// warning: benign redefinitions of types
48#pragma warning(disable:4142)
49#endif
50
51#ifdef HAVE_INTTYPES_H
52# include <inttypes.h>
53#else
54# include "lt_inttypes.h"
55#endif
56
57#ifdef HAVE_STDDEF_H
58# include <stddef.h>
59#else
60#ifndef WIN32
61# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
62#endif
63#endif
64
65
66#include "rt_protocol.h"
67       
68/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
69#ifdef HAVE_NET_BPF_H
70#    include <net/bpf.h>
71#    define HAVE_BPF 1
72#else
73#ifdef HAVE_PCAP_BPF_H
74#  include <pcap-bpf.h>
75#  define HAVE_BPF 1
76#endif
77#endif
78
79#ifdef HAVE_PCAP_H
80#  include <pcap.h>
81#  ifdef HAVE_PCAP_INT_H
82#    include <pcap-int.h>
83#  endif
84#endif
85
86#ifdef HAVE_ZLIB_H
87#  include <zlib.h>
88#endif
89
90#ifndef HAVE_STRNCASECMP
91# ifndef HAVE__STRNICMP
92int strncasecmp(const char *str1, const char *str2, size_t n);
93# else
94# define strncasecmp _strnicmp
95# endif
96#endif
97
98#ifndef HAVE_SNPRINTF
99# ifndef HAVE_SPRINTF_S
100int snprintf(char *str, size_t size, const char *format, ...);
101# else
102# define snprintf sprintf_s
103# endif
104#endif
105
106#include "daglegacy.h"
107       
108#ifdef HAVE_DAG_API
109#  include "dagnew.h"
110#  include "dagapi.h"
111#       if DAG_VERSION == 25
112#               include <daginf.h>
113#       else
114#               include <erftypes.h>
115#       endif
116#else
117#  include "dagformat.h"
118#endif
119
120#define RP_BUFSIZE 65536U
121
122struct libtrace_event_status_t {
123        libtrace_packet_t *packet;
124        double tdelta;
125        double trace_last_ts;
126        int psize;
127};
128
129/** The information about traces that are open
130 * @internal
131 */
132struct libtrace_t {
133        struct libtrace_format_t *format; /**< format driver pointer */
134        struct libtrace_event_status_t event;   /**< the next event */
135        void *format_data;              /**<format data pointer */
136        struct libtrace_filter_t *filter; /**< used by libtrace if the module
137                                            * doesn't support filters natively
138                                            */
139        size_t snaplen;                 /**< used by libtrace if the module
140                                          * doesn't support snapping natively
141                                          */
142        uint64_t accepted_packets;      /**< Number of packets returned to the
143                                          * user
144                                          */
145        uint64_t filtered_packets;      /**< Number of packets filtered by
146                                          * libtrace
147                                          */
148        char *uridata;                  /**< the uri of this trace */
149        io_t *io;                       /**< The tracefile (if applicable) */
150
151        libtrace_err_t err;             /**< error information */
152        bool started;                   /**< if this trace has started */
153};
154
155/** Information about output traces
156 * @internal
157 */
158struct libtrace_out_t {
159        struct libtrace_format_t *format;       /**< format driver */
160        void *format_data;              /**< format data */
161        char *uridata;                  /**< URI associated with this trace */
162        libtrace_err_t err;             /**< Associated error */
163        bool started;                   /**< trace started */
164};
165
166void trace_set_err(libtrace_t *trace, int errcode,const char *msg,...) 
167                                                                PRINTF(3,4);
168void trace_set_err_out(libtrace_out_t *trace, int errcode, const char *msg,...)
169                                                                PRINTF(3,4);
170
171
172/*
173 *
174 * The basic idea of this function is that it will take the data pointed to
175 * by 'buffer' and treat it as a packet of the same format type as the
176 * libtrace_t pointed to by 'trace', including the format framing (e.g. an
177 * erf header for erf and dag formats, a pcap header for pcap formats).
178 *
179 * The libtrace packet pointed to by 'packet' will then have its internal
180 * pointers and values replaced with ones that describe the packet in 'buffer'.
181 *
182 * 'rt_type' is used to set packet->type while 'flags' is relatively
183 * self-explanatory. Definitions of the accepted flags will be provided below.
184 *
185 * The primary use of this function is to allow rt_read_packet to nicely
186 * convert packets from the RT format back to the format that they were
187 * originally captured with, as RT essentially encapsulates the original trace
188 * format. We've decided to not make this function available via the API
189 * because there are a number of issues that can arise if it is not used
190 * very carefully and there are few situations outside of the RT case where
191 * you'd want to do something like this anyway.
192 *
193 * Returns 0 if successful, -1 if something goes horribly wrong
194 */
195int trace_prepare_packet(libtrace_t *trace, libtrace_packet_t *packet,
196                void *buffer, libtrace_rt_types_t rt_type, uint32_t flags);
197
198/* Flags for prepare_packet functions */
199/*-------------------------------------*/
200enum {
201        /* If set, the memory pointed to by 'buffer' is malloc()'d and
202         * libtrace should undertake ownership of that memory. If not set,
203         * the memory is treated as externally-owned and will not be freed by
204         * libtrace when the packet is destroyed. */
205        TRACE_PREP_OWN_BUFFER           =1,
206        TRACE_PREP_DO_NOT_OWN_BUFFER    =0
207};
208
209#define TRACE_PREP_OWN_BUFFER   1
210
211                                                               
212typedef struct libtrace_sll_header_t {
213        uint16_t pkttype;               /* packet type */
214        uint16_t hatype;                /* link-layer address type */
215        uint16_t halen;                 /* link-layer address length */
216        char addr[8];                   /* link-layer address */
217        uint16_t protocol;              /* protocol */
218} libtrace_sll_header_t;
219
220#define TRACE_SLL_HOST          0
221#define TRACE_SLL_BROADCAST     1
222#define TRACE_SLL_MULTICAST     2
223#define TRACE_SLL_OTHERHOST     3
224#define TRACE_SLL_OUTGOING      4
225
226#ifndef PF_RULESET_NAME_SIZE
227#define PF_RULESET_NAME_SIZE 16
228#endif
229
230#ifndef IFNAMSIZ
231#define IFNAMSIZ 16
232#endif
233
234typedef struct libtrace_pflog_header_t {
235        uint8_t    length;
236        sa_family_t   af;
237        uint8_t    action;
238        uint8_t    reason;
239        char       ifname[IFNAMSIZ];
240        char       ruleset[PF_RULESET_NAME_SIZE];
241        uint32_t   rulenr;
242        uint32_t   subrulenr;
243        uint8_t    dir;
244        uint8_t    pad[3];
245} PACKED libtrace_pflog_header_t;
246
247
248
249/** Module definition structure */
250/* all of these should return -1, or NULL on failure */
251struct libtrace_format_t {
252        /** the uri name of this module */
253        const char *name;
254        /** the version of this module */
255        const char *version;
256        /** the RT protocol type of this module */
257        enum base_format_t type;
258        /** stuff that deals with input @{ */
259        /** Given a filename, return if this format is responsible
260         * (used for devices)
261         */
262        int (*probe_filename)(const char *fname);
263        /** Given a file, look for file magic. */
264        int (*probe_magic)(io_t *io);
265        /** initialise an trace (or NULL if input is not supported) */
266        int (*init_input)(libtrace_t *libtrace);
267        /** configure an trace (or NULL if input is not supported) */
268        int (*config_input)(libtrace_t *libtrace,trace_option_t option,void *value);
269        /** start/unpause an trace (or NULL if input not supported) */
270        int (*start_input)(libtrace_t *libtrace);
271        /** pause an trace (or NULL if input not supported) */
272        int (*pause_input)(libtrace_t *libtrace);
273        /** @} */
274        /** stuff that deals with output @{ */
275        /** initialise output traces (or NULL if output not supported) */
276        int (*init_output)(libtrace_out_t *libtrace);
277        /** configure output traces (or NULL if output not supported) */
278        int (*config_output)(libtrace_out_t *libtrace, trace_option_output_t option, void *);
279        /** start output traces (or NULL if output not supported)
280         * There is no pause for output traces, as packets are not arriving
281         * asyncronously
282         */
283        int (*start_output)(libtrace_out_t *libtrace);
284        /** @} */
285        /** finish an input trace, cleanup (or NULL if input not supported)
286         * if the trace is not paused, libtrace will pause the trace before
287         * calling this function.
288         */
289        int (*fin_input)(libtrace_t *libtrace);
290        /** finish an output trace, cleanup (or NULL if output not supported) */
291        int (*fin_output)(libtrace_out_t *libtrace);
292        /** read a packet from a trace into the provided packet structure
293         * @returns -1 on error, or get_framing_length()+get_capture_length() \
294         * on success.
295         * if this function is not supported, this field may be NULL.
296         */
297        int (*read_packet)(libtrace_t *libtrace, libtrace_packet_t *packet);
298        /** prepares a packet for general libtrace usage
299         * updates internal trace and packet details, such as payload pointers,
300         * loss counters and packet types.
301         * Intended (at this stage) only for internal use, particularly by
302         * RT which needs to decapsulate RT packets */
303        int (*prepare_packet)(libtrace_t *libtrace, libtrace_packet_t *packet,
304                        void *buffer, libtrace_rt_types_t rt_type, 
305                        uint32_t flags);
306        /** finalise a packet
307         * cleanup any resources used by a packet that can't be reused for
308         * the next packet.
309         */
310        void (*fin_packet)(libtrace_packet_t *packet);
311        /** write a packet to a trace from the provided packet
312         * (or NULL if output not supported)
313         */
314        int (*write_packet)(libtrace_out_t *libtrace, libtrace_packet_t *packet);
315        /** return the libtrace link type for this packet
316         * @return the libtrace link type, or -1 if this link type is unknown
317         */ 
318        libtrace_linktype_t (*get_link_type)(const libtrace_packet_t *packet);
319        /** return the direction of this packet
320         * @note This callback may be NULL if not supported.
321         */ 
322        libtrace_direction_t (*get_direction)(const libtrace_packet_t *packet);
323        /** set the direction of this packet
324         * @note This callback may be NULL if not supported.
325         */ 
326        libtrace_direction_t (*set_direction)(libtrace_packet_t *packet, libtrace_direction_t direction);
327        /** return the erf timestamp of the packet.
328         * @return the 64bit erf timestamp
329         * This field may be NULL in the structure, and libtrace will
330         * synthesise the result from get_timeval or get_seconds if they
331         * exist.  AT least one of get_erf_timestamp, get_timeval or
332         * get_seconds must be implemented.
333         */
334        uint64_t (*get_erf_timestamp)(const libtrace_packet_t *packet);
335        /** return the timeval of this packet.
336         * @return the timeval
337         * This field may be NULL in the structure, and libtrace will
338         * synthesise the result from get_erf_timestamp or get_seconds if they
339         * exist.  AT least one of get_erf_timestamp, get_timeval or
340         * get_seconds must be implemented.
341         */
342        struct timeval (*get_timeval)(const libtrace_packet_t *packet);
343        /** return the timespec of this packet.
344         * @return the timespec
345         * This field may be NULL in the structure, and libtrace will
346         * synthesise the result from get_erf_timestamp or get_seconds if they
347         * exist.  AT least one of get_erf_timestamp, get_timeval or
348         * get_seconds must be implemented.
349         */
350        struct timespec (*get_timespec)(const libtrace_packet_t *packet);
351        /** return the timestamp of this packet.
352         * @return the floating point seconds since 1970-01-01 00:00:00
353         * This field may be NULL in the structure, and libtrace will
354         * synthesise the result from get_timeval or get_erf_timestamp if they
355         * exist.  AT least one of get_erf_timestamp, get_timeval or
356         * get_seconds must be implemented.
357         */
358        double (*get_seconds)(const libtrace_packet_t *packet);
359        /** move the pointer within the trace.
360         * @return 0 on success, -1 on failure.
361         * The next packet returned by read_packet be the first
362         * packet in the trace to have a timestamp equal or greater than
363         * timestamp.
364         * @note this function may be NULL if the format does not support
365         * this feature.  If the format implements seek_timeval and/or
366         * seek_seconds then libtrace will call those functions instead.
367         */
368        int (*seek_erf)(libtrace_t *trace, uint64_t timestamp);
369        /** move the pointer within the trace.
370         * @return 0 on success, -1 on failure.
371         * The next packet returned by read_packet be the first
372         * packet in the trace to have a timestamp equal or greater than
373         * timestamp.
374         * @note this function may be NULL if the format does not support
375         * this feature.  If the format implements seek_erf and/or
376         * seek_seconds then libtrace will call those functions instead.
377         */
378        int (*seek_timeval)(libtrace_t *trace, struct timeval tv);
379        /** move the pointer within the trace.
380         * @return 0 on success, -1 on failure.
381         * The next packet returned by read_packet be the first
382         * packet in the trace to have a timestamp equal or greater than
383         * tv.
384         * @note this function may be NULL if the format does not support
385         * this feature.  If the format implements seek_erf and/or
386         * seek_timeval then libtrace will call those functions instead.
387         */
388        int (*seek_seconds)(libtrace_t *trace, double seconds);
389        /** return the captured payload length
390         * @return the amount of data captured in a trace.
391         * This is the number of bytes actually in the trace.  This does not
392         * include the trace framing length.  This is usually shorter or
393         * equal to the wire length.
394         */
395        int (*get_capture_length)(const libtrace_packet_t *packet);
396        /** return the original length of the packet on the wire.
397         * @return the length of the packet on the wire before truncation.
398         * This is the number of bytes actually in the trace.  This does not
399         * include the trace framing length.  This is usually shorter or
400         * equal to the wire length.
401         */
402        int (*get_wire_length)(const libtrace_packet_t *packet);
403        /** return the length of the trace framing header
404         * @return the length of the framing header
405         * The framing header is the extra metadata a trace stores about
406         * a packet.  This does not include the wire or capture length
407         * of the packet.  Usually get_framing_length()+get_capture_length()
408         * is the size returned by read_packet
409         */
410        int (*get_framing_length)(const libtrace_packet_t *packet);
411        /** truncate (snap) the packet
412         * @returns the new size
413         * @note This callback may be NULL if not supported.
414         */
415        size_t (*set_capture_length)(struct libtrace_packet_t *packet,size_t size);
416        /** Report the number of packets ever seen as early as possible
417         */
418        uint64_t (*get_received_packets)(libtrace_t *trace);
419        /** Report the number of filtered packets.
420         */
421        uint64_t (*get_filtered_packets)(libtrace_t *trace);
422        /** Return the number of dropped packets */
423        uint64_t (*get_dropped_packets)(libtrace_t *trace);
424        /** Report number of captured packets
425         */
426        uint64_t (*get_captured_packets)(libtrace_t *trace);
427        /** return the filedescriptor associated with this interface.
428         * @note This callback may be NULL if not supported.
429         * This function is only needed if you use trace_event_interface
430         * as the pointer for trace_event
431         */
432        int (*get_fd)(const libtrace_t *trace);
433        /** return the next event from this source
434         * @note may be NULL if not supported.
435         */
436        struct libtrace_eventobj_t (*trace_event)(libtrace_t *trace, libtrace_packet_t *packet);       
437        /** return information about this trace format to standard out */
438        void (*help)(void);
439        /** next pointer, should be NULL */
440        struct libtrace_format_t *next;
441};
442
443extern struct libtrace_format_t *form;
444
445void register_format(struct libtrace_format_t *format);
446
447libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_dlt_t linktype);
448libtrace_rt_types_t pcap_linktype_to_rt(libtrace_dlt_t linktype);
449libtrace_dlt_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
450libtrace_dlt_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
451libtrace_dlt_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
452libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
453uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
454libtrace_linktype_t arphrd_type_to_libtrace(unsigned int);
455unsigned int libtrace_to_arphrd_type(libtrace_linktype_t);
456
457void promote_packet(libtrace_packet_t *packet);
458bool demote_packet(libtrace_packet_t *packet);
459
460void *trace_get_payload_from_linux_sll(const void *, uint16_t *, uint32_t *);
461void *trace_get_payload_from_pos(void *, uint16_t *, uint32_t *);
462DLLEXPORT void *trace_get_payload_from_atm(void *, uint8_t *, uint32_t *);
463
464uint64_t byteswap64(uint64_t num);
465uint32_t byteswap32(uint32_t num);
466uint16_t byteswap16(uint16_t num);
467
468/* Because some traces/protocols are defined as
469 * being "big endian" or "little endian" we have
470 * this series of macros.
471 */
472#if BYTE_ORDER == BIG_ENDIAN
473#define bswap_host_to_be64(num) ((uint64_t)(num))
474#define bswap_host_to_le64(num) byteswap64(num)
475#define bswap_host_to_be32(num) ((uint32_t)(num))
476#define bswap_host_to_le32(num) byteswap32(num)
477#define bswap_host_to_be16(num) ((uint16_t)(num))
478#define bswap_host_to_le16(num) byteswap16(num)
479
480#define bswap_be_to_host64(num) ((uint64_t)(num))
481#define bswap_le_to_host64(num) byteswap64(num)
482#define bswap_be_to_host32(num) ((uint32_t)(num))
483#define bswap_le_to_host32(num) byteswap32(num)
484#define bswap_be_to_host16(num) ((uint16_t)(num))
485#define bswap_le_to_host16(num) byteswap16(num)
486
487/* We use ntoh*() here, because the compiler may
488 * attempt to optimise it
489 */
490#elif BYTE_ORDER == LITTLE_ENDIAN
491#define bswap_host_to_be64(num) (byteswap64(num))
492#define bswap_host_to_le64(num) ((uint64_t)(num))
493#define bswap_host_to_be32(num) (htonl(num))
494#define bswap_host_to_le32(num) ((uint32_t)(num))
495#define bswap_host_to_be16(num) (htons(num))
496#define bswap_host_to_le16(num) ((uint16_t)(num))
497
498#define bswap_be_to_host64(num) (byteswap64(num))
499#define bswap_le_to_host64(num) ((uint64_t)(num))
500#define bswap_be_to_host32(num) (ntohl(num))
501#define bswap_le_to_host32(num) ((uint32_t)(num))
502#define bswap_be_to_host16(num) (ntohs(num))
503#define bswap_le_to_host16(num) ((uint16_t)(num))
504
505#else
506#error "Unknown byte order"
507#endif
508
509#ifdef HAVE_BPF
510/* A type encapsulating a bpf filter
511 * This type covers the compiled bpf filter, as well as the original filter
512 * string
513 *
514 */
515struct libtrace_filter_t {
516        struct bpf_program filter;
517        char * filterstring;
518        int flag;
519};
520#else
521struct libtrace_filter_t {};
522#endif
523
524/** libtrace packet
525 */
526typedef struct libtrace_pcapfile_pkt_hdr_t {
527        uint32_t ts_sec;
528        uint32_t ts_usec;
529        uint32_t caplen;
530        uint32_t wirelen;
531} libtrace_pcapfile_pkt_hdr_t;
532
533#ifdef HAVE_DAG
534void dag_constructor(void);
535#endif
536void erf_constructor(void);
537void tsh_constructor(void);
538void legacy_constructor(void);
539void linuxnative_constructor(void);
540void pcap_constructor(void);
541void pcapfile_constructor(void);
542void rt_constructor(void);
543void duck_constructor(void);
544void atmhdr_constructor(void);
545#ifdef HAVE_BPF
546void bpf_constructor(void);
547#endif
548
549/* Used internally by get_wire_length() methods */
550bool trace_get_wireless_flags(void *link, libtrace_linktype_t linktype, uint8_t *flags);
551#define TRACE_RADIOTAP_F_FCS 0x10
552       
553#ifdef __cplusplus
554}
555#endif
556
557#endif /* LIBTRACE_INT_H */
Note: See TracBrowser for help on using the repository browser.