source: lib/libtrace_int.h @ 31a15db

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since 31a15db was 31a15db, checked in by Perry Lorier <perry@…>, 11 years ago

Add missing includes.

  • Property mode set to 100644
File size: 35.3 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2007,2008,2009,2010 The University of Waikato, Hamilton,
5 * New Zealand.
6 *
7 * Authors: Daniel Lawson
8 *          Perry Lorier
9 *          Shane Alcock
10 *         
11 * All rights reserved.
12 *
13 * This code has been developed by the University of Waikato WAND
14 * research group. For further information please see http://www.wand.net.nz/
15 *
16 * libtrace is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 * libtrace is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with libtrace; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
29 *
30 * $Id$
31 *
32 */
33
34/** @file
35 *
36 * @brief Header file containing definitions for structures and functions that
37 * are internal
38 *
39 * @author Daniel Lawson
40 * @author Perry Lorier
41 * @author Shane Alcock
42 *
43 * @version $Id$
44 *
45 * All of the structures and functions defined in this header file are intended
46 * for internal use within Libtrace only. They should not be exported as part
47 * of the library API as we don't want users accessing things like the
48 * contents of the libtrace packet structure directly!
49 */
50#ifndef LIBTRACE_INT_H
51#define LIBTRACE_INT_H
52
53#ifdef __cplusplus
54extern "C" {
55#endif
56
57#include "common.h"
58#include "config.h"
59#include "libtrace.h"
60#include "wandio.h"
61
62#ifdef _MSC_VER
63// warning: deprecated function
64#pragma warning(disable:4996)
65// warning: benign redefinitions of types
66#pragma warning(disable:4142)
67#endif
68
69#ifdef HAVE_INTTYPES_H
70# include <inttypes.h>
71#else
72# include "lt_inttypes.h"
73#endif
74
75#ifdef HAVE_STDDEF_H
76# include <stddef.h>
77#else
78#ifndef WIN32
79# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
80#endif
81#endif
82
83
84#include "rt_protocol.h"
85       
86/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
87#ifdef HAVE_NET_BPF_H
88#    include <net/bpf.h>
89#    define HAVE_BPF 1
90#else
91#ifdef HAVE_PCAP_BPF_H
92#  include <pcap-bpf.h>
93#  define HAVE_BPF 1
94#endif
95#endif
96
97#ifdef HAVE_PCAP_H
98#  include <pcap.h>
99#  ifdef HAVE_PCAP_INT_H
100#    include <pcap-int.h>
101#  endif
102#endif
103
104#ifdef HAVE_ZLIB_H
105#  include <zlib.h>
106#endif
107
108#ifndef HAVE_STRNCASECMP
109# ifndef HAVE__STRNICMP
110/** A local implementation of strncasecmp (as some systems do not have it) */
111int strncasecmp(const char *str1, const char *str2, size_t n);
112# else
113# define strncasecmp _strnicmp
114# endif
115#endif
116
117#ifndef HAVE_SNPRINTF
118# ifndef HAVE_SPRINTF_S
119/** A local implementation of snprintf (as some systems do not have it) */
120int snprintf(char *str, size_t size, const char *format, ...);
121# else
122# define snprintf sprintf_s
123# endif
124#endif
125
126#include "daglegacy.h"
127       
128#ifdef HAVE_DAG_API
129#  include "dagnew.h"
130#  include "dagapi.h"
131#       if DAG_VERSION == 25
132#               include <daginf.h>
133#       else
134#               include <erftypes.h>
135#       endif
136#else
137#  include "dagformat.h"
138#endif
139
140#ifdef HAVE_LLVM
141#include "bpf-jit/bpf-jit.h"
142#endif
143
144//#define RP_BUFSIZE 65536U
145
146/** Data about the most recent event from a trace file */
147struct libtrace_event_status_t {
148        /** A libtrace packet to store the packet when a PACKET event occurs */
149        libtrace_packet_t *packet;
150        /** Time between the timestamp for the current packet and the current
151         * walltime */
152        double tdelta;
153        /** The timestamp of the previous PACKET event */
154        double trace_last_ts;
155        /** The size of the current PACKET event */
156        int psize;
157};
158
159/** A libtrace input trace
160 * @internal
161 */
162struct libtrace_t {
163        /** The capture format for the input trace */
164        struct libtrace_format_t *format; 
165        /** Details of the most recent PACKET event reported by the trace */
166        struct libtrace_event_status_t event;
167        /** Pointer to the "global" data for the capture format module */       
168        void *format_data;             
169        /** A BPF filter to be applied to all packets read by the trace -
170         * used only if the capture format does not support filters natively */
171        struct libtrace_filter_t *filter; 
172        /** The snap length to be applied to all packets read by the trace -
173         * used only if the capture format does not support snapping natively */
174        size_t snaplen;                 
175        /** Count of the number of packets returned to the libtrace user */
176        uint64_t accepted_packets;     
177        /** Count of the number of packets filtered by libtrace */
178        uint64_t filtered_packets;     
179        /** The filename from the uri for the trace */
180        char *uridata;                 
181        /** The libtrace IO reader for this trace (if applicable) */
182        io_t *io;                       
183        /** Error information for the trace */
184        libtrace_err_t err;             
185        /** Boolean flag indicating whether the trace has been started */
186        bool started;                   
187};
188
189/** A libtrace output trace
190 * @internal
191 */
192struct libtrace_out_t {
193        /** The capture format for the output trace */
194        struct libtrace_format_t *format;
195        /** Pointer to the "global" data for the capture format module */
196        void *format_data;             
197        /** The filename for the uri for the output trace */
198        char *uridata;                 
199        /** Error information for the output trace */
200        libtrace_err_t err;
201        /** Boolean flag indicating whether the trace has been started */
202        bool started;                   
203};
204
205/** Sets the error status on an input trace
206 *
207 * @param trace         The input trace to set the error status for
208 * @param errcode       The code for the error - can be a libtrace error code or a regular errno value
209 * @param msg           A message to print when reporting the error
210 */
211void trace_set_err(libtrace_t *trace, int errcode,const char *msg,...) 
212
213                                                                PRINTF(3,4);
214/** Sets the error status on an output trace
215 *
216 * @param trace         The output trace to set the error status for
217 * @param errcode       The code for the error - can be a libtrace error code or a regular errno value
218 * @param msg           A message to print when reporting the error
219 */
220void trace_set_err_out(libtrace_out_t *trace, int errcode, const char *msg,...)
221                                                                PRINTF(3,4);
222
223
224/** Converts the data provided in buffer into a valid libtrace packet
225 *
226 * @param trace         An input trace of the same format as the "packet"
227 *                      contained in the buffer
228 * @param packet        The libtrace packet to prepare
229 * @param buffer        A buffer containing the packet data, including the
230 *                      capture format header
231 * @param rt_type       The RT type for the packet that is being prepared
232 * @param flags         Used to specify options for the preparation function,
233 *                      e.g. who owns the packet buffer
234 *
235 * @return -1 if an error occurs, 0 otherwise
236 *
237 * Packet preparation is a tricky concept - the idea is to take the data
238 * pointed to by 'buffer' and treat it as a packet record of the same capture
239 * format as that used by the input trace. The provided libtrace packet then
240 * has its internal pointers and values set to describe the packet record in
241 * the buffer.
242 *
243 * The primary use of this function is to allow the RT packet reader to
244 * easily and safely convert packets from the RT format back into the format
245 * that they were originally captured with., essentially removing the RT
246 * encapsulation.
247 *
248 * We've decided not to make this function available via the exported API
249 * because there are several issues that can arise if it is not used very
250 * carefully and it is not very useful outside of internal contexts anyway.
251 */
252int trace_prepare_packet(libtrace_t *trace, libtrace_packet_t *packet,
253                void *buffer, libtrace_rt_types_t rt_type, uint32_t flags);
254
255/** Flags for prepare_packet functions */
256enum {
257        /** The buffer memory has been allocated by libtrace and should be
258         * freed when the packet is destroyed. */
259        TRACE_PREP_OWN_BUFFER           =1,
260       
261        /** The buffer memory is externally-owned and must not be freed by
262         * libtrace when the packet is destroyed. */
263        TRACE_PREP_DO_NOT_OWN_BUFFER    =0
264};
265
266/** A local definition of an SLL header */
267typedef struct libtrace_sll_header_t {
268        uint16_t pkttype;               /**< Packet type */
269        uint16_t hatype;                /**< Link-layer address type */
270        uint16_t halen;                 /**< Link-layer address length */
271        unsigned char addr[8];          /**< Link-layer address */
272        uint16_t protocol;              /**< Protocol */
273} libtrace_sll_header_t;
274
275
276/* SLL packet types */
277
278/** Packet was addressed for the local host */
279#define TRACE_SLL_HOST          0
280/** Packet was addressed for a broadcast address */
281#define TRACE_SLL_BROADCAST     1
282/** Packet was addressed for a multicast address */
283#define TRACE_SLL_MULTICAST     2
284/** Packet was addressed for another host but was captured by a promiscuous
285 * device */
286#define TRACE_SLL_OTHERHOST     3
287/** Packet originated from the local host */
288#define TRACE_SLL_OUTGOING      4
289
290#ifndef PF_RULESET_NAME_SIZE
291#define PF_RULESET_NAME_SIZE 16
292#endif
293
294#ifndef IFNAMSIZ
295#define IFNAMSIZ 16
296#endif
297
298
299/** A local definition of a PFLOG header */
300typedef struct libtrace_pflog_header_t {
301        uint8_t    length;     
302        sa_family_t   af;
303        uint8_t    action;
304        uint8_t    reason;
305        char       ifname[IFNAMSIZ];
306        char       ruleset[PF_RULESET_NAME_SIZE];
307        uint32_t   rulenr;
308        uint32_t   subrulenr;
309        uint8_t    dir;
310        uint8_t    pad[3];
311} PACKED libtrace_pflog_header_t;
312
313
314
315/** A libtrace capture format module */
316/* All functions should return -1, or NULL on failure */
317struct libtrace_format_t {
318        /** The name of this module, used in the libtrace URI to identify the
319         * capture format */
320        const char *name;
321        /** The version of this module */
322        const char *version;
323        /** The RT protocol type of this module */
324        enum base_format_t type;
325
326
327        /** Given a filename, return if this is the most likely capture format
328         * (used for devices). Used to "guess" the capture format when the
329         * URI is not fully specified.
330         *
331         * @param fname         The name of the device or file to examine
332         * @return 1 if the name matches the capture format, 0 otherwise
333         */
334        int (*probe_filename)(const char *fname);
335       
336        /** Given a file, looks at the start of the file to determine if this
337         * is the capture format. Used to "guess" the capture format when the
338         * URI is not fully specified.
339         *
340         * @param io            An open libtrace IO reader for the file to check
341         * @return 1 if the file matches the capture format, 0 otherwise
342         */
343        int (*probe_magic)(io_t *io);
344
345        /** Initialises an input trace using the capture format.
346         *
347         * @param libtrace      The input trace to be initialised
348         * @return 0 if successful, -1 in the event of error
349         */
350        int (*init_input)(libtrace_t *libtrace);
351       
352        /** Applies a configuration option to an input trace.
353         *
354         * @param libtrace      The input trace to apply the option to
355         * @param option        The option that is being configured
356         * @param value         A pointer to the value that the option is to be
357         *                      set to
358         * @return 0 if successful, -1 if the option is unsupported or an error
359         * occurs
360         */
361        int (*config_input)(libtrace_t *libtrace,trace_option_t option,void *value);
362        /** Starts or unpauses an input trace - note that this function is
363         * often the one that opens the file or device for reading.
364         *
365         * @param libtrace      The input trace to be started or unpaused
366         * @return 0 if successful, -1 in the event of error */
367        int (*start_input)(libtrace_t *libtrace);
368
369        /** Pauses an input trace - this function should close or detach the
370         * file or device that is being read from.
371         *
372         * @param libtrace      The input trace to be paused
373         * @return 0 if successful, -1 in the event of error
374         */
375        int (*pause_input)(libtrace_t *libtrace);
376
377        /** Initialises an output trace using the capture format.
378         *
379         * @param libtrace      The output trace to be initialised
380         * @return 0 if successful, -1 in the event of error
381         */
382        int (*init_output)(libtrace_out_t *libtrace);
383       
384        /** Applies a configuration option to an output trace.
385         *
386         * @param libtrace      The output trace to apply the option to
387         * @param option        The option that is being configured
388         * @param value         A pointer to the value that the option is to be
389         *                      set to
390         * @return 0 if successful, -1 if the option is unsupported or an error
391         * occurs
392         * */
393        int (*config_output)(libtrace_out_t *libtrace, trace_option_output_t option, void *value);
394
395        /** Starts an output trace - note that this function is often the one
396         * that opens the file or device for writing.
397         *
398         * @param libtrace      The output trace to be started
399         * @return 0 if successful, -1 if an error occurs
400         *
401         * There is no pause for output traces, as writing is not performed
402         * asynchronously.
403         */
404        int (*start_output)(libtrace_out_t *libtrace);
405
406        /** Concludes an input trace and cleans up the capture format data.
407         *
408         * @param libtrace      The input trace to be concluded
409         * @return 0 if successful, -1 if an error occurs
410         *
411         * Libtrace will call the pause_input function if the input trace is
412         * currently active prior to calling this function.
413         */
414        int (*fin_input)(libtrace_t *libtrace);
415
416        /** Concludes an output trace and cleans up the capture format data.
417         *
418         * @param libtrace      The output trace to be concluded
419         * @return 0 if successful, -1 if an error occurs
420         */
421        int (*fin_output)(libtrace_out_t *libtrace);
422
423        /** Reads the next packet from an input trace into the provided packet
424         * structure.
425         *
426         * @param libtrace      The input trace to read from
427         * @param packet        The libtrace packet to read into
428         * @return The size of the packet read (in bytes) including the capture
429         * framing header, or -1 if an error occurs. 0 is returned in the
430         * event of an EOF.
431         *
432         * If no packets are available for reading, this function should block
433         * until one appears or return 0 if the end of a trace file has been
434         * reached.
435         */
436        int (*read_packet)(libtrace_t *libtrace, libtrace_packet_t *packet);
437       
438        /** Converts a buffer containing a packet record into a libtrace packet
439         *
440         * @param libtrace      An input trace in the capture format for the
441         *                      packet
442         * @param packet        A libtrace packet to put the prepared packet
443         *                      into
444         * @param buffer        The buffer containing the packet record
445         *                      (including the capture format header)
446         * @param rt_type       The RT type for the packet
447         * @param flags         Flags describing properties that should be
448         *                      applied to the new packet
449         * @return 0 if successful, -1 if an error occurs.
450         *
451         * Updates internal trace and packet details, such as payload pointers,
452         * loss counters and packet types to match the packet record provided
453         * in the buffer. This is a zero-copy function.
454         *
455         * Intended (at this stage) only for internal use, particularly by
456         * RT which needs to decapsulate RT packets */
457        int (*prepare_packet)(libtrace_t *libtrace, libtrace_packet_t *packet,
458                        void *buffer, libtrace_rt_types_t rt_type, 
459                        uint32_t flags);
460       
461        /** Frees any resources allocated by the capture format module for a
462         * libtrace packet.
463         *
464         * @param The packet to be finalised
465         *       */
466        void (*fin_packet)(libtrace_packet_t *packet);
467
468        /** Write a libtrace packet to an output trace.
469         *
470         * @param libtrace      The output trace to write the packet to
471         * @param packet        The packet to be written out
472         * @return The number of bytes written, or -1 if an error occurs
473         */
474        int (*write_packet)(libtrace_out_t *libtrace, libtrace_packet_t *packet);
475        /** Returns the libtrace link type for a packet.
476         *
477         * @param packet        The packet to get the link type for
478         * @return The libtrace link type, or -1 if this link type is unknown
479         */ 
480        libtrace_linktype_t (*get_link_type)(const libtrace_packet_t *packet);
481
482        /** Returns the direction of a packet.
483         *
484         * @param packet        The packet to get the direction for
485         * @return The direction of the packet, or -1 if no direction tag is
486         * present or an error occurs
487         */ 
488        libtrace_direction_t (*get_direction)(const libtrace_packet_t *packet);
489       
490        /** Sets the direction of a packet.
491         *
492         * @param packet        The packet to set the direction for
493         * @param direction     The direction to assign to the packet
494         * @return The updated direction for the packet, or -1 if an error
495         * occurs
496         *
497         * @note Some capture formats do not feature direction tagging, so it
498         * will not make sense to implement a set_direction function for them.
499         */ 
500        libtrace_direction_t (*set_direction)(libtrace_packet_t *packet, libtrace_direction_t direction);
501       
502        /** Returns the timestamp for a packet in the ERF timestamp format.
503         *
504         * @param packet        The packet to get the timestamp from
505         * @return The 64-bit ERF timestamp
506         *
507         * @note Each format must implement at least one of the four "get
508         * timestamp" functions.
509         *
510         * If not implemented, libtrace will convert the result of one of the
511         * other timestamp functions into the appropriate format instead.
512         * This means each capture format only needs to implement the most
513         * sensible of the four and let libtrace handle any conversions.
514         *
515         */
516        uint64_t (*get_erf_timestamp)(const libtrace_packet_t *packet);
517
518        /** Returns the timestamp for a packet in the timeval format
519         *
520         * @param packet        The packet to get the timestamp from
521         * @return The timestamp from the packet as a timeval
522         *
523         * @note Each format must implement at least one of the four "get
524         * timestamp" functions.
525         *
526         * If not implemented, libtrace will convert the result of one of the
527         * other timestamp functions into the appropriate format instead.
528         * This means each capture format only needs to implement the most
529         * sensible of the four and let libtrace handle any conversions.
530         */
531        struct timeval (*get_timeval)(const libtrace_packet_t *packet);
532       
533        /** Returns the timestamp for a packet in the timespec format.
534         *
535         * @param packet        The packet to get the timestamp from
536         * @return The timestamp from the packet as a timespec
537         *
538         * @note Each format must implement at least one of the four "get
539         * timestamp" functions.
540         *
541         * If not implemented, libtrace will convert the result of one of the
542         * other timestamp functions into the appropriate format instead.
543         * This means each capture format only needs to implement the most
544         * sensible of the four and let libtrace handle any conversions.
545         */
546        struct timespec (*get_timespec)(const libtrace_packet_t *packet);
547       
548        /** Returns the timestamp for a packet in floating point seconds.
549         *
550         * @param packet        The packet to get the timestamp from
551         * @return The timestamp from the packet as a floating point number of
552         * seconds since 1970-01-01 00:00:00 UTC
553         *
554         * @note Each format must implement at least one of the four "get
555         * timestamp" functions.
556         *
557         * If not implemented, libtrace will convert the result of one of the
558         * other timestamp functions into the appropriate format instead.
559         * This means each capture format only needs to implement the most
560         * sensible of the four and let libtrace handle any conversions.
561         */
562        double (*get_seconds)(const libtrace_packet_t *packet);
563       
564        /** Moves the read pointer to a certain ERF timestamp within an input
565         * trace file.
566         *
567         * @param trace         The input trace to seek within
568         * @param timestamp     The timestamp to seek to, as an ERF timestamp
569         *
570         * @return 0 on success, -1 on failure.
571         *
572         * The next packet read from this trace will now be the first packet
573         * to have a timestamp equal to or greater than the provided timestamp.
574         *
575         * @note Each format that supports seeking must implement at least one
576         * of the seek functions.
577         *
578         * If not implemented, libtrace will convert the timestamp into the
579         * appropriate format to use a seek function that has been implemented.
580         * This means each capture format only needs to implement the seek
581         * function that matches the native timestamp format for that capture.
582         *
583         */
584        int (*seek_erf)(libtrace_t *trace, uint64_t timestamp);
585        /** Moves the read pointer to a certain timestamp represented using a
586         * timeval within an input trace file.
587         *
588         * @param trace         The input trace to seek within
589         * @param timestamp     The timestamp to seek to, as a timeval
590         *
591         * @return 0 on success, -1 on failure.
592         *
593         * The next packet read from this trace will now be the first packet
594         * to have a timestamp equal to or greater than the provided timestamp.
595         *
596         * @note Each format that supports seeking must implement at least one
597         * of the seek functions.
598         *
599         * If not implemented, libtrace will convert the timestamp into the
600         * appropriate format to use a seek function that has been implemented.
601         * This means each capture format only needs to implement the seek
602         * function that matches the native timestamp format for that capture.
603         *
604         */
605        int (*seek_timeval)(libtrace_t *trace, struct timeval tv);
606       
607        /** Moves the read pointer to a certain timestamp represented using
608         * floating point seconds within an input trace file.
609         *
610         * @param trace         The input trace to seek within
611         * @param timestamp     The timestamp to seek to, as floating point
612         *                      seconds since 1970-01-01 00:00:00 UTC
613         *
614         * @return 0 on success, -1 on failure.
615         *
616         * The next packet read from this trace will now be the first packet
617         * to have a timestamp equal to or greater than the provided timestamp.
618         *
619         * @note Each format that supports seeking must implement at least one
620         * of the seek functions.
621         *
622         * If not implemented, libtrace will convert the timestamp into the
623         * appropriate format to use a seek function that has been implemented.
624         * This means each capture format only needs to implement the seek
625         * function that matches the native timestamp format for that capture.
626         *
627         */
628        int (*seek_seconds)(libtrace_t *trace, double seconds);
629       
630        /** Returns the payload length of the captured packet record.
631         *
632         * @param packet        The packet to get the capture length from
633         * @return The capture length for the packet, or -1 if an error occurs
634         *
635         * Capture length is the current size of the packet record itself,
636         * following any truncation that may have occurred during the capture
637         * process. This length does not include the capture format framing
638         * header.
639         */
640        int (*get_capture_length)(const libtrace_packet_t *packet);
641
642        /** Returns the original length of the packet as it was on the wire.
643         *
644         * @param packet        The packet to get the wire length from
645         * @return The length of the packet on the wire at the time of capture,
646         * or -1 if an error occurs
647         *
648         * Wire length is the original size of the packet prior to any
649         * truncation that may have occurred as part of the capture process.
650         * This length does not include the capture format framing header.
651         */
652        int (*get_wire_length)(const libtrace_packet_t *packet);
653       
654        /** Returns the length of the capture format framing header
655         *
656         * @param packet        The packet to get the framing length from
657         * @return The length of the framing header, or -1 if an error occurs
658         *
659         * The framing header is the extra metadata that the capture process
660         * records about a packet.  The framing length does not include any
661         * of the packet payload itself. The total size of the packet record
662         * can be calculated be adding this value with the capture length.
663         */
664        int (*get_framing_length)(const libtrace_packet_t *packet);
665
666        /** Sets the capture length for a packet.
667         *
668         * @param packet        The packet to adjust the capture length for.
669         * @param size          The new capture length
670         * @return The new capture length of the packet, or -1 if an error
671         * occurs
672         *
673         * @note This function should only reduce the capture length. If the
674         * provided length is larger than the current capture length, -1 should
675         * be returned.
676         */
677        size_t (*set_capture_length)(struct libtrace_packet_t *packet,size_t size);
678        /** Returns the number of packets observed by an input trace.
679         *
680         * @param trace         The input trace to get the packet count for
681         * @return The number of packets observed by an input trace, or
682         * UINT64_MAX if the number is unknown
683         *
684         * This count includes packets that have been filtered and dropped.
685         */
686        uint64_t (*get_received_packets)(libtrace_t *trace);
687
688        /** Returns the number of packets filtered by an input trace.
689         *
690         * @param trace         The input trace to get the filtered count for
691         * @return The number of packets filtered by the input trace, or
692         * UINT64_MAX if the number is unknown
693         *
694         */
695        uint64_t (*get_filtered_packets)(libtrace_t *trace);
696       
697        /** Returns the number of packets dropped by an input trace.
698         *
699         * @param trace         The input trace to get the dropped count for
700         * @return The number of packets dropped by the input trace, or
701         * UINT64_MAX if the number is unknown
702         *
703         */
704        uint64_t (*get_dropped_packets)(libtrace_t *trace);
705       
706        /** Returns the number of packets captured and returned by an input
707         * trace.
708         *
709         * @param trace         The input trace to get the capture count for
710         * @return The number of packets returned to the libtrace user, or
711         * UINT64_MAX if the number is unknown
712         *
713         * This is the number of packets that have been successfully returned
714         * to the libtrace user via the read_packet() function.
715         *
716         */
717        uint64_t (*get_captured_packets)(libtrace_t *trace);
718       
719        /** Returns the file descriptor used by the input trace.
720         *
721         * @param trace         The input trace to get the file descriptor for
722         * @return The file descriptor used by the input trace to read packets
723         *
724         */
725        int (*get_fd)(const libtrace_t *trace);
726       
727        /** Returns the next libtrace event for the input trace.
728         *
729         * @param trace         The input trace to get the next event from
730         * @param packet        A libtrace packet to read a packet into
731         * @return A libtrace event describing the event that occured
732         *
733         * The event API allows for non-blocking reading of packets from an
734         * input trace. If a packet is available and ready to be read, a packet
735         * event should be returned. Otherwise a sleep or fd event should be
736         * returned to indicate that the caller needs to wait. If the input
737         * trace has an error or reaches EOF, a terminate event should be
738         * returned.
739         */
740        struct libtrace_eventobj_t (*trace_event)(libtrace_t *trace, libtrace_packet_t *packet);       
741
742        /** Prints some useful help information to standard output. */
743        void (*help)(void);
744
745        /** Next pointer, should always be NULL - used by the format module
746         * manager. */
747        struct libtrace_format_t *next;
748};
749
750/** The list of registered capture formats */
751extern struct libtrace_format_t *form;
752
753/** Registers a new capture format module.
754 *
755 * @param format        The format module to be registered
756 */
757void register_format(struct libtrace_format_t *format);
758
759/** Converts a PCAP DLT into a libtrace link type.
760 *
761 * @param linktype      The PCAP DLT to be converted
762 * @return The libtrace link type that is equivalent to the provided DLT, or
763 * -1 if the DLT is unknown
764 */
765libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_dlt_t linktype);
766
767/** Converts a PCAP DLT into an RT protocol type.
768 *
769 * @param linktype      The PCAP DLT to be converted
770 * @return The RT type that is equivalent to the provided DLT
771 */
772libtrace_rt_types_t pcap_linktype_to_rt(libtrace_dlt_t linktype);
773
774/** Converts a libtrace link type into a PCAP linktype.
775 *
776 * @param type          The libtrace link type to be converted
777 * @return The PCAP linktype that is equivalent to the provided libtrace link
778 * type, or -1 if the link type is unknown
779 */
780libtrace_dlt_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
781
782/** Converts a libtrace link type into a PCAP DLT.
783 *
784 * @param type          The libtrace link type to be converted
785 * @return The PCAP DLT that is equivalent to the provided libtrace link
786 * type, or -1 if the link type is unknown
787 */
788libtrace_dlt_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
789
790/** Converts an RT protocol type into a PCAP DLT.
791 *
792 * @param rt_type       The RT type to be converted
793 * @return The PCAP DLT that is equivalent to the provided RT protocol
794 */
795libtrace_dlt_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
796
797/** Converts an ERF type into a libtrace link type.
798 *
799 * @param erf           The ERF type to be converted
800 * @return The libtrace link type that is equivalent to the provided ERF type,
801 * or -1 if the ERF type is unknown
802 */
803libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
804
805/** Converts a libtrace link type into an ERF type.
806 *
807 * @param linktype      The libtrace link type to be converted
808 * @return The ERF type that is equivalent to the provided libtrace link type,
809 * or -1 if the link type cannot be matched to an ERF type.
810 */
811uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
812
813/** Converts an ARPHRD type into a libtrace link type.
814 *
815 * @param arphrd        The ARPHRD type to be converted
816 * @return The libtrace link type that is equivalent to the provided ARPHRD
817 * type, or -1 if the ARPHRD type is unknown
818 */
819libtrace_linktype_t arphrd_type_to_libtrace(unsigned int arphrd);
820
821/** Converts a libtrace link type into an ARPHRD type.
822 *
823 * @param type          The libtrace link type to be converted
824 * @return The ARPHRD type that is equivalent to the provided libtrace link
825 * type, or -1 if the link type cannot be matched to an ARPHRD type
826 */
827unsigned int libtrace_to_arphrd_type(libtrace_linktype_t type);
828
829/** Converts a libtrace packet to the Linux SLL type.
830 *
831 * @param packet        The packet to be promoted
832 *
833 * @note This will involve memcpy() so use sparingly.
834 *
835 * This function prepends a Linux SLL header to a packet so that we can store
836 * direction tagging information.
837 */
838void promote_packet(libtrace_packet_t *packet);
839
840/** Attempts to demote a packet by removing the first header.
841 *
842 * @param packet        The packet to be demoted
843 * @return True if the packet was demoted, false otherwise.
844 *
845 * Essentially the opposite of promote_packet, except that it will also remove
846 * an ATM header as well as Linux SLL.
847 *
848 */
849bool demote_packet(libtrace_packet_t *packet);
850
851/** Returns a pointer to the header following a Linux SLL header.
852 *
853 * @param link          A pointer to the Linux SLL header to be skipped
854 * @param[out] type     The ethertype of the next header
855 * @param[in,out] remaining     Updated with the number of captured bytes
856 *                              remaining
857 * @return A pointer to the header following the Linux SLL header, or NULL if
858 * no subsequent header is present.
859 *
860 * Remaining must point to the number of bytes captured from the Linux SLL
861 * header and beyond.  It will be decremented by the number of bytes skipped
862 * to find the payload.
863 *
864 * If the Linux SLL header is complete but there are zero bytes of payload
865 * after the end of the header, a pointer to where the payload would be is
866 * returned and remaining will be set to zero. If the Linux SLL header is
867 * incomplete (truncated), then NULL is returned and remaining will be set to
868 * 0. Therefore, it is very important to check the value of remaining after
869 * calling this function.
870 */     
871void *trace_get_payload_from_linux_sll(const void *link, uint16_t *type, 
872                uint32_t *remaining);
873
874/** Returns a pointer to the header following an ATM header.
875 *
876 * @param link          A pointer to the ATM header to be skipped
877 * @param[out] type     The ethertype of the next header
878 * @param[in,out] remaining     Updated with the number of captured bytes
879 *                              remaining
880 * @return A pointer to the header following the ATM header, or NULL if
881 * no subsequent header is present.
882 *
883 * Remaining must point to the number of bytes captured from the ATM header
884 * and beyond.  It will be decremented by the number of bytes skipped to find
885 * the payload.
886 *
887 * If the ATM header is complete but there are zero bytes of payload
888 * after the end of the header, a pointer to where the payload would be is
889 * returned and remaining will be set to zero. If the ATM header is
890 * incomplete (truncated), then NULL is returned and remaining will be set to
891 * 0. Therefore, it is very important to check the value of remaining after
892 * calling this function.
893 */     
894DLLEXPORT void *trace_get_payload_from_atm(void *link, uint8_t *type, 
895                uint32_t *remaining);
896
897/** Byteswaps a 64-bit value.
898 *
899 * @param num           The value to be byteswapped.
900 * @return The byteswapped 64-bit number
901 *
902 */
903uint64_t byteswap64(uint64_t num);
904
905/** Byteswaps a 32-bit value.
906 *
907 * @param num           The value to be byteswapped.
908 * @return The byteswapped 32-bit number
909 *
910 */
911uint32_t byteswap32(uint32_t num);
912
913/** Byteswaps a 16-bit value.
914 *
915 * @param num           The value to be byteswapped.
916 * @return The byteswapped 16-bit number
917 *
918 */
919uint16_t byteswap16(uint16_t num);
920
921/** @name Byte ordering
922 * Macros that define how to convert a value into a particular byte-order
923 *
924 * @{
925 */
926#if BYTE_ORDER == BIG_ENDIAN
927#define bswap_host_to_be64(num) ((uint64_t)(num))
928#define bswap_host_to_le64(num) byteswap64(num)
929#define bswap_host_to_be32(num) ((uint32_t)(num))
930#define bswap_host_to_le32(num) byteswap32(num)
931#define bswap_host_to_be16(num) ((uint16_t)(num))
932#define bswap_host_to_le16(num) byteswap16(num)
933
934#define bswap_be_to_host64(num) ((uint64_t)(num))
935#define bswap_le_to_host64(num) byteswap64(num)
936#define bswap_be_to_host32(num) ((uint32_t)(num))
937#define bswap_le_to_host32(num) byteswap32(num)
938#define bswap_be_to_host16(num) ((uint16_t)(num))
939#define bswap_le_to_host16(num) byteswap16(num)
940
941/* We use ntoh*() here, because the compiler may
942 * attempt to optimise it
943 */
944#elif BYTE_ORDER == LITTLE_ENDIAN
945#define bswap_host_to_be64(num) (byteswap64(num))
946#define bswap_host_to_le64(num) ((uint64_t)(num))
947#define bswap_host_to_be32(num) (htonl(num))
948#define bswap_host_to_le32(num) ((uint32_t)(num))
949#define bswap_host_to_be16(num) (htons(num))
950#define bswap_host_to_le16(num) ((uint16_t)(num))
951
952#define bswap_be_to_host64(num) (byteswap64(num))
953#define bswap_le_to_host64(num) ((uint64_t)(num))
954#define bswap_be_to_host32(num) (ntohl(num))
955#define bswap_le_to_host32(num) ((uint32_t)(num))
956#define bswap_be_to_host16(num) (ntohs(num))
957#define bswap_le_to_host16(num) ((uint16_t)(num))
958
959#else
960#error "Unknown byte order"
961#endif
962/** @} */
963
964#ifdef HAVE_BPF
965/* A type encapsulating a bpf filter
966 * This type covers the compiled bpf filter, as well as the original filter
967 * string
968 *
969 */
970
971/** Internal representation of a BPF filter */
972struct libtrace_filter_t {
973        struct bpf_program filter;      /**< The BPF program itself */
974        char * filterstring;            /**< The filter string */
975        int flag;                       /**< Indicates if the filter is valid */
976        struct bpf_jit_t *jitfilter;
977};
978#else
979/** BPF not supported by this system, but we still need to define a structure
980 * for the filter */
981struct libtrace_filter_t {};
982#endif
983
984/** Local definition of a PCAP header */
985typedef struct libtrace_pcapfile_pkt_hdr_t {
986        uint32_t ts_sec;        /* Seconds portion of the timestamp */
987        uint32_t ts_usec;       /* Microseconds portion of the timestamp */
988        uint32_t caplen;        /* Capture length of the packet */
989        uint32_t wirelen;       /* The wire length of the packet */
990} libtrace_pcapfile_pkt_hdr_t;
991
992#ifdef HAVE_DAG
993/** Constructor for the DAG format module */
994void dag_constructor(void);
995#endif
996/** Constructor for the ERF format module */
997void erf_constructor(void);
998/** Constructor for the TSH format module */
999void tsh_constructor(void);
1000/** Constructor for the Legacy DAG format module */
1001void legacy_constructor(void);
1002/** Constructor for the Linux Native format module */
1003void linuxnative_constructor(void);
1004/** Constructor for the PCAP format module */
1005void pcap_constructor(void);
1006/** Constructor for the PCAP File format module */
1007void pcapfile_constructor(void);
1008/** Constructor for the RT format module */
1009void rt_constructor(void);
1010/** Constructor for the DUCK format module */
1011void duck_constructor(void);
1012/** Constructor for the ATM Header format module */
1013void atmhdr_constructor(void);
1014#ifdef HAVE_BPF
1015/** Constructor for the BPF format module */
1016void bpf_constructor(void);
1017#endif
1018
1019/** Extracts the RadioTap flags from a wireless link header
1020 *
1021 * @param link          A pointer to the wireless link header
1022 * @param linktype      The link type of the wireless header
1023 * @param[out] flags    Space to store the extracted flags
1024 * @return True if libtrace was able to extract flags from the link header,
1025 * false otherwise.
1026 *
1027 * This function has been left internal because it is not portable across
1028 * drivers.
1029 */
1030bool trace_get_wireless_flags(void *link, libtrace_linktype_t linktype, uint8_t *flags);
1031#define TRACE_RADIOTAP_F_FCS 0x10
1032       
1033#ifdef __cplusplus
1034}
1035#endif
1036
1037#endif /* LIBTRACE_INT_H */
Note: See TracBrowser for help on using the repository browser.