Context Navigation

source: lib/libtrace_int.h @ 3c26e2a

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes

Last change on this file since 3c26e2a was 3c26e2a, checked in by Perry Lorier <perry@…>, 11 years ago
Document padding problem
Property mode set to `100644`
File size: 18.8 KB

Line
1	/*
2	* This file is part of libtrace
3	*
4	* Copyright (c) 2007,2008 The University of Waikato, Hamilton, New Zealand.
5	* Authors: Daniel Lawson
6	* Perry Lorier
7	*
8	* All rights reserved.
9	*
10	* This code has been developed by the University of Waikato WAND
11	* research group. For further information please see http://www.wand.net.nz/
12	*
13	* libtrace is free software; you can redistribute it and/or modify
14	* it under the terms of the GNU General Public License as published by
15	* the Free Software Foundation; either version 2 of the License, or
16	* (at your option) any later version.
17	*
18	* libtrace is distributed in the hope that it will be useful,
19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	* GNU General Public License for more details.
22	*
23	* You should have received a copy of the GNU General Public License
24	* along with libtrace; if not, write to the Free Software
25	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26	*
27	* $Id$
28	*
29	*/
30	/** @file */
31
32	#ifndef LIBTRACE_INT_H
33	#define LIBTRACE_INT_H
34
35	#ifdef __cplusplus
36	extern "C" {
37	#endif
38
39	#include "common.h"
40	#include "config.h"
41	#include "libtrace.h"
42	#include "wandio.h"
43
44	#ifdef _MSC_VER
45	// warning: deprecated function
46	#pragma warning(disable:4996)
47	// warning: benign redefinitions of types
48	#pragma warning(disable:4142)
49	#endif
50
51	#ifdef HAVE_INTTYPES_H
52	# include <inttypes.h>
53	#else
54	# include "lt_inttypes.h"
55	#endif
56
57	#ifdef HAVE_STDDEF_H
58	# include <stddef.h>
59	#else
60	#ifndef WIN32
61	# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
62	#endif
63	#endif
64
65
66	#include "rt_protocol.h"
67
68	/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
69	#ifdef HAVE_NET_BPF_H
70	# include <net/bpf.h>
71	# define HAVE_BPF 1
72	#else
73	#ifdef HAVE_PCAP_BPF_H
74	# include <pcap-bpf.h>
75	# define HAVE_BPF 1
76	#endif
77	#endif
78
79	#ifdef HAVE_PCAP_H
80	# include <pcap.h>
81	# ifdef HAVE_PCAP_INT_H
82	# include <pcap-int.h>
83	# endif
84	#endif
85
86	#ifdef HAVE_ZLIB_H
87	# include <zlib.h>
88	#endif
89
90	#ifndef HAVE_STRNCASECMP
91	# ifndef HAVE__STRNICMP
92	int strncasecmp(const char str1, const char str2, size_t n);
93	# else
94	# define strncasecmp _strnicmp
95	# endif
96	#endif
97
98	#ifndef HAVE_SNPRINTF
99	# ifndef HAVE_SPRINTF_S
100	int snprintf(char str, size_t size, const char format, ...);
101	# else
102	# define snprintf sprintf_s
103	# endif
104	#endif
105
106	#include "daglegacy.h"
107
108	#ifdef HAVE_DAG_API
109	# include "dagnew.h"
110	# include "dagapi.h"
111	# if DAG_VERSION == 25
112	# include <daginf.h>
113	# else
114	# include <erftypes.h>
115	# endif
116	#else
117	# include "dagformat.h"
118	#endif
119
120	#define RP_BUFSIZE 65536U
121
122	struct libtrace_event_status_t {
123	libtrace_packet_t *packet;
124	double tdelta;
125	double trace_last_ts;
126	int psize;
127	};
128
129	/** The information about traces that are open
130	* @internal
131	*/
132	struct libtrace_t {
133	struct libtrace_format_t format; /< format driver pointer /
134	struct libtrace_event_status_t event; /*< the next event /
135	void format_data; /<format data pointer /
136	struct libtrace_filter_t filter; /*< used by libtrace if the module
137	* doesn't support filters natively
138	*/
139	size_t snaplen; /**< used by libtrace if the module
140	* doesn't support snapping natively
141	*/
142	uint64_t accepted_packets; /**< Number of packets returned to the
143	* user
144	*/
145	uint64_t filtered_packets; /**< Number of packets filtered by
146	* libtrace
147	*/
148	char uridata; /< the uri of this trace /
149	io_t io; /< The tracefile (if applicable) /
150
151	libtrace_err_t err; /*< error information /
152	bool started; /*< if this trace has started /
153	};
154
155	/** Information about output traces
156	* @internal
157	*/
158	struct libtrace_out_t {
159	struct libtrace_format_t format; /< format driver /
160	void format_data; /< format data /
161	char uridata; /< URI associated with this trace /
162	libtrace_err_t err; /*< Associated error /
163	bool started; /*< trace started /
164	};
165
166	void trace_set_err(libtrace_t trace, int errcode,const char msg,...)
167	PRINTF(3,4);
168	void trace_set_err_out(libtrace_out_t trace, int errcode, const char msg,...)
169	PRINTF(3,4);
170
171
172	/*
173	*
174	* The basic idea of this function is that it will take the data pointed to
175	* by 'buffer' and treat it as a packet of the same format type as the
176	* libtrace_t pointed to by 'trace', including the format framing (e.g. an
177	* erf header for erf and dag formats, a pcap header for pcap formats).
178	*
179	* The libtrace packet pointed to by 'packet' will then have its internal
180	* pointers and values replaced with ones that describe the packet in 'buffer'.
181	*
182	* 'rt_type' is used to set packet->type while 'flags' is relatively
183	* self-explanatory. Definitions of the accepted flags will be provided below.
184	*
185	* The primary use of this function is to allow rt_read_packet to nicely
186	* convert packets from the RT format back to the format that they were
187	* originally captured with, as RT essentially encapsulates the original trace
188	* format. We've decided to not make this function available via the API
189	* because there are a number of issues that can arise if it is not used
190	* very carefully and there are few situations outside of the RT case where
191	* you'd want to do something like this anyway.
192	*
193	* Returns 0 if successful, -1 if something goes horribly wrong
194	*/
195	int trace_prepare_packet(libtrace_t trace, libtrace_packet_t packet,
196	void *buffer, libtrace_rt_types_t rt_type, uint32_t flags);
197
198	/* Flags for prepare_packet functions */
199	/-------------------------------------/
200	enum {
201	/* If set, the memory pointed to by 'buffer' is malloc()'d and
202	* libtrace should undertake ownership of that memory. If not set,
203	* the memory is treated as externally-owned and will not be freed by
204	* libtrace when the packet is destroyed. */
205	TRACE_PREP_OWN_BUFFER =1,
206	TRACE_PREP_DO_NOT_OWN_BUFFER =0
207	};
208
209	#define TRACE_PREP_OWN_BUFFER 1
210
211
212	typedef struct libtrace_sll_header_t {
213	uint16_t pkttype; /* packet type */
214	uint16_t hatype; /* link-layer address type */
215	uint16_t halen; /* link-layer address length */
216	char addr[8]; /* link-layer address */
217	uint16_t protocol; /* protocol */
218	} libtrace_sll_header_t;
219
220	#define TRACE_SLL_HOST 0
221	#define TRACE_SLL_BROADCAST 1
222	#define TRACE_SLL_MULTICAST 2
223	#define TRACE_SLL_OTHERHOST 3
224	#define TRACE_SLL_OUTGOING 4
225
226	#ifndef PF_RULESET_NAME_SIZE
227	#define PF_RULESET_NAME_SIZE 16
228	#endif
229
230	#ifndef IFNAMSIZ
231	#define IFNAMSIZ 16
232	#endif
233
234	typedef struct libtrace_pflog_header_t {
235	uint8_t length;
236	sa_family_t af;
237	uint8_t action;
238	uint8_t reason;
239	char ifname[IFNAMSIZ];
240	char ruleset[PF_RULESET_NAME_SIZE];
241	uint32_t rulenr;
242	uint32_t subrulenr;
243	uint8_t dir;
244	uint8_t pad[3];
245	} PACKED libtrace_pflog_header_t;
246
247
248
249	/** Module definition structure */
250	/* all of these should return -1, or NULL on failure */
251	struct libtrace_format_t {
252	/** the uri name of this module */
253	const char *name;
254	/** the version of this module */
255	const char *version;
256	/** the RT protocol type of this module */
257	enum base_format_t type;
258
259	/* Padding inserted here to make the enum fit properly */
260
261	/** stuff that deals with input @{ */
262	/** Given a filename, return if this format is responsible
263	* (used for devices)
264	*/
265	int (probe_filename)(const char fname);
266	/** Given a file, look for file magic. */
267	int (probe_magic)(io_t io);
268	/** initialise an trace (or NULL if input is not supported) */
269	int (init_input)(libtrace_t libtrace);
270	/** configure an trace (or NULL if input is not supported) */
271	int (config_input)(libtrace_t libtrace,trace_option_t option,void *value);
272	/** start/unpause an trace (or NULL if input not supported) */
273	int (start_input)(libtrace_t libtrace);
274	/** pause an trace (or NULL if input not supported) */
275	int (pause_input)(libtrace_t libtrace);
276	/** @} */
277	/** stuff that deals with output @{ */
278	/** initialise output traces (or NULL if output not supported) */
279	int (init_output)(libtrace_out_t libtrace);
280	/** configure output traces (or NULL if output not supported) */
281	int (config_output)(libtrace_out_t libtrace, trace_option_output_t option, void *);
282	/** start output traces (or NULL if output not supported)
283	* There is no pause for output traces, as packets are not arriving
284	* asyncronously
285	*/
286	int (start_output)(libtrace_out_t libtrace);
287	/** @} */
288	/** finish an input trace, cleanup (or NULL if input not supported)
289	* if the trace is not paused, libtrace will pause the trace before
290	* calling this function.
291	*/
292	int (fin_input)(libtrace_t libtrace);
293	/** finish an output trace, cleanup (or NULL if output not supported) */
294	int (fin_output)(libtrace_out_t libtrace);
295	/** read a packet from a trace into the provided packet structure
296	* @returns -1 on error, or get_framing_length()+get_capture_length() \
297	* on success.
298	* if this function is not supported, this field may be NULL.
299	*/
300	int (read_packet)(libtrace_t libtrace, libtrace_packet_t *packet);
301	/** prepares a packet for general libtrace usage
302	* updates internal trace and packet details, such as payload pointers,
303	* loss counters and packet types.
304	* Intended (at this stage) only for internal use, particularly by
305	* RT which needs to decapsulate RT packets */
306	int (prepare_packet)(libtrace_t libtrace, libtrace_packet_t *packet,
307	void *buffer, libtrace_rt_types_t rt_type,
308	uint32_t flags);
309	/** finalise a packet
310	* cleanup any resources used by a packet that can't be reused for
311	* the next packet.
312	*/
313	void (fin_packet)(libtrace_packet_t packet);
314	/** write a packet to a trace from the provided packet
315	* (or NULL if output not supported)
316	*/
317	int (write_packet)(libtrace_out_t libtrace, libtrace_packet_t *packet);
318	/** return the libtrace link type for this packet
319	* @return the libtrace link type, or -1 if this link type is unknown
320	*/
321	libtrace_linktype_t (get_link_type)(const libtrace_packet_t packet);
322	/** return the direction of this packet
323	* @note This callback may be NULL if not supported.
324	*/
325	libtrace_direction_t (get_direction)(const libtrace_packet_t packet);
326	/** set the direction of this packet
327	* @note This callback may be NULL if not supported.
328	*/
329	libtrace_direction_t (set_direction)(libtrace_packet_t packet, libtrace_direction_t direction);
330	/** return the erf timestamp of the packet.
331	* @return the 64bit erf timestamp
332	* This field may be NULL in the structure, and libtrace will
333	* synthesise the result from get_timeval or get_seconds if they
334	* exist. AT least one of get_erf_timestamp, get_timeval or
335	* get_seconds must be implemented.
336	*/
337	uint64_t (get_erf_timestamp)(const libtrace_packet_t packet);
338	/** return the timeval of this packet.
339	* @return the timeval
340	* This field may be NULL in the structure, and libtrace will
341	* synthesise the result from get_erf_timestamp or get_seconds if they
342	* exist. AT least one of get_erf_timestamp, get_timeval or
343	* get_seconds must be implemented.
344	*/
345	struct timeval (get_timeval)(const libtrace_packet_t packet);
346	/** return the timespec of this packet.
347	* @return the timespec
348	* This field may be NULL in the structure, and libtrace will
349	* synthesise the result from get_erf_timestamp or get_seconds if they
350	* exist. AT least one of get_erf_timestamp, get_timeval or
351	* get_seconds must be implemented.
352	*/
353	struct timespec (get_timespec)(const libtrace_packet_t packet);
354	/** return the timestamp of this packet.
355	* @return the floating point seconds since 1970-01-01 00:00:00
356	* This field may be NULL in the structure, and libtrace will
357	* synthesise the result from get_timeval or get_erf_timestamp if they
358	* exist. AT least one of get_erf_timestamp, get_timeval or
359	* get_seconds must be implemented.
360	*/
361	double (get_seconds)(const libtrace_packet_t packet);
362	/** move the pointer within the trace.
363	* @return 0 on success, -1 on failure.
364	* The next packet returned by read_packet be the first
365	* packet in the trace to have a timestamp equal or greater than
366	* timestamp.
367	* @note this function may be NULL if the format does not support
368	* this feature. If the format implements seek_timeval and/or
369	* seek_seconds then libtrace will call those functions instead.
370	*/
371	int (seek_erf)(libtrace_t trace, uint64_t timestamp);
372	/** move the pointer within the trace.
373	* @return 0 on success, -1 on failure.
374	* The next packet returned by read_packet be the first
375	* packet in the trace to have a timestamp equal or greater than
376	* timestamp.
377	* @note this function may be NULL if the format does not support
378	* this feature. If the format implements seek_erf and/or
379	* seek_seconds then libtrace will call those functions instead.
380	*/
381	int (seek_timeval)(libtrace_t trace, struct timeval tv);
382	/** move the pointer within the trace.
383	* @return 0 on success, -1 on failure.
384	* The next packet returned by read_packet be the first
385	* packet in the trace to have a timestamp equal or greater than
386	* tv.
387	* @note this function may be NULL if the format does not support
388	* this feature. If the format implements seek_erf and/or
389	* seek_timeval then libtrace will call those functions instead.
390	*/
391	int (seek_seconds)(libtrace_t trace, double seconds);
392	/** return the captured payload length
393	* @return the amount of data captured in a trace.
394	* This is the number of bytes actually in the trace. This does not
395	* include the trace framing length. This is usually shorter or
396	* equal to the wire length.
397	*/
398	int (get_capture_length)(const libtrace_packet_t packet);
399	/** return the original length of the packet on the wire.
400	* @return the length of the packet on the wire before truncation.
401	* This is the number of bytes actually in the trace. This does not
402	* include the trace framing length. This is usually shorter or
403	* equal to the wire length.
404	*/
405	int (get_wire_length)(const libtrace_packet_t packet);
406	/** return the length of the trace framing header
407	* @return the length of the framing header
408	* The framing header is the extra metadata a trace stores about
409	* a packet. This does not include the wire or capture length
410	* of the packet. Usually get_framing_length()+get_capture_length()
411	* is the size returned by read_packet
412	*/
413	int (get_framing_length)(const libtrace_packet_t packet);
414	/** truncate (snap) the packet
415	* @returns the new size
416	* @note This callback may be NULL if not supported.
417	*/
418	size_t (set_capture_length)(struct libtrace_packet_t packet,size_t size);
419	/** Report the number of packets ever seen as early as possible
420	*/
421	uint64_t (get_received_packets)(libtrace_t trace);
422	/** Report the number of filtered packets.
423	*/
424	uint64_t (get_filtered_packets)(libtrace_t trace);
425	/** Return the number of dropped packets */
426	uint64_t (get_dropped_packets)(libtrace_t trace);
427	/** Report number of captured packets
428	*/
429	uint64_t (get_captured_packets)(libtrace_t trace);
430	/** return the filedescriptor associated with this interface.
431	* @note This callback may be NULL if not supported.
432	* This function is only needed if you use trace_event_interface
433	* as the pointer for trace_event
434	*/
435	int (get_fd)(const libtrace_t trace);
436	/** return the next event from this source
437	* @note may be NULL if not supported.
438	*/
439	struct libtrace_eventobj_t (trace_event)(libtrace_t trace, libtrace_packet_t *packet);
440	/** return information about this trace format to standard out */
441	void (*help)(void);
442	/** next pointer, should be NULL */
443	struct libtrace_format_t *next;
444	};
445
446	extern struct libtrace_format_t *form;
447
448	void register_format(struct libtrace_format_t *format);
449
450	libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_dlt_t linktype);
451	libtrace_rt_types_t pcap_linktype_to_rt(libtrace_dlt_t linktype);
452	libtrace_dlt_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
453	libtrace_dlt_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
454	libtrace_dlt_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
455	libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
456	uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
457	libtrace_linktype_t arphrd_type_to_libtrace(unsigned int);
458	unsigned int libtrace_to_arphrd_type(libtrace_linktype_t);
459
460	void promote_packet(libtrace_packet_t *packet);
461	bool demote_packet(libtrace_packet_t *packet);
462
463	void trace_get_payload_from_linux_sll(const void , uint16_t , uint32_t );
464	void trace_get_payload_from_pos(void , uint16_t , uint32_t );
465	DLLEXPORT void trace_get_payload_from_atm(void , uint8_t , uint32_t );
466
467	uint64_t byteswap64(uint64_t num);
468	uint32_t byteswap32(uint32_t num);
469	uint16_t byteswap16(uint16_t num);
470
471	/* Because some traces/protocols are defined as
472	* being "big endian" or "little endian" we have
473	* this series of macros.
474	*/
475	#if BYTE_ORDER == BIG_ENDIAN
476	#define bswap_host_to_be64(num) ((uint64_t)(num))
477	#define bswap_host_to_le64(num) byteswap64(num)
478	#define bswap_host_to_be32(num) ((uint32_t)(num))
479	#define bswap_host_to_le32(num) byteswap32(num)
480	#define bswap_host_to_be16(num) ((uint16_t)(num))
481	#define bswap_host_to_le16(num) byteswap16(num)
482
483	#define bswap_be_to_host64(num) ((uint64_t)(num))
484	#define bswap_le_to_host64(num) byteswap64(num)
485	#define bswap_be_to_host32(num) ((uint32_t)(num))
486	#define bswap_le_to_host32(num) byteswap32(num)
487	#define bswap_be_to_host16(num) ((uint16_t)(num))
488	#define bswap_le_to_host16(num) byteswap16(num)
489
490	/* We use ntoh*() here, because the compiler may
491	* attempt to optimise it
492	*/
493	#elif BYTE_ORDER == LITTLE_ENDIAN
494	#define bswap_host_to_be64(num) (byteswap64(num))
495	#define bswap_host_to_le64(num) ((uint64_t)(num))
496	#define bswap_host_to_be32(num) (htonl(num))
497	#define bswap_host_to_le32(num) ((uint32_t)(num))
498	#define bswap_host_to_be16(num) (htons(num))
499	#define bswap_host_to_le16(num) ((uint16_t)(num))
500
501	#define bswap_be_to_host64(num) (byteswap64(num))
502	#define bswap_le_to_host64(num) ((uint64_t)(num))
503	#define bswap_be_to_host32(num) (ntohl(num))
504	#define bswap_le_to_host32(num) ((uint32_t)(num))
505	#define bswap_be_to_host16(num) (ntohs(num))
506	#define bswap_le_to_host16(num) ((uint16_t)(num))
507
508	#else
509	#error "Unknown byte order"
510	#endif
511
512	#ifdef HAVE_BPF
513	/* A type encapsulating a bpf filter
514	* This type covers the compiled bpf filter, as well as the original filter
515	* string
516	*
517	*/
518	struct libtrace_filter_t {
519	struct bpf_program filter;
520	char * filterstring;
521	int flag;
522	};
523	#else
524	struct libtrace_filter_t {};
525	#endif
526
527	/** libtrace packet
528	*/
529	typedef struct libtrace_pcapfile_pkt_hdr_t {
530	uint32_t ts_sec;
531	uint32_t ts_usec;
532	uint32_t caplen;
533	uint32_t wirelen;
534	} libtrace_pcapfile_pkt_hdr_t;
535
536	#ifdef HAVE_DAG
537	void dag_constructor(void);
538	#endif
539	void erf_constructor(void);
540	void tsh_constructor(void);
541	void legacy_constructor(void);
542	void linuxnative_constructor(void);
543	void pcap_constructor(void);
544	void pcapfile_constructor(void);
545	void rt_constructor(void);
546	void duck_constructor(void);
547	void atmhdr_constructor(void);
548	#ifdef HAVE_BPF
549	void bpf_constructor(void);
550	#endif
551
552	/* Used internally by get_wire_length() methods */
553	bool trace_get_wireless_flags(void link, libtrace_linktype_t linktype, uint8_t flags);
554	#define TRACE_RADIOTAP_F_FCS 0x10
555
556	#ifdef __cplusplus
557	}
558	#endif
559
560	#endif /* LIBTRACE_INT_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: