source: lib/libtrace_int.h @ 590fb30

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since 590fb30 was 590fb30, checked in by Shane Alcock <salcock@…>, 13 years ago
  • Replaced #define for prepare_packet flags with an enum
  • Added a enum value for a "Do NOT take ownership of the buffer" flag so that all formats can set this flag to a value
  • Property mode set to 100644
File size: 18.1 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2007,2008 The University of Waikato, Hamilton, New Zealand.
5 * Authors: Daniel Lawson
6 *          Perry Lorier
7 *         
8 * All rights reserved.
9 *
10 * This code has been developed by the University of Waikato WAND
11 * research group. For further information please see http://www.wand.net.nz/
12 *
13 * libtrace is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * libtrace is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with libtrace; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26 *
27 * $Id$
28 *
29 */
30/** @file */
31
32#ifndef LIBTRACE_INT_H
33#define LIBTRACE_INT_H
34
35#ifdef __cplusplus
36extern "C" {
37#endif
38
39#include "common.h"
40#include "config.h"
41#include "libtrace.h"
42
43#ifdef _MSC_VER
44// warning: deprecated function
45#pragma warning(disable:4996)
46// warning: benign redefinitions of types
47#pragma warning(disable:4142)
48#endif
49
50#ifdef HAVE_INTTYPES_H
51# include <inttypes.h>
52#else
53# include "lt_inttypes.h"
54#endif
55
56#ifdef HAVE_STDDEF_H
57# include <stddef.h>
58#else
59#ifndef WIN32
60# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
61#endif
62#endif
63
64
65#include "rt_protocol.h"
66       
67/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
68#ifdef HAVE_NET_BPF_H
69#    include <net/bpf.h>
70#    define HAVE_BPF 1
71#else
72#ifdef HAVE_PCAP_BPF_H
73#  include <pcap-bpf.h>
74#  define HAVE_BPF 1
75#endif
76#endif
77
78#ifdef HAVE_PCAP_H
79#  include <pcap.h>
80#  ifdef HAVE_PCAP_INT_H
81#    include <pcap-int.h>
82#  endif
83#endif
84
85#ifdef HAVE_ZLIB_H
86#  include <zlib.h>
87#endif
88
89#ifndef HAVE_STRNCASECMP
90# ifndef HAVE__STRNICMP
91int strncasecmp(const char *str1, const char *str2, size_t n);
92# else
93# define strncasecmp _strnicmp
94# endif
95#endif
96
97#ifndef HAVE_SNPRINTF
98# ifndef HAVE_SPRINTF_S
99int snprintf(char *str, size_t size, const char *format, ...);
100# else
101# define snprintf sprintf_s
102# endif
103#endif
104
105#include "daglegacy.h"
106       
107#ifdef HAVE_DAG_API
108#  include "dagnew.h"
109#  include "dagapi.h"
110#       if DAG_VERSION == 25
111#               include <daginf.h>
112#       else
113#               include <erftypes.h>
114#       endif
115#else
116#  include "dagformat.h"
117#endif
118
119#define RP_BUFSIZE 65536U
120
121struct libtrace_event_status_t {
122        libtrace_packet_t *packet;
123        double tdelta;
124        double trace_last_ts;
125        int psize;
126};
127
128/** The information about traces that are open
129 * @internal
130 */
131struct libtrace_t {
132        struct libtrace_format_t *format; /**< format driver pointer */
133        struct libtrace_event_status_t event;   /**< the next event */
134        void *format_data;              /**<format data pointer */
135        struct libtrace_filter_t *filter; /**< used by libtrace if the module
136                                            * doesn't support filters natively
137                                            */
138        size_t snaplen;                 /**< used by libtrace if the module
139                                          * doesn't support snapping natively
140                                          */
141        uint64_t accepted_packets;      /**< Number of packets returned to the
142                                          * user
143                                          */
144        uint64_t filtered_packets;      /**< Number of packets filtered by
145                                          * libtrace
146                                          */
147        char *uridata;                  /**< the uri of this trace */
148
149        libtrace_err_t err;             /**< error information */
150        bool started;                   /**< if this trace has started */
151};
152
153/** Information about output traces
154 * @internal
155 */
156struct libtrace_out_t {
157        struct libtrace_format_t *format;       /**< format driver */
158        void *format_data;              /**< format data */
159        char *uridata;                  /**< URI associated with this trace */
160        libtrace_err_t err;             /**< Associated error */
161        bool started;                   /**< trace started */
162};
163
164void trace_set_err(libtrace_t *trace, int errcode,const char *msg,...) 
165                                                                PRINTF(3,4);
166void trace_set_err_out(libtrace_out_t *trace, int errcode, const char *msg,...)
167                                                                PRINTF(3,4);
168
169
170/*
171 *
172 * The basic idea of this function is that it will take the data pointed to
173 * by 'buffer' and treat it as a packet of the same format type as the
174 * libtrace_t pointed to by 'trace', including the format framing (e.g. an
175 * erf header for erf and dag formats, a pcap header for pcap formats).
176 *
177 * The libtrace packet pointed to by 'packet' will then have its internal
178 * pointers and values replaced with ones that describe the packet in 'buffer'.
179 *
180 * 'rt_type' is used to set packet->type while 'flags' is relatively
181 * self-explanatory. Definitions of the accepted flags will be provided below.
182 *
183 * The primary use of this function is to allow rt_read_packet to nicely
184 * convert packets from the RT format back to the format that they were
185 * originally captured with, as RT essentially encapsulates the original trace
186 * format. We've decided to not make this function available via the API
187 * because there are a number of issues that can arise if it is not used
188 * very carefully and there are few situations outside of the RT case where
189 * you'd want to do something like this anyway.
190 *
191 * Returns 0 if successful, -1 if something goes horribly wrong
192 */
193int trace_prepare_packet(libtrace_t *trace, libtrace_packet_t *packet,
194                void *buffer, libtrace_rt_types_t rt_type, uint32_t flags);
195
196/* Flags for prepare_packet functions */
197/*-------------------------------------*/
198enum {
199        /* If set, the memory pointed to by 'buffer' is malloc()'d and
200         * libtrace should undertake ownership of that memory. If not set,
201         * the memory is treated as externally-owned and will not be freed by
202         * libtrace when the packet is destroyed. */
203        TRACE_PREP_OWN_BUFFER           =1,
204        TRACE_PREP_DO_NOT_OWN_BUFFER    =0
205};
206
207#define TRACE_PREP_OWN_BUFFER   1
208
209                                                               
210typedef struct libtrace_sll_header_t {
211        uint16_t pkttype;               /* packet type */
212        uint16_t hatype;                /* link-layer address type */
213        uint16_t halen;                 /* link-layer address length */
214        char addr[8];                   /* link-layer address */
215        uint16_t protocol;              /* protocol */
216} libtrace_sll_header_t;
217
218#define TRACE_SLL_HOST          0
219#define TRACE_SLL_BROADCAST     1
220#define TRACE_SLL_MULTICAST     2
221#define TRACE_SLL_OTHERHOST     3
222#define TRACE_SLL_OUTGOING      4
223
224#ifndef PF_RULESET_NAME_SIZE
225#define PF_RULESET_NAME_SIZE 16
226#endif
227
228#ifndef IFNAMSIZ
229#define IFNAMSIZ 16
230#endif
231
232typedef struct libtrace_pflog_header_t {
233        uint8_t    length;
234        sa_family_t   af;
235        uint8_t    action;
236        uint8_t    reason;
237        char       ifname[IFNAMSIZ];
238        char       ruleset[PF_RULESET_NAME_SIZE];
239        uint32_t   rulenr;
240        uint32_t   subrulenr;
241        uint8_t    dir;
242        uint8_t    pad[3];
243} PACKED libtrace_pflog_header_t;
244
245
246
247/** Module definition structure */
248/* all of these should return -1, or NULL on failure */
249struct libtrace_format_t {
250        /** the uri name of this module */
251        const char *name;
252        /** the version of this module */
253        const char *version;
254        /** the RT protocol type of this module */
255        enum base_format_t type;
256        /** stuff that deals with input @{ */
257        /** initialise an trace (or NULL if input is not supported) */
258        int (*init_input)(libtrace_t *libtrace);
259        /** configure an trace (or NULL if input is not supported) */
260        int (*config_input)(libtrace_t *libtrace,trace_option_t option,void *value);
261        /** start/unpause an trace (or NULL if input not supported) */
262        int (*start_input)(libtrace_t *libtrace);
263        /** pause an trace (or NULL if input not supported) */
264        int (*pause_input)(libtrace_t *libtrace);
265        /** @} */
266        /** stuff that deals with output @{ */
267        /** initialise output traces (or NULL if output not supported) */
268        int (*init_output)(libtrace_out_t *libtrace);
269        /** configure output traces (or NULL if output not supported) */
270        int (*config_output)(libtrace_out_t *libtrace, trace_option_output_t option, void *);
271        /** start output traces (or NULL if output not supported)
272         * There is no pause for output traces, as packets are not arriving
273         * asyncronously
274         */
275        int (*start_output)(libtrace_out_t *libtrace);
276        /** @} */
277        /** finish an input trace, cleanup (or NULL if input not supported)
278         * if the trace is not paused, libtrace will pause the trace before
279         * calling this function.
280         */
281        int (*fin_input)(libtrace_t *libtrace);
282        /** finish an output trace, cleanup (or NULL if output not supported) */
283        int (*fin_output)(libtrace_out_t *libtrace);
284        /** read a packet from a trace into the provided packet structure
285         * @returns -1 on error, or get_framing_length()+get_capture_length() \
286         * on success.
287         * if this function is not supported, this field may be NULL.
288         */
289        int (*read_packet)(libtrace_t *libtrace, libtrace_packet_t *packet);
290        /** prepares a packet for general libtrace usage
291         * updates internal trace and packet details, such as payload pointers,
292         * loss counters and packet types.
293         * Intended (at this stage) only for internal use, particularly by
294         * RT which needs to decapsulate RT packets */
295        int (*prepare_packet)(libtrace_t *libtrace, libtrace_packet_t *packet,
296                        void *buffer, libtrace_rt_types_t rt_type, 
297                        uint32_t flags);
298        /** finalise a packet
299         * cleanup any resources used by a packet that can't be reused for
300         * the next packet.
301         */
302        void (*fin_packet)(libtrace_packet_t *packet);
303        /** write a packet to a trace from the provided packet
304         * (or NULL if output not supported)
305         */
306        int (*write_packet)(libtrace_out_t *libtrace, libtrace_packet_t *packet);
307        /** return the libtrace link type for this packet
308         * @return the libtrace link type, or -1 if this link type is unknown
309         */ 
310        libtrace_linktype_t (*get_link_type)(const libtrace_packet_t *packet);
311        /** return the direction of this packet
312         * @note This callback may be NULL if not supported.
313         */ 
314        libtrace_direction_t (*get_direction)(const libtrace_packet_t *packet);
315        /** set the direction of this packet
316         * @note This callback may be NULL if not supported.
317         */ 
318        libtrace_direction_t (*set_direction)(libtrace_packet_t *packet, libtrace_direction_t direction);
319        /** return the erf timestamp of the packet.
320         * @return the 64bit erf timestamp
321         * This field may be NULL in the structure, and libtrace will
322         * synthesise the result from get_timeval or get_seconds if they
323         * exist.  AT least one of get_erf_timestamp, get_timeval or
324         * get_seconds must be implemented.
325         */
326        uint64_t (*get_erf_timestamp)(const libtrace_packet_t *packet);
327        /** return the timeval of this packet.
328         * @return the timeval
329         * This field may be NULL in the structure, and libtrace will
330         * synthesise the result from get_erf_timestamp or get_seconds if they
331         * exist.  AT least one of get_erf_timestamp, get_timeval or
332         * get_seconds must be implemented.
333         */
334        struct timeval (*get_timeval)(const libtrace_packet_t *packet);
335        /** return the timestamp of this packet.
336         * @return the floating point seconds since 1970-01-01 00:00:00
337         * This field may be NULL in the structure, and libtrace will
338         * synthesise the result from get_timeval or get_erf_timestamp if they
339         * exist.  AT least one of get_erf_timestamp, get_timeval or
340         * get_seconds must be implemented.
341         */
342        double (*get_seconds)(const libtrace_packet_t *packet);
343        /** move the pointer within the trace.
344         * @return 0 on success, -1 on failure.
345         * The next packet returned by read_packet be the first
346         * packet in the trace to have a timestamp equal or greater than
347         * timestamp.
348         * @note this function may be NULL if the format does not support
349         * this feature.  If the format implements seek_timeval and/or
350         * seek_seconds then libtrace will call those functions instead.
351         */
352        int (*seek_erf)(libtrace_t *trace, uint64_t timestamp);
353        /** move the pointer within the trace.
354         * @return 0 on success, -1 on failure.
355         * The next packet returned by read_packet be the first
356         * packet in the trace to have a timestamp equal or greater than
357         * timestamp.
358         * @note this function may be NULL if the format does not support
359         * this feature.  If the format implements seek_erf and/or
360         * seek_seconds then libtrace will call those functions instead.
361         */
362        int (*seek_timeval)(libtrace_t *trace, struct timeval tv);
363        /** move the pointer within the trace.
364         * @return 0 on success, -1 on failure.
365         * The next packet returned by read_packet be the first
366         * packet in the trace to have a timestamp equal or greater than
367         * tv.
368         * @note this function may be NULL if the format does not support
369         * this feature.  If the format implements seek_erf and/or
370         * seek_timeval then libtrace will call those functions instead.
371         */
372        int (*seek_seconds)(libtrace_t *trace, double seconds);
373        /** return the captured payload length
374         * @return the amount of data captured in a trace.
375         * This is the number of bytes actually in the trace.  This does not
376         * include the trace framing length.  This is usually shorter or
377         * equal to the wire length.
378         */
379        int (*get_capture_length)(const libtrace_packet_t *packet);
380        /** return the original length of the packet on the wire.
381         * @return the length of the packet on the wire before truncation.
382         * This is the number of bytes actually in the trace.  This does not
383         * include the trace framing length.  This is usually shorter or
384         * equal to the wire length.
385         */
386        int (*get_wire_length)(const libtrace_packet_t *packet);
387        /** return the length of the trace framing header
388         * @return the length of the framing header
389         * The framing header is the extra metadata a trace stores about
390         * a packet.  This does not include the wire or capture length
391         * of the packet.  Usually get_framing_length()+get_capture_length()
392         * is the size returned by read_packet
393         */
394        int (*get_framing_length)(const libtrace_packet_t *packet);
395        /** truncate (snap) the packet
396         * @returns the new size
397         * @note This callback may be NULL if not supported.
398         */
399        size_t (*set_capture_length)(struct libtrace_packet_t *packet,size_t size);
400        /** Report the number of packets ever seen as early as possible
401         */
402        uint64_t (*get_received_packets)(libtrace_t *trace);
403        /** Report the number of filtered packets.
404         */
405        uint64_t (*get_filtered_packets)(libtrace_t *trace);
406        /** Return the number of dropped packets */
407        uint64_t (*get_dropped_packets)(libtrace_t *trace);
408        /** Report number of captured packets
409         */
410        uint64_t (*get_captured_packets)(libtrace_t *trace);
411        /** return the filedescriptor associated with this interface.
412         * @note This callback may be NULL if not supported.
413         * This function is only needed if you use trace_event_interface
414         * as the pointer for trace_event
415         */
416        int (*get_fd)(const libtrace_t *trace);
417        /** return the next event from this source
418         * @note may be NULL if not supported.
419         */
420        struct libtrace_eventobj_t (*trace_event)(libtrace_t *trace, libtrace_packet_t *packet);       
421        /** return information about this trace format to standard out */
422        void (*help)(void);
423        /** next pointer, should be NULL */
424        struct libtrace_format_t *next;
425};
426
427extern struct libtrace_format_t *form;
428
429void register_format(struct libtrace_format_t *format);
430
431libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_dlt_t linktype);
432libtrace_rt_types_t pcap_linktype_to_rt(libtrace_dlt_t linktype);
433libtrace_dlt_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
434libtrace_dlt_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
435libtrace_dlt_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
436libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
437uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
438libtrace_linktype_t arphrd_type_to_libtrace(unsigned int);
439unsigned int libtrace_to_arphrd_type(libtrace_linktype_t);
440
441void promote_packet(libtrace_packet_t *packet);
442bool demote_packet(libtrace_packet_t *packet);
443
444void *trace_get_payload_from_linux_sll(const void *, uint16_t *, uint32_t *);
445void *trace_get_payload_from_pos(void *, uint16_t *, uint32_t *);
446DLLEXPORT void *trace_get_payload_from_atm(void *, uint8_t *, uint32_t *);
447
448uint64_t byteswap64(uint64_t num);
449uint32_t byteswap32(uint32_t num);
450uint16_t byteswap16(uint16_t num);
451
452/* Because some traces/protocols are defined as
453 * being "big endian" or "little endian" we have
454 * this series of macros.
455 */
456#if BYTE_ORDER == BIG_ENDIAN
457#define bswap_host_to_be64(num) ((uint64_t)(num))
458#define bswap_host_to_le64(num) byteswap64(num)
459#define bswap_host_to_be32(num) ((uint32_t)(num))
460#define bswap_host_to_le32(num) byteswap32(num)
461#define bswap_host_to_be16(num) ((uint16_t)(num))
462#define bswap_host_to_le16(num) byteswap16(num)
463
464#define bswap_be_to_host64(num) ((uint64_t)(num))
465#define bswap_le_to_host64(num) byteswap64(num)
466#define bswap_be_to_host32(num) ((uint32_t)(num))
467#define bswap_le_to_host32(num) byteswap32(num)
468#define bswap_be_to_host16(num) ((uint16_t)(num))
469#define bswap_le_to_host16(num) byteswap16(num)
470
471/* We use ntoh*() here, because the compiler may
472 * attempt to optimise it
473 */
474#elif BYTE_ORDER == LITTLE_ENDIAN
475#define bswap_host_to_be64(num) (byteswap64(num))
476#define bswap_host_to_le64(num) ((uint64_t)(num))
477#define bswap_host_to_be32(num) (htonl(num))
478#define bswap_host_to_le32(num) ((uint32_t)(num))
479#define bswap_host_to_be16(num) (htons(num))
480#define bswap_host_to_le16(num) ((uint16_t)(num))
481
482#define bswap_be_to_host64(num) (byteswap64(num))
483#define bswap_le_to_host64(num) ((uint64_t)(num))
484#define bswap_be_to_host32(num) (ntohl(num))
485#define bswap_le_to_host32(num) ((uint32_t)(num))
486#define bswap_be_to_host16(num) (ntohs(num))
487#define bswap_le_to_host16(num) ((uint16_t)(num))
488
489#else
490#error "Unknown byte order"
491#endif
492
493#ifdef HAVE_BPF
494/* A type encapsulating a bpf filter
495 * This type covers the compiled bpf filter, as well as the original filter
496 * string
497 *
498 */
499struct libtrace_filter_t {
500        struct bpf_program filter;
501        char * filterstring;
502        int flag;
503};
504#else
505struct libtrace_filter_t {};
506#endif
507
508/** libtrace packet
509 */
510typedef struct libtrace_pcapfile_pkt_hdr_t {
511        uint32_t ts_sec;
512        uint32_t ts_usec;
513        uint32_t caplen;
514        uint32_t wirelen;
515} libtrace_pcapfile_pkt_hdr_t;
516
517#ifdef HAVE_DAG
518void dag_constructor(void);
519#endif
520void erf_constructor(void);
521void tsh_constructor(void);
522void legacy_constructor(void);
523void linuxnative_constructor(void);
524void pcap_constructor(void);
525void pcapfile_constructor(void);
526void rt_constructor(void);
527void duck_constructor(void);
528void atmhdr_constructor(void);
529#ifdef HAVE_BPF
530void bpf_constructor(void);
531#endif
532
533/* Used internally by get_wire_length() methods */
534bool trace_get_wireless_flags(void *link, libtrace_linktype_t linktype, uint8_t *flags);
535#define TRACE_RADIOTAP_F_FCS 0x10
536       
537#ifdef __cplusplus
538}
539#endif
540
541#endif /* LIBTRACE_INT_H */
Note: See TracBrowser for help on using the repository browser.