source: lib/libtrace_int.h @ 73dd29f

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since 73dd29f was 73dd29f, checked in by Perry Lorier <perry@…>, 14 years ago

Sooo, pcap has two types of DLT's "pure" DLT's that are platform dependant,
and "linktype" DLT's that are portable and are what are written to pcap files.

Instead of fudging the two concepts together so much, attempt to disintangle
this mess without exposing too much of the god awful mess to the end user.

  • Property mode set to 100644
File size: 15.3 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2007 The University of Waikato, Hamilton, New Zealand.
5 * Authors: Daniel Lawson
6 *          Perry Lorier
7 *         
8 * All rights reserved.
9 *
10 * This code has been developed by the University of Waikato WAND
11 * research group. For further information please see http://www.wand.net.nz/
12 *
13 * libtrace is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * libtrace is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with libtrace; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26 *
27 * $Id$
28 *
29 */
30/** @file */
31
32#ifndef LIBTRACE_INT_H
33#define LIBTRACE_INT_H
34
35#ifdef __cplusplus
36extern "C" {
37#endif
38
39#include "common.h"
40#include "config.h"
41#include "libtrace.h"
42
43#ifdef _MSC_VER
44// warning: deprecated function
45#pragma warning(disable:4996)
46// warning: benign redefinitions of types
47#pragma warning(disable:4142)
48#endif
49
50#ifdef HAVE_INTTYPES_H
51# include <inttypes.h>
52#else
53# include "lt_inttypes.h"
54#endif
55
56#ifdef HAVE_STDDEF_H
57# include <stddef.h>
58#else
59#ifndef WIN32
60# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
61#endif
62#endif
63
64
65#include "rt_protocol.h"
66       
67/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
68#ifdef HAVE_NET_BPF_H
69#    include <net/bpf.h>
70#    define HAVE_BPF 1
71#else
72#ifdef HAVE_PCAP_BPF_H
73#  include <pcap-bpf.h>
74#  define HAVE_BPF 1
75#endif
76#endif
77
78#ifdef HAVE_PCAP_H
79#  include <pcap.h>
80#  ifdef HAVE_PCAP_INT_H
81#    include <pcap-int.h>
82#  endif
83#endif
84
85#ifdef HAVE_ZLIB_H
86#  include <zlib.h>
87#endif
88
89#ifndef HAVE_STRNCASECMP
90# ifndef HAVE__STRNICMP
91int strncasecmp(const char *str1, const char *str2, size_t n);
92# else
93# define strncasecmp _strnicmp
94# endif
95#endif
96
97#ifndef HAVE_SNPRINTF
98# ifndef HAVE_SPRINTF_S
99int snprintf(char *str, size_t size, const char *format, ...);
100# else
101# define snprintf sprintf_s
102# endif
103#endif
104
105#include "wag.h"
106#include "daglegacy.h"
107       
108#ifdef HAVE_DAG_API
109#  include "dagnew.h"
110#  include "dagapi.h"
111#       ifndef DAG_VERSION_2_4
112#               include <daginf.h>
113#       endif
114#else
115#  include "dagformat.h"
116#endif
117
118#define RP_BUFSIZE 65536U
119
120struct libtrace_event_status_t {
121        libtrace_packet_t *packet;
122        int psize;
123        double tdelta;
124        double trace_last_ts;
125};
126
127/** The information about traces that are open
128 * @internal
129 */
130struct libtrace_t {
131        struct libtrace_format_t *format; /**< format driver pointer */
132        void *format_data; /**<format data pointer */
133        bool started;                   /**< if this trace has started */
134        libtrace_err_t err;             /**< error information */
135        struct libtrace_event_status_t event;   /**< the next event */
136        char *uridata;                  /**< the uri of this trace */
137        struct libtrace_filter_t *filter; /**< used by libtrace if the module
138                                            * doesn't support filters natively
139                                            */
140        size_t snaplen;         /**< used by libtrace if the module
141                                          * doesn't support snapping natively
142                                          */
143};
144
145/** Information about output traces
146 * @internal
147 */
148struct libtrace_out_t {
149        struct libtrace_format_t *format;       /**< format driver */
150        void *format_data;              /**< format data */
151        bool started;                   /**< trace started */
152        libtrace_err_t err;             /**< Associated error */
153        char *uridata;                  /**< URI associated with this trace */
154};
155
156void trace_set_err(libtrace_t *trace, int errcode,const char *msg,...) 
157                                                                PRINTF(3,4);
158void trace_set_err_out(libtrace_out_t *trace, int errcode, const char *msg,...)
159                                                                PRINTF(3,4);
160
161typedef struct libtrace_sll_header_t {
162        uint16_t pkttype;               /* packet type */
163        uint16_t hatype;                /* link-layer address type */
164        uint16_t halen;                 /* link-layer address length */
165        char addr[8];                   /* link-layer address */
166        uint16_t protocol;              /* protocol */
167} libtrace_sll_header_t;
168
169#define TRACE_SLL_HOST          0
170#define TRACE_SLL_BROADCAST     1
171#define TRACE_SLL_MULTICAST     2
172#define TRACE_SLL_OTHERHOST     3
173#define TRACE_SLL_OUTGOING      4
174
175#ifndef PF_RULESET_NAME_SIZE
176#define PF_RULESET_NAME_SIZE 16
177#endif
178
179#ifndef IFNAMSIZ
180#define IFNAMSIZ 16
181#endif
182
183typedef struct libtrace_pflog_header_t {
184        uint8_t    length;
185        sa_family_t   af;
186        uint8_t    action;
187        uint8_t    reason;
188        char       ifname[IFNAMSIZ];
189        char       ruleset[PF_RULESET_NAME_SIZE];
190        uint32_t   rulenr;
191        uint32_t   subrulenr;
192        uint8_t    dir;
193        uint8_t    pad[3];
194} libtrace_pflog_header_t;
195
196
197
198/** Module definition structure */
199/* all of these should return -1, or NULL on failure */
200struct libtrace_format_t {
201        /** the uri name of this module */
202        const char *name;
203        /** the version of this module */
204        const char *version;
205        /** the RT protocol type of this module */
206        enum base_format_t type;
207        /** stuff that deals with input @{ */
208        /** initialise an trace (or NULL if input is not supported) */
209        int (*init_input)(libtrace_t *libtrace);
210        /** configure an trace (or NULL if input is not supported) */
211        int (*config_input)(libtrace_t *libtrace,trace_option_t option,void *value);
212        /** start/unpause an trace (or NULL if input not supported) */
213        int (*start_input)(libtrace_t *libtrace);
214        /** pause an trace (or NULL if input not supported) */
215        int (*pause_input)(libtrace_t *libtrace);
216        /** @} */
217        /** stuff that deals with output @{ */
218        /** initialise output traces (or NULL if output not supported) */
219        int (*init_output)(libtrace_out_t *libtrace);
220        /** configure output traces (or NULL if output not supported) */
221        int (*config_output)(libtrace_out_t *libtrace, trace_option_output_t option, void *);
222        /** start output traces (or NULL if output not supported)
223         * There is no pause for output traces, as packets are not arriving
224         * asyncronously
225         */
226        int (*start_output)(libtrace_out_t *libtrace);
227        /** @} */
228        /** finish an input trace, cleanup (or NULL if input not supported)
229         * if the trace is not paused, libtrace will pause the trace before
230         * calling this function.
231         */
232        int (*fin_input)(libtrace_t *libtrace);
233        /** finish an output trace, cleanup (or NULL if output not supported) */
234        int (*fin_output)(libtrace_out_t *libtrace);
235        /** read a packet from a trace into the provided packet structure
236         * @returns -1 on error, or get_framing_length()+get_capture_length() \
237         * on success.
238         * if this function is not supported, this field may be NULL.
239         */
240        int (*read_packet)(libtrace_t *libtrace, libtrace_packet_t *packet);
241        /** finalise a packet
242         * cleanup any resources used by a packet that can't be reused for
243         * the next packet.
244         */
245        void (*fin_packet)(libtrace_packet_t *packet);
246        /** write a packet to a trace from the provided packet
247         * (or NULL if output not supported)
248         */
249        int (*write_packet)(libtrace_out_t *libtrace, libtrace_packet_t *packet);
250        /** return the libtrace link type for this packet
251         * @return the libtrace link type, or -1 if this link type is unknown
252         */ 
253        libtrace_linktype_t (*get_link_type)(const libtrace_packet_t *packet);
254        /** return the direction of this packet
255         * @note This callback may be NULL if not supported.
256         */ 
257        libtrace_direction_t (*get_direction)(const libtrace_packet_t *packet);
258        /** set the direction of this packet
259         * @note This callback may be NULL if not supported.
260         */ 
261        libtrace_direction_t (*set_direction)(libtrace_packet_t *packet, libtrace_direction_t direction);
262        /** return the erf timestamp of the packet.
263         * @return the 64bit erf timestamp
264         * This field may be NULL in the structure, and libtrace will
265         * synthesise the result from get_timeval or get_seconds if they
266         * exist.  AT least one of get_erf_timestamp, get_timeval or
267         * get_seconds must be implemented.
268         */
269        uint64_t (*get_erf_timestamp)(const libtrace_packet_t *packet);
270        /** return the timeval of this packet.
271         * @return the timeval
272         * This field may be NULL in the structure, and libtrace will
273         * synthesise the result from get_erf_timestamp or get_seconds if they
274         * exist.  AT least one of get_erf_timestamp, get_timeval or
275         * get_seconds must be implemented.
276         */
277        struct timeval (*get_timeval)(const libtrace_packet_t *packet);
278        /** return the timestamp of this packet.
279         * @return the floating point seconds since 1970-01-01 00:00:00
280         * This field may be NULL in the structure, and libtrace will
281         * synthesise the result from get_timeval or get_erf_timestamp if they
282         * exist.  AT least one of get_erf_timestamp, get_timeval or
283         * get_seconds must be implemented.
284         */
285        double (*get_seconds)(const libtrace_packet_t *packet);
286        /** move the pointer within the trace.
287         * @return 0 on success, -1 on failure.
288         * The next packet returned by read_packet be the first
289         * packet in the trace to have a timestamp equal or greater than
290         * timestamp.
291         * @note this function may be NULL if the format does not support
292         * this feature.  If the format implements seek_timeval and/or
293         * seek_seconds then libtrace will call those functions instead.
294         */
295        int (*seek_erf)(libtrace_t *trace, uint64_t timestamp);
296        /** move the pointer within the trace.
297         * @return 0 on success, -1 on failure.
298         * The next packet returned by read_packet be the first
299         * packet in the trace to have a timestamp equal or greater than
300         * timestamp.
301         * @note this function may be NULL if the format does not support
302         * this feature.  If the format implements seek_erf and/or
303         * seek_seconds then libtrace will call those functions instead.
304         */
305        int (*seek_timeval)(libtrace_t *trace, struct timeval tv);
306        /** move the pointer within the trace.
307         * @return 0 on success, -1 on failure.
308         * The next packet returned by read_packet be the first
309         * packet in the trace to have a timestamp equal or greater than
310         * tv.
311         * @note this function may be NULL if the format does not support
312         * this feature.  If the format implements seek_erf and/or
313         * seek_timeval then libtrace will call those functions instead.
314         */
315        int (*seek_seconds)(libtrace_t *trace, double seconds);
316        /** return the captured payload length
317         * @return the amount of data captured in a trace.
318         * This is the number of bytes actually in the trace.  This does not
319         * include the trace framing length.  This is usually shorter or
320         * equal to the wire length.
321         */
322        int (*get_capture_length)(const libtrace_packet_t *packet);
323        /** return the original length of the packet on the wire.
324         * @return the length of the packet on the wire before truncation.
325         * This is the number of bytes actually in the trace.  This does not
326         * include the trace framing length.  This is usually shorter or
327         * equal to the wire length.
328         */
329        int (*get_wire_length)(const libtrace_packet_t *packet);
330        /** return the length of the trace framing header
331         * @return the length of the framing header
332         * The framing header is the extra metadata a trace stores about
333         * a packet.  This does not include the wire or capture length
334         * of the packet.  Usually get_framing_length()+get_capture_length()
335         * is the size returned by read_packet
336         */
337        int (*get_framing_length)(const libtrace_packet_t *packet);
338        /** truncate (snap) the packet
339         * @returns the new size
340         * @note This callback may be NULL if not supported.
341         */
342        size_t (*set_capture_length)(struct libtrace_packet_t *packet,size_t size);
343        /** return the filedescriptor associated with this interface.
344         * @note This callback may be NULL if not supported.
345         * This function is only needed if you use trace_event_interface
346         * as the pointer for trace_event
347         */
348        int (*get_fd)(const libtrace_t *trace);
349        /** return the next event from this source
350         * @note may be NULL if not supported.
351         */
352        struct libtrace_eventobj_t (*trace_event)(libtrace_t *trace, libtrace_packet_t *packet);       
353        /** return information about this trace format to standard out */
354        void (*help)(void);
355        /** next pointer, should be NULL */
356        struct libtrace_format_t *next;
357};
358
359extern struct libtrace_format_t *form;
360
361void register_format(struct libtrace_format_t *format);
362
363libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_linktype_t linktype);
364libtrace_linktype_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
365libtrace_linktype_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
366libtrace_rt_types_t pcap_linktype_to_rt(libtrace_linktype_t linktype);
367libtrace_linktype_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
368libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
369uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
370libtrace_linktype_t arphrd_type_to_libtrace(unsigned int);
371unsigned int libtrace_to_arphrd_type(libtrace_linktype_t);
372
373void promote_packet(libtrace_packet_t *packet);
374bool demote_packet(libtrace_packet_t *packet);
375
376void *trace_get_payload_from_linux_sll(void *, uint16_t *, uint32_t *);
377void *trace_get_payload_from_pos(void *, uint16_t *, uint32_t *);
378DLLEXPORT void *trace_get_payload_from_atm(void *, uint8_t *, uint32_t *);
379
380uint64_t byteswap64(uint64_t num);
381uint32_t byteswap32(uint32_t num);
382uint16_t byteswap16(uint16_t num);
383
384/* Because some traces/protocols are defined as
385 * being "big endian" or "little endian" we have
386 * this series of macros.
387 */
388#if BYTE_ORDER == BIG_ENDIAN
389#define bswap_host_to_be64(num) ((uint64_t)(num))
390#define bswap_host_to_le64(num) byteswap64(num)
391#define bswap_host_to_be32(num) ((uint32_t)(num))
392#define bswap_host_to_le32(num) byteswap32(num)
393#define bswap_host_to_be16(num) ((uint16_t)(num))
394#define bswap_host_to_le16(num) byteswap16(num)
395
396#define bswap_be_to_host64(num) ((uint64_t)(num))
397#define bswap_le_to_host64(num) byteswap64(num)
398#define bswap_be_to_host32(num) ((uint32_t)(num))
399#define bswap_le_to_host32(num) byteswap32(num)
400#define bswap_be_to_host16(num) ((uint16_t)(num))
401#define bswap_le_to_host16(num) byteswap16(num)
402
403/* We use ntoh*() here, because the compiler may
404 * attempt to optimise it
405 */
406#elif BYTE_ORDER == LITTLE_ENDIAN
407#define bswap_host_to_be64(num) (byteswap64(num))
408#define bswap_host_to_le64(num) ((uint64_t)(num))
409#define bswap_host_to_be32(num) (htonl(num))
410#define bswap_host_to_le32(num) ((uint32_t)(num))
411#define bswap_host_to_be16(num) (htons(num))
412#define bswap_host_to_le16(num) ((uint16_t)(num))
413
414#define bswap_be_to_host64(num) (byteswap64(num))
415#define bswap_le_to_host64(num) ((uint64_t)(num))
416#define bswap_be_to_host32(num) (ntohl(num))
417#define bswap_le_to_host32(num) ((uint32_t)(num))
418#define bswap_be_to_host16(num) (ntohs(num))
419#define bswap_le_to_host16(num) ((uint16_t)(num))
420
421#else
422#error "Unknown byte order"
423#endif
424
425#ifdef HAVE_BPF
426/* A type encapsulating a bpf filter
427 * This type covers the compiled bpf filter, as well as the original filter
428 * string
429 *
430 */
431struct libtrace_filter_t {
432        struct bpf_program filter;
433        int flag;
434        char * filterstring;
435};
436#else
437struct libtrace_filter_t {};
438#endif
439
440/** libtrace packet
441 */
442typedef struct libtrace_pcapfile_pkt_hdr_t {
443        uint32_t ts_sec;
444        uint32_t ts_usec;
445        uint32_t caplen;
446        uint32_t wirelen;
447} libtrace_pcapfile_pkt_hdr_t;
448
449#ifdef HAVE_DAG
450void dag_constructor(void);
451#endif
452void erf_constructor(void);
453void tsh_constructor(void);
454void legacy_constructor(void);
455void linuxnative_constructor(void);
456void pcap_constructor(void);
457void pcapfile_constructor(void);
458void rt_constructor(void);
459void wag_constructor(void);
460void duck_constructor(void);
461
462/* Used internally by get_wire_length() methods */
463bool trace_get_wireless_flags(void *link, libtrace_linktype_t linktype, uint8_t *flags);
464#define TRACE_RADIOTAP_F_FCS 0x10
465       
466#ifdef __cplusplus
467}
468#endif
469
470#endif /* LIBTRACE_INT_H */
Note: See TracBrowser for help on using the repository browser.