Context Navigation

source: lib/libtrace_int.h @ f0fb38f

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes

Last change on this file since f0fb38f was f0fb38f, checked in by Shane Alcock <salcock@…>, 13 years ago
Added prepare_packet functions to all formats, primarily to support translating RT packets into the appropriate format. These functions are all used internally as well, as most formats still need to "prepare" packets that have been read by setting pointers, updating loss counters etc. Also added a trace_prepare_packet function, but this is not made available externally at this stage Added init_format_data functions to some formats to initialise format data structures in cases where the init_trace function does more than just that Refactored rt packet reading code to use the new trace_prepare_packet functionality - also did a lot of tidying of the code Added missing RT type for BPF format
Property mode set to `100644`
File size: 18.0 KB

Line
1	/*
2	* This file is part of libtrace
3	*
4	* Copyright (c) 2007,2008 The University of Waikato, Hamilton, New Zealand.
5	* Authors: Daniel Lawson
6	* Perry Lorier
7	*
8	* All rights reserved.
9	*
10	* This code has been developed by the University of Waikato WAND
11	* research group. For further information please see http://www.wand.net.nz/
12	*
13	* libtrace is free software; you can redistribute it and/or modify
14	* it under the terms of the GNU General Public License as published by
15	* the Free Software Foundation; either version 2 of the License, or
16	* (at your option) any later version.
17	*
18	* libtrace is distributed in the hope that it will be useful,
19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	* GNU General Public License for more details.
22	*
23	* You should have received a copy of the GNU General Public License
24	* along with libtrace; if not, write to the Free Software
25	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26	*
27	* $Id$
28	*
29	*/
30	/** @file */
31
32	#ifndef LIBTRACE_INT_H
33	#define LIBTRACE_INT_H
34
35	#ifdef __cplusplus
36	extern "C" {
37	#endif
38
39	#include "common.h"
40	#include "config.h"
41	#include "libtrace.h"
42
43	#ifdef _MSC_VER
44	// warning: deprecated function
45	#pragma warning(disable:4996)
46	// warning: benign redefinitions of types
47	#pragma warning(disable:4142)
48	#endif
49
50	#ifdef HAVE_INTTYPES_H
51	# include <inttypes.h>
52	#else
53	# include "lt_inttypes.h"
54	#endif
55
56	#ifdef HAVE_STDDEF_H
57	# include <stddef.h>
58	#else
59	#ifndef WIN32
60	# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
61	#endif
62	#endif
63
64
65	#include "rt_protocol.h"
66
67	/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
68	#ifdef HAVE_NET_BPF_H
69	# include <net/bpf.h>
70	# define HAVE_BPF 1
71	#else
72	#ifdef HAVE_PCAP_BPF_H
73	# include <pcap-bpf.h>
74	# define HAVE_BPF 1
75	#endif
76	#endif
77
78	#ifdef HAVE_PCAP_H
79	# include <pcap.h>
80	# ifdef HAVE_PCAP_INT_H
81	# include <pcap-int.h>
82	# endif
83	#endif
84
85	#ifdef HAVE_ZLIB_H
86	# include <zlib.h>
87	#endif
88
89	#ifndef HAVE_STRNCASECMP
90	# ifndef HAVE__STRNICMP
91	int strncasecmp(const char str1, const char str2, size_t n);
92	# else
93	# define strncasecmp _strnicmp
94	# endif
95	#endif
96
97	#ifndef HAVE_SNPRINTF
98	# ifndef HAVE_SPRINTF_S
99	int snprintf(char str, size_t size, const char format, ...);
100	# else
101	# define snprintf sprintf_s
102	# endif
103	#endif
104
105	#include "daglegacy.h"
106
107	#ifdef HAVE_DAG_API
108	# include "dagnew.h"
109	# include "dagapi.h"
110	# if DAG_VERSION == 25
111	# include <daginf.h>
112	# else
113	# include <erftypes.h>
114	# endif
115	#else
116	# include "dagformat.h"
117	#endif
118
119	#define RP_BUFSIZE 65536U
120
121	struct libtrace_event_status_t {
122	libtrace_packet_t *packet;
123	double tdelta;
124	double trace_last_ts;
125	int psize;
126	};
127
128	/** The information about traces that are open
129	* @internal
130	*/
131	struct libtrace_t {
132	struct libtrace_format_t format; /< format driver pointer /
133	struct libtrace_event_status_t event; /*< the next event /
134	void format_data; /<format data pointer /
135	struct libtrace_filter_t filter; /*< used by libtrace if the module
136	* doesn't support filters natively
137	*/
138	size_t snaplen; /**< used by libtrace if the module
139	* doesn't support snapping natively
140	*/
141	uint64_t accepted_packets; /**< Number of packets returned to the
142	* user
143	*/
144	uint64_t filtered_packets; /**< Number of packets filtered by
145	* libtrace
146	*/
147	char uridata; /< the uri of this trace /
148
149	libtrace_err_t err; /*< error information /
150	bool started; /*< if this trace has started /
151	};
152
153	/** Information about output traces
154	* @internal
155	*/
156	struct libtrace_out_t {
157	struct libtrace_format_t format; /< format driver /
158	void format_data; /< format data /
159	char uridata; /< URI associated with this trace /
160	libtrace_err_t err; /*< Associated error /
161	bool started; /*< trace started /
162	};
163
164	void trace_set_err(libtrace_t trace, int errcode,const char msg,...)
165	PRINTF(3,4);
166	void trace_set_err_out(libtrace_out_t trace, int errcode, const char msg,...)
167	PRINTF(3,4);
168
169
170	/*
171	*
172	* The basic idea of this function is that it will take the data pointed to
173	* by 'buffer' and treat it as a packet of the same format type as the
174	* libtrace_t pointed to by 'trace', including the format framing (e.g. an
175	* erf header for erf and dag formats, a pcap header for pcap formats).
176	*
177	* The libtrace packet pointed to by 'packet' will then have its internal
178	* pointers and values replaced with ones that describe the packet in 'buffer'.
179	*
180	* 'rt_type' is used to set packet->type while 'flags' is relatively
181	* self-explanatory. Definitions of the accepted flags will be provided below.
182	*
183	* The primary use of this function is to allow rt_read_packet to nicely
184	* convert packets from the RT format back to the format that they were
185	* originally captured with, as RT essentially encapsulates the original trace
186	* format. We've decided to not make this function available via the API
187	* because there are a number of issues that can arise if it is not used
188	* very carefully and there are few situations outside of the RT case where
189	* you'd want to do something like this anyway.
190	*
191	* Returns 0 if successful, -1 if something goes horribly wrong
192	*/
193	int trace_prepare_packet(libtrace_t trace, libtrace_packet_t packet,
194	void *buffer, libtrace_rt_types_t rt_type, uint32_t flags);
195
196	/* Flags for prepare_packet functions */
197	/-------------------------------------/
198	/* If set, the memory pointed to by 'buffer' is malloc()'d and libtrace should
199	* undertake ownership of that memory. If not set, the memory is treated as
200	* externally-owned and will not be freed by libtrace when the packet is
201	* destroyed. */
202	#define TRACE_PREP_OWN_BUFFER 1
203
204
205	typedef struct libtrace_sll_header_t {
206	uint16_t pkttype; /* packet type */
207	uint16_t hatype; /* link-layer address type */
208	uint16_t halen; /* link-layer address length */
209	char addr[8]; /* link-layer address */
210	uint16_t protocol; /* protocol */
211	} libtrace_sll_header_t;
212
213	#define TRACE_SLL_HOST 0
214	#define TRACE_SLL_BROADCAST 1
215	#define TRACE_SLL_MULTICAST 2
216	#define TRACE_SLL_OTHERHOST 3
217	#define TRACE_SLL_OUTGOING 4
218
219	#ifndef PF_RULESET_NAME_SIZE
220	#define PF_RULESET_NAME_SIZE 16
221	#endif
222
223	#ifndef IFNAMSIZ
224	#define IFNAMSIZ 16
225	#endif
226
227	typedef struct libtrace_pflog_header_t {
228	uint8_t length;
229	sa_family_t af;
230	uint8_t action;
231	uint8_t reason;
232	char ifname[IFNAMSIZ];
233	char ruleset[PF_RULESET_NAME_SIZE];
234	uint32_t rulenr;
235	uint32_t subrulenr;
236	uint8_t dir;
237	uint8_t pad[3];
238	} PACKED libtrace_pflog_header_t;
239
240
241
242	/** Module definition structure */
243	/* all of these should return -1, or NULL on failure */
244	struct libtrace_format_t {
245	/** the uri name of this module */
246	const char *name;
247	/** the version of this module */
248	const char *version;
249	/** the RT protocol type of this module */
250	enum base_format_t type;
251	/** stuff that deals with input @{ */
252	/** initialise an trace (or NULL if input is not supported) */
253	int (init_input)(libtrace_t libtrace);
254	/** configure an trace (or NULL if input is not supported) */
255	int (config_input)(libtrace_t libtrace,trace_option_t option,void *value);
256	/** start/unpause an trace (or NULL if input not supported) */
257	int (start_input)(libtrace_t libtrace);
258	/** pause an trace (or NULL if input not supported) */
259	int (pause_input)(libtrace_t libtrace);
260	/** @} */
261	/** stuff that deals with output @{ */
262	/** initialise output traces (or NULL if output not supported) */
263	int (init_output)(libtrace_out_t libtrace);
264	/** configure output traces (or NULL if output not supported) */
265	int (config_output)(libtrace_out_t libtrace, trace_option_output_t option, void *);
266	/** start output traces (or NULL if output not supported)
267	* There is no pause for output traces, as packets are not arriving
268	* asyncronously
269	*/
270	int (start_output)(libtrace_out_t libtrace);
271	/** @} */
272	/** finish an input trace, cleanup (or NULL if input not supported)
273	* if the trace is not paused, libtrace will pause the trace before
274	* calling this function.
275	*/
276	int (fin_input)(libtrace_t libtrace);
277	/** finish an output trace, cleanup (or NULL if output not supported) */
278	int (fin_output)(libtrace_out_t libtrace);
279	/** read a packet from a trace into the provided packet structure
280	* @returns -1 on error, or get_framing_length()+get_capture_length() \
281	* on success.
282	* if this function is not supported, this field may be NULL.
283	*/
284	int (read_packet)(libtrace_t libtrace, libtrace_packet_t *packet);
285	/** prepares a packet for general libtrace usage
286	* updates internal trace and packet details, such as payload pointers,
287	* loss counters and packet types.
288	* Intended (at this stage) only for internal use, particularly by
289	* RT which needs to decapsulate RT packets */
290	int (prepare_packet)(libtrace_t libtrace, libtrace_packet_t *packet,
291	void *buffer, libtrace_rt_types_t rt_type,
292	uint32_t flags);
293	/** finalise a packet
294	* cleanup any resources used by a packet that can't be reused for
295	* the next packet.
296	*/
297	void (fin_packet)(libtrace_packet_t packet);
298	/** write a packet to a trace from the provided packet
299	* (or NULL if output not supported)
300	*/
301	int (write_packet)(libtrace_out_t libtrace, libtrace_packet_t *packet);
302	/** return the libtrace link type for this packet
303	* @return the libtrace link type, or -1 if this link type is unknown
304	*/
305	libtrace_linktype_t (get_link_type)(const libtrace_packet_t packet);
306	/** return the direction of this packet
307	* @note This callback may be NULL if not supported.
308	*/
309	libtrace_direction_t (get_direction)(const libtrace_packet_t packet);
310	/** set the direction of this packet
311	* @note This callback may be NULL if not supported.
312	*/
313	libtrace_direction_t (set_direction)(libtrace_packet_t packet, libtrace_direction_t direction);
314	/** return the erf timestamp of the packet.
315	* @return the 64bit erf timestamp
316	* This field may be NULL in the structure, and libtrace will
317	* synthesise the result from get_timeval or get_seconds if they
318	* exist. AT least one of get_erf_timestamp, get_timeval or
319	* get_seconds must be implemented.
320	*/
321	uint64_t (get_erf_timestamp)(const libtrace_packet_t packet);
322	/** return the timeval of this packet.
323	* @return the timeval
324	* This field may be NULL in the structure, and libtrace will
325	* synthesise the result from get_erf_timestamp or get_seconds if they
326	* exist. AT least one of get_erf_timestamp, get_timeval or
327	* get_seconds must be implemented.
328	*/
329	struct timeval (get_timeval)(const libtrace_packet_t packet);
330	/** return the timestamp of this packet.
331	* @return the floating point seconds since 1970-01-01 00:00:00
332	* This field may be NULL in the structure, and libtrace will
333	* synthesise the result from get_timeval or get_erf_timestamp if they
334	* exist. AT least one of get_erf_timestamp, get_timeval or
335	* get_seconds must be implemented.
336	*/
337	double (get_seconds)(const libtrace_packet_t packet);
338	/** move the pointer within the trace.
339	* @return 0 on success, -1 on failure.
340	* The next packet returned by read_packet be the first
341	* packet in the trace to have a timestamp equal or greater than
342	* timestamp.
343	* @note this function may be NULL if the format does not support
344	* this feature. If the format implements seek_timeval and/or
345	* seek_seconds then libtrace will call those functions instead.
346	*/
347	int (seek_erf)(libtrace_t trace, uint64_t timestamp);
348	/** move the pointer within the trace.
349	* @return 0 on success, -1 on failure.
350	* The next packet returned by read_packet be the first
351	* packet in the trace to have a timestamp equal or greater than
352	* timestamp.
353	* @note this function may be NULL if the format does not support
354	* this feature. If the format implements seek_erf and/or
355	* seek_seconds then libtrace will call those functions instead.
356	*/
357	int (seek_timeval)(libtrace_t trace, struct timeval tv);
358	/** move the pointer within the trace.
359	* @return 0 on success, -1 on failure.
360	* The next packet returned by read_packet be the first
361	* packet in the trace to have a timestamp equal or greater than
362	* tv.
363	* @note this function may be NULL if the format does not support
364	* this feature. If the format implements seek_erf and/or
365	* seek_timeval then libtrace will call those functions instead.
366	*/
367	int (seek_seconds)(libtrace_t trace, double seconds);
368	/** return the captured payload length
369	* @return the amount of data captured in a trace.
370	* This is the number of bytes actually in the trace. This does not
371	* include the trace framing length. This is usually shorter or
372	* equal to the wire length.
373	*/
374	int (get_capture_length)(const libtrace_packet_t packet);
375	/** return the original length of the packet on the wire.
376	* @return the length of the packet on the wire before truncation.
377	* This is the number of bytes actually in the trace. This does not
378	* include the trace framing length. This is usually shorter or
379	* equal to the wire length.
380	*/
381	int (get_wire_length)(const libtrace_packet_t packet);
382	/** return the length of the trace framing header
383	* @return the length of the framing header
384	* The framing header is the extra metadata a trace stores about
385	* a packet. This does not include the wire or capture length
386	* of the packet. Usually get_framing_length()+get_capture_length()
387	* is the size returned by read_packet
388	*/
389	int (get_framing_length)(const libtrace_packet_t packet);
390	/** truncate (snap) the packet
391	* @returns the new size
392	* @note This callback may be NULL if not supported.
393	*/
394	size_t (set_capture_length)(struct libtrace_packet_t packet,size_t size);
395	/** Report the number of packets ever seen as early as possible
396	*/
397	uint64_t (get_received_packets)(libtrace_t trace);
398	/** Report the number of filtered packets.
399	*/
400	uint64_t (get_filtered_packets)(libtrace_t trace);
401	/** Return the number of dropped packets */
402	uint64_t (get_dropped_packets)(libtrace_t trace);
403	/** Report number of captured packets
404	*/
405	uint64_t (get_captured_packets)(libtrace_t trace);
406	/** return the filedescriptor associated with this interface.
407	* @note This callback may be NULL if not supported.
408	* This function is only needed if you use trace_event_interface
409	* as the pointer for trace_event
410	*/
411	int (get_fd)(const libtrace_t trace);
412	/** return the next event from this source
413	* @note may be NULL if not supported.
414	*/
415	struct libtrace_eventobj_t (trace_event)(libtrace_t trace, libtrace_packet_t *packet);
416	/** return information about this trace format to standard out */
417	void (*help)(void);
418	/** next pointer, should be NULL */
419	struct libtrace_format_t *next;
420	};
421
422	extern struct libtrace_format_t *form;
423
424	void register_format(struct libtrace_format_t *format);
425
426	libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_dlt_t linktype);
427	libtrace_rt_types_t pcap_linktype_to_rt(libtrace_dlt_t linktype);
428	libtrace_dlt_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
429	libtrace_dlt_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
430	libtrace_dlt_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
431	libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
432	uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
433	libtrace_linktype_t arphrd_type_to_libtrace(unsigned int);
434	unsigned int libtrace_to_arphrd_type(libtrace_linktype_t);
435
436	void promote_packet(libtrace_packet_t *packet);
437	bool demote_packet(libtrace_packet_t *packet);
438
439	void trace_get_payload_from_linux_sll(const void , uint16_t , uint32_t );
440	void trace_get_payload_from_pos(void , uint16_t , uint32_t );
441	DLLEXPORT void trace_get_payload_from_atm(void , uint8_t , uint32_t );
442
443	uint64_t byteswap64(uint64_t num);
444	uint32_t byteswap32(uint32_t num);
445	uint16_t byteswap16(uint16_t num);
446
447	/* Because some traces/protocols are defined as
448	* being "big endian" or "little endian" we have
449	* this series of macros.
450	*/
451	#if BYTE_ORDER == BIG_ENDIAN
452	#define bswap_host_to_be64(num) ((uint64_t)(num))
453	#define bswap_host_to_le64(num) byteswap64(num)
454	#define bswap_host_to_be32(num) ((uint32_t)(num))
455	#define bswap_host_to_le32(num) byteswap32(num)
456	#define bswap_host_to_be16(num) ((uint16_t)(num))
457	#define bswap_host_to_le16(num) byteswap16(num)
458
459	#define bswap_be_to_host64(num) ((uint64_t)(num))
460	#define bswap_le_to_host64(num) byteswap64(num)
461	#define bswap_be_to_host32(num) ((uint32_t)(num))
462	#define bswap_le_to_host32(num) byteswap32(num)
463	#define bswap_be_to_host16(num) ((uint16_t)(num))
464	#define bswap_le_to_host16(num) byteswap16(num)
465
466	/* We use ntoh*() here, because the compiler may
467	* attempt to optimise it
468	*/
469	#elif BYTE_ORDER == LITTLE_ENDIAN
470	#define bswap_host_to_be64(num) (byteswap64(num))
471	#define bswap_host_to_le64(num) ((uint64_t)(num))
472	#define bswap_host_to_be32(num) (htonl(num))
473	#define bswap_host_to_le32(num) ((uint32_t)(num))
474	#define bswap_host_to_be16(num) (htons(num))
475	#define bswap_host_to_le16(num) ((uint16_t)(num))
476
477	#define bswap_be_to_host64(num) (byteswap64(num))
478	#define bswap_le_to_host64(num) ((uint64_t)(num))
479	#define bswap_be_to_host32(num) (ntohl(num))
480	#define bswap_le_to_host32(num) ((uint32_t)(num))
481	#define bswap_be_to_host16(num) (ntohs(num))
482	#define bswap_le_to_host16(num) ((uint16_t)(num))
483
484	#else
485	#error "Unknown byte order"
486	#endif
487
488	#ifdef HAVE_BPF
489	/* A type encapsulating a bpf filter
490	* This type covers the compiled bpf filter, as well as the original filter
491	* string
492	*
493	*/
494	struct libtrace_filter_t {
495	struct bpf_program filter;
496	char * filterstring;
497	int flag;
498	};
499	#else
500	struct libtrace_filter_t {};
501	#endif
502
503	/** libtrace packet
504	*/
505	typedef struct libtrace_pcapfile_pkt_hdr_t {
506	uint32_t ts_sec;
507	uint32_t ts_usec;
508	uint32_t caplen;
509	uint32_t wirelen;
510	} libtrace_pcapfile_pkt_hdr_t;
511
512	#ifdef HAVE_DAG
513	void dag_constructor(void);
514	#endif
515	void erf_constructor(void);
516	void tsh_constructor(void);
517	void legacy_constructor(void);
518	void linuxnative_constructor(void);
519	void pcap_constructor(void);
520	void pcapfile_constructor(void);
521	void rt_constructor(void);
522	void duck_constructor(void);
523	void atmhdr_constructor(void);
524	#ifdef HAVE_BPF
525	void bpf_constructor(void);
526	#endif
527
528	/* Used internally by get_wire_length() methods */
529	bool trace_get_wireless_flags(void link, libtrace_linktype_t linktype, uint8_t flags);
530	#define TRACE_RADIOTAP_F_FCS 0x10
531
532	#ifdef __cplusplus
533	}
534	#endif
535
536	#endif /* LIBTRACE_INT_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: