source: lib/libtrace_int.h @ f3f3558

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since f3f3558 was f3f3558, checked in by Perry Lorier <perry@…>, 14 years ago

Ready for release

  • Property mode set to 100644
File size: 15.9 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2007,2008 The University of Waikato, Hamilton, New Zealand.
5 * Authors: Daniel Lawson
6 *          Perry Lorier
7 *         
8 * All rights reserved.
9 *
10 * This code has been developed by the University of Waikato WAND
11 * research group. For further information please see http://www.wand.net.nz/
12 *
13 * libtrace is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * libtrace is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with libtrace; if not, write to the Free Software
25 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
26 *
27 * $Id$
28 *
29 */
30/** @file */
31
32#ifndef LIBTRACE_INT_H
33#define LIBTRACE_INT_H
34
35#ifdef __cplusplus
36extern "C" {
37#endif
38
39#include "common.h"
40#include "config.h"
41#include "libtrace.h"
42
43#ifdef _MSC_VER
44// warning: deprecated function
45#pragma warning(disable:4996)
46// warning: benign redefinitions of types
47#pragma warning(disable:4142)
48#endif
49
50#ifdef HAVE_INTTYPES_H
51# include <inttypes.h>
52#else
53# include "lt_inttypes.h"
54#endif
55
56#ifdef HAVE_STDDEF_H
57# include <stddef.h>
58#else
59#ifndef WIN32
60# error "Can't find stddev.h -- do you define ptrdiff_t elsewhere?"
61#endif
62#endif
63
64
65#include "rt_protocol.h"
66       
67/* Prefer net/bpf.h over pcap-bpf.h for format_bpf.c on MacOS */
68#ifdef HAVE_NET_BPF_H
69#    include <net/bpf.h>
70#    define HAVE_BPF 1
71#else
72#ifdef HAVE_PCAP_BPF_H
73#  include <pcap-bpf.h>
74#  define HAVE_BPF 1
75#endif
76#endif
77
78#ifdef HAVE_PCAP_H
79#  include <pcap.h>
80#  ifdef HAVE_PCAP_INT_H
81#    include <pcap-int.h>
82#  endif
83#endif
84
85#ifdef HAVE_ZLIB_H
86#  include <zlib.h>
87#endif
88
89#ifndef HAVE_STRNCASECMP
90# ifndef HAVE__STRNICMP
91int strncasecmp(const char *str1, const char *str2, size_t n);
92# else
93# define strncasecmp _strnicmp
94# endif
95#endif
96
97#ifndef HAVE_SNPRINTF
98# ifndef HAVE_SPRINTF_S
99int snprintf(char *str, size_t size, const char *format, ...);
100# else
101# define snprintf sprintf_s
102# endif
103#endif
104
105#include "daglegacy.h"
106       
107#ifdef HAVE_DAG_API
108#  include "dagnew.h"
109#  include "dagapi.h"
110#       if DAG_VERSION == 25
111#               include <daginf.h>
112#       endif
113#else
114#  include "dagformat.h"
115#endif
116
117#define RP_BUFSIZE 65536U
118
119struct libtrace_event_status_t {
120        libtrace_packet_t *packet;
121        double tdelta;
122        double trace_last_ts;
123        int psize;
124};
125
126/** The information about traces that are open
127 * @internal
128 */
129struct libtrace_t {
130        struct libtrace_format_t *format; /**< format driver pointer */
131        struct libtrace_event_status_t event;   /**< the next event */
132        void *format_data;              /**<format data pointer */
133        struct libtrace_filter_t *filter; /**< used by libtrace if the module
134                                            * doesn't support filters natively
135                                            */
136        size_t snaplen;                 /**< used by libtrace if the module
137                                          * doesn't support snapping natively
138                                          */
139        uint64_t accepted_packets;      /**< Number of packets returned to the
140                                          * user
141                                          */
142        uint64_t filtered_packets;      /**< Number of packets filtered by
143                                          * libtrace
144                                          */
145        char *uridata;                  /**< the uri of this trace */
146
147        libtrace_err_t err;             /**< error information */
148        bool started;                   /**< if this trace has started */
149};
150
151/** Information about output traces
152 * @internal
153 */
154struct libtrace_out_t {
155        struct libtrace_format_t *format;       /**< format driver */
156        void *format_data;              /**< format data */
157        char *uridata;                  /**< URI associated with this trace */
158        libtrace_err_t err;             /**< Associated error */
159        bool started;                   /**< trace started */
160};
161
162void trace_set_err(libtrace_t *trace, int errcode,const char *msg,...) 
163                                                                PRINTF(3,4);
164void trace_set_err_out(libtrace_out_t *trace, int errcode, const char *msg,...)
165                                                                PRINTF(3,4);
166
167typedef struct libtrace_sll_header_t {
168        uint16_t pkttype;               /* packet type */
169        uint16_t hatype;                /* link-layer address type */
170        uint16_t halen;                 /* link-layer address length */
171        char addr[8];                   /* link-layer address */
172        uint16_t protocol;              /* protocol */
173} libtrace_sll_header_t;
174
175#define TRACE_SLL_HOST          0
176#define TRACE_SLL_BROADCAST     1
177#define TRACE_SLL_MULTICAST     2
178#define TRACE_SLL_OTHERHOST     3
179#define TRACE_SLL_OUTGOING      4
180
181#ifndef PF_RULESET_NAME_SIZE
182#define PF_RULESET_NAME_SIZE 16
183#endif
184
185#ifndef IFNAMSIZ
186#define IFNAMSIZ 16
187#endif
188
189typedef struct libtrace_pflog_header_t {
190        uint8_t    length;
191        sa_family_t   af;
192        uint8_t    action;
193        uint8_t    reason;
194        char       ifname[IFNAMSIZ];
195        char       ruleset[PF_RULESET_NAME_SIZE];
196        uint32_t   rulenr;
197        uint32_t   subrulenr;
198        uint8_t    dir;
199        uint8_t    pad[3];
200} PACKED libtrace_pflog_header_t;
201
202
203
204/** Module definition structure */
205/* all of these should return -1, or NULL on failure */
206struct libtrace_format_t {
207        /** the uri name of this module */
208        const char *name;
209        /** the version of this module */
210        const char *version;
211        /** the RT protocol type of this module */
212        enum base_format_t type;
213        /** stuff that deals with input @{ */
214        /** initialise an trace (or NULL if input is not supported) */
215        int (*init_input)(libtrace_t *libtrace);
216        /** configure an trace (or NULL if input is not supported) */
217        int (*config_input)(libtrace_t *libtrace,trace_option_t option,void *value);
218        /** start/unpause an trace (or NULL if input not supported) */
219        int (*start_input)(libtrace_t *libtrace);
220        /** pause an trace (or NULL if input not supported) */
221        int (*pause_input)(libtrace_t *libtrace);
222        /** @} */
223        /** stuff that deals with output @{ */
224        /** initialise output traces (or NULL if output not supported) */
225        int (*init_output)(libtrace_out_t *libtrace);
226        /** configure output traces (or NULL if output not supported) */
227        int (*config_output)(libtrace_out_t *libtrace, trace_option_output_t option, void *);
228        /** start output traces (or NULL if output not supported)
229         * There is no pause for output traces, as packets are not arriving
230         * asyncronously
231         */
232        int (*start_output)(libtrace_out_t *libtrace);
233        /** @} */
234        /** finish an input trace, cleanup (or NULL if input not supported)
235         * if the trace is not paused, libtrace will pause the trace before
236         * calling this function.
237         */
238        int (*fin_input)(libtrace_t *libtrace);
239        /** finish an output trace, cleanup (or NULL if output not supported) */
240        int (*fin_output)(libtrace_out_t *libtrace);
241        /** read a packet from a trace into the provided packet structure
242         * @returns -1 on error, or get_framing_length()+get_capture_length() \
243         * on success.
244         * if this function is not supported, this field may be NULL.
245         */
246        int (*read_packet)(libtrace_t *libtrace, libtrace_packet_t *packet);
247        /** finalise a packet
248         * cleanup any resources used by a packet that can't be reused for
249         * the next packet.
250         */
251        void (*fin_packet)(libtrace_packet_t *packet);
252        /** write a packet to a trace from the provided packet
253         * (or NULL if output not supported)
254         */
255        int (*write_packet)(libtrace_out_t *libtrace, libtrace_packet_t *packet);
256        /** return the libtrace link type for this packet
257         * @return the libtrace link type, or -1 if this link type is unknown
258         */ 
259        libtrace_linktype_t (*get_link_type)(const libtrace_packet_t *packet);
260        /** return the direction of this packet
261         * @note This callback may be NULL if not supported.
262         */ 
263        libtrace_direction_t (*get_direction)(const libtrace_packet_t *packet);
264        /** set the direction of this packet
265         * @note This callback may be NULL if not supported.
266         */ 
267        libtrace_direction_t (*set_direction)(libtrace_packet_t *packet, libtrace_direction_t direction);
268        /** return the erf timestamp of the packet.
269         * @return the 64bit erf timestamp
270         * This field may be NULL in the structure, and libtrace will
271         * synthesise the result from get_timeval or get_seconds if they
272         * exist.  AT least one of get_erf_timestamp, get_timeval or
273         * get_seconds must be implemented.
274         */
275        uint64_t (*get_erf_timestamp)(const libtrace_packet_t *packet);
276        /** return the timeval of this packet.
277         * @return the timeval
278         * This field may be NULL in the structure, and libtrace will
279         * synthesise the result from get_erf_timestamp or get_seconds if they
280         * exist.  AT least one of get_erf_timestamp, get_timeval or
281         * get_seconds must be implemented.
282         */
283        struct timeval (*get_timeval)(const libtrace_packet_t *packet);
284        /** return the timestamp of this packet.
285         * @return the floating point seconds since 1970-01-01 00:00:00
286         * This field may be NULL in the structure, and libtrace will
287         * synthesise the result from get_timeval or get_erf_timestamp if they
288         * exist.  AT least one of get_erf_timestamp, get_timeval or
289         * get_seconds must be implemented.
290         */
291        double (*get_seconds)(const libtrace_packet_t *packet);
292        /** move the pointer within the trace.
293         * @return 0 on success, -1 on failure.
294         * The next packet returned by read_packet be the first
295         * packet in the trace to have a timestamp equal or greater than
296         * timestamp.
297         * @note this function may be NULL if the format does not support
298         * this feature.  If the format implements seek_timeval and/or
299         * seek_seconds then libtrace will call those functions instead.
300         */
301        int (*seek_erf)(libtrace_t *trace, uint64_t timestamp);
302        /** move the pointer within the trace.
303         * @return 0 on success, -1 on failure.
304         * The next packet returned by read_packet be the first
305         * packet in the trace to have a timestamp equal or greater than
306         * timestamp.
307         * @note this function may be NULL if the format does not support
308         * this feature.  If the format implements seek_erf and/or
309         * seek_seconds then libtrace will call those functions instead.
310         */
311        int (*seek_timeval)(libtrace_t *trace, struct timeval tv);
312        /** move the pointer within the trace.
313         * @return 0 on success, -1 on failure.
314         * The next packet returned by read_packet be the first
315         * packet in the trace to have a timestamp equal or greater than
316         * tv.
317         * @note this function may be NULL if the format does not support
318         * this feature.  If the format implements seek_erf and/or
319         * seek_timeval then libtrace will call those functions instead.
320         */
321        int (*seek_seconds)(libtrace_t *trace, double seconds);
322        /** return the captured payload length
323         * @return the amount of data captured in a trace.
324         * This is the number of bytes actually in the trace.  This does not
325         * include the trace framing length.  This is usually shorter or
326         * equal to the wire length.
327         */
328        int (*get_capture_length)(const libtrace_packet_t *packet);
329        /** return the original length of the packet on the wire.
330         * @return the length of the packet on the wire before truncation.
331         * This is the number of bytes actually in the trace.  This does not
332         * include the trace framing length.  This is usually shorter or
333         * equal to the wire length.
334         */
335        int (*get_wire_length)(const libtrace_packet_t *packet);
336        /** return the length of the trace framing header
337         * @return the length of the framing header
338         * The framing header is the extra metadata a trace stores about
339         * a packet.  This does not include the wire or capture length
340         * of the packet.  Usually get_framing_length()+get_capture_length()
341         * is the size returned by read_packet
342         */
343        int (*get_framing_length)(const libtrace_packet_t *packet);
344        /** truncate (snap) the packet
345         * @returns the new size
346         * @note This callback may be NULL if not supported.
347         */
348        size_t (*set_capture_length)(struct libtrace_packet_t *packet,size_t size);
349        /** Report the number of packets ever seen as early as possible
350         */
351        uint64_t (*get_received_packets)(libtrace_t *trace);
352        /** Report the number of filtered packets.
353         */
354        uint64_t (*get_filtered_packets)(libtrace_t *trace);
355        /** Return the number of dropped packets */
356        uint64_t (*get_dropped_packets)(libtrace_t *trace);
357        /** Report number of captured packets
358         */
359        uint64_t (*get_captured_packets)(libtrace_t *trace);
360        /** return the filedescriptor associated with this interface.
361         * @note This callback may be NULL if not supported.
362         * This function is only needed if you use trace_event_interface
363         * as the pointer for trace_event
364         */
365        int (*get_fd)(const libtrace_t *trace);
366        /** return the next event from this source
367         * @note may be NULL if not supported.
368         */
369        struct libtrace_eventobj_t (*trace_event)(libtrace_t *trace, libtrace_packet_t *packet);       
370        /** return information about this trace format to standard out */
371        void (*help)(void);
372        /** next pointer, should be NULL */
373        struct libtrace_format_t *next;
374};
375
376extern struct libtrace_format_t *form;
377
378void register_format(struct libtrace_format_t *format);
379
380libtrace_linktype_t pcap_linktype_to_libtrace(libtrace_dlt_t linktype);
381libtrace_rt_types_t pcap_linktype_to_rt(libtrace_dlt_t linktype);
382libtrace_dlt_t libtrace_to_pcap_linktype(libtrace_linktype_t type);
383libtrace_dlt_t libtrace_to_pcap_dlt(libtrace_linktype_t type);
384libtrace_dlt_t rt_to_pcap_linktype(libtrace_rt_types_t rt_type);
385libtrace_linktype_t erf_type_to_libtrace(uint8_t erf);
386uint8_t libtrace_to_erf_type(libtrace_linktype_t linktype);
387libtrace_linktype_t arphrd_type_to_libtrace(unsigned int);
388unsigned int libtrace_to_arphrd_type(libtrace_linktype_t);
389
390void promote_packet(libtrace_packet_t *packet);
391bool demote_packet(libtrace_packet_t *packet);
392
393void *trace_get_payload_from_linux_sll(const void *, uint16_t *, uint32_t *);
394void *trace_get_payload_from_pos(void *, uint16_t *, uint32_t *);
395DLLEXPORT void *trace_get_payload_from_atm(void *, uint8_t *, uint32_t *);
396
397uint64_t byteswap64(uint64_t num);
398uint32_t byteswap32(uint32_t num);
399uint16_t byteswap16(uint16_t num);
400
401/* Because some traces/protocols are defined as
402 * being "big endian" or "little endian" we have
403 * this series of macros.
404 */
405#if BYTE_ORDER == BIG_ENDIAN
406#define bswap_host_to_be64(num) ((uint64_t)(num))
407#define bswap_host_to_le64(num) byteswap64(num)
408#define bswap_host_to_be32(num) ((uint32_t)(num))
409#define bswap_host_to_le32(num) byteswap32(num)
410#define bswap_host_to_be16(num) ((uint16_t)(num))
411#define bswap_host_to_le16(num) byteswap16(num)
412
413#define bswap_be_to_host64(num) ((uint64_t)(num))
414#define bswap_le_to_host64(num) byteswap64(num)
415#define bswap_be_to_host32(num) ((uint32_t)(num))
416#define bswap_le_to_host32(num) byteswap32(num)
417#define bswap_be_to_host16(num) ((uint16_t)(num))
418#define bswap_le_to_host16(num) byteswap16(num)
419
420/* We use ntoh*() here, because the compiler may
421 * attempt to optimise it
422 */
423#elif BYTE_ORDER == LITTLE_ENDIAN
424#define bswap_host_to_be64(num) (byteswap64(num))
425#define bswap_host_to_le64(num) ((uint64_t)(num))
426#define bswap_host_to_be32(num) (htonl(num))
427#define bswap_host_to_le32(num) ((uint32_t)(num))
428#define bswap_host_to_be16(num) (htons(num))
429#define bswap_host_to_le16(num) ((uint16_t)(num))
430
431#define bswap_be_to_host64(num) (byteswap64(num))
432#define bswap_le_to_host64(num) ((uint64_t)(num))
433#define bswap_be_to_host32(num) (ntohl(num))
434#define bswap_le_to_host32(num) ((uint32_t)(num))
435#define bswap_be_to_host16(num) (ntohs(num))
436#define bswap_le_to_host16(num) ((uint16_t)(num))
437
438#else
439#error "Unknown byte order"
440#endif
441
442#ifdef HAVE_BPF
443/* A type encapsulating a bpf filter
444 * This type covers the compiled bpf filter, as well as the original filter
445 * string
446 *
447 */
448struct libtrace_filter_t {
449        struct bpf_program filter;
450        char * filterstring;
451        int flag;
452};
453#else
454struct libtrace_filter_t {};
455#endif
456
457/** libtrace packet
458 */
459typedef struct libtrace_pcapfile_pkt_hdr_t {
460        uint32_t ts_sec;
461        uint32_t ts_usec;
462        uint32_t caplen;
463        uint32_t wirelen;
464} libtrace_pcapfile_pkt_hdr_t;
465
466#ifdef HAVE_DAG
467void dag_constructor(void);
468#endif
469void erf_constructor(void);
470void tsh_constructor(void);
471void legacy_constructor(void);
472void linuxnative_constructor(void);
473void pcap_constructor(void);
474void pcapfile_constructor(void);
475void rt_constructor(void);
476void duck_constructor(void);
477void atmhdr_constructor(void);
478#ifdef HAVE_BPF
479void bpf_constructor(void);
480#endif
481
482/* Used internally by get_wire_length() methods */
483bool trace_get_wireless_flags(void *link, libtrace_linktype_t linktype, uint8_t *flags);
484#define TRACE_RADIOTAP_F_FCS 0x10
485       
486#ifdef __cplusplus
487}
488#endif
489
490#endif /* LIBTRACE_INT_H */
Note: See TracBrowser for help on using the repository browser.