source: lib/protocols_pktmeta.c @ 528eb6e

4.0.1-hotfixescachetimestampsdevelopdpdk-ndagetsilivegetfragoffhelplibtrace4ndag_formatpfringrc-4.0.1rc-4.0.2rc-4.0.3rc-4.0.4ringdecrementfixringperformanceringtimestampfixes
Last change on this file since 528eb6e was 528eb6e, checked in by Shane Alcock <salcock@…>, 8 years ago
  • A very cut-down version of int: and ring: is now built on non-Linux systems, enabling them to be able to decode packets captured using those formats and exported via RT
  • Replaced arphrd.h with a new header file (libtrace_arphrd.h) that provides our own #defines for the various ARPHRD types. The inconsistency between what is available on different OS's was becoming problematic.
  • Increased RT buffer size so we can always fit a complete libtrace buffer into it - int: over RT tends to result in very large "packets".
  • Fixed copy-paste error in the failure case when creating a dummy linux trace in format_rt.c
  • Updated various bits of code to use the new LIBTRACE_ARPHRD types where sensible
  • Removed unneeded #include in protocols_pktmeta.c
  • Replaced u32 and u16 types in format_linux with more portable uint32_t and uint16_t types
  • Removed unneeded calls to linuxnative_init_input in the prepare_packet functions in format_linux.c
  • Don't call the fin_input function on a trace if the format does not provide one
  • Property mode set to 100644
File size: 5.8 KB
Line 
1/*
2 * This file is part of libtrace
3 *
4 * Copyright (c) 2007,2008,2009,2010 The University of Waikato, Hamilton,
5 * New Zealand.
6 *
7 * Authors: Daniel Lawson
8 *          Perry Lorier
9 *          Shane Alcock
10 *         
11 * All rights reserved.
12 *
13 * This code has been developed by the University of Waikato WAND
14 * research group. For further information please see http://www.wand.net.nz/
15 *
16 * libtrace is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 * libtrace is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
24 * GNU General Public License for more details.
25 *
26 * You should have received a copy of the GNU General Public License
27 * along with libtrace; if not, write to the Free Software
28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
29 *
30 * $Id$
31 *
32 */
33
34#include "libtrace_int.h"
35#include "libtrace.h"
36#include "protocols.h"
37#include <assert.h>
38
39/* This file contains all the protocol decoding functions for the meta-data
40 * headers that may be prepended to captured packets.
41 *
42 * Supported protocols include (but are not limited to):
43 *      Linux SLL
44 *      PFLOG
45 *      RadioTap
46 *      Prism
47 */
48
49/* NB: type is returned as an ARPHRD_ type for SLL*/
50void *trace_get_payload_from_linux_sll(const void *link,
51                uint16_t *arphrd_type, uint16_t *next, 
52                uint32_t *remaining) 
53{
54        libtrace_sll_header_t *sll;
55
56        sll = (libtrace_sll_header_t*) link;
57
58        if (remaining) {
59                if (*remaining < sizeof(*sll)) {
60                        *remaining = 0;
61                        return NULL;
62                }
63                *remaining-=sizeof(*sll);
64        }
65
66        /* The SLL header is actually in place of a link layer header, so
67         * we want to use the protocol field to tell our caller what the
68         * next header is going to be */
69        if (next) *next = (libtrace_linktype_t)(ntohs(sll->protocol));
70        if (arphrd_type) *arphrd_type = ntohs(sll->hatype);
71
72        return (void*)((char*)sll+sizeof(*sll));
73
74}
75
76/* NB: type is returned as an ethertype */
77static void *trace_get_payload_from_pflog(const void *link,
78                libtrace_linktype_t *type, uint32_t *remaining)
79{
80        libtrace_pflog_header_t *pflog = (libtrace_pflog_header_t*)link;
81        if (remaining) {
82                if (*remaining<sizeof(*pflog)) {
83                        *remaining = 0;
84                        return NULL;
85                }
86                *remaining-=sizeof(*pflog);
87        }
88        if (type) {
89                *type = TRACE_TYPE_NONE;
90        }
91        return (void*)((char*)pflog+ sizeof(*pflog));
92}
93
94/* Returns the 'payload' of the prism header, which is the 802.11 frame */
95static void *trace_get_payload_from_prism (const void *link,
96                libtrace_linktype_t *type, uint32_t *remaining)
97{
98        if (remaining) {
99                /* Prism header is 144 bytes long */
100                if (*remaining<144) {
101                        *remaining = 0;
102                        return NULL;
103                }
104                *remaining-=144;
105        }
106
107        if (type) *type = TRACE_TYPE_80211;
108
109        return (void *) ((char*)link+144);
110}
111
112/* Returns the 'payload' of the radiotap header, which is the 802.11 frame */
113static void *trace_get_payload_from_radiotap (const void *link, 
114                libtrace_linktype_t *type, uint32_t *remaining)
115{
116        struct libtrace_radiotap_t *rtap = (struct libtrace_radiotap_t*)link;
117        uint16_t rtaplen = bswap_le_to_host16(rtap->it_len);
118        if (remaining) {
119                if (*remaining < rtaplen) {
120                        *remaining = 0;
121                        return NULL;
122                }
123                *remaining -= rtaplen;
124        }
125
126        if (type) *type = TRACE_TYPE_80211;
127
128        return (void*) ((char*)link + rtaplen);
129}
130
131DLLEXPORT void *trace_get_packet_meta(const libtrace_packet_t *packet, 
132                libtrace_linktype_t *linktype,
133                uint32_t *remaining)
134{
135        uint32_t dummyrem;
136        void *pktbuf = NULL;
137        assert(packet != NULL);
138        assert(linktype != NULL);
139       
140        if (remaining == NULL) 
141                remaining = &dummyrem;
142       
143        pktbuf = trace_get_packet_buffer(packet, linktype, remaining);
144        switch (*linktype) {
145                case TRACE_TYPE_LINUX_SLL:
146                case TRACE_TYPE_80211_RADIO:
147                case TRACE_TYPE_80211_PRISM:
148                        return pktbuf;
149                /* Non metadata packets */
150                case TRACE_TYPE_HDLC_POS:
151                case TRACE_TYPE_ETH:
152                case TRACE_TYPE_ATM:
153                case TRACE_TYPE_80211:
154                case TRACE_TYPE_NONE:
155                case TRACE_TYPE_PFLOG:
156                case TRACE_TYPE_POS:
157                case TRACE_TYPE_AAL5:
158                case TRACE_TYPE_DUCK:
159                case TRACE_TYPE_LLCSNAP:
160                case TRACE_TYPE_PPP:
161                case TRACE_TYPE_METADATA:
162                case TRACE_TYPE_NONDATA:
163                        return NULL;
164        }
165
166        /* Shouldn't get here */
167        return NULL;
168}
169
170DLLEXPORT void *trace_get_payload_from_meta(const void *meta,
171                libtrace_linktype_t *linktype,
172                uint32_t *remaining)
173{
174        void *nexthdr; 
175        uint16_t arphrd;
176        uint16_t next;
177       
178        assert(meta != NULL);
179        assert(linktype != NULL);
180        assert(remaining != NULL);
181       
182        switch(*linktype) {
183                case TRACE_TYPE_LINUX_SLL:
184                        nexthdr = trace_get_payload_from_linux_sll(meta,
185                                        &arphrd, &next, remaining);
186
187                        /* Ethernet header is usually absent in SLL captures,
188                         * so we don't want to skip it just yet */
189                        if (arphrd_type_to_libtrace(arphrd) == TRACE_TYPE_ETH && next != 0x0060) 
190                                *linktype = TRACE_TYPE_NONE; 
191                        else 
192                                *linktype = arphrd_type_to_libtrace(arphrd);
193                        return nexthdr;
194                case TRACE_TYPE_80211_RADIO:
195                        nexthdr = trace_get_payload_from_radiotap(meta,
196                                        linktype, remaining);
197                        return nexthdr;
198                case TRACE_TYPE_80211_PRISM:
199                        nexthdr = trace_get_payload_from_prism(meta,
200                                        linktype, remaining);
201                        return nexthdr;
202                case TRACE_TYPE_PFLOG:
203                        nexthdr = trace_get_payload_from_pflog(meta,
204                                        linktype, remaining);
205                        return nexthdr;
206                case TRACE_TYPE_HDLC_POS:
207                case TRACE_TYPE_ETH:
208                case TRACE_TYPE_ATM:
209                case TRACE_TYPE_80211:
210                case TRACE_TYPE_NONE:
211                case TRACE_TYPE_POS:
212                case TRACE_TYPE_AAL5:
213                case TRACE_TYPE_DUCK:
214                case TRACE_TYPE_LLCSNAP:
215                case TRACE_TYPE_PPP:
216                case TRACE_TYPE_METADATA:
217                case TRACE_TYPE_NONDATA:
218                        /* In this case, the pointer passed in does not point
219                         * to a metadata header and so we cannot get the
220                         * payload.
221                         */
222                        return NULL;
223        }
224        /* Shouldn't get here */
225        return NULL;
226}
227
Note: See TracBrowser for help on using the repository browser.