1 /* -*- c -*- */ 2 /* 3 * Copyright 2014 Christopher D. Kilgour techie AT whiterocker.com 4 * 5 * This file is part of libbtbb 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2, or (at your option) 10 * any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with libbtbb; see the file COPYING. If not, write to 19 * the Free Software Foundation, Inc., 51 Franklin Street, 20 * Boston, MA 02110-1301, USA. 21 */ 22 #ifndef PCAPNG_DOT_H 23 #define PCAPNG_DOT_H 24 25 #include <stdint.h> 26 #include <stdio.h> 27 28 typedef struct __attribute__((packed)) { 29 uint16_t option_code; 30 uint16_t option_length; 31 uint32_t option_value[0]; 32 } option_header; 33 34 #define OPT_ENDOFOPT 0 35 #define OPT_COMMENT 1 36 37 typedef struct __attribute__((packed)) { 38 uint32_t block_type; 39 uint32_t block_total_length; 40 uint32_t byte_order_magic; 41 uint16_t major_version; 42 uint16_t minor_version; 43 uint64_t section_length; 44 option_header options[0]; 45 } section_header_block; 46 47 #define SECTION_HEADER_BYTE_ORDER_MAGIC 0x1a2b3c4d 48 49 #define SHB_HARDWARE 2 50 #define SHB_OS 3 51 #define SHB_USERAPPL 4 52 53 typedef struct __attribute__((packed)) { 54 uint32_t block_type; 55 uint32_t block_total_length; 56 uint16_t link_type; 57 uint16_t reserved; 58 uint32_t snaplen; 59 option_header options[0]; 60 } interface_description_block; 61 62 #define IF_NAME 2 63 #define IF_DESCRIPTION 3 64 #define IF_IPV4ADDR 4 65 #define IF_IPV6ADDR 5 66 #define IF_MACADDR 6 67 #define IF_EUIADDR 7 68 #define IF_SPEED 8 69 #define IF_TSRESOL 9 70 #define IF_TZONE 10 71 #define IF_FILTER 11 72 #define IF_OS 12 73 #define IF_FCSLEN 13 74 #define IF_TSOFFSET 14 75 76 typedef struct __attribute__((packed)) { 77 uint32_t block_type; 78 uint32_t block_total_length; 79 uint32_t interface_id; 80 uint32_t timestamp_high; 81 uint32_t timestamp_low; 82 uint32_t captured_len; 83 uint32_t packet_len; 84 uint32_t packet_data[0]; 85 } enhanced_packet_block; 86 87 #define EPB_FLAGS 2 88 #define EPB_HASH 3 89 #define EPB_DROPCOUNT 4 90 91 typedef struct __attribute__((packed)) { 92 uint32_t block_type; 93 uint32_t block_total_length; 94 uint32_t packet_len; 95 uint32_t packet_data[0]; 96 } simple_packet_block; 97 98 typedef struct __attribute__((packed)) { 99 uint32_t block_type; 100 uint32_t block_total_length; 101 uint16_t record_type; 102 uint16_t record_length; 103 uint32_t record_value[0]; 104 } name_resolution_block; 105 106 #define NRES_ENDOFRECORD 0 107 #define NRES_IP4RECORD 1 108 #define NRES_IP6RECORD 2 109 110 #define NS_DNSNAME 2 111 #define NS_DNSIP4ADDR 3 112 #define NS_DNSIP6ADDR 4 113 114 typedef struct __attribute__((packed)) { 115 uint32_t block_type; 116 uint32_t block_total_length; 117 uint32_t interface_id; 118 uint32_t timestamp_high; 119 uint32_t timestamp_low; 120 option_header options[0]; 121 } interface_statistics_block; 122 123 #define ISB_STARTTIME 2 124 #define ISB_ENDTIME 3 125 #define ISB_IFRECV 4 126 #define ISB_IFDROP 5 127 #define ISB_FILTERACCEPT 6 128 #define ISB_OSDROP 7 129 #define ISB_USRDELIV 8 130 131 #define BLOCK_TYPE_INTERFACE 0x00000001 132 #define BLOCK_TYPE_SIMPLE_PACKET 0x00000003 133 #define BLOCK_TYPE_NAME_RESOLUTION 0x00000004 134 #define BLOCK_TYPE_INTERFACE_STATISTICS 0x00000005 135 #define BLOCK_TYPE_ENHANCED_PACKET 0x00000006 136 #define BLOCK_TYPE_SECTION_HEADER 0x0a0d0d0a 137 138 typedef struct { 139 int fd; 140 section_header_block * section_header; 141 size_t section_header_size; 142 size_t next_section_option_offset; 143 interface_description_block * interface_description; 144 size_t interface_description_size; 145 size_t next_interface_option_offset; 146 } PCAPNG_HANDLE; 147 148 typedef enum { 149 PCAPNG_OK = 0, 150 PCAPNG_INVALID_HANDLE, 151 PCAPNG_FILE_NOT_ALLOWED, 152 PCAPNG_FILE_EXISTS, 153 PCAPNG_TOO_MANY_FILES_OPEN, 154 PCAPNG_NO_MEMORY, 155 PCAPNG_FILE_WRITE_ERROR, 156 PCAPNG_MMAP_FAILED, 157 } PCAPNG_RESULT; 158 159 /** 160 * Create a new PCAP-NG file and set aside space in the section and 161 * interface headers for options to be recorded/added while packets 162 * are captured. 163 * 164 * @param handle pointer to a handle that is populated by this call 165 * @param filename file to create 166 * @param section_options list of initial section options, can be NULL 167 * @param section_options_space size in bytes dedicated to storing extra section 168 * options; will be rounded up so section header 169 * is an integer number of memory pages 170 * @param link_type 171 * @param snaplen 172 * @param interface_options list of initial interface options, can be NULL 173 * @param interface_options_space size in bytes dedicated to storing extra interface 174 * options; will be rounded up so interface header 175 * is an integer number of memory pages 176 * @returns 0 on success, non zero result code otherwisex 177 */ 178 PCAPNG_RESULT pcapng_create( PCAPNG_HANDLE * handle, 179 const char * filename, 180 const option_header * section_options, 181 const size_t section_options_space, 182 const uint16_t link_type, 183 const uint32_t snaplen, 184 const option_header * interface_options, 185 const size_t interface_options_space ); 186 187 PCAPNG_RESULT pcapng_append_section_option( PCAPNG_HANDLE * handle, 188 const option_header * section_option ); 189 190 PCAPNG_RESULT pcapng_append_interface_option( PCAPNG_HANDLE * handle, 191 const option_header * interface_option ); 192 193 PCAPNG_RESULT pcapng_append_packet( PCAPNG_HANDLE * handle, 194 const enhanced_packet_block * packet ); 195 196 PCAPNG_RESULT pcapng_close( PCAPNG_HANDLE * handle ); 197 198 #endif /* PCAPNG_DOT_H */ 199