1*8f3e7eeaSChristopher Kilgour /* -*- c -*- */ 2*8f3e7eeaSChristopher Kilgour /* 3*8f3e7eeaSChristopher Kilgour * Copyright 2014 Christopher D. Kilgour techie AT whiterocker.com 4*8f3e7eeaSChristopher Kilgour * 5*8f3e7eeaSChristopher Kilgour * This file is part of libbtbb 6*8f3e7eeaSChristopher Kilgour * 7*8f3e7eeaSChristopher Kilgour * This program is free software; you can redistribute it and/or modify 8*8f3e7eeaSChristopher Kilgour * it under the terms of the GNU General Public License as published by 9*8f3e7eeaSChristopher Kilgour * the Free Software Foundation; either version 2, or (at your option) 10*8f3e7eeaSChristopher Kilgour * any later version. 11*8f3e7eeaSChristopher Kilgour * 12*8f3e7eeaSChristopher Kilgour * This program is distributed in the hope that it will be useful, 13*8f3e7eeaSChristopher Kilgour * but WITHOUT ANY WARRANTY; without even the implied warranty of 14*8f3e7eeaSChristopher Kilgour * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15*8f3e7eeaSChristopher Kilgour * GNU General Public License for more details. 16*8f3e7eeaSChristopher Kilgour * 17*8f3e7eeaSChristopher Kilgour * You should have received a copy of the GNU General Public License 18*8f3e7eeaSChristopher Kilgour * along with libbtbb; see the file COPYING. If not, write to 19*8f3e7eeaSChristopher Kilgour * the Free Software Foundation, Inc., 51 Franklin Street, 20*8f3e7eeaSChristopher Kilgour * Boston, MA 02110-1301, USA. 21*8f3e7eeaSChristopher Kilgour */ 22*8f3e7eeaSChristopher Kilgour #ifndef PCAPNG_DOT_H 23*8f3e7eeaSChristopher Kilgour #define PCAPNG_DOT_H 24*8f3e7eeaSChristopher Kilgour 25*8f3e7eeaSChristopher Kilgour #include <stdint.h> 26*8f3e7eeaSChristopher Kilgour #include <stdio.h> 27*8f3e7eeaSChristopher Kilgour 28*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 29*8f3e7eeaSChristopher Kilgour uint16_t option_code; 30*8f3e7eeaSChristopher Kilgour uint16_t option_length; 31*8f3e7eeaSChristopher Kilgour uint32_t option_value[0]; 32*8f3e7eeaSChristopher Kilgour } option_header; 33*8f3e7eeaSChristopher Kilgour 34*8f3e7eeaSChristopher Kilgour #define OPT_ENDOFOPT 0 35*8f3e7eeaSChristopher Kilgour #define OPT_COMMENT 1 36*8f3e7eeaSChristopher Kilgour 37*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 38*8f3e7eeaSChristopher Kilgour uint32_t block_type; 39*8f3e7eeaSChristopher Kilgour uint32_t block_total_length; 40*8f3e7eeaSChristopher Kilgour uint32_t byte_order_magic; 41*8f3e7eeaSChristopher Kilgour uint16_t major_version; 42*8f3e7eeaSChristopher Kilgour uint16_t minor_version; 43*8f3e7eeaSChristopher Kilgour uint64_t section_length; 44*8f3e7eeaSChristopher Kilgour option_header options[0]; 45*8f3e7eeaSChristopher Kilgour } section_header_block; 46*8f3e7eeaSChristopher Kilgour 47*8f3e7eeaSChristopher Kilgour #define SECTION_HEADER_BYTE_ORDER_MAGIC 0x1a2b3c4d 48*8f3e7eeaSChristopher Kilgour 49*8f3e7eeaSChristopher Kilgour #define SHB_HARDWARE 2 50*8f3e7eeaSChristopher Kilgour #define SHB_OS 3 51*8f3e7eeaSChristopher Kilgour #define SHB_USERAPPL 4 52*8f3e7eeaSChristopher Kilgour 53*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 54*8f3e7eeaSChristopher Kilgour uint32_t block_type; 55*8f3e7eeaSChristopher Kilgour uint32_t block_total_length; 56*8f3e7eeaSChristopher Kilgour uint16_t link_type; 57*8f3e7eeaSChristopher Kilgour uint16_t reserved; 58*8f3e7eeaSChristopher Kilgour uint32_t snaplen; 59*8f3e7eeaSChristopher Kilgour option_header options[0]; 60*8f3e7eeaSChristopher Kilgour } interface_description_block; 61*8f3e7eeaSChristopher Kilgour 62*8f3e7eeaSChristopher Kilgour #define IF_NAME 2 63*8f3e7eeaSChristopher Kilgour #define IF_DESCRIPTION 3 64*8f3e7eeaSChristopher Kilgour #define IF_IPV4ADDR 4 65*8f3e7eeaSChristopher Kilgour #define IF_IPV6ADDR 5 66*8f3e7eeaSChristopher Kilgour #define IF_MACADDR 6 67*8f3e7eeaSChristopher Kilgour #define IF_EUIADDR 7 68*8f3e7eeaSChristopher Kilgour #define IF_SPEED 8 69*8f3e7eeaSChristopher Kilgour #define IF_TSRESOL 9 70*8f3e7eeaSChristopher Kilgour #define IF_TZONE 10 71*8f3e7eeaSChristopher Kilgour #define IF_FILTER 11 72*8f3e7eeaSChristopher Kilgour #define IF_OS 12 73*8f3e7eeaSChristopher Kilgour #define IF_FCSLEN 13 74*8f3e7eeaSChristopher Kilgour #define IF_TSOFFSET 14 75*8f3e7eeaSChristopher Kilgour 76*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 77*8f3e7eeaSChristopher Kilgour uint32_t block_type; 78*8f3e7eeaSChristopher Kilgour uint32_t block_total_length; 79*8f3e7eeaSChristopher Kilgour uint32_t interface_id; 80*8f3e7eeaSChristopher Kilgour uint32_t timestamp_high; 81*8f3e7eeaSChristopher Kilgour uint32_t timestamp_low; 82*8f3e7eeaSChristopher Kilgour uint32_t captured_len; 83*8f3e7eeaSChristopher Kilgour uint32_t packet_len; 84*8f3e7eeaSChristopher Kilgour uint32_t packet_data[0]; 85*8f3e7eeaSChristopher Kilgour } enhanced_packet_block; 86*8f3e7eeaSChristopher Kilgour 87*8f3e7eeaSChristopher Kilgour #define EPB_FLAGS 2 88*8f3e7eeaSChristopher Kilgour #define EPB_HASH 3 89*8f3e7eeaSChristopher Kilgour #define EPB_DROPCOUNT 4 90*8f3e7eeaSChristopher Kilgour 91*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 92*8f3e7eeaSChristopher Kilgour uint32_t block_type; 93*8f3e7eeaSChristopher Kilgour uint32_t block_total_length; 94*8f3e7eeaSChristopher Kilgour uint32_t packet_len; 95*8f3e7eeaSChristopher Kilgour uint32_t packet_data[0]; 96*8f3e7eeaSChristopher Kilgour } simple_packet_block; 97*8f3e7eeaSChristopher Kilgour 98*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 99*8f3e7eeaSChristopher Kilgour uint32_t block_type; 100*8f3e7eeaSChristopher Kilgour uint32_t block_total_length; 101*8f3e7eeaSChristopher Kilgour uint16_t record_type; 102*8f3e7eeaSChristopher Kilgour uint16_t record_length; 103*8f3e7eeaSChristopher Kilgour uint32_t record_value[0]; 104*8f3e7eeaSChristopher Kilgour } name_resolution_block; 105*8f3e7eeaSChristopher Kilgour 106*8f3e7eeaSChristopher Kilgour #define NRES_ENDOFRECORD 0 107*8f3e7eeaSChristopher Kilgour #define NRES_IP4RECORD 1 108*8f3e7eeaSChristopher Kilgour #define NRES_IP6RECORD 2 109*8f3e7eeaSChristopher Kilgour 110*8f3e7eeaSChristopher Kilgour #define NS_DNSNAME 2 111*8f3e7eeaSChristopher Kilgour #define NS_DNSIP4ADDR 3 112*8f3e7eeaSChristopher Kilgour #define NS_DNSIP6ADDR 4 113*8f3e7eeaSChristopher Kilgour 114*8f3e7eeaSChristopher Kilgour typedef struct __attribute__((packed)) { 115*8f3e7eeaSChristopher Kilgour uint32_t block_type; 116*8f3e7eeaSChristopher Kilgour uint32_t block_total_length; 117*8f3e7eeaSChristopher Kilgour uint32_t interface_id; 118*8f3e7eeaSChristopher Kilgour uint32_t timestamp_high; 119*8f3e7eeaSChristopher Kilgour uint32_t timestamp_low; 120*8f3e7eeaSChristopher Kilgour option_header options[0]; 121*8f3e7eeaSChristopher Kilgour } interface_statistics_block; 122*8f3e7eeaSChristopher Kilgour 123*8f3e7eeaSChristopher Kilgour #define ISB_STARTTIME 2 124*8f3e7eeaSChristopher Kilgour #define ISB_ENDTIME 3 125*8f3e7eeaSChristopher Kilgour #define ISB_IFRECV 4 126*8f3e7eeaSChristopher Kilgour #define ISB_IFDROP 5 127*8f3e7eeaSChristopher Kilgour #define ISB_FILTERACCEPT 6 128*8f3e7eeaSChristopher Kilgour #define ISB_OSDROP 7 129*8f3e7eeaSChristopher Kilgour #define ISB_USRDELIV 8 130*8f3e7eeaSChristopher Kilgour 131*8f3e7eeaSChristopher Kilgour #define BLOCK_TYPE_INTERFACE 0x00000001 132*8f3e7eeaSChristopher Kilgour #define BLOCK_TYPE_SIMPLE_PACKET 0x00000003 133*8f3e7eeaSChristopher Kilgour #define BLOCK_TYPE_NAME_RESOLUTION 0x00000004 134*8f3e7eeaSChristopher Kilgour #define BLOCK_TYPE_INTERFACE_STATISTICS 0x00000005 135*8f3e7eeaSChristopher Kilgour #define BLOCK_TYPE_ENHANCED_PACKET 0x00000006 136*8f3e7eeaSChristopher Kilgour #define BLOCK_TYPE_SECTION_HEADER 0x0a0d0d0a 137*8f3e7eeaSChristopher Kilgour 138*8f3e7eeaSChristopher Kilgour typedef struct { 139*8f3e7eeaSChristopher Kilgour int fd; 140*8f3e7eeaSChristopher Kilgour section_header_block * section_header; 141*8f3e7eeaSChristopher Kilgour size_t section_header_size; 142*8f3e7eeaSChristopher Kilgour size_t next_section_option_offset; 143*8f3e7eeaSChristopher Kilgour interface_description_block * interface_description; 144*8f3e7eeaSChristopher Kilgour size_t interface_description_size; 145*8f3e7eeaSChristopher Kilgour size_t next_interface_option_offset; 146*8f3e7eeaSChristopher Kilgour } PCAPNG_HANDLE; 147*8f3e7eeaSChristopher Kilgour 148*8f3e7eeaSChristopher Kilgour typedef enum { 149*8f3e7eeaSChristopher Kilgour PCAPNG_OK = 0, 150*8f3e7eeaSChristopher Kilgour PCAPNG_INVALID_HANDLE, 151*8f3e7eeaSChristopher Kilgour PCAPNG_FILE_NOT_ALLOWED, 152*8f3e7eeaSChristopher Kilgour PCAPNG_FILE_EXISTS, 153*8f3e7eeaSChristopher Kilgour PCAPNG_TOO_MANY_FILES_OPEN, 154*8f3e7eeaSChristopher Kilgour PCAPNG_NO_MEMORY, 155*8f3e7eeaSChristopher Kilgour PCAPNG_FILE_WRITE_ERROR, 156*8f3e7eeaSChristopher Kilgour PCAPNG_MMAP_FAILED, 157*8f3e7eeaSChristopher Kilgour } PCAPNG_RESULT; 158*8f3e7eeaSChristopher Kilgour 159*8f3e7eeaSChristopher Kilgour /** 160*8f3e7eeaSChristopher Kilgour * Create a new PCAP-NG file and set aside space in the section and 161*8f3e7eeaSChristopher Kilgour * interface headers for options to be recorded/added while packets 162*8f3e7eeaSChristopher Kilgour * are captured. 163*8f3e7eeaSChristopher Kilgour * 164*8f3e7eeaSChristopher Kilgour * @param handle pointer to a handle that is populated by this call 165*8f3e7eeaSChristopher Kilgour * @param filename file to create 166*8f3e7eeaSChristopher Kilgour * @param section_options list of initial section options, can be NULL 167*8f3e7eeaSChristopher Kilgour * @param section_options_space size in bytes dedicated to storing extra section 168*8f3e7eeaSChristopher Kilgour * options; will be rounded up so section header 169*8f3e7eeaSChristopher Kilgour * is an integer number of memory pages 170*8f3e7eeaSChristopher Kilgour * @param link_type 171*8f3e7eeaSChristopher Kilgour * @param snaplen 172*8f3e7eeaSChristopher Kilgour * @param interface_options list of initial interface options, can be NULL 173*8f3e7eeaSChristopher Kilgour * @param interface_options_space size in bytes dedicated to storing extra interface 174*8f3e7eeaSChristopher Kilgour * options; will be rounded up so interface header 175*8f3e7eeaSChristopher Kilgour * is an integer number of memory pages 176*8f3e7eeaSChristopher Kilgour * @returns 0 on success, non zero result code otherwisex 177*8f3e7eeaSChristopher Kilgour */ 178*8f3e7eeaSChristopher Kilgour PCAPNG_RESULT pcapng_create( PCAPNG_HANDLE * handle, 179*8f3e7eeaSChristopher Kilgour const char * filename, 180*8f3e7eeaSChristopher Kilgour const option_header * section_options, 181*8f3e7eeaSChristopher Kilgour const size_t section_options_space, 182*8f3e7eeaSChristopher Kilgour const uint16_t link_type, 183*8f3e7eeaSChristopher Kilgour const uint32_t snaplen, 184*8f3e7eeaSChristopher Kilgour const option_header * interface_options, 185*8f3e7eeaSChristopher Kilgour const size_t interface_options_space ); 186*8f3e7eeaSChristopher Kilgour 187*8f3e7eeaSChristopher Kilgour PCAPNG_RESULT pcapng_append_section_option( PCAPNG_HANDLE * handle, 188*8f3e7eeaSChristopher Kilgour const option_header * section_option ); 189*8f3e7eeaSChristopher Kilgour 190*8f3e7eeaSChristopher Kilgour PCAPNG_RESULT pcapng_append_interface_option( PCAPNG_HANDLE * handle, 191*8f3e7eeaSChristopher Kilgour const option_header * interface_option ); 192*8f3e7eeaSChristopher Kilgour 193*8f3e7eeaSChristopher Kilgour PCAPNG_RESULT pcapng_append_packet( PCAPNG_HANDLE * handle, 194*8f3e7eeaSChristopher Kilgour const enhanced_packet_block * packet ); 195*8f3e7eeaSChristopher Kilgour 196*8f3e7eeaSChristopher Kilgour PCAPNG_RESULT pcapng_close( PCAPNG_HANDLE * handle ); 197*8f3e7eeaSChristopher Kilgour 198*8f3e7eeaSChristopher Kilgour #endif /* PCAPNG_DOT_H */ 199