TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags
[wireshark-sm.git] / wiretap / pcapng_module.h
blob239998b33d1e09fa08c2042358f1de37b19600ba
1 /** @file
3 * Wiretap Library
4 * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
6 * SPDX-License-Identifier: GPL-2.0-or-later
7 */
9 #ifndef __PCAP_MODULE_H__
10 #define __PCAP_MODULE_H__
13 * These are the officially registered block types, from the pcapng
14 * specification.
16 * XXX - Dear Sysdig People: please add your blocks to the spec!
18 #define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */
19 #define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */
20 #define BLOCK_TYPE_PB 0x00000002 /* Packet Block (obsolete) */
21 #define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */
22 #define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */
23 #define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */
24 #define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */
25 #define BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */
26 #define BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */
27 #define BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT 0x00000009 /* systemd journal entry */
28 #define BLOCK_TYPE_DSB 0x0000000A /* Decryption Secrets Block */
29 #define BLOCK_TYPE_SYSDIG_MI 0x00000201 /* Sysdig Machine Info Block */
30 #define BLOCK_TYPE_SYSDIG_PL_V1 0x00000202 /* Sysdig Process List Block */
31 #define BLOCK_TYPE_SYSDIG_FDL_V1 0x00000203 /* Sysdig File Descriptor List Block */
32 #define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */
33 #define BLOCK_TYPE_SYSDIG_IL_V1 0x00000205 /* Sysdig Interface List Block */
34 #define BLOCK_TYPE_SYSDIG_UL_V1 0x00000206 /* Sysdig User List Block */
35 #define BLOCK_TYPE_SYSDIG_PL_V2 0x00000207 /* Sysdig Process List Block version 2 */
36 #define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */
37 #define BLOCK_TYPE_SYSDIG_PL_V3 0x00000209 /* Sysdig Process List Block version 3 */
38 #define BLOCK_TYPE_SYSDIG_PL_V4 0x00000210 /* Sysdig Process List Block version 4 */
39 #define BLOCK_TYPE_SYSDIG_PL_V5 0x00000211 /* Sysdig Process List Block version 5 */
40 #define BLOCK_TYPE_SYSDIG_PL_V6 0x00000212 /* Sysdig Process List Block version 6 */
41 #define BLOCK_TYPE_SYSDIG_PL_V7 0x00000213 /* Sysdig Process List Block version 7 */
42 #define BLOCK_TYPE_SYSDIG_PL_V8 0x00000214 /* Sysdig Process List Block version 8 */
43 #define BLOCK_TYPE_SYSDIG_PL_V9 0x00000215 /* Sysdig Process List Block version 9 */
44 #define BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216 /* Sysdig Event Block version 2 */
45 #define BLOCK_TYPE_SYSDIG_EVF_V2 0x00000217 /* Sysdig Event Block with flags version 2 */
46 #define BLOCK_TYPE_SYSDIG_FDL_V2 0x00000218 /* Sysdig File Descriptor List Block */
47 #define BLOCK_TYPE_SYSDIG_IL_V2 0x00000219 /* Sysdig Interface List Block version 2 */
48 #define BLOCK_TYPE_SYSDIG_UL_V2 0x00000220 /* Sysdig User List Block version 2 */
49 #define BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE 0x00000221 /* Sysdig Event Block version 2 with large payload */
50 #define BLOCK_TYPE_SYSDIG_EVF_V2_LARGE 0x00000222 /* Sysdig Event Block with flags version 2 with large payload */
51 #define BLOCK_TYPE_CB_COPY 0x00000BAD /* Custom Block which can be copied */
52 #define BLOCK_TYPE_CB_NO_COPY 0x40000BAD /* Custom Block which should not be copied */
54 /* TODO: the following are not yet well defined in the draft spec,
55 * and do not yet have block type values assigned to them:
56 * Compression Block
57 * Encryption Block
58 * Fixed Length Block
59 * Directory Block
60 * Traffic Statistics and Monitoring Blocks
61 * Event/Security Block
64 /* Block data to be passed between functions during reading */
65 typedef struct wtapng_block_s {
66 uint32_t type; /* block_type as defined by pcapng */
67 bool internal; /* true if this block type shouldn't be returned from pcapng_read() */
68 wtap_block_t block;
69 wtap_rec *rec;
70 Buffer *frame_buffer;
71 } wtapng_block_t;
73 /* Section data in private struct */
75 * XXX - there needs to be a more general way to implement the Netflix
76 * BBLog blocks and options.
78 typedef struct section_info_t {
79 bool byte_swapped; /**< true if this section is not in our byte order */
80 uint16_t version_major; /**< Major version number of this section */
81 uint16_t version_minor; /**< Minor version number of this section */
82 GArray *interfaces; /**< Interfaces found in this section */
83 int64_t shb_off; /**< File offset of the SHB for this section */
84 uint32_t bblog_version; /**< BBLog: version used */
85 uint64_t bblog_offset_tv_sec; /**< BBLog: UTC offset */
86 uint64_t bblog_offset_tv_usec;
87 } section_info_t;
90 * Reader and writer routines for pcapng block types.
92 typedef bool (*block_reader)(FILE_T fh, uint32_t block_read,
93 bool byte_swapped,
94 wtapng_block_t *wblock,
95 int *err, char **err_info);
96 typedef bool (*block_writer)(wtap_dumper *wdh, const wtap_rec *rec,
97 const uint8_t *pd, int *err);
100 * Register a handler for a pcapng block type.
102 WS_DLL_PUBLIC
103 void register_pcapng_block_type_handler(unsigned block_type, block_reader reader,
104 block_writer writer);
107 * Handler routines for pcapng option type.
109 typedef bool (*option_parser)(wtap_block_t block,
110 bool byte_swapped,
111 unsigned option_length,
112 const uint8_t *option_content,
113 int *err, char **err_info);
114 typedef uint32_t (*option_sizer)(unsigned option_id, wtap_optval_t *optval);
115 typedef bool (*option_writer)(wtap_dumper *wdh, unsigned option_id,
116 wtap_optval_t *optval, int *err);
119 * Register a handler for a pcapng option code for a particular block
120 * type.
122 WS_DLL_PUBLIC
123 void register_pcapng_option_handler(unsigned block_type, unsigned option_code,
124 option_parser parser,
125 option_sizer sizer,
126 option_writer writer);
129 * Byte order of the options within a block.
131 * This is usually the byte order of the section, but, for options
132 * within a Custom Block, it needs to be a specified byte order,
133 * or a byte order indicated by data in the Custom Data (stored in
134 * a fashion that doesn't require knowing the byte order of the
135 * Custom Data, as it's also the byte order of the Custom Data
136 * itself), so that programs ignorant of the format of a given
137 * type of Custom Block can still read a block from one file and
138 * write it to another, even if the host doing the writing has
139 * a byte order different from the host that previously wrote
140 * the file.
142 typedef enum {
143 OPT_SECTION_BYTE_ORDER, /* byte order of this section */
144 OPT_BIG_ENDIAN, /* as it says */
145 OPT_LITTLE_ENDIAN /* ditto */
146 } pcapng_opt_byte_order_e;
149 * Process the options section of a block. process_option points to
150 * a routine that processes all the block-specific options, i.e.
151 * options other than the end-of-options, comment, and custom
152 * options.
154 WS_DLL_PUBLIC
155 bool pcapng_process_options(FILE_T fh, wtapng_block_t *wblock,
156 section_info_t *section_info,
157 unsigned opt_cont_buf_len,
158 bool (*process_option)(wtapng_block_t *,
159 const section_info_t *,
160 uint16_t, uint16_t,
161 const uint8_t *,
162 int *, char **),
163 pcapng_opt_byte_order_e byte_order,
164 int *err, char **err_info);
167 * Helper routines to process options with types used in more than one
168 * block type.
170 WS_DLL_PUBLIC
171 void pcapng_process_uint8_option(wtapng_block_t *wblock,
172 uint16_t option_code, uint16_t option_length,
173 const uint8_t *option_content);
175 WS_DLL_PUBLIC
176 void pcapng_process_uint32_option(wtapng_block_t *wblock,
177 const section_info_t *section_info,
178 pcapng_opt_byte_order_e byte_order,
179 uint16_t option_code, uint16_t option_length,
180 const uint8_t *option_content);
182 WS_DLL_PUBLIC
183 void pcapng_process_timestamp_option(wtapng_block_t *wblock,
184 const section_info_t *section_info,
185 pcapng_opt_byte_order_e byte_order,
186 uint16_t option_code, uint16_t option_length,
187 const uint8_t *option_content);
189 WS_DLL_PUBLIC
190 void pcapng_process_uint64_option(wtapng_block_t *wblock,
191 const section_info_t *section_info,
192 pcapng_opt_byte_order_e byte_order,
193 uint16_t option_code, uint16_t option_length,
194 const uint8_t *option_content);
196 WS_DLL_PUBLIC
197 void pcapng_process_int64_option(wtapng_block_t *wblock,
198 const section_info_t *section_info,
199 pcapng_opt_byte_order_e byte_order,
200 uint16_t option_code, uint16_t option_length,
201 const uint8_t *option_content);
203 WS_DLL_PUBLIC
204 void pcapng_process_string_option(wtapng_block_t *wblock, uint16_t option_code,
205 uint16_t option_length, const uint8_t *option_content);
207 WS_DLL_PUBLIC
208 void pcapng_process_bytes_option(wtapng_block_t *wblock, uint16_t option_code,
209 uint16_t option_length, const uint8_t *option_content);
211 #endif /* __PCAP_MODULE_H__ */