wiretap/network_instruments.h

   1 /*
   2  * $Id$
   3  */
   4
   5 /***************************************************************************
   6                           network_instruments.h  -  description
   7                              -------------------
   8     begin                : Wed Oct 29 2003
   9     copyright            : (C) 2003 by root
  10     email                : scotte[AT}netinst.com
  11  ***************************************************************************/
  12
  13 /***************************************************************************
  14  *                                                                         *
  15  *   This program is free software; you can redistribute it and/or modify  *
  16  *   it under the terms of the GNU General Public License as published by  *
  17  *   the Free Software Foundation; either version 2 of the License, or     *
  18  *   (at your option) any later version.                                   *
  19  *                                                                         *
  20  ***************************************************************************/
  21
  22 #ifndef __NETWORK_INSTRUMENTS_H__
  23 #define __NETWORK_INSTRUMENTS_H__
  24
  25 #include <glib.h>
  26 #include <wtap.h>
  27
  28 int network_instruments_open(wtap *wth, int *err, gchar **err_info);
  29 int network_instruments_dump_can_write_encap(int encap);
  30 gboolean network_instruments_dump_open(wtap_dumper *wdh, int *err);
  31
  32 /*
  33  * In v15 the high_byte was added to allow a larger offset This was done by
  34  * reducing the size of observer_version by 1 byte.  Since version strings are
  35  * only 30 characters the high_byte will always be 0 in previous versions.
  36  */
  37 typedef struct capture_file_header
  38 {
  39     char    observer_version[31];
  40     guint8  offset_to_first_packet_high_byte; /* allows to extend the offset to the first packet to 256*0x10000 = 16 MB */
  41     guint16 offset_to_first_packet;
  42     char    probe_instance;
  43     guint8  number_of_information_elements;   /* number of TLVs in the header */
  44 } capture_file_header;
  45
  46 #define CAPTURE_FILE_HEADER_FROM_LE_IN_PLACE(_capture_file_header) \
  47     _capture_file_header.offset_to_first_packet = GUINT16_FROM_LE((_capture_file_header).offset_to_first_packet)
  48
  49 #define CAPTURE_FILE_HEADER_TO_LE_IN_PLACE(_capture_file_header) \
  50     _capture_file_header.offset_to_first_packet = GUINT16_TO_LE((_capture_file_header).offset_to_first_packet)
  51
  52 typedef struct tlv_header
  53 {
  54     guint16 type;
  55     guint16 length;        /* includes the length of the TLV header */
  56 } tlv_header;
  57
  58 #define TLV_HEADER_FROM_LE_IN_PLACE(_tlv_header) \
  59     (_tlv_header).type   = GUINT16_FROM_LE((_tlv_header).type); \
  60     (_tlv_header).length = GUINT16_FROM_LE((_tlv_header).length)
  61
  62 #define TLV_HEADER_TO_LE_IN_PLACE(_tlv_header) \
  63     (_tlv_header).type   = GUINT16_TO_LE((_tlv_header).type); \
  64     (_tlv_header).length = GUINT16_TO_LE((_tlv_header).length)
  65
  66 typedef struct tlv_time_info {
  67     guint16 type;
  68     guint16 length;
  69     guint32 time_format;
  70 } tlv_time_info;
  71
  72 #define TLV_TIME_INFO_FROM_LE_IN_PLACE(_tlv_time_info) \
  73     (_tlv_time_info).type   = GUINT16_FROM_LE((_tlv_time_info).type); \
  74     (_tlv_time_info).length = GUINT16_FROM_LE((_tlv_time_info).length); \
  75     (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format)
  76
  77 #define TLV_TIME_INFO_TO_LE_IN_PLACE(_tlv_time_info) \
  78     (_tlv_time_info).type   = GUINT16_TO_LE((_tlv_time_info).type); \
  79     (_tlv_time_info).length = GUINT16_TO_LE((_tlv_time_info).length); \
  80     (_tlv_time_info).time_format = GUINT32_FROM_LE((_tlv_time_info).time_format)
  81
  82 typedef struct tlv_wireless_info {
  83     guint8 quality;
  84     guint8 signalStrength;
  85     guint8 rate;
  86     guint8 frequency;
  87     guint8 qualityPercent;
  88     guint8 strengthPercent;
  89     guint8 conditions;
  90     guint8 reserved;
  91 } tlv_wireless_info;
  92
  93 /*
  94  * Wireless conditions
  95  */
  96 #define WIRELESS_WEP_SUCCESS            0x80
  97
  98 /*
  99  * TLV type values.
 100  */
 101 #define INFORMATION_TYPE_ALIAS_LIST 0x01
 102 #define INFORMATION_TYPE_COMMENT    0x02 /* ASCII text */
 103 #define INFORMATION_TYPE_TIME_INFO  0x04
 104 #define INFORMATION_TYPE_WIRELESS   0x101
 105
 106 /*
 107  * TVL TIME_INFO values.
 108  */
 109 #define TIME_INFO_LOCAL 0
 110 #define TIME_INFO_GMT   1
 111
 112 typedef struct packet_entry_header
 113 {
 114     guint32 packet_magic;
 115     guint32 network_speed;
 116     guint16 captured_size;
 117     guint16 network_size;
 118     guint16 offset_to_frame;
 119     guint16 offset_to_next_packet;
 120     guint8 network_type;
 121     guint8 flags;
 122     guint8 number_of_information_elements;    /* number of TLVs in the header */
 123     guint8 packet_type;
 124     guint16 errors;
 125     guint16 reserved;
 126     guint64 packet_number;
 127     guint64 original_packet_number;
 128     guint64 nano_seconds_since_2000;
 129 } packet_entry_header;
 130
 131 #define PACKET_ENTRY_HEADER_FROM_LE_IN_PLACE(_packet_entry_header) \
 132     (_packet_entry_header).packet_magic            = GUINT32_FROM_LE((_packet_entry_header).packet_magic); \
 133     (_packet_entry_header).network_speed           = GUINT32_FROM_LE((_packet_entry_header).network_speed); \
 134     (_packet_entry_header).captured_size           = GUINT16_FROM_LE((_packet_entry_header).captured_size); \
 135     (_packet_entry_header).network_size            = GUINT16_FROM_LE((_packet_entry_header).network_size); \
 136     (_packet_entry_header).offset_to_frame         = GUINT16_FROM_LE((_packet_entry_header).offset_to_frame); \
 137     (_packet_entry_header).offset_to_next_packet   = GUINT16_FROM_LE((_packet_entry_header).offset_to_next_packet); \
 138     (_packet_entry_header).errors                  = GUINT16_FROM_LE((_packet_entry_header).errors); \
 139     (_packet_entry_header).reserved                = GUINT16_FROM_LE((_packet_entry_header).reserved); \
 140     (_packet_entry_header).packet_number           = GUINT64_FROM_LE((_packet_entry_header).packet_number); \
 141     (_packet_entry_header).original_packet_number  = GUINT64_FROM_LE((_packet_entry_header).original_packet_number); \
 142     (_packet_entry_header).nano_seconds_since_2000 = GUINT64_FROM_LE((_packet_entry_header).nano_seconds_since_2000)
 143
 144 #define PACKET_ENTRY_HEADER_TO_LE_IN_PLACE(_packet_entry_header) \
 145     (_packet_entry_header).packet_magic            = GUINT32_TO_LE((_packet_entry_header).packet_magic); \
 146     (_packet_entry_header).network_speed           = GUINT32_TO_LE((_packet_entry_header).network_speed); \
 147     (_packet_entry_header).captured_size           = GUINT16_TO_LE((_packet_entry_header).captured_size); \
 148     (_packet_entry_header).network_size            = GUINT16_TO_LE((_packet_entry_header).network_size); \
 149     (_packet_entry_header).offset_to_frame         = GUINT16_TO_LE((_packet_entry_header).offset_to_frame); \
 150     (_packet_entry_header).offset_to_next_packet   = GUINT16_TO_LE((_packet_entry_header).offset_to_next_packet); \
 151     (_packet_entry_header).errors                  = GUINT16_TO_LE((_packet_entry_header).errors); \
 152     (_packet_entry_header).reserved                = GUINT16_TO_LE((_packet_entry_header).reserved); \
 153     (_packet_entry_header).packet_number           = GUINT64_TO_LE((_packet_entry_header).packet_number); \
 154     (_packet_entry_header).original_packet_number  = GUINT64_TO_LE((_packet_entry_header).original_packet_number); \
 155     (_packet_entry_header).nano_seconds_since_2000 = GUINT64_TO_LE((_packet_entry_header).nano_seconds_since_2000)
 156
 157 /*
 158  * Network type values.
 159  */
 160 #define OBSERVER_UNDEFINED       0xFF
 161 #define OBSERVER_ETHERNET        0x00
 162 #define OBSERVER_TOKENRING       0x01
 163 #define OBSERVER_FIBRE_CHANNEL   0x08
 164 #define OBSERVER_WIRELESS_802_11 0x09
 165
 166 /*
 167  * Packet type values.
 168  */
 169 #define PACKET_TYPE_DATA_PACKET               0
 170 #define PACKET_TYPE_EXPERT_INFORMATION_PACKET 1
 171
 172 /*
 173  * The Observer document indicates that the types of expert information
 174  * packets are:
 175  *
 176  *    Network Load (markers used by Expert Time Interval and What If
 177  *    analysis modes)
 178  *
 179  *    Start/Stop Packet Capture marker frames (with time stamps when
 180  *    captures start and stop)
 181  *
 182  *    Wireless Channel Change (markers showing what channel was being
 183  *    currently listened to)
 184  *
 185  * That information appears to be contained in TLVs.
 186  */
 187
 188 /*
 189  * TLV type values.
 190  */
 191 #define INFORMATION_TYPE_NETWORK_LOAD       0x0100
 192 #define INFORMATION_TYPE_CAPTURE_START_STOP 0x0104
 193
 194 /*
 195  * Might some of these be broadcast and multicast packet counts?
 196  */
 197 typedef struct tlv_network_load
 198 {
 199     guint32 utilization;        /* network utilization, in .1% units */
 200     guint32 unknown1;
 201     guint32 unknown2;
 202     guint32 packets_per_second;
 203     guint32 unknown3;
 204     guint32 bytes_per_second;
 205     guint32 unknown4;
 206 } tlv_network_load;
 207
 208 typedef struct tlv_capture_start_stop
 209 {
 210     guint32 start_stop;
 211 } tlv_capture_start_stop;
 212
 213 #define START_STOP_TYPE_STOP   0
 214 #define START_STOP_TYPE_START  1
 215
 216 #endif
 217