#include <wiretap/wtap_module.h>
#include "ws_symbol_export.h"

Classes
struct	wtapng_block_s

struct	section_info_t

struct	pcapng_block_type_information_t

struct	compute_options_size_t

struct	pcapng_custom_block_enterprise_handler_t

struct	section_info_funcs_t

Macros
#define	BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */

#define	BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */

#define	BLOCK_TYPE_PB 0x00000002 /* Packet Block (obsolete) */

#define	BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */

#define	BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */

#define	BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */

#define	BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */

#define	BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */

#define	BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */

#define	BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT 0x00000009 /* systemd journal entry */

#define	BLOCK_TYPE_DSB 0x0000000A /* Decryption Secrets Block */

#define	BLOCK_TYPE_HP_MIB 0x00000101 /* Hone Project Machine Info Block */

#define	BLOCK_TYPE_HP_CEB 0x00000102 /* Hone Project Connection Event Block */

#define	BLOCK_TYPE_SYSDIG_MI 0x00000201 /* Sysdig Machine Info Block */

#define	BLOCK_TYPE_SYSDIG_PL_V1 0x00000202 /* Sysdig Process List Block */

#define	BLOCK_TYPE_SYSDIG_FDL_V1 0x00000203 /* Sysdig File Descriptor List Block */

#define	BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */

#define	BLOCK_TYPE_SYSDIG_IL_V1 0x00000205 /* Sysdig Interface List Block */

#define	BLOCK_TYPE_SYSDIG_UL_V1 0x00000206 /* Sysdig User List Block */

#define	BLOCK_TYPE_SYSDIG_PL_V2 0x00000207 /* Sysdig Process List Block version 2 */

#define	BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */

#define	BLOCK_TYPE_SYSDIG_PL_V3 0x00000209 /* Sysdig Process List Block version 3 */

#define	BLOCK_TYPE_SYSDIG_PL_V4 0x00000210 /* Sysdig Process List Block version 4 */

#define	BLOCK_TYPE_SYSDIG_PL_V5 0x00000211 /* Sysdig Process List Block version 5 */

#define	BLOCK_TYPE_SYSDIG_PL_V6 0x00000212 /* Sysdig Process List Block version 6 */

#define	BLOCK_TYPE_SYSDIG_PL_V7 0x00000213 /* Sysdig Process List Block version 7 */

#define	BLOCK_TYPE_SYSDIG_PL_V8 0x00000214 /* Sysdig Process List Block version 8 */

#define	BLOCK_TYPE_SYSDIG_PL_V9 0x00000215 /* Sysdig Process List Block version 9 */

#define	BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216 /* Sysdig Event Block version 2 */

#define	BLOCK_TYPE_SYSDIG_EVF_V2 0x00000217 /* Sysdig Event Block with flags version 2 */

#define	BLOCK_TYPE_SYSDIG_FDL_V2 0x00000218 /* Sysdig File Descriptor List Block */

#define	BLOCK_TYPE_SYSDIG_IL_V2 0x00000219 /* Sysdig Interface List Block version 2 */

#define	BLOCK_TYPE_SYSDIG_UL_V2 0x00000220 /* Sysdig User List Block version 2 */

#define	BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE 0x00000221 /* Sysdig Event Block version 2 with large payload */

#define	BLOCK_TYPE_SYSDIG_EVF_V2_LARGE 0x00000222 /* Sysdig Event Block with flags version 2 with large payload */

#define	BLOCK_TYPE_CB_COPY 0x00000BAD /* Custom Block which can be copied */

#define	BLOCK_TYPE_CB_NO_COPY 0x40000BAD /* Custom Block which should not be copied */

#define	BLOCK_TYPE_LEGACY_DPIB 0x80000001 /* Historically, Apple used this code for Darwin Process Info Block. */

Typedefs
typedef struct wtapng_block_s	wtapng_block_t

typedef struct section_info_t	section_info_t

typedef bool(*	block_reader) (wtap wth, FILE_T fh, uint32_t block_type, uint32_t block_content_length, section_info_t section_info, wtapng_block_t wblock, int err, char **err_info)

typedef bool(*	block_writer) (wtap_dumper wdh, const wtap_rec rec, int err, char *err_info)

typedef bool(*	block_processor) (wtap wth, section_info_t section_info _U_, wtapng_block_t *wblock)

typedef struct pcapng_block_type_information_t	pcapng_block_type_information_t

typedef bool(*	option_parser) (wtap_block_t block, bool byte_swapped, unsigned option_length, const uint8_t option_content, int err, char **err_info)

typedef uint32_t(*	option_sizer) (unsigned option_id, wtap_optval_t *optval)

typedef bool(*	option_writer) (wtap_dumper wdh, unsigned option_id, wtap_optval_t optval, int *err)

typedef uint32_t(*	compute_option_size_func) (wtap_block_t, unsigned, wtap_opttype_e, wtap_optval_t *)

typedef struct compute_options_size_t	compute_options_size_t

typedef bool(*	write_option_func) (wtap_dumper wdh, wtap_block_t block, unsigned option_id, wtap_opttype_e option_type, wtap_optval_t optval, int err, char *err_info)

typedef bool(*	custom_option_parser) (FILE_T fh, section_info_t section_info, wtapng_block_t wblock, int err, char *err_info)

typedef bool(*	custom_option_processor) (wtapng_block_t wblock, section_info_t section_info, uint16_t option_code, const uint8_t *value, uint16_t length)

typedef struct pcapng_custom_block_enterprise_handler_t	pcapng_custom_block_enterprise_handler_t

Enumerations
enum	pcapng_opt_byte_order_e { OPT_SECTION_BYTE_ORDER , OPT_BIG_ENDIAN , OPT_LITTLE_ENDIAN }

Functions
WS_DLL_PUBLIC void	register_pcapng_block_type_information (pcapng_block_type_information_t *handler)
	Register a handler for a pcapng block type.

WS_DLL_PUBLIC GHashTable *	pcapng_create_option_handler_table (void)
	Create a table of handlers for pcapng option codes.

WS_DLL_PUBLIC void	register_pcapng_option_handler (unsigned block_type, unsigned option_code, option_parser parser, option_sizer sizer, option_writer writer)
	Register a handler for a pcapng option code for a particular block type.

WS_DLL_PUBLIC bool	pcapng_process_options (FILE_T fh, wtapng_block_t wblock, section_info_t section_info, unsigned opt_cont_buf_len, bool(process_option)(wtapng_block_t , section_info_t , uint16_t, uint16_t, const uint8_t , int , char ), pcapng_opt_byte_order_e byte_order, int err, char **err_info)
	Process the options section of a block.

WS_DLL_PUBLIC void	pcapng_process_uint8_option (wtapng_block_t wblock, uint16_t option_code, uint16_t option_length, const uint8_t option_content)
	Helper routines to process options with types used in more than one block type.

WS_DLL_PUBLIC void	pcapng_process_uint32_option (wtapng_block_t wblock, section_info_t section_info, pcapng_opt_byte_order_e byte_order, uint16_t option_code, uint16_t option_length, const uint8_t *option_content)
	Process a 32-bit unsigned integer option in a PCAPNG block.

WS_DLL_PUBLIC void	pcapng_process_timestamp_option (wtapng_block_t wblock, section_info_t section_info, pcapng_opt_byte_order_e byte_order, uint16_t option_code, uint16_t option_length, const uint8_t *option_content)
	Process a timestamp option in a PCAPng block.

WS_DLL_PUBLIC void	pcapng_process_uint64_option (wtapng_block_t wblock, section_info_t section_info, pcapng_opt_byte_order_e byte_order, uint16_t option_code, uint16_t option_length, const uint8_t *option_content)
	Process a 64-bit unsigned integer option in a PCAP-NG block.

WS_DLL_PUBLIC void	pcapng_process_int64_option (wtapng_block_t wblock, section_info_t section_info, pcapng_opt_byte_order_e byte_order, uint16_t option_code, uint16_t option_length, const uint8_t *option_content)
	Process a 64-bit integer option in a PCAPNG block.

WS_DLL_PUBLIC void	pcapng_process_string_option (wtapng_block_t wblock, uint16_t option_code, uint16_t option_length, const uint8_t option_content)
	Process a string option in a PCAPNG block.

WS_DLL_PUBLIC void	pcapng_process_bytes_option (wtapng_block_t wblock, uint16_t option_code, uint16_t option_length, const uint8_t option_content)
	Processes a bytes option in a PCAPng block.

WS_DLL_PUBLIC uint32_t	pcapng_compute_options_size (wtap_block_t block, compute_option_size_func compute_option_size)
	Computes the total size of all options in a PCAPNG block.

WS_DLL_PUBLIC bool	pcapng_write_options (wtap_dumper wdh, pcapng_opt_byte_order_e byte_order, wtap_block_t block, write_option_func write_option, int err, char **err_info)
	Writes options to a pcapng file.

WS_DLL_PUBLIC void	register_pcapng_custom_block_enterprise_handler (unsigned enterprise_number, pcapng_custom_block_enterprise_handler_t const *handler)
	Register a handler for a pcapng custom block with an enterprise number.

WS_DLL_PUBLIC bool	pcapng_write_block_header (wtap_dumper wdh, uint32_t block_type, uint32_t block_content_length, int err)
	Write a pcapng block header.

WS_DLL_PUBLIC bool	pcapng_write_block_footer (wtap_dumper wdh, uint32_t block_content_length, int err)
	Writes a block footer for a PCAPNG file.

WS_DLL_PUBLIC void *	pcapng_get_cb_section_info_data (section_info_t section_info, uint32_t pen, const section_info_funcs_t funcs)
	Find local block information from a section_info_t; add a newly-created one and return it if none is found.

WS_DLL_PUBLIC void *	pcapng_get_lb_section_info_data (section_info_t section_info, uint32_t block_type, const section_info_funcs_t funcs)
	Find local block information from a section_info_t; add a newly-created one and return it if none is found.

Detailed Description

SPDX-License-Identifier: GPL-2.0-or-later

Function Documentation

◆ pcapng_compute_options_size()

WS_DLL_PUBLIC uint32_t pcapng_compute_options_size	(	wtap_block_t	block,
		compute_option_size_func	compute_option_size
	)

Computes the total size of all options in a PCAPNG block.

Parameters

block	The wtap_block_t containing the options to compute.
compute_option_size	A function pointer to compute the size of each option.

Returns: uint32_t The total size of all options, including the End-of-options tag if applicable.

◆ pcapng_create_option_handler_table()

WS_DLL_PUBLIC GHashTable * pcapng_create_option_handler_table ( void )

Create a table of handlers for pcapng option codes.

Returns: GHashTable* A hash table of option handlers.

◆ pcapng_get_cb_section_info_data()

WS_DLL_PUBLIC void * pcapng_get_cb_section_info_data	(	section_info_t *	section_info,
		uint32_t	pen,
		const section_info_funcs_t *	funcs
	)

Find local block information from a section_info_t; add a newly-created one and return it if none is found.

Parameters

section_info	Pointer to the section_info_t structure.
pen	The Pen number for the custom block data.
funcs	Pointer to the section_info_funcs_t structure containing function pointers for freeing custom block data.

Returns: Pointer to the custom block data, or NULL if not found and no new data was created.

◆ pcapng_get_lb_section_info_data()

WS_DLL_PUBLIC void * pcapng_get_lb_section_info_data	(	section_info_t *	section_info,
		uint32_t	block_type,
		const section_info_funcs_t *	funcs
	)

Find local block information from a section_info_t; add a newly-created one and return it if none is found.

Parameters

section_info	Pointer to the section_info_t structure.
block_type	The block type for the local block data.
funcs	Pointer to the section_info_funcs_t structure containing function pointers for freeing local block data.

Returns: Pointer to the local block data, or NULL if not found and no new data was created.

◆ pcapng_process_bytes_option()

WS_DLL_PUBLIC void pcapng_process_bytes_option	(	wtapng_block_t *	wblock,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Processes a bytes option in a PCAPng block.

Parameters

wblock	Pointer to the PCAPng block.
option_code	The code of the option.
option_length	The length of the option content.
option_content	Pointer to the content of the option.

◆ pcapng_process_int64_option()

WS_DLL_PUBLIC void pcapng_process_int64_option	(	wtapng_block_t *	wblock,
		section_info_t *	section_info,
		pcapng_opt_byte_order_e	byte_order,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Process a 64-bit integer option in a PCAPNG block.

Parameters

wblock	Pointer to the PCAPNG block.
section_info	Pointer to the section information.
byte_order	Byte order of the option content.
option_code	Code of the option.
option_length	Length of the option content.
option_content	Pointer to the option content.

◆ pcapng_process_options()

WS_DLL_PUBLIC bool pcapng_process_options	(	FILE_T	fh,
		wtapng_block_t *	wblock,
		section_info_t *	section_info,
		unsigned	opt_cont_buf_len,
		bool()(wtapng_block_t , section_info_t , uint16_t, uint16_t, const uint8_t , int , char *)	process_option,
		pcapng_opt_byte_order_e	byte_order,
		int *	err,
		char **	err_info
	)

Process the options section of a block.

Parameters

fh	File handle.
wblock	Pointer to the pcapng block.
section_info	Pointer to the section information.
opt_cont_buf_len	Length of the option content buffer.
process_option	Function to process each option.
byte_order	Byte order of the option content.
err	Pointer to an integer where any error code will be stored on failure.
err_info	Pointer to a string where error information will be stored on failure.

Returns: true if the options were processed successfully, false otherwise.

< Appears in pcapng files, but not in blocks.

< A UTF-8 string containing a human-readable comment.

< A custom option containing a UTF-8 string, copying allowed.

< A custom option containing a UTF-8 string, copying not allowed.

< A custom option containing binary data, copying allowed.

< A custom option containing binary data, copying not allowed.

◆ pcapng_process_string_option()

WS_DLL_PUBLIC void pcapng_process_string_option	(	wtapng_block_t *	wblock,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Process a string option in a PCAPNG block.

Parameters

wblock	Pointer to the wtapng_block_t structure.
option_code	The code of the option.
option_length	The length of the option content.
option_content	The content of the option as bytes.

◆ pcapng_process_timestamp_option()

WS_DLL_PUBLIC void pcapng_process_timestamp_option	(	wtapng_block_t *	wblock,
		section_info_t *	section_info,
		pcapng_opt_byte_order_e	byte_order,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Process a timestamp option in a PCAPng block.

Parameters

wblock	Pointer to the PCAPng block.
section_info	Pointer to the section information.
byte_order	Byte order of the option content.
option_code	Code of the option.
option_length	Length of the option content.
option_content	Content of the option.

◆ pcapng_process_uint32_option()

WS_DLL_PUBLIC void pcapng_process_uint32_option	(	wtapng_block_t *	wblock,
		section_info_t *	section_info,
		pcapng_opt_byte_order_e	byte_order,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Process a 32-bit unsigned integer option in a PCAPNG block.

Parameters

wblock	Pointer to the pcapng block containing the option.
section_info	Pointer to the section information structure.
byte_order	Byte order of the option content.
option_code	Code identifying the option.
option_length	Length of the option content in bytes.
option_content	Pointer to the content of the option.

◆ pcapng_process_uint64_option()

WS_DLL_PUBLIC void pcapng_process_uint64_option	(	wtapng_block_t *	wblock,
		section_info_t *	section_info,
		pcapng_opt_byte_order_e	byte_order,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Process a 64-bit unsigned integer option in a PCAP-NG block.

Parameters

wblock	Pointer to the current PCAP-NG block.
section_info	Pointer to the section information.
byte_order	Byte order of the option content.
option_code	Code identifying the option.
option_length	Length of the option content in bytes.
option_content	Pointer to the content of the option.

◆ pcapng_process_uint8_option()

WS_DLL_PUBLIC void pcapng_process_uint8_option	(	wtapng_block_t *	wblock,
		uint16_t	option_code,
		uint16_t	option_length,
		const uint8_t *	option_content
	)

Helper routines to process options with types used in more than one block type.

Parameters

wblock	Pointer to the pcapng block containing the option.
option_code	Code identifying the option.
option_length	Length of the option content in bytes.
option_content	Pointer to the content of the option.

◆ pcapng_write_block_footer()

WS_DLL_PUBLIC bool pcapng_write_block_footer	(	wtap_dumper *	wdh,
		uint32_t	block_content_length,
		int *	err
	)

Writes a block footer for a PCAPNG file.

Parameters

wdh	Pointer to the wtap_dumper structure.
block_content_length	Length of the block content.
err	Pointer to an integer that will hold any error code.

Returns: true if successful, false otherwise.

◆ pcapng_write_block_header()

WS_DLL_PUBLIC bool pcapng_write_block_header	(	wtap_dumper *	wdh,
		uint32_t	block_type,
		uint32_t	block_content_length,
		int *	err
	)

Write a pcapng block header.

Parameters

wdh	Pointer to the wtap_dumper structure.
block_type	The type of the block.
block_content_length	Length of the block content.
err	Pointer to an integer where an error code will be stored if an error occurs.

Returns: true if successful, false otherwise.

◆ pcapng_write_options()

WS_DLL_PUBLIC bool pcapng_write_options	(	wtap_dumper *	wdh,
		pcapng_opt_byte_order_e	byte_order,
		wtap_block_t	block,
		write_option_func	write_option,
		int *	err,
		char **	err_info
	)

Writes options to a pcapng file.

Parameters

wdh	Pointer to the wtap_dumper structure.
byte_order	Byte order of the options.
block	Block containing the options.
write_option	Function pointer to write an option.
err	Error code if an error occurs.
err_info	Error information if an error occurs.

Returns: true if successful, false otherwise.

◆ register_pcapng_block_type_information()

WS_DLL_PUBLIC void register_pcapng_block_type_information ( pcapng_block_type_information_t * handler )

Register a handler for a pcapng block type.

Parameters

handler Pointer to a structure containing the block type information and handler functions.

◆ register_pcapng_custom_block_enterprise_handler()

WS_DLL_PUBLIC void register_pcapng_custom_block_enterprise_handler	(	unsigned	enterprise_number,
		pcapng_custom_block_enterprise_handler_t const *	handler
	)

Register a handler for a pcapng custom block with an enterprise number.

Parameters

enterprise_number	The enterprise number associated with the custom block.
handler	Pointer to the custom block enterprise handler structure.

◆ register_pcapng_option_handler()

WS_DLL_PUBLIC void register_pcapng_option_handler	(	unsigned	block_type,
		unsigned	option_code,
		option_parser	parser,
		option_sizer	sizer,
		option_writer	writer
	)

Register a handler for a pcapng option code for a particular block type.

Parameters

block_type	The block type that this option handler is for.
option_code	The option code that this handler is for.
parser	The function to call to parse this option when reading a file.
sizer	The function to call to determine the size of this option when writing a file.
writer	The function to call to write this option when writing a file.

Classes

Macros

Typedefs

Enumerations

Functions

Detailed Description

Function Documentation

◆ pcapng_compute_options_size()

◆ pcapng_create_option_handler_table()

◆ pcapng_get_cb_section_info_data()

◆ pcapng_get_lb_section_info_data()

◆ pcapng_process_bytes_option()

◆ pcapng_process_int64_option()

◆ pcapng_process_options()

◆ pcapng_process_string_option()

◆ pcapng_process_timestamp_option()

◆ pcapng_process_uint32_option()

◆ pcapng_process_uint64_option()

◆ pcapng_process_uint8_option()

◆ pcapng_write_block_footer()

◆ pcapng_write_block_header()

◆ pcapng_write_options()

◆ register_pcapng_block_type_information()

◆ register_pcapng_custom_block_enterprise_handler()

◆ register_pcapng_option_handler()