Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
pcapng_module.h
Go to the documentation of this file.
1
9#ifndef __PCAP_MODULE_H__
10#define __PCAP_MODULE_H__
11
12#include <wiretap/wtap_module.h>
13
14#include "ws_symbol_export.h"
15#include "pcapng.h"
16
17#ifdef __cplusplus
18extern "C" {
19#endif /* __cplusplus */
20
21/*
22 * These are the officially registered block types, from the pcapng
23 * specification.
24 *
25 * XXX - Dear Sysdig People: please add your blocks to the spec!
26 */
27#define BLOCK_TYPE_SHB 0x0A0D0D0A /* Section Header Block */
28#define BLOCK_TYPE_IDB 0x00000001 /* Interface Description Block */
29#define BLOCK_TYPE_PB 0x00000002 /* Packet Block (obsolete) */
30#define BLOCK_TYPE_SPB 0x00000003 /* Simple Packet Block */
31#define BLOCK_TYPE_NRB 0x00000004 /* Name Resolution Block */
32#define BLOCK_TYPE_ISB 0x00000005 /* Interface Statistics Block */
33#define BLOCK_TYPE_EPB 0x00000006 /* Enhanced Packet Block */
34#define BLOCK_TYPE_IRIG_TS 0x00000007 /* IRIG Timestamp Block */
35#define BLOCK_TYPE_ARINC_429 0x00000008 /* ARINC 429 in AFDX Encapsulation Information Block */
36#define BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT 0x00000009 /* systemd journal entry */
37#define BLOCK_TYPE_DSB 0x0000000A /* Decryption Secrets Block */
38#define BLOCK_TYPE_HP_MIB 0x00000101 /* Hone Project Machine Info Block */
39#define BLOCK_TYPE_HP_CEB 0x00000102 /* Hone Project Connection Event Block */
40#define BLOCK_TYPE_SYSDIG_MI 0x00000201 /* Sysdig Machine Info Block */
41#define BLOCK_TYPE_SYSDIG_PL_V1 0x00000202 /* Sysdig Process List Block */
42#define BLOCK_TYPE_SYSDIG_FDL_V1 0x00000203 /* Sysdig File Descriptor List Block */
43#define BLOCK_TYPE_SYSDIG_EVENT 0x00000204 /* Sysdig Event Block */
44#define BLOCK_TYPE_SYSDIG_IL_V1 0x00000205 /* Sysdig Interface List Block */
45#define BLOCK_TYPE_SYSDIG_UL_V1 0x00000206 /* Sysdig User List Block */
46#define BLOCK_TYPE_SYSDIG_PL_V2 0x00000207 /* Sysdig Process List Block version 2 */
47#define BLOCK_TYPE_SYSDIG_EVF 0x00000208 /* Sysdig Event Block with flags */
48#define BLOCK_TYPE_SYSDIG_PL_V3 0x00000209 /* Sysdig Process List Block version 3 */
49#define BLOCK_TYPE_SYSDIG_PL_V4 0x00000210 /* Sysdig Process List Block version 4 */
50#define BLOCK_TYPE_SYSDIG_PL_V5 0x00000211 /* Sysdig Process List Block version 5 */
51#define BLOCK_TYPE_SYSDIG_PL_V6 0x00000212 /* Sysdig Process List Block version 6 */
52#define BLOCK_TYPE_SYSDIG_PL_V7 0x00000213 /* Sysdig Process List Block version 7 */
53#define BLOCK_TYPE_SYSDIG_PL_V8 0x00000214 /* Sysdig Process List Block version 8 */
54#define BLOCK_TYPE_SYSDIG_PL_V9 0x00000215 /* Sysdig Process List Block version 9 */
55#define BLOCK_TYPE_SYSDIG_EVENT_V2 0x00000216 /* Sysdig Event Block version 2 */
56#define BLOCK_TYPE_SYSDIG_EVF_V2 0x00000217 /* Sysdig Event Block with flags version 2 */
57#define BLOCK_TYPE_SYSDIG_FDL_V2 0x00000218 /* Sysdig File Descriptor List Block */
58#define BLOCK_TYPE_SYSDIG_IL_V2 0x00000219 /* Sysdig Interface List Block version 2 */
59#define BLOCK_TYPE_SYSDIG_UL_V2 0x00000220 /* Sysdig User List Block version 2 */
60#define BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE 0x00000221 /* Sysdig Event Block version 2 with large payload */
61#define BLOCK_TYPE_SYSDIG_EVF_V2_LARGE 0x00000222 /* Sysdig Event Block with flags version 2 with large payload */
62#define BLOCK_TYPE_CB_COPY 0x00000BAD /* Custom Block which can be copied */
63#define BLOCK_TYPE_CB_NO_COPY 0x40000BAD /* Custom Block which should not be copied */
64#define BLOCK_TYPE_LEGACY_DPIB 0x80000001 /* Historically, Apple used this code for Darwin Process Info Block. */
65
66/* TODO: the following are not yet well defined in the draft spec,
67 * and do not yet have block type values assigned to them:
68 * Alternative Packet Blocks
69 * Compression Block
70 * Encryption Block
71 * Fixed Length Block
72 * Directory Block
73 * Traffic Statistics and Monitoring Blocks
74 * Event/Security Block
75 */
76
77/* Block data to be passed between functions during reading */
78typedef struct wtapng_block_s {
79 uint32_t type; /* block_type as defined by pcapng */
80 bool internal; /* true if this block type shouldn't be returned from pcapng_read() */
81 wtap_block_t block;
82 wtap_rec *rec;
83} wtapng_block_t;
84
85/* Section data in private struct */
86/*
87 * XXX - there needs to be a more general way to implement the Netflix
88 * BBLog blocks and options.
89 */
90typedef struct section_info_t {
91 bool byte_swapped;
92 uint16_t version_major;
93 uint16_t version_minor;
94 GArray *interfaces;
95 int64_t shb_off;
96 GHashTable *custom_block_data;
97 GHashTable *local_block_data;
98} section_info_t;
99
100/*
101 * Reader and writer routines for pcapng block types.
102 */
103typedef bool (*block_reader)(wtap* wth, FILE_T fh, uint32_t block_type,
104 uint32_t block_content_length,
105 section_info_t* section_info,
106 wtapng_block_t *wblock,
107 int *err, char **err_info);
108typedef bool (*block_writer)(wtap_dumper *wdh, const wtap_rec *rec,
109 int *err, char **err_info);
110typedef bool (*block_processor)(wtap* wth, section_info_t* section_info _U_,
111 wtapng_block_t* wblock);
112
113
114typedef struct pcapng_block_type_information_t {
115 unsigned type; /* block_type as defined by pcapng */
116 block_reader reader;
117 block_processor processor;
118 block_writer writer;
119 bool internal; /* true if this block type shouldn't be returned from pcapng_read() */
120 GHashTable *option_handlers; /* Hash table of option handlers */
121} pcapng_block_type_information_t;
122
123/*
124 * Register a handler for a pcapng block type.
125 */
126WS_DLL_PUBLIC
127void register_pcapng_block_type_information(pcapng_block_type_information_t* handler);
128
129/*
130 * Handler routines for pcapng option type.
131 */
132typedef bool (*option_parser)(wtap_block_t block, bool byte_swapped,
133 unsigned option_length,
134 const uint8_t *option_content,
135 int *err, char **err_info);
136typedef uint32_t (*option_sizer)(unsigned option_id, wtap_optval_t *optval);
137typedef bool (*option_writer)(wtap_dumper *wdh, unsigned option_id,
138 wtap_optval_t *optval, int *err);
139
140/*
141 * Create a table of handlers for pcapng option codes.
142 */
143WS_DLL_PUBLIC
144GHashTable *pcapng_create_option_handler_table(void);
145
146/*
147 * Register a handler for a pcapng option code for a particular block
148 * type.
149 */
150WS_DLL_PUBLIC
151void register_pcapng_option_handler(unsigned block_type, unsigned option_code,
152 option_parser parser,
153 option_sizer sizer,
154 option_writer writer);
155
156/*
157 * Byte order of the options within a block.
158 *
159 * This is usually the byte order of the section, but, for options
160 * within a Custom Block, it needs to be a specified byte order,
161 * or a byte order indicated by data in the Custom Data (stored in
162 * a fashion that doesn't require knowing the byte order of the
163 * Custom Data, as it's also the byte order of the Custom Data
164 * itself), so that programs ignorant of the format of a given
165 * type of Custom Block can still read a block from one file and
166 * write it to another, even if the host doing the writing has
167 * a byte order different from the host that previously wrote
168 * the file.
169 */
170typedef enum {
171 OPT_SECTION_BYTE_ORDER, /* byte order of this section */
172 OPT_BIG_ENDIAN, /* as it says */
173 OPT_LITTLE_ENDIAN /* ditto */
174} pcapng_opt_byte_order_e;
175
176/*
177 * Process the options section of a block. process_option points to
178 * a routine that processes all the block-specific options, i.e.
179 * options other than the end-of-options, comment, and custom
180 * options.
181 */
182WS_DLL_PUBLIC
183bool pcapng_process_options(FILE_T fh, wtapng_block_t *wblock,
184 section_info_t *section_info,
185 unsigned opt_cont_buf_len,
186 bool (*process_option)(wtapng_block_t *,
187 section_info_t *,
188 uint16_t, uint16_t,
189 const uint8_t *,
190 int *, char **),
191 pcapng_opt_byte_order_e byte_order,
192 int *err, char **err_info);
193
194/*
195 * Helper routines to process options with types used in more than one
196 * block type.
197 */
198WS_DLL_PUBLIC
199void pcapng_process_uint8_option(wtapng_block_t *wblock,
200 uint16_t option_code, uint16_t option_length,
201 const uint8_t *option_content);
202
203WS_DLL_PUBLIC
204void pcapng_process_uint32_option(wtapng_block_t *wblock,
205 section_info_t *section_info,
206 pcapng_opt_byte_order_e byte_order,
207 uint16_t option_code, uint16_t option_length,
208 const uint8_t *option_content);
209
210WS_DLL_PUBLIC
211void pcapng_process_timestamp_option(wtapng_block_t *wblock,
212 section_info_t *section_info,
213 pcapng_opt_byte_order_e byte_order,
214 uint16_t option_code, uint16_t option_length,
215 const uint8_t *option_content);
216
217WS_DLL_PUBLIC
218void pcapng_process_uint64_option(wtapng_block_t *wblock,
219 section_info_t *section_info,
220 pcapng_opt_byte_order_e byte_order,
221 uint16_t option_code, uint16_t option_length,
222 const uint8_t *option_content);
223
224WS_DLL_PUBLIC
225void pcapng_process_int64_option(wtapng_block_t *wblock,
226 section_info_t *section_info,
227 pcapng_opt_byte_order_e byte_order,
228 uint16_t option_code, uint16_t option_length,
229 const uint8_t *option_content);
230
231WS_DLL_PUBLIC
232void pcapng_process_string_option(wtapng_block_t *wblock, uint16_t option_code,
233 uint16_t option_length, const uint8_t *option_content);
234
235WS_DLL_PUBLIC
236void pcapng_process_bytes_option(wtapng_block_t *wblock, uint16_t option_code,
237 uint16_t option_length, const uint8_t *option_content);
238
239typedef uint32_t (*compute_option_size_func)(wtap_block_t, unsigned, wtap_opttype_e, wtap_optval_t*);
240
241typedef struct compute_options_size_t
242{
243 uint32_t size;
244 compute_option_size_func compute_option_size;
245} compute_options_size_t;
246
247WS_DLL_PUBLIC
248uint32_t pcapng_compute_options_size(wtap_block_t block, compute_option_size_func compute_option_size);
249
250typedef bool (*write_option_func)(wtap_dumper *wdh, wtap_block_t block,
251 unsigned option_id,
252 wtap_opttype_e option_type,
253 wtap_optval_t *optval,
254 int *err, char **err_info);
255
256WS_DLL_PUBLIC
257bool pcapng_write_options(wtap_dumper *wdh, pcapng_opt_byte_order_e byte_order,
258 wtap_block_t block, write_option_func write_option,
259 int *err, char **err_info);
260
261/*
262 * Handler routines for pcapng custom blocks with an enterprise number.
263 */
264typedef bool (*custom_option_parser)(FILE_T fh, section_info_t* section_info,
265 wtapng_block_t* wblock,
266 int* err, char** err_info);
267typedef bool (*custom_option_processor)(wtapng_block_t* wblock,
268 section_info_t* section_info, uint16_t option_code,
269 const uint8_t* value, uint16_t length);
270
271typedef struct pcapng_custom_block_enterprise_handler_t
272{
273 custom_option_parser parser;
274 custom_option_processor processor;
275 block_writer writer;
276} pcapng_custom_block_enterprise_handler_t;
277
278/*
279 * Register a handler for a pcapng custom block with an enterprise number.
280 */
281WS_DLL_PUBLIC
282void register_pcapng_custom_block_enterprise_handler(unsigned enterprise_number, pcapng_custom_block_enterprise_handler_t const * handler);
283
284/*
285 * Helper routines for modules.
286 */
287
288/*
289 * Write block header.
290 */
291WS_DLL_PUBLIC
292bool pcapng_write_block_header(wtap_dumper *wdh, uint32_t block_type,
293 uint32_t block_content_length, int *err);
294
295/*
296 * Write padding after a chunk of data.
297 */
298static inline bool
299pcapng_write_padding(wtap_dumper *wdh, size_t pad, int *err)
300{
301 if (pad != 0) {
302 const uint32_t zero_pad = 0;
303 if (!wtap_dump_file_write(wdh, &zero_pad, pad, err))
304 return false;
305 }
306
307 return true;
308}
309
310/*
311 * Write block footer.
312 */
313WS_DLL_PUBLIC
314bool pcapng_write_block_footer(wtap_dumper *wdh, uint32_t block_content_length,
315 int *err);
316
317/*
318 * Structure holding allocation-and-initialization and free functions
319 * for section_info_t-associated custom or local block information.
320 */
321typedef struct {
322 void *(*new)(void);
323 GDestroyNotify free;
324} section_info_funcs_t;
325
326/*
327 * Find custom block information from a section_info_t; add a
328 * newly-created one and return it if none is found.
329 */
330WS_DLL_PUBLIC
331void *pcapng_get_cb_section_info_data(section_info_t *section_info,
332 uint32_t pen,
333 const section_info_funcs_t *funcs);
334
335/*
336 * Find local block information from a section_info_t; add a
337 * newly-created one and return it if none is found.
338 */
339WS_DLL_PUBLIC
340void *pcapng_get_lb_section_info_data(section_info_t *section_info,
341 uint32_t block_type,
342 const section_info_funcs_t *funcs);
343
344#ifdef __cplusplus
345}
346#endif /* __cplusplus */
347
348#endif /* __PCAP_MODULE_H__ */
compute_options_size_t
Definition pcapng_module.h:242
pcapng_block_type_information_t
Definition pcapng_module.h:114
pcapng_custom_block_enterprise_handler_t
Definition pcapng_module.h:272
section_info_funcs_t
Definition pcapng_module.h:321
section_info_t
Definition pcapng_module.h:90
section_info_t::version_major
uint16_t version_major
Definition pcapng_module.h:92
section_info_t::shb_off
int64_t shb_off
Definition pcapng_module.h:95
section_info_t::version_minor
uint16_t version_minor
Definition pcapng_module.h:93
section_info_t::local_block_data
GHashTable * local_block_data
Definition pcapng_module.h:97
section_info_t::custom_block_data
GHashTable * custom_block_data
Definition pcapng_module.h:96
section_info_t::interfaces
GArray * interfaces
Definition pcapng_module.h:94
section_info_t::byte_swapped
bool byte_swapped
Definition pcapng_module.h:91
wtap_block
Definition wtap_opttypes.h:272
wtap_dumper
Wiretap dumper handle and associated state.
Definition wtap_module.h:163
wtap_reader
Definition file_wrappers.c:97
wtap_rec
Definition wtap.h:1507
wtap
Definition wtap_module.h:58
wtapng_block_s
Definition pcapng_module.h:78
wtap_optval_t
Definition wtap_opttypes.h:525
wtap_module.h
Generated by doxygen 1.9.8