 |
Wireshark 4.7.0
The Wireshark network protocol analyzer
|
Loading...
Searching...
No Matches
|
Wireshark 4.7.0
The Wireshark network protocol analyzer
|
#include <wireshark.h>#include <time.h>#include <wsutil/array.h>#include <wsutil/buffer.h>#include <wsutil/nstime.h>#include <wsutil/inet_addr.h>#include <wsutil/file_compressed.h>#include "wtap_opttypes.h"Go to the source code of this file.
Classes | |
| struct | eth_phdr |
| struct | dte_dce_phdr |
| struct | isdn_phdr |
| struct | atm_phdr |
| struct | ascend_phdr |
| struct | p2p_phdr |
| struct | ieee_802_11_fhss |
| struct | ieee_802_11b |
| struct | ieee_802_11a |
| struct | ieee_802_11g |
| struct | ieee_802_11n |
| struct | ieee_802_11ac |
| struct | ieee_802_11ad |
| struct | ieee_802_11ax |
| struct | ieee_802_11be_user_info |
| struct | ieee_802_11be |
| union | ieee_802_11_phy_info |
| Union representing physical layer information for IEEE 802.11 variants. More... | |
| struct | ieee_802_11_phdr |
| struct | cosine_phdr |
| struct | irda_phdr |
| struct | nettl_phdr |
| struct | mtp2_phdr |
| union | k12_input_info_t |
| Pseudo-header metadata for packets in K12 capture files. More... | |
| struct | k12_phdr |
| struct | lapd_phdr |
| LAPD pseudo-header for packet metadata. More... | |
| struct | catapult_dct2000_phdr |
| Pseudo-header for Catapult DCT2000 captures. More... | |
| struct | erf_phdr |
| struct | erf_ehdr |
| struct | wtap_erf_eth_hdr |
| struct | erf_mc_phdr |
| Extended pseudo-header for ERF multi-channel (MC) packet records. More... | |
| struct | sita_phdr |
| struct | bthci_phdr |
| struct | btmon_phdr |
| struct | l1event_phdr |
| struct | i2c_phdr |
| struct | gsm_um_phdr |
| struct | nstr_phdr |
| struct | nokia_phdr |
| struct | llcp_phdr |
| struct | logcat_phdr |
| struct | netmon_phdr |
| Pseudo-header metadata for packets captured in NetMon (Network Monitor) files. More... | |
| union | netmon_phdr::sub_wtap_pseudo_header |
| Protocol-specific subheader union. More... | |
| struct | procmon_phdr |
| struct | ber_phdr |
| struct | mmodule_phdr |
| union | wtap_pseudo_header |
| struct | wtap_packet_header |
| struct | wtap_ft_specific_header |
| struct | wtap_syscall_header |
| struct | wtap_systemd_journal_export_header |
| struct | wtap_custom_block_header |
| struct | wtap_rec |
| struct | hashipv4 |
| struct | hashipv6 |
| struct | addrinfo_lists |
| struct | wtap_dump_params |
| struct | wtap_wslua_file_info |
| struct | file_extension_info |
| For registering extensions used for file formats. More... | |
| struct | open_info |
| Information about a given file type that applies to all subtypes of the file type. More... | |
| struct | supported_option_type |
| Entry describing support level for a specific option type. More... | |
| struct | supported_block_type |
| struct | file_type_subtype_info |
| struct | wtap_plugin |
| Plugin registration callback table. More... | |
Macros | |
| #define | WTAP_ENCAP_NONE -2 |
| #define | WTAP_ENCAP_PER_PACKET -1 |
| #define | WTAP_ENCAP_UNKNOWN 0 |
| #define | WTAP_ENCAP_ETHERNET 1 |
| #define | WTAP_ENCAP_TOKEN_RING 2 |
| #define | WTAP_ENCAP_SLIP 3 |
| #define | WTAP_ENCAP_PPP 4 |
| #define | WTAP_ENCAP_FDDI 5 |
| #define | WTAP_ENCAP_FDDI_BITSWAPPED 6 |
| #define | WTAP_ENCAP_RAW_IP 7 |
| #define | WTAP_ENCAP_ARCNET 8 |
| #define | WTAP_ENCAP_ARCNET_LINUX 9 |
| #define | WTAP_ENCAP_ATM_RFC1483 10 |
| #define | WTAP_ENCAP_LINUX_ATM_CLIP 11 |
| #define | WTAP_ENCAP_LAPB 12 |
| #define | WTAP_ENCAP_ATM_PDUS 13 |
| #define | WTAP_ENCAP_ATM_PDUS_UNTRUNCATED 14 |
| #define | WTAP_ENCAP_NULL 15 |
| #define | WTAP_ENCAP_ASCEND 16 |
| #define | WTAP_ENCAP_ISDN 17 |
| #define | WTAP_ENCAP_IP_OVER_FC 18 |
| #define | WTAP_ENCAP_PPP_WITH_PHDR 19 |
| #define | WTAP_ENCAP_IEEE_802_11 20 |
| #define | WTAP_ENCAP_IEEE_802_11_PRISM 21 |
| #define | WTAP_ENCAP_IEEE_802_11_WITH_RADIO 22 |
| #define | WTAP_ENCAP_IEEE_802_11_RADIOTAP 23 |
| #define | WTAP_ENCAP_IEEE_802_11_AVS 24 |
| #define | WTAP_ENCAP_SLL 25 |
| #define | WTAP_ENCAP_FRELAY 26 |
| #define | WTAP_ENCAP_FRELAY_WITH_PHDR 27 |
| #define | WTAP_ENCAP_CHDLC 28 |
| #define | WTAP_ENCAP_CISCO_IOS 29 |
| #define | WTAP_ENCAP_LOCALTALK 30 |
| #define | WTAP_ENCAP_OLD_PFLOG 31 |
| #define | WTAP_ENCAP_HHDLC 32 |
| #define | WTAP_ENCAP_DOCSIS 33 |
| #define | WTAP_ENCAP_COSINE 34 |
| #define | WTAP_ENCAP_WFLEET_HDLC 35 |
| #define | WTAP_ENCAP_SDLC 36 |
| #define | WTAP_ENCAP_TZSP 37 |
| #define | WTAP_ENCAP_ENC 38 |
| #define | WTAP_ENCAP_PFLOG 39 |
| #define | WTAP_ENCAP_CHDLC_WITH_PHDR 40 |
| #define | WTAP_ENCAP_BLUETOOTH_H4 41 |
| #define | WTAP_ENCAP_MTP2 42 |
| #define | WTAP_ENCAP_MTP3 43 |
| #define | WTAP_ENCAP_IRDA 44 |
| #define | WTAP_ENCAP_USER0 45 |
| #define | WTAP_ENCAP_USER1 46 |
| #define | WTAP_ENCAP_USER2 47 |
| #define | WTAP_ENCAP_USER3 48 |
| #define | WTAP_ENCAP_USER4 49 |
| #define | WTAP_ENCAP_USER5 50 |
| #define | WTAP_ENCAP_USER6 51 |
| #define | WTAP_ENCAP_USER7 52 |
| #define | WTAP_ENCAP_USER8 53 |
| #define | WTAP_ENCAP_USER9 54 |
| #define | WTAP_ENCAP_USER10 55 |
| #define | WTAP_ENCAP_USER11 56 |
| #define | WTAP_ENCAP_USER12 57 |
| #define | WTAP_ENCAP_USER13 58 |
| #define | WTAP_ENCAP_USER14 59 |
| #define | WTAP_ENCAP_USER15 60 |
| #define | WTAP_ENCAP_SYMANTEC 61 |
| #define | WTAP_ENCAP_APPLE_IP_OVER_IEEE1394 62 |
| #define | WTAP_ENCAP_BACNET_MS_TP 63 |
| #define | WTAP_ENCAP_NETTL_RAW_ICMP 64 |
| #define | WTAP_ENCAP_NETTL_RAW_ICMPV6 65 |
| #define | WTAP_ENCAP_GPRS_LLC 66 |
| #define | WTAP_ENCAP_JUNIPER_ATM1 67 |
| #define | WTAP_ENCAP_JUNIPER_ATM2 68 |
| #define | WTAP_ENCAP_REDBACK 69 |
| #define | WTAP_ENCAP_NETTL_RAW_IP 70 |
| #define | WTAP_ENCAP_NETTL_ETHERNET 71 |
| #define | WTAP_ENCAP_NETTL_TOKEN_RING 72 |
| #define | WTAP_ENCAP_NETTL_FDDI 73 |
| #define | WTAP_ENCAP_NETTL_UNKNOWN 74 |
| #define | WTAP_ENCAP_MTP2_WITH_PHDR 75 |
| #define | WTAP_ENCAP_JUNIPER_PPPOE 76 |
| #define | WTAP_ENCAP_GCOM_TIE1 77 |
| #define | WTAP_ENCAP_GCOM_SERIAL 78 |
| #define | WTAP_ENCAP_NETTL_X25 79 |
| #define | WTAP_ENCAP_K12 80 |
| #define | WTAP_ENCAP_JUNIPER_MLPPP 81 |
| #define | WTAP_ENCAP_JUNIPER_MLFR 82 |
| #define | WTAP_ENCAP_JUNIPER_ETHER 83 |
| #define | WTAP_ENCAP_JUNIPER_PPP 84 |
| #define | WTAP_ENCAP_JUNIPER_FRELAY 85 |
| #define | WTAP_ENCAP_JUNIPER_CHDLC 86 |
| #define | WTAP_ENCAP_JUNIPER_GGSN 87 |
| #define | WTAP_ENCAP_LINUX_LAPD 88 |
| #define | WTAP_ENCAP_CATAPULT_DCT2000 89 |
| #define | WTAP_ENCAP_BER 90 |
| #define | WTAP_ENCAP_JUNIPER_VP 91 |
| #define | WTAP_ENCAP_USB_FREEBSD 92 |
| #define | WTAP_ENCAP_IEEE802_16_MAC_CPS 93 |
| #define | WTAP_ENCAP_NETTL_RAW_TELNET 94 |
| #define | WTAP_ENCAP_USB_LINUX 95 |
| #define | WTAP_ENCAP_MPEG 96 |
| #define | WTAP_ENCAP_PPI 97 |
| #define | WTAP_ENCAP_ERF 98 |
| #define | WTAP_ENCAP_BLUETOOTH_H4_WITH_PHDR 99 |
| #define | WTAP_ENCAP_SITA 100 |
| #define | WTAP_ENCAP_SCCP 101 |
| #define | WTAP_ENCAP_BLUETOOTH_HCI 102 /*raw packets without a transport layer header e.g. H4*/ |
| #define | WTAP_ENCAP_IPMB_KONTRON 103 |
| #define | WTAP_ENCAP_IEEE802_15_4 104 |
| #define | WTAP_ENCAP_X2E_XORAYA 105 |
| #define | WTAP_ENCAP_FLEXRAY 106 |
| #define | WTAP_ENCAP_LIN 107 |
| #define | WTAP_ENCAP_MOST 108 |
| #define | WTAP_ENCAP_CAN20B 109 |
| #define | WTAP_ENCAP_LAYER1_EVENT 110 |
| #define | WTAP_ENCAP_X2E_SERIAL 111 |
| #define | WTAP_ENCAP_I2C_LINUX 112 |
| #define | WTAP_ENCAP_IEEE802_15_4_NONASK_PHY 113 |
| #define | WTAP_ENCAP_TNEF 114 |
| #define | WTAP_ENCAP_USB_LINUX_MMAPPED 115 |
| #define | WTAP_ENCAP_GSM_UM 116 |
| #define | WTAP_ENCAP_DPNSS 117 |
| #define | WTAP_ENCAP_PACKETLOGGER 118 |
| #define | WTAP_ENCAP_NSTRACE_1_0 119 |
| #define | WTAP_ENCAP_NSTRACE_2_0 120 |
| #define | WTAP_ENCAP_FIBRE_CHANNEL_FC2 121 |
| #define | WTAP_ENCAP_FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS 122 |
| #define | WTAP_ENCAP_JPEG_JFIF 123 /* obsoleted by WTAP_ENCAP_MIME*/ |
| #define | WTAP_ENCAP_IPNET 124 |
| #define | WTAP_ENCAP_SOCKETCAN 125 |
| #define | WTAP_ENCAP_IEEE_802_11_NETMON 126 |
| #define | WTAP_ENCAP_IEEE802_15_4_NOFCS 127 |
| #define | WTAP_ENCAP_RAW_IPFIX 128 |
| #define | WTAP_ENCAP_RAW_IP4 129 |
| #define | WTAP_ENCAP_RAW_IP6 130 |
| #define | WTAP_ENCAP_LAPD 131 |
| #define | WTAP_ENCAP_DVBCI 132 |
| #define | WTAP_ENCAP_MUX27010 133 |
| #define | WTAP_ENCAP_MIME 134 |
| #define | WTAP_ENCAP_NETANALYZER 135 |
| #define | WTAP_ENCAP_NETANALYZER_TRANSPARENT 136 |
| #define | WTAP_ENCAP_IP_OVER_IB_SNOOP 137 |
| #define | WTAP_ENCAP_MPEG_2_TS 138 |
| #define | WTAP_ENCAP_PPP_ETHER 139 |
| #define | WTAP_ENCAP_NFC_LLCP 140 |
| #define | WTAP_ENCAP_NFLOG 141 |
| #define | WTAP_ENCAP_V5_EF 142 |
| #define | WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143 |
| #define | WTAP_ENCAP_IXVERIWAVE 144 |
| #define | WTAP_ENCAP_SDH 145 |
| #define | WTAP_ENCAP_DBUS 146 |
| #define | WTAP_ENCAP_AX25_KISS 147 |
| #define | WTAP_ENCAP_AX25 148 |
| #define | WTAP_ENCAP_SCTP 149 |
| #define | WTAP_ENCAP_INFINIBAND 150 |
| #define | WTAP_ENCAP_JUNIPER_SVCS 151 |
| #define | WTAP_ENCAP_USBPCAP 152 |
| #define | WTAP_ENCAP_RTAC_SERIAL 153 |
| #define | WTAP_ENCAP_BLUETOOTH_LE_LL 154 |
| #define | WTAP_ENCAP_WIRESHARK_UPPER_PDU 155 |
| #define | WTAP_ENCAP_STANAG_4607 156 |
| #define | WTAP_ENCAP_STANAG_5066_D_PDU 157 |
| #define | WTAP_ENCAP_NETLINK 158 |
| #define | WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159 |
| #define | WTAP_ENCAP_BLUETOOTH_BREDR_BB 160 |
| #define | WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161 |
| #define | WTAP_ENCAP_NSTRACE_3_0 162 |
| #define | WTAP_ENCAP_LOGCAT 163 |
| #define | WTAP_ENCAP_LOGCAT_BRIEF 164 |
| #define | WTAP_ENCAP_LOGCAT_PROCESS 165 |
| #define | WTAP_ENCAP_LOGCAT_TAG 166 |
| #define | WTAP_ENCAP_LOGCAT_THREAD 167 |
| #define | WTAP_ENCAP_LOGCAT_TIME 168 |
| #define | WTAP_ENCAP_LOGCAT_THREADTIME 169 |
| #define | WTAP_ENCAP_LOGCAT_LONG 170 |
| #define | WTAP_ENCAP_PKTAP 171 |
| #define | WTAP_ENCAP_EPON 172 |
| #define | WTAP_ENCAP_IPMI_TRACE 173 |
| #define | WTAP_ENCAP_LOOP 174 |
| #define | WTAP_ENCAP_JSON 175 |
| #define | WTAP_ENCAP_NSTRACE_3_5 176 |
| #define | WTAP_ENCAP_ISO14443 177 |
| #define | WTAP_ENCAP_GFP_T 178 |
| #define | WTAP_ENCAP_GFP_F 179 |
| #define | WTAP_ENCAP_IP_OVER_IB_PCAP 180 |
| #define | WTAP_ENCAP_JUNIPER_VN 181 |
| #define | WTAP_ENCAP_USB_DARWIN 182 |
| #define | WTAP_ENCAP_LORATAP 183 |
| #define | WTAP_ENCAP_3MB_ETHERNET 184 |
| #define | WTAP_ENCAP_VSOCK 185 |
| #define | WTAP_ENCAP_NORDIC_BLE 186 |
| #define | WTAP_ENCAP_NETMON_NET_NETEVENT 187 |
| #define | WTAP_ENCAP_NETMON_HEADER 188 |
| #define | WTAP_ENCAP_NETMON_NET_FILTER 189 |
| #define | WTAP_ENCAP_NETMON_NETWORK_INFO_EX 190 |
| #define | WTAP_ENCAP_MA_WFP_CAPTURE_V4 191 |
| #define | WTAP_ENCAP_MA_WFP_CAPTURE_V6 192 |
| #define | WTAP_ENCAP_MA_WFP_CAPTURE_2V4 193 |
| #define | WTAP_ENCAP_MA_WFP_CAPTURE_2V6 194 |
| #define | WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V4 195 |
| #define | WTAP_ENCAP_MA_WFP_CAPTURE_AUTH_V6 196 |
| #define | WTAP_ENCAP_JUNIPER_ST 197 |
| #define | WTAP_ENCAP_ETHERNET_MPACKET 198 |
| #define | WTAP_ENCAP_DOCSIS31_XRA31 199 |
| #define | WTAP_ENCAP_DPAUXMON 200 |
| #define | WTAP_ENCAP_RUBY_MARSHAL 201 |
| #define | WTAP_ENCAP_RFC7468 202 |
| #define | WTAP_ENCAP_SYSTEMD_JOURNAL 203 /* Event, not a packet */ |
| #define | WTAP_ENCAP_EBHSCR 204 |
| #define | WTAP_ENCAP_VPP 205 |
| #define | WTAP_ENCAP_IEEE802_15_4_TAP 206 |
| #define | WTAP_ENCAP_LOG_3GPP 207 |
| #define | WTAP_ENCAP_USB_2_0 208 |
| #define | WTAP_ENCAP_MP4 209 |
| #define | WTAP_ENCAP_SLL2 210 |
| #define | WTAP_ENCAP_ZWAVE_SERIAL 211 |
| #define | WTAP_ENCAP_ETW 212 |
| #define | WTAP_ENCAP_ERI_ENB_LOG 213 |
| #define | WTAP_ENCAP_ZBNCP 214 |
| #define | WTAP_ENCAP_USB_2_0_LOW_SPEED 215 |
| #define | WTAP_ENCAP_USB_2_0_FULL_SPEED 216 |
| #define | WTAP_ENCAP_USB_2_0_HIGH_SPEED 217 |
| #define | WTAP_ENCAP_AUTOSAR_DLT 218 |
| #define | WTAP_ENCAP_AUERSWALD_LOG 219 |
| #define | WTAP_ENCAP_ATSC_ALP 220 |
| #define | WTAP_ENCAP_FIRA_UCI 221 |
| #define | WTAP_ENCAP_SILABS_DEBUG_CHANNEL 222 |
| #define | WTAP_ENCAP_MDB 223 |
| #define | WTAP_ENCAP_EMS 224 |
| #define | WTAP_ENCAP_DECT_NR 225 |
| #define | WTAP_ENCAP_MMODULE 226 |
| #define | WTAP_ENCAP_PROCMON 227 |
| #define | WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types() |
| #define | WTAP_FILE_TYPE_SUBTYPE_UNKNOWN -1 |
| #define | WTAP_TSPREC_UNKNOWN -2 |
| #define | WTAP_TSPREC_PER_PACKET -1 /* as a per-file value, means per-packet */ |
| #define | WTAP_TSPREC_SEC 0 |
| #define | WTAP_TSPREC_100_MSEC 1 |
| #define | WTAP_TSPREC_DSEC 1 /* Backwards compatibility */ |
| #define | WTAP_TSPREC_10_MSEC 2 |
| #define | WTAP_TSPREC_CSEC 2 /* Backwards compatibility */ |
| #define | WTAP_TSPREC_MSEC 3 |
| #define | WTAP_TSPREC_100_USEC 4 |
| #define | WTAP_TSPREC_10_USEC 5 |
| #define | WTAP_TSPREC_USEC 6 |
| #define | WTAP_TSPREC_100_NSEC 7 |
| #define | WTAP_TSPREC_10_NSEC 8 |
| #define | WTAP_TSPREC_NSEC 9 |
| #define | WTAP_MAX_PACKET_SIZE_STANDARD 262144U |
| #define | WTAP_MAX_PACKET_SIZE_USBPCAP (128U*1024U*1024U) |
| #define | WTAP_MAX_PACKET_SIZE_EBHSCR (32U*1024U*1024U) |
| #define | WTAP_MAX_PACKET_SIZE_DBUS (128U*1024U*1024U) |
| #define | FROM_DCE 0x80 |
| #define | ATM_RAW_CELL 0x01 /* true if the packet is a single cell */ |
| #define | ATM_NO_HEC 0x02 /* true if the cell has HEC stripped out */ |
| #define | ATM_AAL2_NOPHDR 0x04 /* true if the AAL2 PDU has no pseudo-header */ |
| #define | ATM_REASSEMBLY_ERROR 0x08 /* true if this is an incompletely-reassembled PDU */ |
| #define | AAL_UNKNOWN 0 /* AAL unknown */ |
| #define | AAL_1 1 /* AAL1 */ |
| #define | AAL_2 2 /* AAL2 */ |
| #define | AAL_3_4 3 /* AAL3/4 */ |
| #define | AAL_5 4 /* AAL5 */ |
| #define | AAL_USER 5 /* User AAL */ |
| #define | AAL_SIGNALLING 6 /* Signaling AAL */ |
| #define | AAL_OAMCELL 7 /* OAM cell */ |
| #define | TRAF_UNKNOWN 0 /* Unknown */ |
| #define | TRAF_LLCMX 1 /* LLC multiplexed (RFC 1483) */ |
| #define | TRAF_VCMX 2 /* VC multiplexed (RFC 1483) */ |
| #define | TRAF_LANE 3 /* LAN Emulation */ |
| #define | TRAF_ILMI 4 /* ILMI */ |
| #define | TRAF_FR 5 /* Frame Relay */ |
| #define | TRAF_SPANS 6 /* FORE SPANS */ |
| #define | TRAF_IPSILON 7 /* Ipsilon */ |
| #define | TRAF_UMTS_FP 8 /* UMTS Frame Protocol */ |
| #define | TRAF_GPRS_NS 9 /* GPRS Network Services */ |
| #define | TRAF_SSCOP 10 /* SSCOP */ |
| #define | TRAF_ST_UNKNOWN 0 /* Unknown */ |
| #define | TRAF_ST_VCMX_802_3_FCS 1 /* 802.3 with an FCS */ |
| #define | TRAF_ST_VCMX_802_4_FCS 2 /* 802.4 with an FCS */ |
| #define | TRAF_ST_VCMX_802_5_FCS 3 /* 802.5 with an FCS */ |
| #define | TRAF_ST_VCMX_FDDI_FCS 4 /* FDDI with an FCS */ |
| #define | TRAF_ST_VCMX_802_6_FCS 5 /* 802.6 with an FCS */ |
| #define | TRAF_ST_VCMX_802_3 7 /* 802.3 without an FCS */ |
| #define | TRAF_ST_VCMX_802_4 8 /* 802.4 without an FCS */ |
| #define | TRAF_ST_VCMX_802_5 9 /* 802.5 without an FCS */ |
| #define | TRAF_ST_VCMX_FDDI 10 /* FDDI without an FCS */ |
| #define | TRAF_ST_VCMX_802_6 11 /* 802.6 without an FCS */ |
| #define | TRAF_ST_VCMX_FRAGMENTS 12 /* Fragments */ |
| #define | TRAF_ST_VCMX_BPDU 13 /* BPDU */ |
| #define | TRAF_ST_LANE_LE_CTRL 1 /* LANE: LE Ctrl */ |
| #define | TRAF_ST_LANE_802_3 2 /* LANE: 802.3 */ |
| #define | TRAF_ST_LANE_802_5 3 /* LANE: 802.5 */ |
| #define | TRAF_ST_LANE_802_3_MC 4 /* LANE: 802.3 multicast */ |
| #define | TRAF_ST_LANE_802_5_MC 5 /* LANE: 802.5 multicast */ |
| #define | TRAF_ST_IPSILON_FT0 1 /* Ipsilon: Flow Type 0 */ |
| #define | TRAF_ST_IPSILON_FT1 2 /* Ipsilon: Flow Type 1 */ |
| #define | TRAF_ST_IPSILON_FT2 3 /* Ipsilon: Flow Type 2 */ |
| #define | ASCEND_MAX_STR_LEN 64 |
| #define | ASCEND_PFX_WDS_X 1 |
| #define | ASCEND_PFX_WDS_R 2 |
| #define | ASCEND_PFX_WDD 3 |
| #define | ASCEND_PFX_ISDN_X 4 |
| #define | ASCEND_PFX_ISDN_R 5 |
| #define | ASCEND_PFX_ETHER 6 |
| #define | PHDR_802_11_PHY_UNKNOWN 0 /* PHY not known */ |
| #define | PHDR_802_11_PHY_11_FHSS 1 /* 802.11 FHSS */ |
| #define | PHDR_802_11_PHY_11_IR 2 /* 802.11 IR */ |
| #define | PHDR_802_11_PHY_11_DSSS 3 /* 802.11 DSSS */ |
| #define | PHDR_802_11_PHY_11B 4 /* 802.11b */ |
| #define | PHDR_802_11_PHY_11A 5 /* 802.11a */ |
| #define | PHDR_802_11_PHY_11G 6 /* 802.11g */ |
| #define | PHDR_802_11_PHY_11N 7 /* 802.11n */ |
| #define | PHDR_802_11_PHY_11AC 8 /* 802.11ac */ |
| #define | PHDR_802_11_PHY_11AD 9 /* 802.11ad */ |
| #define | PHDR_802_11_PHY_11AH 10 /* 802.11ah */ |
| #define | PHDR_802_11_PHY_11AX 11 /* 802.11ax */ |
| #define | PHDR_802_11_PHY_11BE 12 /* 802.11be - EHT */ |
| #define | PHDR_802_11A_CHANNEL_TYPE_NORMAL 0 |
| #define | PHDR_802_11A_CHANNEL_TYPE_HALF_CLOCKED 1 |
| #define | PHDR_802_11A_CHANNEL_TYPE_QUARTER_CLOCKED 2 |
| #define | PHDR_802_11A_TURBO_TYPE_NORMAL 0 |
| #define | PHDR_802_11A_TURBO_TYPE_TURBO 1 /* If we don't know whether it's static or dynamic */ |
| #define | PHDR_802_11A_TURBO_TYPE_DYNAMIC_TURBO 2 |
| #define | PHDR_802_11A_TURBO_TYPE_STATIC_TURBO 3 |
| #define | PHDR_802_11G_MODE_NORMAL 0 |
| #define | PHDR_802_11G_MODE_SUPER_G 1 /* Atheros Super G */ |
| #define | PHDR_802_11_BANDWIDTH_20_MHZ 0 /* 20 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40_MHZ 1 /* 40 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20_20L 2 /* 20 + 20L, 40 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20_20U 3 /* 20 + 20U, 40 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_80_MHZ 4 /* 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40_40L 5 /* 40 + 40L MHz, 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40_40U 6 /* 40 + 40U MHz, 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20LL 7 /* ???, 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20LU 8 /* ???, 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20UL 9 /* ???, 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20UU 10 /* ???, 80 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_160_MHZ 11 /* 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_80_80L 12 /* 80 + 80L, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_80_80U 13 /* 80 + 80U, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40LL 14 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40LU 15 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40UL 16 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_40UU 17 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20LLL 18 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20LLU 19 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20LUL 20 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20LUU 21 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20ULL 22 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20ULU 23 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20UUL 24 /* ???, 160 MHz */ |
| #define | PHDR_802_11_BANDWIDTH_20UUU 25 /* ???, 160 MHz */ |
| #define | PHDR_802_11AD_MIN_FREQUENCY 57000 |
| #define | PHDR_802_11AD_MAX_FREQUENCY 71000 |
| #define | IS_80211AD(frequency) |
| #define | PHDR_802_11BE_MAX_USERS 4 |
| #define | PHDR_802_11_LAST_PART_OF_A_MPDU 0x00000001 /* this is the last part of an A-MPDU */ |
| #define | PHDR_802_11_A_MPDU_DELIM_CRC_ERROR 0x00000002 /* delimiter CRC error after this part */ |
| #define | PHDR_802_11_SOUNDING_PSDU 0 /* sounding PPDU */ |
| #define | PHDR_802_11_DATA_NOT_CAPTURED 1 /* data not captured, (e.g. multi-user PPDU) */ |
| #define | PHDR_802_11_0_LENGTH_PSDU_VENDOR_SPECIFIC 0xff |
| #define | COSINE_MAX_IF_NAME_LEN 128 |
| #define | COSINE_ENCAP_TEST 1 |
| #define | COSINE_ENCAP_PPoATM 2 |
| #define | COSINE_ENCAP_PPoFR 3 |
| #define | COSINE_ENCAP_ATM 4 |
| #define | COSINE_ENCAP_FR 5 |
| #define | COSINE_ENCAP_HDLC 6 |
| #define | COSINE_ENCAP_PPP 7 |
| #define | COSINE_ENCAP_ETH 8 |
| #define | COSINE_ENCAP_UNKNOWN 99 |
| #define | COSINE_DIR_TX 1 |
| #define | COSINE_DIR_RX 2 |
| #define | IRDA_INCOMING 0x0000 |
| #define | IRDA_OUTGOING 0x0004 |
| #define | IRDA_LOG_MESSAGE 0x0100 /* log message */ |
| #define | IRDA_MISSED_MSG 0x0101 /* missed log entry or frame */ |
| #define | IRDA_CLASS_FRAME 0x0000 |
| #define | IRDA_CLASS_LOG 0x0100 |
| #define | IRDA_CLASS_MASK 0xFF00 |
| #define | MTP2_ANNEX_A_NOT_USED 0 |
| #define | MTP2_ANNEX_A_USED 1 |
| #define | MTP2_ANNEX_A_USED_UNKNOWN 2 |
| #define | K12_PORT_DS0S 0x00010008 |
| #define | K12_PORT_DS1 0x00100008 |
| #define | K12_PORT_ATMPVC 0x01020000 |
| #define | MAX_ERF_EHDR 16 |
| #define | SITA_FRAME_DIR_TXED (0x00) /* values of sita_phdr.flags */ |
| #define | SITA_FRAME_DIR_RXED (0x01) |
| #define | SITA_FRAME_DIR (0x01) /* mask */ |
| #define | SITA_ERROR_NO_BUFFER (0x80) |
| #define | SITA_SIG_DSR (0x01) /* values of sita_phdr.signals */ |
| #define | SITA_SIG_DTR (0x02) |
| #define | SITA_SIG_CTS (0x04) |
| #define | SITA_SIG_RTS (0x08) |
| #define | SITA_SIG_DCD (0x10) |
| #define | SITA_SIG_UNDEF1 (0x20) |
| #define | SITA_SIG_UNDEF2 (0x40) |
| #define | SITA_SIG_UNDEF3 (0x80) |
| #define | SITA_ERROR_TX_UNDERRUN (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_TXED) */ |
| #define | SITA_ERROR_TX_CTS_LOST (0x02) |
| #define | SITA_ERROR_TX_UART_ERROR (0x04) |
| #define | SITA_ERROR_TX_RETX_LIMIT (0x08) |
| #define | SITA_ERROR_TX_UNDEF1 (0x10) |
| #define | SITA_ERROR_TX_UNDEF2 (0x20) |
| #define | SITA_ERROR_TX_UNDEF3 (0x40) |
| #define | SITA_ERROR_TX_UNDEF4 (0x80) |
| #define | SITA_ERROR_RX_FRAMING (0x01) /* values of sita_phdr.errors1 (if SITA_FRAME_DIR_RXED) */ |
| #define | SITA_ERROR_RX_PARITY (0x02) |
| #define | SITA_ERROR_RX_COLLISION (0x04) |
| #define | SITA_ERROR_RX_FRAME_LONG (0x08) |
| #define | SITA_ERROR_RX_FRAME_SHORT (0x10) |
| #define | SITA_ERROR_RX_UNDEF1 (0x20) |
| #define | SITA_ERROR_RX_UNDEF2 (0x40) |
| #define | SITA_ERROR_RX_UNDEF3 (0x80) |
| #define | SITA_ERROR_RX_NONOCTET_ALIGNED (0x01) /* values of sita_phdr.errors2 (if SITA_FRAME_DIR_RXED) */ |
| #define | SITA_ERROR_RX_ABORT (0x02) |
| #define | SITA_ERROR_RX_CD_LOST (0x04) |
| #define | SITA_ERROR_RX_DPLL (0x08) |
| #define | SITA_ERROR_RX_OVERRUN (0x10) |
| #define | SITA_ERROR_RX_FRAME_LEN_VIOL (0x20) |
| #define | SITA_ERROR_RX_CRC (0x40) |
| #define | SITA_ERROR_RX_BREAK (0x80) |
| #define | SITA_PROTO_UNUSED (0x00) /* values of sita_phdr.proto */ |
| #define | SITA_PROTO_BOP_LAPB (0x01) |
| #define | SITA_PROTO_ETHERNET (0x02) |
| #define | SITA_PROTO_ASYNC_INTIO (0x03) |
| #define | SITA_PROTO_ASYNC_BLKIO (0x04) |
| #define | SITA_PROTO_ALC (0x05) |
| #define | SITA_PROTO_UTS (0x06) |
| #define | SITA_PROTO_PPP_HDLC (0x07) |
| #define | SITA_PROTO_SDLC (0x08) |
| #define | SITA_PROTO_TOKENRING (0x09) |
| #define | SITA_PROTO_I2C (0x10) |
| #define | SITA_PROTO_DPM_LINK (0x11) |
| #define | SITA_PROTO_BOP_FRL (0x12) |
| #define | BTHCI_CHANNEL_COMMAND 1 |
| #define | BTHCI_CHANNEL_ACL 2 |
| #define | BTHCI_CHANNEL_SCO 3 |
| #define | BTHCI_CHANNEL_EVENT 4 |
| #define | BTHCI_CHANNEL_ISO 5 |
| #define | GSM_UM_CHANNEL_UNKNOWN 0 |
| #define | GSM_UM_CHANNEL_BCCH 1 |
| #define | GSM_UM_CHANNEL_SDCCH 2 |
| #define | GSM_UM_CHANNEL_SACCH 3 |
| #define | GSM_UM_CHANNEL_FACCH 4 |
| #define | GSM_UM_CHANNEL_CCCH 5 |
| #define | GSM_UM_CHANNEL_RACH 6 |
| #define | GSM_UM_CHANNEL_AGCH 7 |
| #define | GSM_UM_CHANNEL_PCH 8 |
| #define | LLCP_PHDR_FLAG_SENT 0 |
| #define | REC_TYPE_PACKET 0 |
| #define | REC_TYPE_FT_SPECIFIC_EVENT 1 |
| #define | REC_TYPE_FT_SPECIFIC_REPORT 2 |
| #define | REC_TYPE_SYSCALL 3 |
| #define | REC_TYPE_SYSTEMD_JOURNAL_EXPORT 4 |
| #define | REC_TYPE_CUSTOM_BLOCK 5 |
| #define | PACK_FLAGS_DIRECTION_MASK 0x00000003 /* unshifted */ |
| #define | PACK_FLAGS_DIRECTION_SHIFT 0 |
| #define | PACK_FLAGS_DIRECTION(pack_flags) (((pack_flags) & PACK_FLAGS_DIRECTION_MASK) >> PACK_FLAGS_DIRECTION_SHIFT) |
| #define | PACK_FLAGS_DIRECTION_UNKNOWN 0 |
| #define | PACK_FLAGS_DIRECTION_INBOUND 1 |
| #define | PACK_FLAGS_DIRECTION_OUTBOUND 2 |
| #define | PACK_FLAGS_RECEPTION_TYPE_MASK 0x0000001C /* unshifted */ |
| #define | PACK_FLAGS_RECEPTION_TYPE_SHIFT 2 |
| #define | PACK_FLAGS_RECEPTION_TYPE(pack_flags) (((pack_flags) & PACK_FLAGS_RECEPTION_TYPE_MASK) >> PACK_FLAGS_RECEPTION_TYPE_SHIFT) |
| #define | PACK_FLAGS_RECEPTION_TYPE_UNSPECIFIED 0 |
| #define | PACK_FLAGS_RECEPTION_TYPE_UNICAST 1 |
| #define | PACK_FLAGS_RECEPTION_TYPE_MULTICAST 2 |
| #define | PACK_FLAGS_RECEPTION_TYPE_BROADCAST 3 |
| #define | PACK_FLAGS_RECEPTION_TYPE_PROMISCUOUS 4 |
| #define | PACK_FLAGS_FCS_LENGTH_MASK 0x000001E0 /* unshifted */ |
| #define | PACK_FLAGS_FCS_LENGTH_SHIFT 5 |
| #define | PACK_FLAGS_FCS_LENGTH(pack_flags) (((pack_flags) & PACK_FLAGS_FCS_LENGTH_MASK) >> PACK_FLAGS_FCS_LENGTH_SHIFT) |
| #define | PACK_FLAGS_RESERVED_MASK 0x0000FE00 |
| #define | PACK_FLAGS_CRC_ERROR 0x01000000 |
| #define | PACK_FLAGS_PACKET_TOO_LONG 0x02000000 |
| #define | PACK_FLAGS_PACKET_TOO_SHORT 0x04000000 |
| #define | PACK_FLAGS_WRONG_INTER_FRAME_GAP 0x08000000 |
| #define | PACK_FLAGS_UNALIGNED_FRAME 0x10000000 |
| #define | PACK_FLAGS_START_FRAME_DELIMITER_ERROR 0x20000000 |
| #define | PACK_FLAGS_PREAMBLE_ERROR 0x40000000 |
| #define | PACK_FLAGS_SYMBOL_ERROR 0x80000000 |
| #define | PACK_FLAGS_VALUE(direction, reception_type, fcs_length, ll_dependent_errors) |
| #define | WTAP_NSTIME_32BIT_SECS_MAX ((time_t)(sizeof(time_t) > sizeof(int32_t) ? UINT32_MAX : INT32_MAX)) |
| #define | WTAP_HAS_TS 0x00000001 |
| #define | WTAP_HAS_CAP_LEN 0x00000002 |
| #define | WTAP_HAS_INTERFACE_ID 0x00000004 |
| #define | WTAP_HAS_SECTION_NUMBER 0x00000008 |
| #define | MAXNAMELEN 64 /* max name length (most names: DNS labels, services, eth) */ |
| #define | MAXDNSNAMELEN 256 /* max total length of a domain name in DNS */ |
| #define | WTAP_DUMP_PARAMS_INIT {.snaplen=0} |
| #define | WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */ |
| Comment applies to the entire file or file section. | |
| #define | WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */ |
| Comment applies to a specific interface. | |
| #define | WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */ |
| Comment applies to an individual packet. | |
| #define | OPTION_TYPES_SUPPORTED(option_type_array) array_length(option_type_array), option_type_array |
| Declare supported option types for a block. | |
| #define | NO_OPTIONS_SUPPORTED 0, NULL |
| Declare that no option types are supported for a block. | |
| #define | BLOCKS_SUPPORTED(block_type_array) array_length(block_type_array), block_type_array |
| #define | WTAP_TYPE_AUTO 0 |
| #define | WTAP_ERR_NOT_REGULAR_FILE -1 |
| #define | WTAP_ERR_RANDOM_OPEN_PIPE -2 |
| #define | WTAP_ERR_FILE_UNKNOWN_FORMAT -3 |
| #define | WTAP_ERR_UNSUPPORTED -4 |
| #define | WTAP_ERR_CANT_WRITE_TO_PIPE -5 |
| #define | WTAP_ERR_CANT_OPEN -6 |
| #define | WTAP_ERR_UNWRITABLE_FILE_TYPE -7 |
| #define | WTAP_ERR_UNWRITABLE_ENCAP -8 |
| #define | WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9 |
| #define | WTAP_ERR_CANT_WRITE -10 |
| #define | WTAP_ERR_CANT_CLOSE -11 |
| #define | WTAP_ERR_SHORT_READ -12 |
| #define | WTAP_ERR_BAD_FILE -13 |
| #define | WTAP_ERR_SHORT_WRITE -14 |
| #define | WTAP_ERR_UNC_OVERFLOW -15 |
| #define | WTAP_ERR_RANDOM_OPEN_STDIN -16 |
| #define | WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17 |
| #define | WTAP_ERR_CANT_SEEK -18 |
| #define | WTAP_ERR_CANT_SEEK_COMPRESSED -19 |
| #define | WTAP_ERR_DECOMPRESS -20 |
| #define | WTAP_ERR_INTERNAL -21 |
| #define | WTAP_ERR_PACKET_TOO_LARGE -22 |
| #define | WTAP_ERR_CHECK_WSLUA -23 |
| #define | WTAP_ERR_UNWRITABLE_REC_TYPE -24 |
| #define | WTAP_ERR_UNWRITABLE_REC_DATA -25 |
| #define | WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED -26 |
| #define | WTAP_ERR_TIME_STAMP_NOT_SUPPORTED -27 |
| #define | WTAP_ERR_REC_MALFORMED -28 |
Typedefs | |
| typedef struct wtap_rec | wtap_rec |
| typedef struct hashipv4 | hashipv4_t |
| typedef struct hashipv6 | hashipv6_t |
| typedef struct addrinfo_lists | addrinfo_lists_t |
| typedef struct wtap_dump_params | wtap_dump_params |
| typedef struct wtap | wtap |
| typedef struct wtap_dumper | wtap_dumper |
| typedef struct wtap_reader * | FILE_T |
| typedef struct wtap_wslua_file_info | wtap_wslua_file_info_t |
| typedef wtap_open_return_val(* | wtap_open_routine_t) (struct wtap *, int *, char **) |
| typedef void(* | wtap_new_ipv4_callback_t) (const unsigned addr, const char *name, const bool static_entry) |
| Callback type for registering new IPv4 hostnames. | |
| typedef void(* | wtap_new_ipv6_callback_t) (const ws_in6_addr *addrp, const char *name, const bool static_entry) |
| Callback type for registering new IPv6 hostnames. | |
| typedef void(* | wtap_new_secrets_callback_t) (uint32_t secrets_type, const void *secrets, unsigned size) |
| Callback type for receiving new decryption secrets. | |
Enumerations | |
| enum | wtap_open_return_val { WTAP_OPEN_NOT_MINE = 0 , WTAP_OPEN_MINE = 1 , WTAP_OPEN_ERROR = -1 } |
| For registering file types that we can open. More... | |
| enum | wtap_open_type { OPEN_INFO_MAGIC = 0 , OPEN_INFO_HEURISTIC = 1 } |
| Strategy used to identify a file format. More... | |
| enum | option_support_t { OPTION_NOT_SUPPORTED , ONE_OPTION_SUPPORTED , MULTIPLE_OPTIONS_SUPPORTED } |
| Indicates how a file format supports a given option type. More... | |
| enum | block_support_t { BLOCK_NOT_SUPPORTED , ONE_BLOCK_SUPPORTED , MULTIPLE_BLOCKS_SUPPORTED } |
| enum | ft_sort_order { FT_SORT_BY_NAME , FT_SORT_BY_DESCRIPTION } |
Functions | |
| WS_DLL_PUBLIC void | init_open_routines (void) |
| void | cleanup_open_routines (void) |
| Clean up registered file open routines. | |
| WS_DLL_PUBLIC void | wtap_init (bool load_wiretap_plugins, const char *app_env_var_prefix, const struct file_extension_info *file_extensions, unsigned num_extensions) |
| Initialize the Wiretap library. | |
| WS_DLL_PUBLIC struct wtap * | wtap_open_offline (const char *filename, unsigned int type, int *err, char **err_info, bool do_random, const char *app_env_var_prefix) |
| Open a capture file for offline analysis. | |
| WS_DLL_PUBLIC void | wtap_cleareof (wtap *wth) |
| Clear EOF status for a wiretap file. | |
| WS_DLL_PUBLIC void | wtap_set_cb_new_ipv4 (wtap *wth, wtap_new_ipv4_callback_t add_new_ipv4) |
| Set the callback for adding new IPv4 hostnames. | |
| WS_DLL_PUBLIC void | wtap_set_cb_new_ipv6 (wtap *wth, wtap_new_ipv6_callback_t add_new_ipv6) |
| Set the callback for adding new IPv6 hostnames. | |
| WS_DLL_PUBLIC void | wtap_set_cb_new_secrets (wtap *wth, wtap_new_secrets_callback_t add_new_secrets) |
| Set the callback for receiving new decryption secrets. | |
| WS_DLL_PUBLIC bool | wtap_read (wtap *wth, wtap_rec *rec, int *err, char **err_info, int64_t *offset) |
| Read the next record in the file, filling in *phdr and *buf. | |
| WS_DLL_PUBLIC bool | wtap_seek_read (wtap *wth, int64_t seek_off, wtap_rec *rec, int *err, char **err_info) |
| Read the record at a specified offset in a capture file, filling in *phdr and *buf. | |
| WS_DLL_PUBLIC void | wtap_rec_init (wtap_rec *rec, size_t space) |
| Initialize a wtap_rec structure. | |
| WS_DLL_PUBLIC void | wtap_rec_apply_snapshot (wtap_rec *rec, uint32_t snaplen) |
| Apply a snapshot length to a wtap_rec. | |
| WS_DLL_PUBLIC void | wtap_rec_reset (wtap_rec *rec) |
| Re-initialize a wtap_rec structure. | |
| WS_DLL_PUBLIC void | wtap_rec_cleanup (wtap_rec *rec) |
| Clean up a wtap_rec structure. | |
| WS_DLL_PUBLIC char * | wtap_unwritable_rec_type_err_string (const wtap_rec *rec) |
| Return an error string for WTAP_ERR_UNWRITABLE_REC_TYPE. | |
| WS_DLL_PUBLIC void | wtap_setup_packet_rec (wtap_rec *rec, int encap) |
| Set up a wtap_rec for a packet (REC_TYPE_PACKET). | |
| WS_DLL_PUBLIC void | wtap_setup_ft_specific_event_rec (wtap_rec *rec, int file_type_subtype, unsigned record_type) |
| Set up a wtap_rec for a file-type specific event. | |
| WS_DLL_PUBLIC void | wtap_setup_ft_specific_report_rec (wtap_rec *rec, int file_type_subtype, unsigned record_type) |
| Set up a wtap_rec for a file-type specific report. | |
| WS_DLL_PUBLIC void | wtap_setup_syscall_rec (wtap_rec *rec) |
| Set up a wtap_rec for a system call. | |
| WS_DLL_PUBLIC void | wtap_setup_systemd_journal_export_rec (wtap_rec *rec) |
| Set up a wtap_rec for a systemd journal export entry. | |
| WS_DLL_PUBLIC void | wtap_setup_custom_block_rec (wtap_rec *rec, uint32_t pen, uint32_t payload_length, bool copy_allowed) |
| Set up a wtap_rec for a custom block. | |
| WS_DLL_PUBLIC ws_compression_type | wtap_get_compression_type (wtap *wth) |
| Get the compression type used for the capture file. | |
| WS_DLL_PUBLIC int64_t | wtap_read_so_far (wtap *wth) |
| Return an approximation of the amount of data read sequentially. | |
| WS_DLL_PUBLIC int64_t | wtap_file_size (wtap *wth, int *err) |
| Get the size of the capture file. | |
| WS_DLL_PUBLIC unsigned | wtap_snapshot_length (wtap *wth) |
| Get the snapshot length for the capture file. | |
| WS_DLL_PUBLIC int | wtap_file_type_subtype (wtap *wth) |
| Get the file type subtype. | |
| WS_DLL_PUBLIC int | wtap_file_encap (wtap *wth) |
| Get the encapsulation type for the capture file. | |
| WS_DLL_PUBLIC int | wtap_file_tsprec (wtap *wth) |
| Get the timestamp precision for the capture file. | |
| WS_DLL_PUBLIC const nstime_t * | wtap_file_start_ts (wtap *wth) |
| Get the start timestamp of the capture file. | |
| WS_DLL_PUBLIC const nstime_t * | wtap_file_end_ts (wtap *wth) |
| Get the end timestamp of the capture file. | |
| WS_DLL_PUBLIC unsigned | wtap_file_get_num_shbs (wtap *wth) |
| Gets number of section header blocks. | |
| WS_DLL_PUBLIC wtap_block_t | wtap_file_get_shb (wtap *wth, unsigned shb_num) |
| Gets existing section header block, not for new file. | |
| WS_DLL_PUBLIC void | wtap_write_shb_comment (wtap *wth, char *comment) |
| Sets or replaces the section header comment. | |
| WS_DLL_PUBLIC unsigned | wtap_file_get_shb_global_interface_id (wtap *wth, unsigned shb_num, uint32_t interface_id) |
| Gets the unique interface id for a SHB's interface. | |
| WS_DLL_PUBLIC wtapng_iface_descriptions_t * | wtap_file_get_idb_info (wtap *wth) |
| Gets existing interface descriptions. | |
| WS_DLL_PUBLIC wtapng_dpib_lookup_info_t * | wtap_file_get_dpib_lookup_info (wtap *wth) |
| WS_DLL_PUBLIC wtap_block_t | wtap_get_next_interface_description (wtap *wth) |
| Gets next interface description. | |
| WS_DLL_PUBLIC void | wtap_free_idb_info (wtapng_iface_descriptions_t *idb_info) |
| Free's a interface description block and all of its members. | |
| WS_DLL_PUBLIC char * | wtap_get_debug_if_descr (const wtap_block_t if_descr, const int indent, const char *line_end) |
| Gets a debug string of an interface description. | |
| WS_DLL_PUBLIC wtap_block_t | wtap_file_get_nrb (wtap *wth) |
| Gets existing name resolution block, not for new file. | |
| WS_DLL_PUBLIC unsigned | wtap_file_get_num_dsbs (wtap *wth) |
| Gets number of decryption secrets blocks. | |
| WS_DLL_PUBLIC wtap_block_t | wtap_file_get_dsb (wtap *wth, unsigned dsb_num) |
| Gets existing decryption secrets block, not for new file. | |
| WS_DLL_PUBLIC void | wtap_file_add_decryption_secrets (wtap *wth, const wtap_block_t dsb) |
| Adds a Decryption Secrets Block to the open wiretap session. | |
| WS_DLL_PUBLIC bool | wtap_file_discard_decryption_secrets (wtap *wth) |
| Remove any decryption secret information from the per-file information; used if we're stripping decryption secrets while the file is open. | |
| WS_DLL_PUBLIC void | wtap_fdclose (wtap *wth) |
| Close all file descriptors for the current wiretap file. | |
| WS_DLL_PUBLIC bool | wtap_fdreopen (wtap *wth, const char *filename, int *err) |
| Reopen the random-access file descriptor for the current file. | |
| WS_DLL_PUBLIC void | wtap_sequential_close (wtap *wth) |
| Close the sequential-access side of the file. | |
| WS_DLL_PUBLIC void | wtap_close (wtap *wth) |
| Fully close the wiretap file and release all resources. | |
| WS_DLL_PUBLIC bool | wtap_dump_can_open (int filetype) |
| Check if a file type can be opened for dumping. | |
| WS_DLL_PUBLIC int | wtap_dump_required_file_encap_type (const GArray *file_encaps) |
| Determine the required per-file encapsulation type. | |
| WS_DLL_PUBLIC bool | wtap_dump_can_write_encap (int file_type_subtype, int encap) |
| Check if a file type/subtype supports writing a given encapsulation. | |
| WS_DLL_PUBLIC bool | wtap_dump_can_compress (int file_type_subtype) |
| Check if a file type/subtype supports compression. | |
| WS_DLL_PUBLIC void | wtap_dump_params_init (wtap_dump_params *params, wtap *wth) |
| Initialize the per-file information based on an existing file. | |
| WS_DLL_PUBLIC void | wtap_dump_params_init_no_idbs (wtap_dump_params *params, wtap *wth) |
| Initialize the per-file information based on an existing file, but don't copy over the interface information. | |
| WS_DLL_PUBLIC void | wtap_dump_params_discard_name_resolution (wtap_dump_params *params) |
| Remove any name resolution information from the per-file information; used if we're stripping name resolution as we write the file. | |
| WS_DLL_PUBLIC void | wtap_dump_params_discard_decryption_secrets (wtap_dump_params *params) |
| Remove any decryption secret information from the per-file information; used if we're stripping decryption secrets as we write the file. | |
| WS_DLL_PUBLIC void | wtap_dump_params_cleanup (wtap_dump_params *params) |
| Free memory associated with the wtap_dump_params when it is no longer in use by wtap_dumper. | |
| WS_DLL_PUBLIC wtap_dumper * | wtap_dump_open (const char *filename, int file_type_subtype, ws_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info) |
| Opens a new capture file for writing. | |
| WS_DLL_PUBLIC wtap_dumper * | wtap_dump_open_tempfile (const char *tmpdir, char **filenamep, const char *pfx, int file_type_subtype, ws_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info) |
| Creates a dumper for a temporary file. | |
| WS_DLL_PUBLIC wtap_dumper * | wtap_dump_fdopen (int fd, int file_type_subtype, ws_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info) |
| Creates a dumper for an existing file descriptor. | |
| WS_DLL_PUBLIC wtap_dumper * | wtap_dump_open_stdout (int file_type_subtype, ws_compression_type compression_type, const wtap_dump_params *params, int *err, char **err_info) |
| Creates a dumper for the standard output. | |
| WS_DLL_PUBLIC bool | wtap_dump_add_idb (wtap_dumper *wdh, wtap_block_t idb, int *err, char **err_info) |
| Add an IDB to the list of IDBs for a file we're writing. Makes a copy of the IDB, so it can be freed after this call is made. | |
| WS_DLL_PUBLIC bool | wtap_dump (wtap_dumper *, const wtap_rec *, int *err, char **err_info) |
| WS_DLL_PUBLIC bool | wtap_dump_flush (wtap_dumper *, int *) |
| WS_DLL_PUBLIC int | wtap_dump_file_type_subtype (const wtap_dumper *wdh) |
| WS_DLL_PUBLIC int64_t | wtap_get_bytes_dumped (const wtap_dumper *) |
| WS_DLL_PUBLIC void | wtap_set_bytes_dumped (wtap_dumper *wdh, int64_t bytes_dumped) |
| WS_DLL_PUBLIC bool | wtap_addrinfo_list_empty (const addrinfo_lists_t *addrinfo_lists) |
| WS_DLL_PUBLIC bool | wtap_dump_set_addrinfo_list (wtap_dumper *wdh, addrinfo_lists_t *addrinfo_lists) |
| WS_DLL_PUBLIC void | wtap_dump_discard_name_resolution (wtap_dumper *wdh) |
| WS_DLL_PUBLIC void | wtap_dump_discard_decryption_secrets (wtap_dumper *wdh) |
| WS_DLL_PUBLIC bool | wtap_dump_close (wtap_dumper *wdh, bool *needs_reload, int *err, char **err_info) |
| WS_DLL_PUBLIC bool | wtap_dump_can_write (const GArray *file_encaps, uint32_t required_comment_types) |
| Determine whether a capture file can be written with the specified options. | |
| WS_DLL_PUBLIC void | wtap_buffer_append_epdu_tag (Buffer *buf, uint16_t epdu_tag, const uint8_t *data, uint16_t data_len) |
| Generates arbitrary packet data in "exported PDU" format and appends it to buf. | |
| WS_DLL_PUBLIC void | wtap_buffer_append_epdu_uint (Buffer *buf, uint16_t epdu_tag, uint32_t val) |
| Generates packet data for an unsigned integer in "exported PDU" format. For filetype readers to transform non-packetized data. | |
| WS_DLL_PUBLIC void | wtap_buffer_append_epdu_string (Buffer *buf, uint16_t epdu_tag, const char *val) |
| Generates packet data for a string in "exported PDU" format. For filetype readers to transform non-packetized data. | |
| WS_DLL_PUBLIC int | wtap_buffer_append_epdu_end (Buffer *buf) |
| Close off a set of "exported PDUs" added to the buffer. For filetype readers to transform non-packetized data. | |
| WS_DLL_PUBLIC GArray * | wtap_get_savable_file_types_subtypes_for_file (int file_type_subtype, const GArray *file_encaps, uint32_t required_comment_types, ft_sort_order sort_order) |
| Get savable file type/subtype candidates for saving a capture file. | |
| WS_DLL_PUBLIC GArray * | wtap_get_writable_file_types_subtypes (ft_sort_order sort_order) |
| Get a list of all writable file type/subtype values. | |
| WS_DLL_PUBLIC const char * | wtap_file_type_subtype_description (int file_type_subtype) |
| Get a human-readable description for a file type/subtype. | |
| WS_DLL_PUBLIC const char * | wtap_file_type_subtype_name (int file_type_subtype) |
| Get a short name for a file type/subtype. | |
| WS_DLL_PUBLIC int | wtap_name_to_file_type_subtype (const char *name) |
| Convert a file type/subtype name to its identifier. | |
| WS_DLL_PUBLIC int | wtap_pcap_file_type_subtype (void) |
| Get the file type/subtype identifier for classic pcap (microsecond timestamps). | |
| WS_DLL_PUBLIC int | wtap_pcap_nsec_file_type_subtype (void) |
| Get the file type/subtype identifier for pcap with nanosecond timestamps. | |
| WS_DLL_PUBLIC int | wtap_pcapng_file_type_subtype (void) |
| Get the file type/subtype identifier for pcapng. | |
| WS_DLL_PUBLIC block_support_t | wtap_file_type_subtype_supports_block (int file_type_subtype, wtap_block_type_t type) |
| Determine whether a capture file format supports a given block type. | |
| WS_DLL_PUBLIC option_support_t | wtap_file_type_subtype_supports_option (int file_type_subtype, wtap_block_type_t type, unsigned opttype) |
| Determine whether a capture file format supports a specific option for a block. | |
| WS_DLL_PUBLIC GSList * | wtap_get_all_capture_file_extensions_list (void) |
| Return a list of all extensions that are used by all capture file types, including compressed extensions, e.g. not just "pcap" but also "pcap.gz" if we can read gzipped files. | |
| WS_DLL_PUBLIC GSList * | wtap_get_all_file_extensions_list (void) |
| Return a list of all extensions that are used by all file types that we can read, including compressed extensions, e.g. not just "pcap" but also "pcap.gz" if we can read gzipped files. | |
| WS_DLL_PUBLIC void | wtap_free_extensions_list (GSList *extensions) |
| Free a list of file extension strings returned by extension helpers. | |
| WS_DLL_PUBLIC const char * | wtap_default_file_extension (int file_type_subtype) |
| Get the default file extension for a file type/subtype. | |
| WS_DLL_PUBLIC GSList * | wtap_get_file_extensions_list (int file_type_subtype, bool include_compressed) |
| Return a list of file extensions that are used by the specified file type and subtype. | |
| WS_DLL_PUBLIC const char * | wtap_encap_name (int encap) |
| Get a short name for an encapsulation type. | |
| WS_DLL_PUBLIC const char * | wtap_encap_description (int encap) |
| Get a human-readable description for an encapsulation type. | |
| WS_DLL_PUBLIC int | wtap_name_to_encap (const char *short_name) |
| Convert a short encapsulation name to its WTAP_ENCAP_ value. | |
| WS_DLL_PUBLIC const char * | wtap_tsprec_string (int tsprec) |
| Convert a timestamp precision constant to a string. | |
| WS_DLL_PUBLIC const char * | wtap_strerror (int err) |
| Return a human-readable error string for a WTAP error code. | |
| WS_DLL_PUBLIC int | wtap_get_num_file_type_extensions (void) |
| Return the number of registered file type extension groups. | |
| WS_DLL_PUBLIC int | wtap_get_num_encap_types (void) |
| Return the number of known encapsulation types. | |
| WS_DLL_PUBLIC const char * | wtap_get_file_extension_type_name (int extension_type) |
| Get the short name for a file extension type. | |
| WS_DLL_PUBLIC GSList * | wtap_get_file_extension_type_extensions (unsigned extension_type) |
| Get the list of extensions for a file extension type. | |
| WS_DLL_PUBLIC void | wtap_register_file_type_extension (const struct file_extension_info *ei) |
| Register file extension information for a file type. | |
| WS_DLL_PUBLIC void | wtap_register_plugin (const wtap_plugin *plug) |
| Register a wiretap plugin. | |
| WS_DLL_PUBLIC int | wtap_plugins_supported (void) |
| Query whether libwiretap plugin loading is available. | |
| WS_DLL_PUBLIC void | wtap_register_open_info (struct open_info *oi, const bool first_routine) |
| Register an open_info probe/open handler. | |
| WS_DLL_PUBLIC bool | wtap_has_open_info (const char *name) |
| Check if an open_info handler with the given name is registered. | |
| WS_DLL_PUBLIC bool | wtap_uses_lua_filehandler (const wtap *wth) |
| Check whether a wtap handle uses a Lua-based file handler. | |
| WS_DLL_PUBLIC void | wtap_deregister_open_info (const char *name) |
| Deregister an open_info handler by name. | |
| WS_DLL_PUBLIC unsigned int | open_info_name_to_type (const char *name) |
| Convert an open_info short name to its numeric type. | |
| WS_DLL_PUBLIC int | wtap_register_file_type_subtype (const struct file_type_subtype_info *fi) |
| Register a file type/subtype. | |
| WS_DLL_PUBLIC void | wtap_deregister_file_type_subtype (const int file_type_subtype) |
| Deregister a previously registered file type/subtype. | |
| WS_DLL_PUBLIC int | wtap_register_encap_type (const char *description, const char *name) |
| Register a new packet encapsulation type. | |
| WS_DLL_PUBLIC void | wtap_cleanup (void) |
| Clean up libwiretap internal registrations and plugin state. | |
Variables | |
| WS_DLL_PUBLIC struct open_info * | open_routines |
| Table of registered wiretap file open handlers. | |
Wiretap Library Copyright (c) 1998 by Gilbert Ramirez gram@.nosp@m.alum.nosp@m.ni.ri.nosp@m.ce.e.nosp@m.du
SPDX-License-Identifier: GPL-2.0-or-later
| #define IS_80211AD | ( | frequency | ) |
| #define NO_OPTIONS_SUPPORTED 0, NULL |
Declare that no option types are supported for a block.
Expands to zero and NULL, indicating absence of supported options.
| #define OPTION_TYPES_SUPPORTED | ( | option_type_array | ) | array_length(option_type_array), option_type_array |
Declare supported option types for a block.
Expands to the length of the option type array and the array itself.
| #define PACK_FLAGS_VALUE | ( | direction, | |
| reception_type, | |||
| fcs_length, | |||
| ll_dependent_errors | |||
| ) |
| #define REC_TYPE_CUSTOM_BLOCK 5 |
pcapng custom block
| #define REC_TYPE_FT_SPECIFIC_EVENT 1 |
file-type-specific event
| #define REC_TYPE_FT_SPECIFIC_REPORT 2 |
file-type-specific report
| #define REC_TYPE_PACKET 0 |
packet
| #define REC_TYPE_SYSCALL 3 |
system call
| #define REC_TYPE_SYSTEMD_JOURNAL_EXPORT 4 |
systemd journal entry
| #define WTAP_COMMENT_PER_INTERFACE 0x00000002 /* per-interface */ |
Comment applies to a specific interface.
Useful for describing interface-specific settings or observations.
| #define WTAP_COMMENT_PER_PACKET 0x00000004 /* per-packet */ |
Comment applies to an individual packet.
Enables fine-grained annotations such as decoding notes or anomalies.
| #define WTAP_COMMENT_PER_SECTION 0x00000001 /* per-file/per-file-section */ |
Comment applies to the entire file or file section.
Used for global annotations such as capture metadata or session notes.
| #define WTAP_ERR_BAD_FILE -13 |
The file appears to be damaged or corrupted or otherwise bogus
| #define WTAP_ERR_CANT_CLOSE -11 |
The file couldn't be closed, reason unknown
| #define WTAP_ERR_CANT_OPEN -6 |
The file couldn't be opened, reason unknown
| #define WTAP_ERR_CANT_SEEK -18 |
An attempt to seek failed, reason unknown
| #define WTAP_ERR_CANT_SEEK_COMPRESSED -19 |
An attempt to seek on a compressed stream
| #define WTAP_ERR_CANT_WRITE -10 |
An attempt to read failed, reason unknown
| #define WTAP_ERR_CANT_WRITE_TO_PIPE -5 |
Wiretap can't save to a pipe in the specified format
| #define WTAP_ERR_CHECK_WSLUA -23 |
Not really an error: the file type being checked is from a Lua plugin, so that the code will call wslua_can_write_encap() instead if it gets this
| #define WTAP_ERR_COMPRESSION_NOT_SUPPORTED -17 |
The filetype doesn't support output compression
| #define WTAP_ERR_DECOMPRESS -20 |
Error decompressing
| #define WTAP_ERR_DECOMPRESSION_NOT_SUPPORTED -26 |
We don't support decompressing that type of compressed file
| #define WTAP_ERR_ENCAP_PER_PACKET_UNSUPPORTED -9 |
The specified format doesn't support per-packet encapsulations
| #define WTAP_ERR_FILE_UNKNOWN_FORMAT -3 |
The file being opened is not a capture file in a known format
| #define WTAP_ERR_INTERNAL -21 |
"Shouldn't happen" internal errors
| #define WTAP_ERR_NOT_REGULAR_FILE -1 |
Wiretap error codes. The file being opened for reading isn't a plain file (or pipe)
| #define WTAP_ERR_PACKET_TOO_LARGE -22 |
Packet being written is larger than we support; do not use when reading, use WTAP_ERR_BAD_FILE instead
| #define WTAP_ERR_RANDOM_OPEN_PIPE -2 |
The file is being opened for random access and it's a pipe
| #define WTAP_ERR_RANDOM_OPEN_STDIN -16 |
We're trying to open the standard input for random access
| #define WTAP_ERR_REC_MALFORMED -28 |
Packet being read is of a known type, but is malformed so it will be skipped. This can be used instead of WTAP_ERR_BAD_FILE to not stop reading of a file
| #define WTAP_ERR_SHORT_READ -12 |
An attempt to read less data than it should have
| #define WTAP_ERR_SHORT_WRITE -14 |
An attempt to write wrote less data than it should have
| #define WTAP_ERR_TIME_STAMP_NOT_SUPPORTED -27 |
We don't support writing that record's time stamp to that file type
| #define WTAP_ERR_UNC_OVERFLOW -15 |
Uncompressing Sniffer data would overflow buffer
| #define WTAP_ERR_UNSUPPORTED -4 |
Supported file type, but there's something in the file we're reading that we can't support
| #define WTAP_ERR_UNWRITABLE_ENCAP -8 |
Wiretap can't read or save files in the specified format with the specified encapsulation
| #define WTAP_ERR_UNWRITABLE_FILE_TYPE -7 |
Wiretap can't save files in the specified format
| #define WTAP_ERR_UNWRITABLE_REC_DATA -25 |
Something in the record data can't be written to that file type
| #define WTAP_ERR_UNWRITABLE_REC_TYPE -24 |
Specified record type can't be written to that file type
| #define WTAP_HAS_CAP_LEN 0x00000002 |
captured length separate from on-the-network length
| #define WTAP_HAS_INTERFACE_ID 0x00000004 |
interface ID
| #define WTAP_HAS_SECTION_NUMBER 0x00000008 |
section number
| #define WTAP_HAS_TS 0x00000001 |
time stamp
| typedef struct addrinfo_lists addrinfo_lists_t |
A struct with lists of resolved addresses. Used when writing name resolutions blocks (NRB)
| typedef struct wtap_dump_params wtap_dump_params |
Parameters for various wtap_dump_* functions, specifying per-file information. The structure itself is no longer used after returning from wtap_dump_*, but its pointer fields must remain valid until wtap_dump_close is called.
| typedef void(* wtap_new_ipv4_callback_t) (const unsigned addr, const char *name, const bool static_entry) |
Callback type for registering new IPv4 hostnames.
Used to associate an IPv4 address with a hostname during file parsing. Must match the signature of add_ipv4_name in addr_resolv.c.
| addr | IPv4 address in host byte order. |
| name | Hostname to associate. |
| static_entry | True if the entry is static; false if dynamic. |
| typedef void(* wtap_new_ipv6_callback_t) (const ws_in6_addr *addrp, const char *name, const bool static_entry) |
Callback type for registering new IPv6 hostnames.
Used to associate an IPv6 address with a hostname during file parsing. Must match the signature of add_ipv6_name in addr_resolv.c.
| addrp | Pointer to IPv6 address. |
| name | Hostname to associate. |
| static_entry | True if the entry is static; false if dynamic. |
| typedef void(* wtap_new_secrets_callback_t) (uint32_t secrets_type, const void *secrets, unsigned size) |
Callback type for receiving new decryption secrets.
Used to register secrets (e.g., TLS keys) discovered during file parsing. The secrets type is defined in secrets-types.h. Currently used only for pcapng.
| secrets_type | Type identifier for the secrets. |
| secrets | Pointer to the secrets data. |
| size | Size of the secrets data in bytes. |
| enum option_support_t |
Indicates how a file format supports a given option type.
Used to describe whether a block type can include zero, one, or multiple instances of a specific option type.
For a given option type in a certain block type, does a file format not support it, support only one such option, or support multiple such options?
| enum wtap_open_return_val |
For registering file types that we can open.
Each file type has an open routine.
The open routine should return:
WTAP_OPEN_ERROR on an I/O error; WTAP_OPEN_MINE if the file it's reading is one of the types it handles; WTAP_OPEN_NOT_MINE if the file it's reading isn't one of the types it handles.
If the routine handles this type of file, it should set the "file_type_subtype" field in the "struct wtap" to the type of the file.
Note that the routine does not have to free the private data pointer on error. The caller takes care of that by calling wtap_close on error. (See https://gitlab.com/wireshark/wireshark/-/issues/8518)
However, the caller does have to free the private data pointer when returning WTAP_OPEN_NOT_MINE, since the next file type will be called and will likely just overwrite the pointer.
| Enumerator | |
|---|---|
| WTAP_OPEN_NOT_MINE | File isn't handled by this module. |
| WTAP_OPEN_MINE | File is handled by this module. |
| WTAP_OPEN_ERROR | I/O error occurred while opening the file. |
| enum wtap_open_type |
Strategy used to identify a file format.
Some file formats have defined magic numbers at fixed offsets from the beginning of the file; those routines should return 1 if and only if the file has the magic number at that offset. (pcapng is a bit of a special case, as it has both the Section Header Block type field and its byte-order magic field; it checks for both.) Those file formats do not require a file name extension in order to recognize them or to avoid recognizing other file types as that type, and have no extensions specified for them.
Other file formats don't have defined magic numbers at fixed offsets, so a heuristic is required. If that file format has any file name extensions used for it, a list of those extensions should be specified, so that, if the name of the file being opened has an extension, the file formats that use that extension are tried before the ones that don't, to handle the case where a file of one type might be recognized by the heuristics for a different file type.
| Enumerator | |
|---|---|
| OPEN_INFO_MAGIC | Format identified by a fixed magic number at a known offset. |
| OPEN_INFO_HEURISTIC | Format identified by heuristic inspection of file contents. |
| void cleanup_open_routines | ( | void | ) |
Clean up registered file open routines.
Frees any resources or state associated with wiretap module open handlers. Typically called during shutdown or module unloading.
| WS_DLL_PUBLIC unsigned int open_info_name_to_type | ( | const char * | name | ) |
Convert an open_info short name to its numeric type.
| name | Short name. |
| WS_DLL_PUBLIC int wtap_buffer_append_epdu_end | ( | Buffer * | buf | ) |
Close off a set of "exported PDUs" added to the buffer. For filetype readers to transform non-packetized data.
| [in,out] | buf | Buffer into which to write field |
| WS_DLL_PUBLIC void wtap_buffer_append_epdu_string | ( | Buffer * | buf, |
| uint16_t | epdu_tag, | ||
| const char * | val | ||
| ) |
Generates packet data for a string in "exported PDU" format. For filetype readers to transform non-packetized data.
| [in,out] | buf | Buffer into which to write field |
| epdu_tag | tag ID of field to create | |
| val | string value to write to buf |
| WS_DLL_PUBLIC void wtap_buffer_append_epdu_tag | ( | Buffer * | buf, |
| uint16_t | epdu_tag, | ||
| const uint8_t * | data, | ||
| uint16_t | data_len | ||
| ) |
Generates arbitrary packet data in "exported PDU" format and appends it to buf.
For filetype readers to transform non-packetized data. Calls ws_buffer_asssure_space() for you and handles padding to 4-byte boundary.
| [in,out] | buf | Buffer into which to write field |
| epdu_tag | tag ID of field to create | |
| data | data to be written | |
| data_len | length of data |
| WS_DLL_PUBLIC void wtap_buffer_append_epdu_uint | ( | Buffer * | buf, |
| uint16_t | epdu_tag, | ||
| uint32_t | val | ||
| ) |
Generates packet data for an unsigned integer in "exported PDU" format. For filetype readers to transform non-packetized data.
| [in,out] | buf | Buffer into which to write field |
| epdu_tag | tag ID of field to create | |
| val | integer value to write to buf |
| WS_DLL_PUBLIC void wtap_cleareof | ( | wtap * | wth | ) |
Clear EOF status for a wiretap file.
If compiled with zlib and the file is at EOF, this resets the EOF flag to allow continued reading. Useful when tailing a file that may grow.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC void wtap_close | ( | wtap * | wth | ) |
Fully close the wiretap file and release all resources.
Closes any open file handles and frees memory associated with the wiretap handle.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC const char * wtap_default_file_extension | ( | int | file_type_subtype | ) |
Get the default file extension for a file type/subtype.
Returns the canonical, unprefixed extension (without a leading ".") to use when saving files of the specified file type/subtype.
The returned string is owned by the library and must not be freed by the caller.
| file_type_subtype | File type/subtype identifier. |
| WS_DLL_PUBLIC void wtap_deregister_file_type_subtype | ( | const int | file_type_subtype | ) |
Deregister a previously registered file type/subtype.
| file_type_subtype | Identifier returned by registration. |
| WS_DLL_PUBLIC void wtap_deregister_open_info | ( | const char * | name | ) |
Deregister an open_info handler by name.
| name | Short name of the handler to remove. |
| WS_DLL_PUBLIC bool wtap_dump_add_idb | ( | wtap_dumper * | wdh, |
| wtap_block_t | idb, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Add an IDB to the list of IDBs for a file we're writing. Makes a copy of the IDB, so it can be freed after this call is made.
| wdh | handle for the file we're writing. | |
| idb | the IDB to add | |
| [out] | err | Will be set to an error code on failure. |
| [out] | err_info | for some errors, a string giving more details of the error. |
| WS_DLL_PUBLIC bool wtap_dump_can_compress | ( | int | file_type_subtype | ) |
Check if a file type/subtype supports compression.
Returns true if the specified file format can be written in compressed form.
| file_type_subtype | File type/subtype identifier. |
| WS_DLL_PUBLIC bool wtap_dump_can_open | ( | int | filetype | ) |
Check if a file type can be opened for dumping.
Determines whether the specified file type supports writing packet data.
| filetype | File type identifier. |
| WS_DLL_PUBLIC bool wtap_dump_can_write | ( | const GArray * | file_encaps, |
| uint32_t | required_comment_types | ||
| ) |
Determine whether a capture file can be written with the specified options.
Returns true if a capture file can be created that supports all encapsulation types listed in file_encaps and supports all comment types indicated by the required_comment_types bitmask.
The encapsulation list is a GArray of WTAP_ENCAP_ values. The comment types bitmask uses WTAP_COMMENT_TYPE_ flags that indicate which comment features (per-packet, per-file, per-block, etc.) must be supported by the output format.
| file_encaps | GArray of WTAP_ENCAP_ values representing packet encapsulations required. |
| required_comment_types | Bitmask of required comment type flags. |
| WS_DLL_PUBLIC bool wtap_dump_can_write_encap | ( | int | file_type_subtype, |
| int | encap | ||
| ) |
Check if a file type/subtype supports writing a given encapsulation.
Returns true if the specified encapsulation type can be written in the given file format; false otherwise.
| file_type_subtype | File type/subtype identifier. |
| encap | Encapsulation type (WTAP_ENCAP_...). |
| WS_DLL_PUBLIC bool wtap_dump_close | ( | wtap_dumper * | wdh, |
| bool * | needs_reload, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Closes open file handles and frees memory associated with wdh. Note that shb_hdr and idb_inf are not freed by this routine.
| wdh | handle for the file we're closing. | |
| [out] | needs_reload | if not null, points to a bool that will be set to true if a full reload of the file would be required if this was done as part of a "Save" or "Save As" operation, false if no full reload would be required. |
| [out] | err | points to an int that will be set to an error code on failure. |
| [out] | err_info | for some errors, points to a char * that will be set to a string giving more details of the error. |
| WS_DLL_PUBLIC wtap_dumper * wtap_dump_fdopen | ( | int | fd, |
| int | file_type_subtype, | ||
| ws_compression_type | compression_type, | ||
| const wtap_dump_params * | params, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Creates a dumper for an existing file descriptor.
| fd | The file descriptor for which the dumper should be created. | |
| file_type_subtype | The WTAP_FILE_TYPE_SUBTYPE_XXX file type. | |
| compression_type | Type of compression to use when writing, if any | |
| params | The per-file information for this file. | |
| [out] | err | Will be set to an error code on failure. |
| [out] | err_info | for some errors, a string giving more details of the error |
| WS_DLL_PUBLIC wtap_dumper * wtap_dump_open | ( | const char * | filename, |
| int | file_type_subtype, | ||
| ws_compression_type | compression_type, | ||
| const wtap_dump_params * | params, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Opens a new capture file for writing.
| filename | The new file's name. | |
| file_type_subtype | The WTAP_FILE_TYPE_SUBTYPE_XXX file type. | |
| compression_type | Type of compression to use when writing, if any | |
| params | The per-file information for this file. | |
| [out] | err | Will be set to an error code on failure. |
| [out] | err_info | for some errors, a string giving more details of the error |
| WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_stdout | ( | int | file_type_subtype, |
| ws_compression_type | compression_type, | ||
| const wtap_dump_params * | params, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Creates a dumper for the standard output.
| file_type_subtype | The WTAP_FILE_TYPE_SUBTYPE_XXX file type. | |
| compression_type | Type of compression to use when writing, if any | |
| params | The per-file information for this file. | |
| [out] | err | Will be set to an error code on failure. |
| [out] | err_info | for some errors, a string giving more details of the error |
| WS_DLL_PUBLIC wtap_dumper * wtap_dump_open_tempfile | ( | const char * | tmpdir, |
| char ** | filenamep, | ||
| const char * | pfx, | ||
| int | file_type_subtype, | ||
| ws_compression_type | compression_type, | ||
| const wtap_dump_params * | params, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Creates a dumper for a temporary file.
| tmpdir | Directory in which to create the temporary file. | |
| filenamep | Points to a pointer that's set to point to the pathname of the temporary file; it's allocated with g_malloc() | |
| pfx | A string to be used as the prefix for the temporary file name | |
| file_type_subtype | The WTAP_FILE_TYPE_SUBTYPE_XXX file type. | |
| compression_type | Type of compression to use when writing, if any | |
| params | The per-file information for this file. | |
| [out] | err | Will be set to an error code on failure. |
| [out] | err_info | for some errors, a string giving more details of the error |
| WS_DLL_PUBLIC void wtap_dump_params_cleanup | ( | wtap_dump_params * | params | ) |
Free memory associated with the wtap_dump_params when it is no longer in use by wtap_dumper.
| params | The parameters as initialized by wtap_dump_params_init. |
| WS_DLL_PUBLIC void wtap_dump_params_discard_decryption_secrets | ( | wtap_dump_params * | params | ) |
Remove any decryption secret information from the per-file information; used if we're stripping decryption secrets as we write the file.
| params | The parameters for wtap_dump_* from which to remove the decryption secrets.. |
| WS_DLL_PUBLIC void wtap_dump_params_discard_name_resolution | ( | wtap_dump_params * | params | ) |
Remove any name resolution information from the per-file information; used if we're stripping name resolution as we write the file.
| params | The parameters for wtap_dump_* from which to remove the name resolution.. |
| WS_DLL_PUBLIC void wtap_dump_params_init | ( | wtap_dump_params * | params, |
| wtap * | wth | ||
| ) |
Initialize the per-file information based on an existing file.
Its contents must be freed according to the requirements of wtap_dump_params. If wth does not remain valid for the duration of the session, dsbs_growing MUST be cleared after this function.
| params | The parameters for wtap_dump_* to initialize. |
| wth | The wiretap session. |
| WS_DLL_PUBLIC void wtap_dump_params_init_no_idbs | ( | wtap_dump_params * | params, |
| wtap * | wth | ||
| ) |
Initialize the per-file information based on an existing file, but don't copy over the interface information.
Its contents must be freed according to the requirements of wtap_dump_params. If wth does not remain valid for the duration of the session, dsbs_growing MUST be cleared after this function.
XXX - this should eventually become wtap_dump_params_init(), with all programs writing capture files copying IDBs over by hand, so that they handle IDBs in the middle of the file.
| params | The parameters for wtap_dump_* to initialize. |
| wth | The wiretap session. |
| WS_DLL_PUBLIC int wtap_dump_required_file_encap_type | ( | const GArray * | file_encaps | ) |
Determine the required per-file encapsulation type.
Given an array of WTAP_ENCAP_ types, returns the appropriate per-file encapsulation type needed to write a file containing all of them. May return WTAP_ENCAP_PER_PACKET if multiple types are present and the format supports it.
| file_encaps | GArray of WTAP_ENCAP_ values. |
| WS_DLL_PUBLIC const char * wtap_encap_description | ( | int | encap | ) |
Get a human-readable description for an encapsulation type.
Returns a descriptive string suitable for UI display or logs describing the encapsulation.
| encap | Encapsulation type (WTAP_ENCAP_...). |
| WS_DLL_PUBLIC const char * wtap_encap_name | ( | int | encap | ) |
Get a short name for an encapsulation type.
Returns a short, programmer-friendly name for the given WTAP_ENCAP_ value.
| encap | Encapsulation type (WTAP_ENCAP_...). |
| WS_DLL_PUBLIC void wtap_fdclose | ( | wtap * | wth | ) |
Close all file descriptors for the current wiretap file.
Releases both sequential and random-access file handles.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC bool wtap_fdreopen | ( | wtap * | wth, |
| const char * | filename, | ||
| int * | err | ||
| ) |
Reopen the random-access file descriptor for the current file.
Useful when switching access modes or recovering from descriptor loss.
| wth | Wiretap file handle. |
| filename | Path to the file to reopen. |
| err | Pointer to an error code variable. |
| WS_DLL_PUBLIC void wtap_file_add_decryption_secrets | ( | wtap * | wth, |
| const wtap_block_t | dsb | ||
| ) |
Adds a Decryption Secrets Block to the open wiretap session.
The passed-in DSB is added to the DSBs for the current session.
| wth | The wiretap session. |
| dsb | The Decryption Secrets Block to add |
| WS_DLL_PUBLIC bool wtap_file_discard_decryption_secrets | ( | wtap * | wth | ) |
Remove any decryption secret information from the per-file information; used if we're stripping decryption secrets while the file is open.
| wth | The wiretap session from which to remove the decryption secrets. |
| WS_DLL_PUBLIC int wtap_file_encap | ( | wtap * | wth | ) |
Get the encapsulation type for the capture file.
Returns the WTAP_ENCAP_... value used for packet encapsulation.
| wth | Wiretap file handle. |
Get the end timestamp of the capture file.
Returns a pointer to the last packet's timestamp, if available.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC wtap_block_t wtap_file_get_dsb | ( | wtap * | wth, |
| unsigned | dsb_num | ||
| ) |
Gets existing decryption secrets block, not for new file.
Returns the pointer to an existing DSB, without creating a new one. This should only be used for accessing info.
| wth | The wiretap session. |
| dsb_num | The ordinal number (0-based) of the decryption secrets block in the file |
| WS_DLL_PUBLIC wtapng_iface_descriptions_t * wtap_file_get_idb_info | ( | wtap * | wth | ) |
Gets existing interface descriptions.
Returns a new struct containing a pointer to the existing description, without creating new descriptions internally.
| wth | The wiretap session. |
| WS_DLL_PUBLIC wtap_block_t wtap_file_get_nrb | ( | wtap * | wth | ) |
Gets existing name resolution block, not for new file.
Returns the pointer to the existing NRB, without creating a new one. This should only be used for accessing info, not for creating a new file based on existing NRB info. Use wtap_file_get_nrb_for_new_file() for that.
| wth | The wiretap session. |
XXX - need to be updated to handle multiple NRBs.
| WS_DLL_PUBLIC unsigned wtap_file_get_num_dsbs | ( | wtap * | wth | ) |
Gets number of decryption secrets blocks.
Returns the number of existing DSBs.
| wth | The wiretap session. |
| WS_DLL_PUBLIC unsigned wtap_file_get_num_shbs | ( | wtap * | wth | ) |
Gets number of section header blocks.
Returns the number of existing SHBs.
| wth | The wiretap session. |
| WS_DLL_PUBLIC wtap_block_t wtap_file_get_shb | ( | wtap * | wth, |
| unsigned | shb_num | ||
| ) |
Gets existing section header block, not for new file.
Returns the pointer to an existing SHB, without creating a new one. This should only be used for accessing info, not for creating a new file based on existing SHB info. Use wtap_file_get_shb_for_new_file() for that.
| wth | The wiretap session. |
| shb_num | The ordinal number (0-based) of the section header in the file |
| WS_DLL_PUBLIC unsigned wtap_file_get_shb_global_interface_id | ( | wtap * | wth, |
| unsigned | shb_num, | ||
| uint32_t | interface_id | ||
| ) |
Gets the unique interface id for a SHB's interface.
Given an existing SHB number and an interface ID within that section, returns the unique ordinal number (0-based) of that interface over the entire wiretap session.
| wth | The wiretap session. |
| shb_num | The ordinal number (0-based) of a section header |
| interface_id | An interface id within the section |
| WS_DLL_PUBLIC int64_t wtap_file_size | ( | wtap * | wth, |
| int * | err | ||
| ) |
Get the size of the capture file.
Returns the total file size in bytes. On failure, sets an error code.
| wth | Wiretap file handle. |
| err | Pointer to an error code variable. |
Get the start timestamp of the capture file.
Returns a pointer to the first packet's timestamp, if available.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC int wtap_file_tsprec | ( | wtap * | wth | ) |
Get the timestamp precision for the capture file.
Returns the WTAP_TSPREC_... value indicating timestamp resolution.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC int wtap_file_type_subtype | ( | wtap * | wth | ) |
Get the file type subtype.
Returns the format-specific subtype identifier for the capture file.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC const char * wtap_file_type_subtype_description | ( | int | file_type_subtype | ) |
Get a human-readable description for a file type/subtype.
Returns a descriptive string suitable for UI display or logs that describes the given file type/subtype.
| file_type_subtype | File type/subtype identifier. |
| WS_DLL_PUBLIC const char * wtap_file_type_subtype_name | ( | int | file_type_subtype | ) |
Get a short name for a file type/subtype.
Returns a concise, programmer-friendly name for the given file type/subtype.
| file_type_subtype | File type/subtype identifier. |
| WS_DLL_PUBLIC block_support_t wtap_file_type_subtype_supports_block | ( | int | file_type_subtype, |
| wtap_block_type_t | type | ||
| ) |
Determine whether a capture file format supports a given block type.
Returns how the specified file type/subtype handles the supplied block type, indicating whether the block is supported, optional, required, or not supported.
| file_type_subtype | File type/subtype identifier. |
| type | Block type to query (wtap_block_type_t). |
| WS_DLL_PUBLIC option_support_t wtap_file_type_subtype_supports_option | ( | int | file_type_subtype, |
| wtap_block_type_t | type, | ||
| unsigned | opttype | ||
| ) |
Determine whether a capture file format supports a specific option for a block.
Queries the support level for the given option type within the specified block for a particular file type/subtype.
The returned value indicates whether the option is supported, optional, required, or not supported in that file format/subtype.
| file_type_subtype | File type/subtype identifier. |
| type | Block type to query (wtap_block_type_t). |
| opttype | Option type identifier (option type number). |
| WS_DLL_PUBLIC void wtap_free_extensions_list | ( | GSList * | extensions | ) |
Free a list of file extension strings returned by extension helpers.
Frees the GSList and each string it contains. The list must have been returned by one of:
Each string in the list is freed with g_free() before the list itself is freed.
| extensions | GSList of char* strings to free; may be NULL. |
| WS_DLL_PUBLIC void wtap_free_idb_info | ( | wtapng_iface_descriptions_t * | idb_info | ) |
Free's a interface description block and all of its members.
This free's all of the interface descriptions inside the passed-in struct, including their members (e.g., comments); and then free's the passed-in struct as well.
| WS_DLL_PUBLIC GSList * wtap_get_all_capture_file_extensions_list | ( | void | ) |
Return a list of all extensions that are used by all capture file types, including compressed extensions, e.g. not just "pcap" but also "pcap.gz" if we can read gzipped files.
"Capture files" means "include file types that correspond to collections of network packets, but not file types that store data that just happens to be transported over protocols such as HTTP but that aren't collections of network packets", so that it could be used for "All Capture Files" without picking up JPEG files or files such as that - those aren't capture files, and we do have them listed in the long list of individual file types, so omitting them from "All Capture Files" is the right thing to do.
All strings in the list are allocated with g_malloc() and must be freed with g_free().
This is used to generate a list of extensions to look for if the user chooses "All Capture Files" in a file open dialog.
| WS_DLL_PUBLIC GSList * wtap_get_all_file_extensions_list | ( | void | ) |
Return a list of all extensions that are used by all file types that we can read, including compressed extensions, e.g. not just "pcap" but also "pcap.gz" if we can read gzipped files.
"File type" means "include file types that correspond to collections of network packets, as well as file types that store data that just happens to be transported over protocols such as HTTP but that aren't collections of network packets, and plain text files".
All strings in the list are allocated with g_malloc() and must be freed with g_free().
| WS_DLL_PUBLIC ws_compression_type wtap_get_compression_type | ( | wtap * | wth | ) |
Get the compression type used for the capture file.
Returns the compression method applied to the file, if any.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC char * wtap_get_debug_if_descr | ( | const wtap_block_t | if_descr, |
| const int | indent, | ||
| const char * | line_end | ||
| ) |
Gets a debug string of an interface description.
Returns a newly allocated string of debug information about the given interface description, useful for debugging.
| if_descr | The interface description. |
| indent | Number of spaces to indent each line by. |
| line_end | A string to append to each line (e.g., "\n" or ", "). |
| WS_DLL_PUBLIC GSList * wtap_get_file_extension_type_extensions | ( | unsigned | extension_type | ) |
Get the list of extensions for a file extension type.
Returns a GSList of strings containing the file extensions associated with the specified extension type. Each string is allocated with g_malloc() and must be freed with g_free() by the caller. The list itself should be freed with wtap_free_extensions_list().
| extension_type | File extension type identifier. |
| WS_DLL_PUBLIC const char * wtap_get_file_extension_type_name | ( | int | extension_type | ) |
Get the short name for a file extension type.
Returns a short, programmer-friendly name for the given file extension type identifier (for example, a canonical key used in UI lists).
The returned string is owned by the library and must not be freed by the caller.
| extension_type | File extension type identifier. |
| WS_DLL_PUBLIC GSList * wtap_get_file_extensions_list | ( | int | file_type_subtype, |
| bool | include_compressed | ||
| ) |
Return a list of file extensions that are used by the specified file type and subtype.
If include_compressed is true, the list will include compressed extensions, e.g. not just "pcap" but also "pcap.gz" if we can read gzipped files.
All strings in the list are allocated with g_malloc() and must be freed with g_free().
| file_type_subtype | File type/subtype identifier. |
| include_compressed | True to include compressed extensions; false to include only uncompressed ones. |
| WS_DLL_PUBLIC wtap_block_t wtap_get_next_interface_description | ( | wtap * | wth | ) |
Gets next interface description.
This returns the first unfetched wtap_block_t from the set of interface descriptions. Returns NULL if there are no more unfetched interface descriptions; a subsequent call after wtap_read() returns, either with a new record or an EOF, may return another interface description.
| WS_DLL_PUBLIC int wtap_get_num_encap_types | ( | void | ) |
Return the number of known encapsulation types.
Returns the count of WTAP_ENCAP_ values the library recognizes.
| WS_DLL_PUBLIC int wtap_get_num_file_type_extensions | ( | void | ) |
Return the number of registered file type extension groups.
Returns the count of known file type extension entries (the number of different file type / extension groups the library knows about).
| WS_DLL_PUBLIC GArray * wtap_get_savable_file_types_subtypes_for_file | ( | int | file_type_subtype, |
| const GArray * | file_encaps, | ||
| uint32_t | required_comment_types, | ||
| ft_sort_order | sort_order | ||
| ) |
Get savable file type/subtype candidates for saving a capture file.
Get a GArray of file type/subtype values for file types/subtypes that can be used to save a file of a given type with a given GArray of WTAP_ENCAP_ types and the given bitmask of comment types.
The returned GArray contains int values (file type/subtype identifiers) and must be freed with g_array_unref() by the caller.
| file_type_subtype | File type/subtype identifier of the source file. |
| file_encaps | GArray of WTAP_ENCAP_ values representing required encapsulations. |
| required_comment_types | Bitmask of required comment type flags. |
| sort_order | Ordering to apply to the returned list (ft_sort_order). |
| WS_DLL_PUBLIC GArray * wtap_get_writable_file_types_subtypes | ( | ft_sort_order | sort_order | ) |
Get a list of all writable file type/subtype values.
Returns a GArray containing all registered file type/subtype identifiers that support writing (dumping) capture files. The array elements are int values representing file type/subtype identifiers and must be freed with g_array_unref() by the caller.
| sort_order | Ordering to apply to the returned list (ft_sort_order). |
| WS_DLL_PUBLIC bool wtap_has_open_info | ( | const char * | name | ) |
Check if an open_info handler with the given name is registered.
| name | Short name of the handler. |
| WS_DLL_PUBLIC void wtap_init | ( | bool | load_wiretap_plugins, |
| const char * | app_env_var_prefix, | ||
| const struct file_extension_info * | file_extensions, | ||
| unsigned | num_extensions | ||
| ) |
Initialize the Wiretap library.
| load_wiretap_plugins | Load Wiretap plugins when initializing library. |
| app_env_var_prefix | The prefix for the application environment variable used to get the personal config directory. |
| file_extensions | Array of file extensions supported by the application |
| num_extensions | Number of file extensions supported by the application |
| WS_DLL_PUBLIC int wtap_name_to_encap | ( | const char * | short_name | ) |
Convert a short encapsulation name to its WTAP_ENCAP_ value.
Parses a short encap name (as returned by wtap_encap_name) and returns the corresponding encapsulation constant.
| short_name | Short encap name string. |
| WS_DLL_PUBLIC int wtap_name_to_file_type_subtype | ( | const char * | name | ) |
Convert a file type/subtype name to its identifier.
Parses a short name (as returned by wtap_file_type_subtype_name) and returns the corresponding file type/subtype identifier.
| name | Short name string for the file type/subtype. |
| WS_DLL_PUBLIC struct wtap * wtap_open_offline | ( | const char * | filename, |
| unsigned int | type, | ||
| int * | err, | ||
| char ** | err_info, | ||
| bool | do_random, | ||
| const char * | app_env_var_prefix | ||
| ) |
Open a capture file for offline analysis.
Attempts to open the specified file using either automatic format detection or an explicitly chosen format. On failure, returns NULL and stores error details into the "int" pointed to by its second argument:
| filename | Name of the file to open | |
| type | WTAP_TYPE_AUTO for automatic recognize file format or explicit choose format type | |
| [out] | err | a positive "errno" value if the capture file can't be opened; a negative number, indicating the type of error, on other failures. |
| [out] | err_info | for some errors, a string giving more details of the error |
| do_random | true if random access to the file will be done, | |
| app_env_var_prefix | The prefix for the application environment variable used to get the personal config directory. false if not |
| WS_DLL_PUBLIC int wtap_pcap_file_type_subtype | ( | void | ) |
Get the file type/subtype identifier for classic pcap (microsecond timestamps).
| WS_DLL_PUBLIC int wtap_pcap_nsec_file_type_subtype | ( | void | ) |
Get the file type/subtype identifier for pcap with nanosecond timestamps.
| WS_DLL_PUBLIC int wtap_pcapng_file_type_subtype | ( | void | ) |
Get the file type/subtype identifier for pcapng.
| WS_DLL_PUBLIC int wtap_plugins_supported | ( | void | ) |
Query whether libwiretap plugin loading is available.
Returns a status code indicating whether libwiretap can load plugins on the current platform and build configuration.
Return values: 0 Plugins can be loaded for libwiretap (file type). 1 Plugins are not supported by the platform. -1 Plugins were disabled in the build configuration.
| WS_DLL_PUBLIC bool wtap_read | ( | wtap * | wth, |
| wtap_rec * | rec, | ||
| int * | err, | ||
| char ** | err_info, | ||
| int64_t * | offset | ||
| ) |
Read the next record in the file, filling in *phdr and *buf.
| wth | a wtap * returned by a call that opened a file for reading. |
| rec | a pointer to a wtap_rec, filled in with information about the record and the data from the record. |
| err | a positive "errno" value, or a negative number indicating the type of error, if the read failed. |
| err_info | for some errors, a string giving more details of the error |
| offset | a pointer to a int64_t, set to the offset in the file that should be used on calls to wtap_seek_read() to reread that record, if the read succeeded. |
| WS_DLL_PUBLIC int64_t wtap_read_so_far | ( | wtap * | wth | ) |
Return an approximation of the amount of data read sequentially.
Provides a rough estimate of how many bytes have been read from the file so far, useful for progress tracking or tailing scenarios.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC void wtap_rec_apply_snapshot | ( | wtap_rec * | rec, |
| uint32_t | snaplen | ||
| ) |
| WS_DLL_PUBLIC void wtap_rec_cleanup | ( | wtap_rec * | rec | ) |
Clean up a wtap_rec structure.
Frees any memory allocated by wtap_rec_init().
| rec | Pointer to the wtap_rec structure. |
| WS_DLL_PUBLIC void wtap_rec_init | ( | wtap_rec * | rec, |
| size_t | space | ||
| ) |
| WS_DLL_PUBLIC void wtap_rec_reset | ( | wtap_rec * | rec | ) |
| WS_DLL_PUBLIC int wtap_register_encap_type | ( | const char * | description, |
| const char * | name | ||
| ) |
Register a new packet encapsulation type.
| description | Human-readable description. |
| name | Short canonical name. |
| WS_DLL_PUBLIC void wtap_register_file_type_extension | ( | const struct file_extension_info * | ei | ) |
Register file extension information for a file type.
Dynamically registers a new file type's extension metadata so the library can recognize and present the extensions in UI lists and file dialogs.
The caller retains ownership of ei; the function will copy or reference the data as needed according to the library's registration semantics.
| ei | Pointer to a file_extension_info structure describing the file type's extensions. |
| WS_DLL_PUBLIC int wtap_register_file_type_subtype | ( | const struct file_type_subtype_info * | fi | ) |
Register a file type/subtype.
| fi | Pointer to file_type_subtype_info. |
| WS_DLL_PUBLIC void wtap_register_open_info | ( | struct open_info * | oi, |
| const bool | first_routine | ||
| ) |
| WS_DLL_PUBLIC void wtap_register_plugin | ( | const wtap_plugin * | plug | ) |
Register a wiretap plugin.
Registers a plugin with the library. If the plugin provides a register_wtap_module callback, that callback will be invoked to perform module-specific registrations (file formats, encapsulations, extensions, etc.).
The caller retains ownership of plug.
| plug | Pointer to a wtap_plugin describing the plugin's registration callback(s). |
| WS_DLL_PUBLIC bool wtap_seek_read | ( | wtap * | wth, |
| int64_t | seek_off, | ||
| wtap_rec * | rec, | ||
| int * | err, | ||
| char ** | err_info | ||
| ) |
Read the record at a specified offset in a capture file, filling in *phdr and *buf.
| wth | a wtap * returned by a call that opened a file for random-access reading. |
| seek_off | a int64_t giving an offset value returned by a previous wtap_read() call. |
| rec | a pointer to a struct wtap_rec, filled in with information about the record and the data from the record. |
| err | a positive "errno" value, or a negative number indicating the type of error, if the read failed. |
| err_info | for some errors, a string giving more details of the error |
| WS_DLL_PUBLIC void wtap_sequential_close | ( | wtap * | wth | ) |
Close the sequential-access side of the file.
Frees memory associated with buffered reads while retaining random-access capability.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC void wtap_set_cb_new_ipv4 | ( | wtap * | wth, |
| wtap_new_ipv4_callback_t | add_new_ipv4 | ||
| ) |
Set the callback for adding new IPv4 hostnames.
Registers a function to be called when new IPv4 addresses are discovered. Currently used only for pcapng files.
| wth | Wiretap file handle. |
| add_new_ipv4 | Callback function to register. |
| WS_DLL_PUBLIC void wtap_set_cb_new_ipv6 | ( | wtap * | wth, |
| wtap_new_ipv6_callback_t | add_new_ipv6 | ||
| ) |
Set the callback for adding new IPv6 hostnames.
Registers a function to be called when new IPv6 addresses are discovered. Currently used only for pcapng files.
| wth | Wiretap file handle. |
| add_new_ipv6 | Callback function to register. |
| WS_DLL_PUBLIC void wtap_set_cb_new_secrets | ( | wtap * | wth, |
| wtap_new_secrets_callback_t | add_new_secrets | ||
| ) |
Set the callback for receiving new decryption secrets.
Registers a function to be called when decryption secrets are discovered. Currently used only for pcapng files.
| wth | Wiretap file handle. |
| add_new_secrets | Callback function to register. |
| WS_DLL_PUBLIC void wtap_setup_custom_block_rec | ( | wtap_rec * | rec, |
| uint32_t | pen, | ||
| uint32_t | payload_length, | ||
| bool | copy_allowed | ||
| ) |
Set up a wtap_rec for a custom block.
Initializes the record as REC_TYPE_CUSTOM_BLOCK with the given Private Enterprise Number (PEN), payload length, and copy permission flag.
| rec | Pointer to the wtap_rec structure. |
| pen | Private Enterprise Number identifying the block owner. |
| payload_length | Length of the custom block payload in bytes. |
| copy_allowed | True if copying the block is permitted; false otherwise. |
Set up a wtap_rec for a custom block (REC_TYPE_CUSTOM_BLOCK).
| WS_DLL_PUBLIC void wtap_setup_ft_specific_event_rec | ( | wtap_rec * | rec, |
| int | file_type_subtype, | ||
| unsigned | record_type | ||
| ) |
Set up a wtap_rec for a file-type specific event.
Initializes the record as REC_TYPE_FT_SPECIFIC_EVENT with the given subtype and record type.
| rec | Pointer to the wtap_rec structure. |
| file_type_subtype | Format-specific subtype identifier. |
| record_type | Format-specific record type identifier. |
Set up a wtap_rec for a file-type specific event (REC_TYPE_FT_SPECIFIC_EVENT);
| WS_DLL_PUBLIC void wtap_setup_ft_specific_report_rec | ( | wtap_rec * | rec, |
| int | file_type_subtype, | ||
| unsigned | record_type | ||
| ) |
Set up a wtap_rec for a file-type specific report.
Initializes the record as REC_TYPE_FT_SPECIFIC_REPORT with the given subtype and record type.
| rec | Pointer to the wtap_rec structure. |
| file_type_subtype | Format-specific subtype identifier. |
| record_type | Format-specific record type identifier. |
Set up a wtap_rec for a file-type specific report (REC_TYPE_FT_SPECIFIC_REPORT);
| WS_DLL_PUBLIC void wtap_setup_packet_rec | ( | wtap_rec * | rec, |
| int | encap | ||
| ) |
| WS_DLL_PUBLIC void wtap_setup_syscall_rec | ( | wtap_rec * | rec | ) |
| WS_DLL_PUBLIC void wtap_setup_systemd_journal_export_rec | ( | wtap_rec * | rec | ) |
| WS_DLL_PUBLIC unsigned wtap_snapshot_length | ( | wtap * | wth | ) |
Get the snapshot length for the capture file.
Returns the maximum number of bytes captured per packet.
| wth | Wiretap file handle. |
| WS_DLL_PUBLIC const char * wtap_strerror | ( | int | err | ) |
Return a human-readable error string for a WTAP error code.
Maps wiretap error codes to descriptive strings for logging and diagnostics.
| err | WTAP error code. |
| WS_DLL_PUBLIC const char * wtap_tsprec_string | ( | int | tsprec | ) |
Convert a timestamp precision constant to a string.
Returns a short string describing the timestamp precision (e.g., "microsecond", "nanosecond").
| tsprec | Timestamp precision constant (WTAP_TSPREC_...). |
| WS_DLL_PUBLIC char * wtap_unwritable_rec_type_err_string | ( | const wtap_rec * | rec | ) |
Return an error string for WTAP_ERR_UNWRITABLE_REC_TYPE.
Provides a human-readable explanation for why a given record type cannot be written to a file.
| rec | Pointer to the wtap_rec structure. |
Return an error string for WTAP_ERR_UNWRITABLE_REC_TYPE.
| WS_DLL_PUBLIC bool wtap_uses_lua_filehandler | ( | const wtap * | wth | ) |
Check whether a wtap handle uses a Lua-based file handler.
| wth | Pointer to wtap handle. |
| WS_DLL_PUBLIC void wtap_write_shb_comment | ( | wtap * | wth, |
| char * | comment | ||
| ) |
Sets or replaces the section header comment.
The passed-in comment string is set to be the comment for the section header block. The passed-in string's ownership will be owned by the block, so it should be duplicated before passing into this function.
| wth | The wiretap session. |
| comment | The comment string. |
| WS_DLL_PUBLIC struct open_info* open_routines |
Table of registered wiretap file open handlers.
Each entry describes how to recognize and open a supported file format. Populated during wiretap module initialization.
1.9.8