Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
libpcap.h
Go to the documentation of this file.
1
9#ifndef __W_LIBPCAP_H__
10#define __W_LIBPCAP_H__
11
12#include <glib.h>
13#include <wiretap/wtap.h>
14#include "ws_symbol_export.h"
15
16/* Magic numbers in "libpcap" files.
17
18 "libpcap" file records are written in the byte order of the host that
19 writes them, and the reader is expected to fix this up.
20
21 PCAP_MAGIC is the magic number, in host byte order; PCAP_SWAPPED_MAGIC
22 is a byte-swapped version of that.
23
24 PCAP_MODIFIED_MAGIC is for Alexey Kuznetsov's modified "libpcap"
25 format, as generated on Linux systems that have a "libpcap" with
26 his patches, at
27
28 http://ftp.sunet.se/pub/os/Linux/ip-routing/lbl-tools/
29
30 applied; PCAP_SWAPPED_MODIFIED_MAGIC is the byte-swapped version.
31
32 PCAP_IXIAMODIFIED_MAGIC is used by IXIA's lcap file format. It adds
33 a length field at the end of the file header (size of all records).
34 PCAP_SWAPPED_IXIAMODIFIED_MAGIC is the byte-swapped version.
35
36 PCAP_NSEC_MAGIC is for Ulf Lamping's modified "libpcap" format,
37 which uses the same common file format as PCAP_MAGIC, but the
38 timestamps are saved in nanosecond resolution instead of microseconds.
39 PCAP_SWAPPED_NSEC_MAGIC is a byte-swapped version of that. */
40#define PCAP_MAGIC 0xa1b2c3d4
41#define PCAP_SWAPPED_MAGIC 0xd4c3b2a1
42#define PCAP_MODIFIED_MAGIC 0xa1b2cd34
43#define PCAP_SWAPPED_MODIFIED_MAGIC 0x34cdb2a1
44#define PCAP_IXIAHW_MAGIC 0x1c0001ac
45#define PCAP_SWAPPED_IXIAHW_MAGIC 0xac01001c
46#define PCAP_IXIASW_MAGIC 0x1c0001ab
47#define PCAP_SWAPPED_IXIASW_MAGIC 0xab01001c
48#define PCAP_NSEC_MAGIC 0xa1b23c4d
49#define PCAP_SWAPPED_NSEC_MAGIC 0x4d3cb2a1
50
51/* "libpcap" file header (minus magic number). */
52struct pcap_hdr {
53 uint16_t version_major; /* major version number */
54 uint16_t version_minor; /* minor version number */
55 int32_t thiszone; /* GMT to local correction */
56 uint32_t sigfigs; /* accuracy of timestamps */
57 uint32_t snaplen; /* max length of captured packets, in octets */
58 uint32_t network; /* data link type */
59};
60
61/* "libpcap" record header. */
63 uint32_t ts_sec; /* timestamp seconds */
64 uint32_t ts_usec; /* timestamp microseconds (nsecs for PCAP_NSEC_MAGIC) */
65 uint32_t incl_len; /* number of octets of packet saved in file */
66 uint32_t orig_len; /* actual length of packet */
67};
68
69/* "libpcap" record header for Alexey's patched version. */
71 struct pcaprec_hdr hdr; /* the regular header */
72 uint32_t ifindex; /* index, in *capturing* machine's list of
73 interfaces, of the interface on which this
74 packet came in. */
75 uint16_t protocol; /* Ethernet packet type */
76 uint8_t pkt_type; /* broadcast/multicast/etc. indication */
77 uint8_t pad; /* pad to a 4-byte boundary */
78};
79
80/* "libpcap" record header for Alexey's patched version in its ss990915
81 incarnation; this version shows up in SuSE Linux 6.3. */
83 struct pcaprec_hdr hdr; /* the regular header */
84 uint32_t ifindex; /* index, in *capturing* machine's list of
85 interfaces, of the interface on which this
86 packet came in. */
87 uint16_t protocol; /* Ethernet packet type */
88 uint8_t pkt_type; /* broadcast/multicast/etc. indication */
89 uint8_t cpu1, cpu2; /* SMP debugging gunk? */
90 uint8_t pad[3]; /* pad to a 4-byte boundary */
91};
92
93/* "libpcap" record header for version used on some Nokia boxes (firewalls?) */
95 struct pcaprec_hdr hdr; /* the regular header */
96 uint8_t stuff[4]; /* mysterious stuff */
97};
98
99wtap_open_return_val libpcap_open(wtap *wth, int *err, char **err_info);
100
101#endif
Definition libpcap.h:52
Definition libpcap.h:62
Definition libpcap.h:70
Definition libpcap.h:94
Definition libpcap.h:82
Definition wtap-int.h:37