1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/* file.h
* Definitions for file structures and routines
*
* $Id: file.h,v 1.2 1998/09/16 03:21:57 gerald Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
* Copyright 1998 Gerald Combs
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifndef __FILE_H__
#define __FILE_H__
#include <sys/types.h>
#include <sys/time.h>
#include <pcap.h>
/* Data file formats */
#define CD_UNKNOWN 0
#define CD_WIRE 1
#define CD_SNOOP 2
#define CD_PCAP_BE 3
#define CD_PCAP_LE 4
#define CD_NA_UNCOMPR 5
/* Data file magic info */
#define SNOOP_MAGIC_1 0x736e6f6f /* 'snoop' in ASCII */
#define SNOOP_MAGIC_2 0x70000000
#define PCAP_MAGIC 0xa1b2c3d4
/* Data file format versions we can handle */
#define SNOOP_MIN_VERSION 2
#define SNOOP_MAX_VERSION 2
/* Link types (removed in favor of the DLT_* defines from bpf.h */
typedef struct bpf_program bpf_prog;
typedef struct _capture_file {
FILE *fh; /* Capture file */
long f_len; /* File length */
int swap; /* Swap data bytes? */
guint16 cd_t; /* Capture data type */
guint32 vers; /* Version. For tcpdump minor is appended to major */
guint32 lnk_t; /* Network link type */
guint32 count; /* Packet count */
guint32 drops; /* Dropped packets */
guint32 esec; /* Elapsed seconds */
guint32 eusec; /* Elapsed microseconds */
guint32 snap; /* Captured packet length */
gchar *iface; /* Interface */
gchar *save_file; /* File to write capture data */
pcap_t *pfh; /* Pcap session */
gchar *filter; /* Pcap filter string */
bpf_prog fcode; /* Compiled filter program */
guint8 pd[4096]; /* Packet data */
GList *plist; /* Packet list */
frame_data *cur; /* Current list item */
} capture_file;
/* Taken from RFC 1761 */
typedef struct _snoop_file_hdr {
guint32 magic1;
guint32 magic2;
guint32 vers;
guint32 s_lnk_t;
} snoop_file_hdr;
typedef struct _snoop_frame_hdr {
guint32 orig_len;
guint32 inc_len;
guint32 pr_len;
guint32 drops;
guint32 secs;
guint32 usecs;
} snoop_frame_hdr;
int open_cap_file(char *, capture_file *);
void close_cap_file(capture_file *, GtkWidget *, guint);
int load_cap_file(char *, capture_file *);
void pcap_dispatch_cb(u_char *, const struct pcap_pkthdr *, const u_char *);
/* size_t read_frame_header(capture_file *); */
#endif /* file.h */
|
