#ifndef CLICK_FAKEPCAP_HH #define CLICK_FAKEPCAP_HH #include #include CLICK_DECLS #define FAKE_PCAP_MAGIC 0xA1B2C3D4 #define FAKE_MODIFIED_PCAP_MAGIC 0xA1B2CD34 #define FAKE_PCAP_VERSION_MAJOR 2 #define FAKE_PCAP_VERSION_MINOR 4 /* Canonical (pcap file) data link types (may differ from host versions) */ #define FAKE_DLT_NONE (-1) /* Unknown */ #define FAKE_DLT_NULL 0 /* Null encapsulation */ #define FAKE_DLT_EN10MB 1 /* Ethernet (10Mb) */ #define FAKE_DLT_PPP 9 /* PPP */ #define FAKE_DLT_FDDI 10 /* FDDI */ #define FAKE_DLT_PPP_HDLC 50 /* PPP or Cisco HDLC */ #define FAKE_DLT_ATM_RFC1483 100 /* RFC 1483-encapsulated ATM */ #define FAKE_DLT_RAW 101 /* raw IP */ #define FAKE_DLT_C_HDLC 104 /* Cisco HDLC */ #define FAKE_DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ #define FAKE_DLT_LINUX_SLL 113 /* Linux cooked socket */ #define FAKE_DLT_PRISM_HEADER 119 /* 802.11+Prism II monitor code */ #define FAKE_DLT_AIRONET_HEADER 120 /* Aironet wireless header */ #define FAKE_DLT_SUNATM 123 /* Full Frontal ATM: ATM header + ATM_RFC1483 */ /* Host data link types */ #define FAKE_DLT_HOST_RAW 12 /* raw IP */ /* * The first record in the file contains saved values for some * of the flags used in the printout phases of tcpdump. * Many fields here are 32 bit ints so compilers won't insert unwanted * padding; these files need to be interchangeable across architectures. */ struct fake_pcap_file_header { uint32_t magic; uint16_t version_major; uint16_t version_minor; int32_t thiszone; /* gmt to local correction */ uint32_t sigfigs; /* accuracy of timestamps */ uint32_t snaplen; /* max length saved portion of each pkt */ uint32_t linktype; /* data link type (DLT_*) */ }; struct fake_bpf_timeval { int32_t tv_sec; int32_t tv_usec; inline static const Timestamp *make_timestamp(const fake_bpf_timeval *tv, fake_bpf_timeval *storage); }; /* * Each packet in the dump file is prepended with this generic header. * This gets around the problem of different headers for different * packet interfaces. */ struct fake_pcap_pkthdr { struct fake_bpf_timeval ts; /* time stamp */ uint32_t caplen; /* length of portion present */ uint32_t len; /* length this packet (off wire) */ }; /* Unfortunately, Linux tcpdump generates a different format. */ struct fake_modified_pcap_pkthdr { struct fake_pcap_pkthdr hdr; /* the regular header */ uint32_t ifindex; /* index, in *capturing* machine's list of interfaces, of the interface on which this packet came in. */ uint16_t protocol; /* Ethernet packet type */ uint8_t pkt_type; /* broadcast/multicast/etc. indication */ uint8_t pad; /* pad to a 4-byte boundary */ }; // Parsing and unparsing. int fake_pcap_parse_dlt(const String&); String fake_pcap_unparse_dlt(int); int fake_pcap_canonical_dlt(int, bool from_file); // Handling FORCE_IP. bool fake_pcap_dlt_force_ipable(int); bool fake_pcap_force_ip(Packet*&, int); bool fake_pcap_force_ip(WritablePacket*&, int); inline bool fake_pcap_force_ip(WritablePacket*& p, int dlt) { return fake_pcap_force_ip(reinterpret_cast(p), dlt); } inline const Timestamp * fake_bpf_timeval::make_timestamp(const fake_bpf_timeval *tv, fake_bpf_timeval *ts_storage) { #if HAVE_NANOTIMESTAMP ts_storage->tv_sec = tv->tv_sec; ts_storage->tv_usec = Timestamp::usec_to_subsec(tv->tv_usec); return reinterpret_cast(ts_storage); #else (void) ts_storage; return reinterpret_cast(tv); #endif } CLICK_ENDDECLS #endif