| | 17 | typedef int32_t bpf_int32; |
| | 18 | typedef u_int32_t bpf_u_int32; |
| | 19 | |
| | 20 | /* |
| | 21 | * Data-link level type codes. |
| | 22 | */ |
| | 23 | #define DLT_NULL 0 /* BSD loopback encapsulation */ |
| | 24 | #define DLT_EN10MB 1 /* Ethernet (10Mb) */ |
| | 25 | #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ |
| | 26 | #define DLT_AX25 3 /* Amateur Radio AX.25 */ |
| | 27 | #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ |
| | 28 | #define DLT_CHAOS 5 /* Chaos */ |
| | 29 | #define DLT_IEEE802 6 /* IEEE 802 Networks */ |
| | 30 | #define DLT_ARCNET 7 /* ARCNET */ |
| | 31 | #define DLT_SLIP 8 /* Serial Line IP */ |
| | 32 | #define DLT_PPP 9 /* Point-to-point Protocol */ |
| | 33 | #define DLT_FDDI 10 /* FDDI */ |
| | 34 | #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ |
| | 35 | #define DLT_RAW 12 /* raw IP */ |
| | 36 | |
| | 37 | /* |
| | 38 | * These are values from BSD/OS's "bpf.h". |
| | 39 | * These are not the same as the values from the traditional libpcap |
| | 40 | * "bpf.h"; however, these values shouldn't be generated by any |
| | 41 | * OS other than BSD/OS, so the correct values to use here are the |
| | 42 | * BSD/OS values. |
| | 43 | * |
| | 44 | * Platforms that have already assigned these values to other |
| | 45 | * DLT_ codes, however, should give these codes the values |
| | 46 | * from that platform, so that programs that use these codes will |
| | 47 | * continue to compile - even though they won't correctly read |
| | 48 | * files of these types. |
| | 49 | */ |
| | 50 | #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ |
| | 51 | #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ |
| | 52 | |
| | 53 | #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ |
| | 54 | |
| | 55 | /* |
| | 56 | * These values are defined by NetBSD; other platforms should refrain from |
| | 57 | * using them for other purposes, so that NetBSD savefiles with link |
| | 58 | * types of 50 or 51 can be read as this type on all platforms. |
| | 59 | */ |
| | 60 | #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ |
| | 61 | #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ |
| | 62 | |
| | 63 | /* |
| | 64 | * Reserved for the Symantec Enterprise Firewall. |
| | 65 | */ |
| | 66 | #define DLT_SYMANTEC_FIREWALL 99 |
| | 67 | |
| | 68 | |
| | 69 | /* |
| | 70 | * This value was defined by libpcap 0.5; platforms that have defined |
| | 71 | * it with a different value should define it here with that value - |
| | 72 | * a link type of 104 in a save file will be mapped to DLT_C_HDLC, |
| | 73 | * whatever value that happens to be, so programs will correctly |
| | 74 | * handle files with that link type regardless of the value of |
| | 75 | * DLT_C_HDLC. |
| | 76 | * |
| | 77 | * The name DLT_C_HDLC was used by BSD/OS; we use that name for source |
| | 78 | * compatibility with programs written for BSD/OS. |
| | 79 | * |
| | 80 | * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, |
| | 81 | * for source compatibility with programs written for libpcap 0.5. |
| | 82 | */ |
| | 83 | #define DLT_C_HDLC 104 /* Cisco HDLC */ |
| | 84 | #define DLT_CHDLC DLT_C_HDLC |
| | 85 | |
| | 86 | #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ |
| | 87 | |
| | 88 | /* |
| | 89 | * Values between 106 and 107 are used in capture file headers as |
| | 90 | * link-layer types corresponding to DLT_ types that might differ |
| | 91 | * between platforms; don't use those values for new DLT_ new types. |
| | 92 | */ |
| | 93 | |
| | 94 | /* |
| | 95 | * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides |
| | 96 | * with other values. |
| | 97 | * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header |
| | 98 | * (DLCI, etc.). |
| | 99 | */ |
| | 100 | #define DLT_FRELAY 107 |
| | 101 | |
| | 102 | /* |
| | 103 | * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except |
| | 104 | * that the AF_ type in the link-layer header is in network byte order. |
| | 105 | * |
| | 106 | * OpenBSD defines it as 12, but that collides with DLT_RAW, so we |
| | 107 | * define it as 108 here. If OpenBSD picks up this file, it should |
| | 108 | * define DLT_LOOP as 12 in its version, as per the comment above - |
| | 109 | * and should not use 108 as a DLT_ value. |
| | 110 | */ |
| | 111 | #define DLT_LOOP 108 |
| | 112 | |
| | 113 | /* |
| | 114 | * Values between 109 and 112 are used in capture file headers as |
| | 115 | * link-layer types corresponding to DLT_ types that might differ |
| | 116 | * between platforms; don't use those values for new DLT_ new types. |
| | 117 | */ |
| | 118 | |
| | 119 | /* |
| | 120 | * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's |
| | 121 | * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other |
| | 122 | * than OpenBSD. |
| | 123 | */ |
| | 124 | #define DLT_ENC 109 |
| | 125 | |
| | 126 | /* |
| | 127 | * This is for Linux cooked sockets. |
| | 128 | */ |
| | 129 | #define DLT_LINUX_SLL 113 |
| | 130 | |
| | 131 | /* |
| | 132 | * Apple LocalTalk hardware. |
| | 133 | */ |
| | 134 | #define DLT_LTALK 114 |
| | 135 | |
| | 136 | /* |
| | 137 | * Acorn Econet. |
| | 138 | */ |
| | 139 | #define DLT_ECONET 115 |
| | 140 | |
| | 141 | /* |
| | 142 | * Reserved for use with OpenBSD ipfilter. |
| | 143 | */ |
| | 144 | #define DLT_IPFILTER 116 |
| | 145 | |
| | 146 | /* |
| | 147 | * Reserved for use in capture-file headers as a link-layer type |
| | 148 | * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, |
| | 149 | * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it |
| | 150 | * in capture-file headers. |
| | 151 | */ |
| | 152 | #define DLT_PFLOG 117 |
| | 153 | |
| | 154 | /* |
| | 155 | * Registered for Cisco-internal use. |
| | 156 | */ |
| | 157 | #define DLT_CISCO_IOS 118 |
| | 158 | |
| | 159 | /* |
| | 160 | * Reserved for 802.11 cards using the Prism II chips, with a link-layer |
| | 161 | * header including Prism monitor mode information plus an 802.11 |
| | 162 | * header. |
| | 163 | */ |
| | 164 | #define DLT_PRISM_HEADER 119 |
| | 165 | |
| | 166 | /* |
| | 167 | * Reserved for Aironet 802.11 cards, with an Aironet link-layer header |
| | 168 | * (see Doug Ambrisko's FreeBSD patches). |
| | 169 | */ |
| | 170 | #define DLT_AIRONET_HEADER 120 |
| | 171 | |
| | 172 | /* |
| | 173 | * Reserved for use by OpenBSD's pfsync device. |
| | 174 | */ |
| | 175 | #define DLT_PFSYNC 121 |
| | 176 | |
| | 177 | /* |
| | 178 | * Reserved for Siemens HiPath HDLC. XXX |
| | 179 | */ |
| | 180 | #define DLT_HHDLC 121 |
| | 181 | |
| | 182 | /* |
| | 183 | * Reserved for RFC 2625 IP-over-Fibre Channel. |
| | 184 | */ |
| | 185 | #define DLT_IP_OVER_FC 122 |
| | 186 | |
| | 187 | /* |
| | 188 | * Reserved for Full Frontal ATM on Solaris. |
| | 189 | */ |
| | 190 | #define DLT_SUNATM 123 |
| | 191 | |
| | 192 | /* |
| | 193 | * Reserved as per request from Kent Dahlgren <kent@praesum.com> |
| | 194 | * for private use. |
| | 195 | */ |
| | 196 | #define DLT_RIO 124 /* RapidIO */ |
| | 197 | #define DLT_PCI_EXP 125 /* PCI Express */ |
| | 198 | #define DLT_AURORA 126 /* Xilinx Aurora link layer */ |
| | 199 | |
| | 200 | /* |
| | 201 | * BSD header for 802.11 plus a number of bits of link-layer information |
| | 202 | * including radio information. |
| | 203 | */ |
| | 204 | #ifndef DLT_IEEE802_11_RADIO |
| | 205 | #define DLT_IEEE802_11_RADIO 127 |
| | 206 | #endif |
| | 207 | |
| | 208 | /* |
| | 209 | * Reserved for TZSP encapsulation. |
| | 210 | */ |
| | 211 | #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */ |
| | 212 | |
| | 213 | /* |
| | 214 | * Reserved for Linux ARCNET. |
| | 215 | */ |
| | 216 | #define DLT_ARCNET_LINUX 129 |
| | 217 | |
| | 218 | /* |
| | 219 | * Juniper-private data link types. |
| | 220 | */ |
| | 221 | #define DLT_JUNIPER_MLPPP 130 |
| | 222 | #define DLT_JUNIPER_MLFR 131 |
| | 223 | #define DLT_JUNIPER_ES 132 |
| | 224 | #define DLT_JUNIPER_GGSN 133 |
| | 225 | #define DLT_JUNIPER_MFR 134 |
| | 226 | #define DLT_JUNIPER_ATM2 135 |
| | 227 | #define DLT_JUNIPER_SERVICES 136 |
| | 228 | #define DLT_JUNIPER_ATM1 137 |
| | 229 | |
| | 230 | /* |
| | 231 | * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund |
| | 232 | * <dieter@apple.com>. The header that's presented is an Ethernet-like |
| | 233 | * header: |
| | 234 | * |
| | 235 | * #define FIREWIRE_EUI64_LEN 8 |
| | 236 | * struct firewire_header { |
| | 237 | * u_char firewire_dhost[FIREWIRE_EUI64_LEN]; |
| | 238 | * u_char firewire_shost[FIREWIRE_EUI64_LEN]; |
| | 239 | * u_short firewire_type; |
| | 240 | * }; |
| | 241 | * |
| | 242 | * with "firewire_type" being an Ethernet type value, rather than, |
| | 243 | * for example, raw GASP frames being handed up. |
| | 244 | */ |
| | 245 | #define DLT_APPLE_IP_OVER_IEEE1394 138 |
| | 246 | |
| | 247 | /* |
| | 248 | * Various SS7 encapsulations, as per a request from Jeff Morriss |
| | 249 | * <jeff.morriss[AT]ulticom.com> and subsequent discussions. |
| | 250 | */ |
| | 251 | #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ |
| | 252 | #define DLT_MTP2 140 /* MTP2, without pseudo-header */ |
| | 253 | #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ |
| | 254 | #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ |
| | 255 | |
| | 256 | /* |
| | 257 | * Reserved for DOCSIS. |
| | 258 | */ |
| | 259 | #define DLT_DOCSIS 143 |
| | 260 | |
| | 261 | /* |
| | 262 | * Reserved for Linux IrDA. |
| | 263 | */ |
| | 264 | #define DLT_LINUX_IRDA 144 |
| | 265 | |
| | 266 | /* |
| | 267 | * Reserved for IBM SP switch and IBM Next Federation switch. |
| | 268 | */ |
| | 269 | #define DLT_IBM_SP 145 |
| | 270 | #define DLT_IBM_SN 146 |
| | 271 | |
| | 272 | /* |
| | 273 | * Reserved for private use. If you have some link-layer header type |
| | 274 | * that you want to use within your organization, with the capture files |
| | 275 | * using that link-layer header type not ever be sent outside your |
| | 276 | * organization, you can use these values. |
| | 277 | * |
| | 278 | * No libpcap release will use these for any purpose, nor will any |
| | 279 | * tcpdump release use them, either. |
| | 280 | * |
| | 281 | * Do *NOT* use these in capture files that you expect anybody not using |
| | 282 | * your private versions of capture-file-reading tools to read; in |
| | 283 | * particular, do *NOT* use them in products, otherwise you may find that |
| | 284 | * people won't be able to use tcpdump, or snort, or Ethereal, or... to |
| | 285 | * read capture files from your firewall/intrusion detection/traffic |
| | 286 | * monitoring/etc. appliance, or whatever product uses that DLT_ value, |
| | 287 | * and you may also find that the developers of those applications will |
| | 288 | * not accept patches to let them read those files. |
| | 289 | * |
| | 290 | * Also, do not use them if somebody might send you a capture using them |
| | 291 | * for *their* private type and tools using them for *your* private type |
| | 292 | * would have to read them. |
| | 293 | * |
| | 294 | * Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value, |
| | 295 | * as per the comment above, and use the type you're given. |
| | 296 | */ |
| | 297 | #define DLT_USER0 147 |
| | 298 | #define DLT_USER1 148 |
| | 299 | #define DLT_USER2 149 |
| | 300 | #define DLT_USER3 150 |
| | 301 | #define DLT_USER4 151 |
| | 302 | #define DLT_USER5 152 |
| | 303 | #define DLT_USER6 153 |
| | 304 | #define DLT_USER7 154 |
| | 305 | #define DLT_USER8 155 |
| | 306 | #define DLT_USER9 156 |
| | 307 | #define DLT_USER10 157 |
| | 308 | #define DLT_USER11 158 |
| | 309 | #define DLT_USER12 159 |
| | 310 | #define DLT_USER13 160 |
| | 311 | #define DLT_USER14 161 |
| | 312 | #define DLT_USER15 162 |
| | 313 | |
| | 314 | /* |
| | 315 | * For future use with 802.11 captures - defined by AbsoluteValue |
| | 316 | * Systems to store a number of bits of link-layer information |
| | 317 | * including radio information: |
| | 318 | * |
| | 319 | * http://www.shaftnet.org/~pizza/software/capturefrm.txt |
| | 320 | * |
| | 321 | * but it might be used by some non-AVS drivers now or in the |
| | 322 | * future. |
| | 323 | */ |
| | 324 | #define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */ |
| | 325 | |
| | 326 | /* |
| | 327 | * Juniper-private data link type, as per request from |
| | 328 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
| | 329 | * for passing on chassis-internal metainformation such as |
| | 330 | * QOS profiles, etc.. |
| | 331 | */ |
| | 332 | #define DLT_JUNIPER_MONITOR 164 |
| | 333 | |
| | 334 | /* |
| | 335 | * Reserved for BACnet MS/TP. |
| | 336 | */ |
| | 337 | #define DLT_BACNET_MS_TP 165 |
| | 338 | |
| | 339 | /* |
| | 340 | * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>. |
| | 341 | * |
| | 342 | * This is used in some OSes to allow a kernel socket filter to distinguish |
| | 343 | * between incoming and outgoing packets, on a socket intended to |
| | 344 | * supply pppd with outgoing packets so it can do dial-on-demand and |
| | 345 | * hangup-on-lack-of-demand; incoming packets are filtered out so they |
| | 346 | * don't cause pppd to hold the connection up (you don't want random |
| | 347 | * input packets such as port scans, packets from old lost connections, |
| | 348 | * etc. to force the connection to stay up). |
| | 349 | * |
| | 350 | * The first byte of the PPP header (0xff03) is modified to accomodate |
| | 351 | * the direction - 0x00 = IN, 0x01 = OUT. |
| | 352 | */ |
| | 353 | #define DLT_PPP_PPPD 166 |
| | 354 | |
| | 355 | /* |
| | 356 | * Names for backwards compatibility with older versions of some PPP |
| | 357 | * software; new software should use DLT_PPP_PPPD. |
| | 358 | */ |
| | 359 | #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD |
| | 360 | #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD |
| | 361 | |
| | 362 | /* |
| | 363 | * Juniper-private data link type, as per request from |
| | 364 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
| | 365 | * for passing on chassis-internal metainformation such as |
| | 366 | * QOS profiles, cookies, etc.. |
| | 367 | */ |
| | 368 | #define DLT_JUNIPER_PPPOE 167 |
| | 369 | #define DLT_JUNIPER_PPPOE_ATM 168 |
| | 370 | |
| | 371 | #define DLT_GPRS_LLC 169 /* GPRS LLC */ |
| | 372 | #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */ |
| | 373 | #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */ |
| | 374 | |
| | 375 | /* |
| | 376 | * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line |
| | 377 | * monitoring equipment. |
| | 378 | */ |
| | 379 | #define DLT_GCOM_T1E1 172 |
| | 380 | #define DLT_GCOM_SERIAL 173 |
| | 381 | |
| | 382 | /* |
| | 383 | * Juniper-private data link type, as per request from |
| | 384 | * Hannes Gredler <hannes@juniper.net>. The DLT_ is used |
| | 385 | * for internal communication to Physical Interface Cards (PIC) |
| | 386 | */ |
| | 387 | #define DLT_JUNIPER_PIC_PEER 174 |
| | 388 | |
| | 389 | /* |
| | 390 | * Link types requested by Gregor Maier <gregor@endace.com> of Endace |
| | 391 | * Measurement Systems. They add an ERF header (see |
| | 392 | * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of |
| | 393 | * the link-layer header. |
| | 394 | */ |
| | 395 | #define DLT_ERF_ETH 175 /* Ethernet */ |
| | 396 | #define DLT_ERF_POS 176 /* Packet-over-SONET */ |
| | 397 | |
| | 398 | /* |
| | 399 | * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD |
| | 400 | * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header |
| | 401 | * includes additional information before the LAPD header, so it's |
| | 402 | * not necessarily a generic LAPD header. |
| | 403 | */ |
| | 404 | #define DLT_LINUX_LAPD 177 |
| | 405 | |
| | 406 | /* |
| | 407 | * Juniper-private data link type, as per request from |
| | 408 | * Hannes Gredler <hannes@juniper.net>. |
| | 409 | * The DLT_ are used for prepending meta-information |
| | 410 | * like interface index, interface name |
| | 411 | * before standard Ethernet, PPP, Frelay & C-HDLC Frames |
| | 412 | */ |
| | 413 | #define DLT_JUNIPER_ETHER 178 |
| | 414 | #define DLT_JUNIPER_PPP 179 |
| | 415 | #define DLT_JUNIPER_FRELAY 180 |
| | 416 | #define DLT_JUNIPER_CHDLC 181 |
| | 417 | |
| | 418 | /* |
| | 419 | * Multi Link Frame Relay (FRF.16) |
| | 420 | */ |
| | 421 | #define DLT_MFR 182 |
| | 422 | |
| | 423 | /* |
| | 424 | * Juniper-private data link type, as per request from |
| | 425 | * Hannes Gredler <hannes@juniper.net>. |
| | 426 | * The DLT_ is used for internal communication with a |
| | 427 | * voice Adapter Card (PIC) |
| | 428 | */ |
| | 429 | #define DLT_JUNIPER_VP 183 |
| | 430 | |
| | 431 | /* |
| | 432 | * Arinc 429 frames. |
| | 433 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| | 434 | * Every frame contains a 32bit A429 label. |
| | 435 | * More documentation on Arinc 429 can be found at |
| | 436 | * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf |
| | 437 | */ |
| | 438 | #define DLT_A429 184 |
| | 439 | |
| | 440 | /* |
| | 441 | * Arinc 653 Interpartition Communication messages. |
| | 442 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| | 443 | * Please refer to the A653-1 standard for more information. |
| | 444 | */ |
| | 445 | #define DLT_A653_ICM 185 |
| | 446 | |
| | 447 | /* |
| | 448 | * USB packets, beginning with a USB setup header; requested by |
| | 449 | * Paolo Abeni <paolo.abeni@email.it>. |
| | 450 | */ |
| | 451 | #define DLT_USB 186 |
| | 452 | |
| | 453 | /* |
| | 454 | * Bluetooth HCI UART transport layer (part H:4); requested by |
| | 455 | * Paolo Abeni. |
| | 456 | */ |
| | 457 | #define DLT_BLUETOOTH_HCI_H4 187 |
| | 458 | |
| | 459 | /* |
| | 460 | * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz |
| | 461 | * <cruz_petagay@bah.com>. |
| | 462 | */ |
| | 463 | #define DLT_IEEE802_16_MAC_CPS 188 |
| | 464 | |
| | 465 | /* |
| | 466 | * USB packets, beginning with a Linux USB header; requested by |
| | 467 | * Paolo Abeni <paolo.abeni@email.it>. |
| | 468 | */ |
| | 469 | #define DLT_USB_LINUX 189 |
| | 470 | |
| | 471 | /* |
| | 472 | * Controller Area Network (CAN) v. 2.0B packets. |
| | 473 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| | 474 | * Used to dump CAN packets coming from a CAN Vector board. |
| | 475 | * More documentation on the CAN v2.0B frames can be found at |
| | 476 | * http://www.can-cia.org/downloads/?269 |
| | 477 | */ |
| | 478 | #define DLT_CAN20B 190 |
| | 479 | |
| | 480 | /* |
| | 481 | * IEEE 802.15.4, with address fields padded, as is done by Linux |
| | 482 | * drivers; requested by Juergen Schimmer. |
| | 483 | */ |
| | 484 | #define DLT_IEEE802_15_4_LINUX 191 |
| | 485 | |
| | 486 | /* |
| | 487 | * Per Packet Information encapsulated packets. |
| | 488 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| | 489 | */ |
| | 490 | #define DLT_PPI 192 |
| | 491 | |
| | 492 | /* |
| | 493 | * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header; |
| | 494 | * requested by Charles Clancy. |
| | 495 | */ |
| | 496 | #define DLT_IEEE802_16_MAC_CPS_RADIO 193 |
| | 497 | |
| | 498 | /* |
| | 499 | * Juniper-private data link type, as per request from |
| | 500 | * Hannes Gredler <hannes@juniper.net>. |
| | 501 | * The DLT_ is used for internal communication with a |
| | 502 | * integrated service module (ISM). |
| | 503 | */ |
| | 504 | #define DLT_JUNIPER_ISM 194 |
| | 505 | |
| | 506 | /* |
| | 507 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no |
| | 508 | * nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>. |
| | 509 | */ |
| | 510 | #define DLT_IEEE802_15_4 195 |
| | 511 | |
| | 512 | /* |
| | 513 | * Various link-layer types, with a pseudo-header, for SITA |
| | 514 | * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com). |
| | 515 | */ |
| | 516 | #define DLT_SITA 196 |
| | 517 | |
| | 518 | /* |
| | 519 | * Various link-layer types, with a pseudo-header, for Endace DAG cards; |
| | 520 | * encapsulates Endace ERF records. Requested by Stephen Donnelly |
| | 521 | * <stephen@endace.com>. |
| | 522 | */ |
| | 523 | #define DLT_ERF 197 |
| | 524 | |
| | 525 | /* |
| | 526 | * Special header prepended to Ethernet packets when capturing from a |
| | 527 | * u10 Networks board. Requested by Phil Mulholland |
| | 528 | * <phil@u10networks.com>. |
| | 529 | */ |
| | 530 | #define DLT_RAIF1 198 |
| | 531 | |
| | 532 | /* |
| | 533 | * IPMB packet for IPMI, beginning with the I2C slave address, followed |
| | 534 | * by the netFn and LUN, etc.. Requested by Chanthy Toeung |
| | 535 | * <chanthy.toeung@ca.kontron.com>. |
| | 536 | */ |
| | 537 | #define DLT_IPMB 199 |
| | 538 | |
| | 539 | /* |
| | 540 | * Juniper-private data link type, as per request from |
| | 541 | * Hannes Gredler <hannes@juniper.net>. |
| | 542 | * The DLT_ is used for capturing data on a secure tunnel interface. |
| | 543 | */ |
| | 544 | #define DLT_JUNIPER_ST 200 |
| | 545 | |
| | 546 | /* |
| | 547 | * Bluetooth HCI UART transport layer (part H:4), with pseudo-header |
| | 548 | * that includes direction information; requested by Paolo Abeni. |
| | 549 | */ |
| | 550 | #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 |
| | 551 | |
| | 552 | /* |
| | 553 | * The instruction encodings. |
| | 554 | */ |
| | 555 | /* instruction classes */ |
| | 556 | #define BPF_CLASS(code) ((code) & 0x07) |
| | 557 | #define BPF_LD 0x00 |
| | 558 | #define BPF_LDX 0x01 |
| | 559 | #define BPF_ST 0x02 |
| | 560 | #define BPF_STX 0x03 |
| | 561 | #define BPF_ALU 0x04 |
| | 562 | #define BPF_JMP 0x05 |
| | 563 | #define BPF_RET 0x06 |
| | 564 | #define BPF_MISC 0x07 |
| | 565 | |
| | 566 | /* ld/ldx fields */ |
| | 567 | #define BPF_SIZE(code) ((code) & 0x18) |
| | 568 | #define BPF_W 0x00 |
| | 569 | #define BPF_H 0x08 |
| | 570 | #define BPF_B 0x10 |
| | 571 | #define BPF_MODE(code) ((code) & 0xe0) |
| | 572 | #define BPF_IMM 0x00 |
| | 573 | #define BPF_ABS 0x20 |
| | 574 | #define BPF_IND 0x40 |
| | 575 | #define BPF_MEM 0x60 |
| | 576 | #define BPF_LEN 0x80 |
| | 577 | #define BPF_MSH 0xa0 |
| | 578 | |
| | 579 | /* alu/jmp fields */ |
| | 580 | #define BPF_OP(code) ((code) & 0xf0) |
| | 581 | #define BPF_ADD 0x00 |
| | 582 | #define BPF_SUB 0x10 |
| | 583 | #define BPF_MUL 0x20 |
| | 584 | #define BPF_DIV 0x30 |
| | 585 | #define BPF_OR 0x40 |
| | 586 | #define BPF_AND 0x50 |
| | 587 | #define BPF_LSH 0x60 |
| | 588 | #define BPF_RSH 0x70 |
| | 589 | #define BPF_NEG 0x80 |
| | 590 | #define BPF_JA 0x00 |
| | 591 | #define BPF_JEQ 0x10 |
| | 592 | #define BPF_JGT 0x20 |
| | 593 | #define BPF_JGE 0x30 |
| | 594 | #define BPF_JSET 0x40 |
| | 595 | #define BPF_SRC(code) ((code) & 0x08) |
| | 596 | #define BPF_K 0x00 |
| | 597 | #define BPF_X 0x08 |
| | 598 | |
| | 599 | /* ret - BPF_K and BPF_X also apply */ |
| | 600 | #define BPF_RVAL(code) ((code) & 0x18) |
| | 601 | #define BPF_A 0x10 |
| | 602 | |
| | 603 | /* misc */ |
| | 604 | #define BPF_MISCOP(code) ((code) & 0xf8) |
| | 605 | #define BPF_TAX 0x00 |
| | 606 | #define BPF_TXA 0x80 |
| | 607 | |
| | 608 | /* |
| | 609 | * The instruction data structure. |
| | 610 | */ |
| | 611 | struct bpf_insn { |
| | 612 | u_short code; |
| | 613 | u_char jt; |
| | 614 | u_char jf; |
| | 615 | bpf_u_int32 k; |
| | 616 | }; |
| | 617 | |
| | 618 | /* |
| | 619 | * Macros for insn array initializers. |
| | 620 | */ |
| | 621 | #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } |
| | 622 | #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } |
| | 623 | |
| | 624 | /* |
| | 625 | * Structure to retrieve available DLTs for the interface. |
| | 626 | */ |
| | 627 | struct bpf_dltlist { |
| | 628 | u_int bfl_len; /* number of bfd_list array */ |
| | 629 | u_int *bfl_list; /* array of DLTs */ |
| | 630 | }; |
| | 631 | |
| | 632 | #ifdef _KERNEL |
| | 633 | #ifdef MALLOC_DECLARE |
| | 634 | MALLOC_DECLARE(M_BPF); |
| | 635 | #endif |
| | 636 | #ifdef SYSCTL_DECL |
| | 637 | SYSCTL_DECL(_net_bpf); |
| | 638 | #endif |
| | 639 | |
| | 640 | /* |
| | 641 | * Rotate the packet buffers in descriptor d. Move the store buffer into the |
| | 642 | * hold slot, and the free buffer ino the store slot. Zero the length of the |
| | 643 | * new store buffer. Descriptor lock should be held. |
| | 644 | */ |
| | 645 | #define ROTATE_BUFFERS(d) do { \ |
| | 646 | (d)->bd_hbuf = (d)->bd_sbuf; \ |
| | 647 | (d)->bd_hlen = (d)->bd_slen; \ |
| | 648 | (d)->bd_sbuf = (d)->bd_fbuf; \ |
| | 649 | (d)->bd_slen = 0; \ |
| | 650 | (d)->bd_fbuf = NULL; \ |
| | 651 | bpf_bufheld(d); \ |
| | 652 | } while (0) |
| | 653 | |
| | 654 | /* |
| | 655 | * Descriptor associated with each attached hardware interface. |
| | 656 | */ |
| | 657 | struct bpf_if { |
| | 658 | LIST_ENTRY(bpf_if) bif_next; /* list of all interfaces */ |
| | 659 | LIST_HEAD(, bpf_d) bif_dlist; /* descriptor list */ |
| | 660 | u_int bif_dlt; /* link layer type */ |
| | 661 | u_int bif_hdrlen; /* length of header (with padding) */ |
| | 662 | struct ifnet *bif_ifp; /* corresponding interface */ |
| | 663 | struct mtx bif_mtx; /* mutex for interface */ |
| | 664 | }; |
| | 665 | /* TQH |
| | 666 | void bpf_bufheld(struct bpf_d *d); |
| | 667 | int bpf_validate(const struct bpf_insn *, int); |
| | 668 | void bpf_tap(struct bpf_if *, u_char *, u_int); |
| | 669 | void bpf_mtap(struct bpf_if *, struct mbuf *); |
| | 670 | void bpf_mtap2(struct bpf_if *, void *, u_int, struct mbuf *); |
| | 671 | void bpfattach(struct ifnet *, u_int, u_int); |
| | 672 | void bpfattach2(struct ifnet *, u_int, u_int, struct bpf_if **); |
| | 673 | void bpfdetach(struct ifnet *); |
| | 674 | |
| | 675 | void bpfilterattach(int); |
| | 676 | u_int bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int); |
| | 677 | */ |
| | 678 | /* TODO:TQH are these better? |
| | 679 | static __inline int |
| | 680 | bpf_peers_present(struct bpf_if *bpf) |
| | 681 | { |
| | 682 | |
| | 683 | if (!LIST_EMPTY(&bpf->bif_dlist)) |
| | 684 | return (1); |
| | 685 | return (0); |
| | 686 | } |
| | 687 | |
| | 688 | #define BPF_TAP(_ifp,_pkt,_pktlen) do { \ |
| | 689 | if (bpf_peers_present((_ifp)->if_bpf)) \ |
| | 690 | bpf_tap((_ifp)->if_bpf, (_pkt), (_pktlen)); \ |
| | 691 | } while (0) |
| | 692 | #define BPF_MTAP(_ifp,_m) do { \ |
| | 693 | if (bpf_peers_present((_ifp)->if_bpf)) { \ |
| | 694 | M_ASSERTVALID(_m); \ |
| | 695 | bpf_mtap((_ifp)->if_bpf, (_m)); \ |
| | 696 | } \ |
| | 697 | } while (0) |
| | 698 | #define BPF_MTAP2(_ifp,_data,_dlen,_m) do { \ |
| | 699 | if (bpf_peers_present((_ifp)->if_bpf)) { \ |
| | 700 | M_ASSERTVALID(_m); \ |
| | 701 | bpf_mtap2((_ifp)->if_bpf,(_data),(_dlen),(_m)); \ |
| | 702 | } \ |
| | 703 | } while (0) |
| | 704 | */ |
| | 705 | #endif |
| | 706 | |
| | 707 | /* |
| | 708 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). |
| | 709 | */ |
| | 710 | #define BPF_MEMWORDS 16 |
