Return to bpf.h CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libnet / win32 / wpdpack / Include / pcap |
1.1 misho 1: /*- 2: * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3: * The Regents of the University of California. All rights reserved. 4: * 5: * This code is derived from the Stanford/CMU enet packet filter, 6: * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7: * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8: * Berkeley Laboratory. 9: * 10: * Redistribution and use in source and binary forms, with or without 11: * modification, are permitted provided that the following conditions 12: * are met: 13: * 1. Redistributions of source code must retain the above copyright 14: * notice, this list of conditions and the following disclaimer. 15: * 2. Redistributions in binary form must reproduce the above copyright 16: * notice, this list of conditions and the following disclaimer in the 17: * documentation and/or other materials provided with the distribution. 18: * 3. All advertising materials mentioning features or use of this software 19: * must display the following acknowledgement: 20: * This product includes software developed by the University of 21: * California, Berkeley and its contributors. 22: * 4. Neither the name of the University nor the names of its contributors 23: * may be used to endorse or promote products derived from this software 24: * without specific prior written permission. 25: * 26: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36: * SUCH DAMAGE. 37: * 38: * @(#)bpf.h 7.1 (Berkeley) 5/7/91 39: * 40: * @(#) $Header: /tcpdump/master/libpcap/pcap/bpf.h,v 1.19.2.8 2008-09-22 20:16:01 guy Exp $ (LBL) 41: */ 42: 43: /* 44: * This is libpcap's cut-down version of bpf.h; it includes only 45: * the stuff needed for the code generator and the userland BPF 46: * interpreter, and the libpcap APIs for setting filters, etc.. 47: * 48: * "pcap-bpf.c" will include the native OS version, as it deals with 49: * the OS's BPF implementation. 50: * 51: * XXX - should this all just be moved to "pcap.h"? 52: */ 53: 54: #ifndef BPF_MAJOR_VERSION 55: 56: #ifdef __cplusplus 57: extern "C" { 58: #endif 59: 60: /* BSD style release date */ 61: #define BPF_RELEASE 199606 62: 63: #ifdef MSDOS /* must be 32-bit */ 64: typedef long bpf_int32; 65: typedef unsigned long bpf_u_int32; 66: #else 67: typedef int bpf_int32; 68: typedef u_int bpf_u_int32; 69: #endif 70: 71: /* 72: * Alignment macros. BPF_WORDALIGN rounds up to the next 73: * even multiple of BPF_ALIGNMENT. 74: */ 75: #ifndef __NetBSD__ 76: #define BPF_ALIGNMENT sizeof(bpf_int32) 77: #else 78: #define BPF_ALIGNMENT sizeof(long) 79: #endif 80: #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 81: 82: #define BPF_MAXBUFSIZE 0x8000 83: #define BPF_MINBUFSIZE 32 84: 85: /* 86: * Structure for "pcap_compile()", "pcap_setfilter()", etc.. 87: */ 88: struct bpf_program { 89: u_int bf_len; 90: struct bpf_insn *bf_insns; 91: }; 92: 93: /* 94: * Struct return by BIOCVERSION. This represents the version number of 95: * the filter language described by the instruction encodings below. 96: * bpf understands a program iff kernel_major == filter_major && 97: * kernel_minor >= filter_minor, that is, if the value returned by the 98: * running kernel has the same major number and a minor number equal 99: * equal to or less than the filter being downloaded. Otherwise, the 100: * results are undefined, meaning an error may be returned or packets 101: * may be accepted haphazardly. 102: * It has nothing to do with the source code version. 103: */ 104: struct bpf_version { 105: u_short bv_major; 106: u_short bv_minor; 107: }; 108: /* Current version number of filter architecture. */ 109: #define BPF_MAJOR_VERSION 1 110: #define BPF_MINOR_VERSION 1 111: 112: /* 113: * Data-link level type codes. 114: * 115: * Do *NOT* add new values to this list without asking 116: * "tcpdump-workers@lists.tcpdump.org" for a value. Otherwise, you run 117: * the risk of using a value that's already being used for some other 118: * purpose, and of having tools that read libpcap-format captures not 119: * being able to handle captures with your new DLT_ value, with no hope 120: * that they will ever be changed to do so (as that would destroy their 121: * ability to read captures using that value for that other purpose). 122: */ 123: 124: /* 125: * These are the types that are the same on all platforms, and that 126: * have been defined by <net/bpf.h> for ages. 127: */ 128: #define DLT_NULL 0 /* BSD loopback encapsulation */ 129: #define DLT_EN10MB 1 /* Ethernet (10Mb) */ 130: #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ 131: #define DLT_AX25 3 /* Amateur Radio AX.25 */ 132: #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ 133: #define DLT_CHAOS 5 /* Chaos */ 134: #define DLT_IEEE802 6 /* 802.5 Token Ring */ 135: #define DLT_ARCNET 7 /* ARCNET, with BSD-style header */ 136: #define DLT_SLIP 8 /* Serial Line IP */ 137: #define DLT_PPP 9 /* Point-to-point Protocol */ 138: #define DLT_FDDI 10 /* FDDI */ 139: 140: /* 141: * These are types that are different on some platforms, and that 142: * have been defined by <net/bpf.h> for ages. We use #ifdefs to 143: * detect the BSDs that define them differently from the traditional 144: * libpcap <net/bpf.h> 145: * 146: * XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS, 147: * but I don't know what the right #define is for BSD/OS. 148: */ 149: #define DLT_ATM_RFC1483 11 /* LLC-encapsulated ATM */ 150: 151: #ifdef __OpenBSD__ 152: #define DLT_RAW 14 /* raw IP */ 153: #else 154: #define DLT_RAW 12 /* raw IP */ 155: #endif 156: 157: /* 158: * Given that the only OS that currently generates BSD/OS SLIP or PPP 159: * is, well, BSD/OS, arguably everybody should have chosen its values 160: * for DLT_SLIP_BSDOS and DLT_PPP_BSDOS, which are 15 and 16, but they 161: * didn't. So it goes. 162: */ 163: #if defined(__NetBSD__) || defined(__FreeBSD__) 164: #ifndef DLT_SLIP_BSDOS 165: #define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ 166: #define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ 167: #endif 168: #else 169: #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ 170: #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ 171: #endif 172: 173: /* 174: * 17 is used for DLT_OLD_PFLOG in OpenBSD; 175: * OBSOLETE: DLT_PFLOG is 117 in OpenBSD now as well. See below. 176: * 18 is used for DLT_PFSYNC in OpenBSD; don't use it for anything else. 177: */ 178: 179: #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ 180: 181: /* 182: * Apparently Redback uses this for its SmartEdge 400/800. I hope 183: * nobody else decided to use it, too. 184: */ 185: #define DLT_REDBACK_SMARTEDGE 32 186: 187: /* 188: * These values are defined by NetBSD; other platforms should refrain from 189: * using them for other purposes, so that NetBSD savefiles with link 190: * types of 50 or 51 can be read as this type on all platforms. 191: */ 192: #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ 193: #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ 194: 195: /* 196: * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses 197: * a link-layer type of 99 for the tcpdump it supplies. The link-layer 198: * header has 6 bytes of unknown data, something that appears to be an 199: * Ethernet type, and 36 bytes that appear to be 0 in at least one capture 200: * I've seen. 201: */ 202: #define DLT_SYMANTEC_FIREWALL 99 203: 204: /* 205: * Values between 100 and 103 are used in capture file headers as 206: * link-layer types corresponding to DLT_ types that differ 207: * between platforms; don't use those values for new DLT_ new types. 208: */ 209: 210: /* 211: * This value was defined by libpcap 0.5; platforms that have defined 212: * it with a different value should define it here with that value - 213: * a link type of 104 in a save file will be mapped to DLT_C_HDLC, 214: * whatever value that happens to be, so programs will correctly 215: * handle files with that link type regardless of the value of 216: * DLT_C_HDLC. 217: * 218: * The name DLT_C_HDLC was used by BSD/OS; we use that name for source 219: * compatibility with programs written for BSD/OS. 220: * 221: * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, 222: * for source compatibility with programs written for libpcap 0.5. 223: */ 224: #define DLT_C_HDLC 104 /* Cisco HDLC */ 225: #define DLT_CHDLC DLT_C_HDLC 226: 227: #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ 228: 229: /* 230: * 106 is reserved for Linux Classical IP over ATM; it's like DLT_RAW, 231: * except when it isn't. (I.e., sometimes it's just raw IP, and 232: * sometimes it isn't.) We currently handle it as DLT_LINUX_SLL, 233: * so that we don't have to worry about the link-layer header.) 234: */ 235: 236: /* 237: * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides 238: * with other values. 239: * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header 240: * (DLCI, etc.). 241: */ 242: #define DLT_FRELAY 107 243: 244: /* 245: * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except 246: * that the AF_ type in the link-layer header is in network byte order. 247: * 248: * DLT_LOOP is 12 in OpenBSD, but that's DLT_RAW in other OSes, so 249: * we don't use 12 for it in OSes other than OpenBSD. 250: */ 251: #ifdef __OpenBSD__ 252: #define DLT_LOOP 12 253: #else 254: #define DLT_LOOP 108 255: #endif 256: 257: /* 258: * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's 259: * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other 260: * than OpenBSD. 261: */ 262: #ifdef __OpenBSD__ 263: #define DLT_ENC 13 264: #else 265: #define DLT_ENC 109 266: #endif 267: 268: /* 269: * Values between 110 and 112 are reserved for use in capture file headers 270: * as link-layer types corresponding to DLT_ types that might differ 271: * between platforms; don't use those values for new DLT_ types 272: * other than the corresponding DLT_ types. 273: */ 274: 275: /* 276: * This is for Linux cooked sockets. 277: */ 278: #define DLT_LINUX_SLL 113 279: 280: /* 281: * Apple LocalTalk hardware. 282: */ 283: #define DLT_LTALK 114 284: 285: /* 286: * Acorn Econet. 287: */ 288: #define DLT_ECONET 115 289: 290: /* 291: * Reserved for use with OpenBSD ipfilter. 292: */ 293: #define DLT_IPFILTER 116 294: 295: /* 296: * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023 297: * in SuSE 6.3, so we can't use 17 for it in capture-file headers. 298: * 299: * XXX: is there a conflict with DLT_PFSYNC 18 as well? 300: */ 301: #ifdef __OpenBSD__ 302: #define DLT_OLD_PFLOG 17 303: #define DLT_PFSYNC 18 304: #endif 305: #define DLT_PFLOG 117 306: 307: /* 308: * Registered for Cisco-internal use. 309: */ 310: #define DLT_CISCO_IOS 118 311: 312: /* 313: * For 802.11 cards using the Prism II chips, with a link-layer 314: * header including Prism monitor mode information plus an 802.11 315: * header. 316: */ 317: #define DLT_PRISM_HEADER 119 318: 319: /* 320: * Reserved for Aironet 802.11 cards, with an Aironet link-layer header 321: * (see Doug Ambrisko's FreeBSD patches). 322: */ 323: #define DLT_AIRONET_HEADER 120 324: 325: /* 326: * Reserved for Siemens HiPath HDLC. 327: */ 328: #define DLT_HHDLC 121 329: 330: /* 331: * This is for RFC 2625 IP-over-Fibre Channel. 332: * 333: * This is not for use with raw Fibre Channel, where the link-layer 334: * header starts with a Fibre Channel frame header; it's for IP-over-FC, 335: * where the link-layer header starts with an RFC 2625 Network_Header 336: * field. 337: */ 338: #define DLT_IP_OVER_FC 122 339: 340: /* 341: * This is for Full Frontal ATM on Solaris with SunATM, with a 342: * pseudo-header followed by an AALn PDU. 343: * 344: * There may be other forms of Full Frontal ATM on other OSes, 345: * with different pseudo-headers. 346: * 347: * If ATM software returns a pseudo-header with VPI/VCI information 348: * (and, ideally, packet type information, e.g. signalling, ILMI, 349: * LANE, LLC-multiplexed traffic, etc.), it should not use 350: * DLT_ATM_RFC1483, but should get a new DLT_ value, so tcpdump 351: * and the like don't have to infer the presence or absence of a 352: * pseudo-header and the form of the pseudo-header. 353: */ 354: #define DLT_SUNATM 123 /* Solaris+SunATM */ 355: 356: /* 357: * Reserved as per request from Kent Dahlgren <kent@praesum.com> 358: * for private use. 359: */ 360: #define DLT_RIO 124 /* RapidIO */ 361: #define DLT_PCI_EXP 125 /* PCI Express */ 362: #define DLT_AURORA 126 /* Xilinx Aurora link layer */ 363: 364: /* 365: * Header for 802.11 plus a number of bits of link-layer information 366: * including radio information, used by some recent BSD drivers as 367: * well as the madwifi Atheros driver for Linux. 368: */ 369: #define DLT_IEEE802_11_RADIO 127 /* 802.11 plus radiotap radio header */ 370: 371: /* 372: * Reserved for the TZSP encapsulation, as per request from 373: * Chris Waters <chris.waters@networkchemistry.com> 374: * TZSP is a generic encapsulation for any other link type, 375: * which includes a means to include meta-information 376: * with the packet, e.g. signal strength and channel 377: * for 802.11 packets. 378: */ 379: #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */ 380: 381: /* 382: * BSD's ARCNET headers have the source host, destination host, 383: * and type at the beginning of the packet; that's what's handed 384: * up to userland via BPF. 385: * 386: * Linux's ARCNET headers, however, have a 2-byte offset field 387: * between the host IDs and the type; that's what's handed up 388: * to userland via PF_PACKET sockets. 389: * 390: * We therefore have to have separate DLT_ values for them. 391: */ 392: #define DLT_ARCNET_LINUX 129 /* ARCNET */ 393: 394: /* 395: * Juniper-private data link types, as per request from 396: * Hannes Gredler <hannes@juniper.net>. The DLT_s are used 397: * for passing on chassis-internal metainformation such as 398: * QOS profiles, etc.. 399: */ 400: #define DLT_JUNIPER_MLPPP 130 401: #define DLT_JUNIPER_MLFR 131 402: #define DLT_JUNIPER_ES 132 403: #define DLT_JUNIPER_GGSN 133 404: #define DLT_JUNIPER_MFR 134 405: #define DLT_JUNIPER_ATM2 135 406: #define DLT_JUNIPER_SERVICES 136 407: #define DLT_JUNIPER_ATM1 137 408: 409: /* 410: * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund 411: * <dieter@apple.com>. The header that's presented is an Ethernet-like 412: * header: 413: * 414: * #define FIREWIRE_EUI64_LEN 8 415: * struct firewire_header { 416: * u_char firewire_dhost[FIREWIRE_EUI64_LEN]; 417: * u_char firewire_shost[FIREWIRE_EUI64_LEN]; 418: * u_short firewire_type; 419: * }; 420: * 421: * with "firewire_type" being an Ethernet type value, rather than, 422: * for example, raw GASP frames being handed up. 423: */ 424: #define DLT_APPLE_IP_OVER_IEEE1394 138 425: 426: /* 427: * Various SS7 encapsulations, as per a request from Jeff Morriss 428: * <jeff.morriss[AT]ulticom.com> and subsequent discussions. 429: */ 430: #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ 431: #define DLT_MTP2 140 /* MTP2, without pseudo-header */ 432: #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ 433: #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ 434: 435: /* 436: * DOCSIS MAC frames. 437: */ 438: #define DLT_DOCSIS 143 439: 440: /* 441: * Linux-IrDA packets. Protocol defined at http://www.irda.org. 442: * Those packets include IrLAP headers and above (IrLMP...), but 443: * don't include Phy framing (SOF/EOF/CRC & byte stuffing), because Phy 444: * framing can be handled by the hardware and depend on the bitrate. 445: * This is exactly the format you would get capturing on a Linux-IrDA 446: * interface (irdaX), but not on a raw serial port. 447: * Note the capture is done in "Linux-cooked" mode, so each packet include 448: * a fake packet header (struct sll_header). This is because IrDA packet 449: * decoding is dependant on the direction of the packet (incomming or 450: * outgoing). 451: * When/if other platform implement IrDA capture, we may revisit the 452: * issue and define a real DLT_IRDA... 453: * Jean II 454: */ 455: #define DLT_LINUX_IRDA 144 456: 457: /* 458: * Reserved for IBM SP switch and IBM Next Federation switch. 459: */ 460: #define DLT_IBM_SP 145 461: #define DLT_IBM_SN 146 462: 463: /* 464: * Reserved for private use. If you have some link-layer header type 465: * that you want to use within your organization, with the capture files 466: * using that link-layer header type not ever be sent outside your 467: * organization, you can use these values. 468: * 469: * No libpcap release will use these for any purpose, nor will any 470: * tcpdump release use them, either. 471: * 472: * Do *NOT* use these in capture files that you expect anybody not using 473: * your private versions of capture-file-reading tools to read; in 474: * particular, do *NOT* use them in products, otherwise you may find that 475: * people won't be able to use tcpdump, or snort, or Ethereal, or... to 476: * read capture files from your firewall/intrusion detection/traffic 477: * monitoring/etc. appliance, or whatever product uses that DLT_ value, 478: * and you may also find that the developers of those applications will 479: * not accept patches to let them read those files. 480: * 481: * Also, do not use them if somebody might send you a capture using them 482: * for *their* private type and tools using them for *your* private type 483: * would have to read them. 484: * 485: * Instead, ask "tcpdump-workers@lists.tcpdump.org" for a new DLT_ value, 486: * as per the comment above, and use the type you're given. 487: */ 488: #define DLT_USER0 147 489: #define DLT_USER1 148 490: #define DLT_USER2 149 491: #define DLT_USER3 150 492: #define DLT_USER4 151 493: #define DLT_USER5 152 494: #define DLT_USER6 153 495: #define DLT_USER7 154 496: #define DLT_USER8 155 497: #define DLT_USER9 156 498: #define DLT_USER10 157 499: #define DLT_USER11 158 500: #define DLT_USER12 159 501: #define DLT_USER13 160 502: #define DLT_USER14 161 503: #define DLT_USER15 162 504: 505: /* 506: * For future use with 802.11 captures - defined by AbsoluteValue 507: * Systems to store a number of bits of link-layer information 508: * including radio information: 509: * 510: * http://www.shaftnet.org/~pizza/software/capturefrm.txt 511: * 512: * but it might be used by some non-AVS drivers now or in the 513: * future. 514: */ 515: #define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */ 516: 517: /* 518: * Juniper-private data link type, as per request from 519: * Hannes Gredler <hannes@juniper.net>. The DLT_s are used 520: * for passing on chassis-internal metainformation such as 521: * QOS profiles, etc.. 522: */ 523: #define DLT_JUNIPER_MONITOR 164 524: 525: /* 526: * Reserved for BACnet MS/TP. 527: */ 528: #define DLT_BACNET_MS_TP 165 529: 530: /* 531: * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>. 532: * 533: * This is used in some OSes to allow a kernel socket filter to distinguish 534: * between incoming and outgoing packets, on a socket intended to 535: * supply pppd with outgoing packets so it can do dial-on-demand and 536: * hangup-on-lack-of-demand; incoming packets are filtered out so they 537: * don't cause pppd to hold the connection up (you don't want random 538: * input packets such as port scans, packets from old lost connections, 539: * etc. to force the connection to stay up). 540: * 541: * The first byte of the PPP header (0xff03) is modified to accomodate 542: * the direction - 0x00 = IN, 0x01 = OUT. 543: */ 544: #define DLT_PPP_PPPD 166 545: 546: /* 547: * Names for backwards compatibility with older versions of some PPP 548: * software; new software should use DLT_PPP_PPPD. 549: */ 550: #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD 551: #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD 552: 553: /* 554: * Juniper-private data link type, as per request from 555: * Hannes Gredler <hannes@juniper.net>. The DLT_s are used 556: * for passing on chassis-internal metainformation such as 557: * QOS profiles, cookies, etc.. 558: */ 559: #define DLT_JUNIPER_PPPOE 167 560: #define DLT_JUNIPER_PPPOE_ATM 168 561: 562: #define DLT_GPRS_LLC 169 /* GPRS LLC */ 563: #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */ 564: #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */ 565: 566: /* 567: * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line 568: * monitoring equipment. 569: */ 570: #define DLT_GCOM_T1E1 172 571: #define DLT_GCOM_SERIAL 173 572: 573: /* 574: * Juniper-private data link type, as per request from 575: * Hannes Gredler <hannes@juniper.net>. The DLT_ is used 576: * for internal communication to Physical Interface Cards (PIC) 577: */ 578: #define DLT_JUNIPER_PIC_PEER 174 579: 580: /* 581: * Link types requested by Gregor Maier <gregor@endace.com> of Endace 582: * Measurement Systems. They add an ERF header (see 583: * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of 584: * the link-layer header. 585: */ 586: #define DLT_ERF_ETH 175 /* Ethernet */ 587: #define DLT_ERF_POS 176 /* Packet-over-SONET */ 588: 589: /* 590: * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD 591: * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header 592: * includes additional information before the LAPD header, so it's 593: * not necessarily a generic LAPD header. 594: */ 595: #define DLT_LINUX_LAPD 177 596: 597: /* 598: * Juniper-private data link type, as per request from 599: * Hannes Gredler <hannes@juniper.net>. 600: * The DLT_ are used for prepending meta-information 601: * like interface index, interface name 602: * before standard Ethernet, PPP, Frelay & C-HDLC Frames 603: */ 604: #define DLT_JUNIPER_ETHER 178 605: #define DLT_JUNIPER_PPP 179 606: #define DLT_JUNIPER_FRELAY 180 607: #define DLT_JUNIPER_CHDLC 181 608: 609: /* 610: * Multi Link Frame Relay (FRF.16) 611: */ 612: #define DLT_MFR 182 613: 614: /* 615: * Juniper-private data link type, as per request from 616: * Hannes Gredler <hannes@juniper.net>. 617: * The DLT_ is used for internal communication with a 618: * voice Adapter Card (PIC) 619: */ 620: #define DLT_JUNIPER_VP 183 621: 622: /* 623: * Arinc 429 frames. 624: * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 625: * Every frame contains a 32bit A429 label. 626: * More documentation on Arinc 429 can be found at 627: * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf 628: */ 629: #define DLT_A429 184 630: 631: /* 632: * Arinc 653 Interpartition Communication messages. 633: * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 634: * Please refer to the A653-1 standard for more information. 635: */ 636: #define DLT_A653_ICM 185 637: 638: /* 639: * USB packets, beginning with a USB setup header; requested by 640: * Paolo Abeni <paolo.abeni@email.it>. 641: */ 642: #define DLT_USB 186 643: 644: /* 645: * Bluetooth HCI UART transport layer (part H:4); requested by 646: * Paolo Abeni. 647: */ 648: #define DLT_BLUETOOTH_HCI_H4 187 649: 650: /* 651: * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz 652: * <cruz_petagay@bah.com>. 653: */ 654: #define DLT_IEEE802_16_MAC_CPS 188 655: 656: /* 657: * USB packets, beginning with a Linux USB header; requested by 658: * Paolo Abeni <paolo.abeni@email.it>. 659: */ 660: #define DLT_USB_LINUX 189 661: 662: /* 663: * Controller Area Network (CAN) v. 2.0B packets. 664: * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 665: * Used to dump CAN packets coming from a CAN Vector board. 666: * More documentation on the CAN v2.0B frames can be found at 667: * http://www.can-cia.org/downloads/?269 668: */ 669: #define DLT_CAN20B 190 670: 671: /* 672: * IEEE 802.15.4, with address fields padded, as is done by Linux 673: * drivers; requested by Juergen Schimmer. 674: */ 675: #define DLT_IEEE802_15_4_LINUX 191 676: 677: /* 678: * Per Packet Information encapsulated packets. 679: * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. 680: */ 681: #define DLT_PPI 192 682: 683: /* 684: * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header; 685: * requested by Charles Clancy. 686: */ 687: #define DLT_IEEE802_16_MAC_CPS_RADIO 193 688: 689: /* 690: * Juniper-private data link type, as per request from 691: * Hannes Gredler <hannes@juniper.net>. 692: * The DLT_ is used for internal communication with a 693: * integrated service module (ISM). 694: */ 695: #define DLT_JUNIPER_ISM 194 696: 697: /* 698: * IEEE 802.15.4, exactly as it appears in the spec (no padding, no 699: * nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>. 700: */ 701: #define DLT_IEEE802_15_4 195 702: 703: /* 704: * Various link-layer types, with a pseudo-header, for SITA 705: * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com). 706: */ 707: #define DLT_SITA 196 708: 709: /* 710: * Various link-layer types, with a pseudo-header, for Endace DAG cards; 711: * encapsulates Endace ERF records. Requested by Stephen Donnelly 712: * <stephen@endace.com>. 713: */ 714: #define DLT_ERF 197 715: 716: /* 717: * Special header prepended to Ethernet packets when capturing from a 718: * u10 Networks board. Requested by Phil Mulholland 719: * <phil@u10networks.com>. 720: */ 721: #define DLT_RAIF1 198 722: 723: /* 724: * IPMB packet for IPMI, beginning with the I2C slave address, followed 725: * by the netFn and LUN, etc.. Requested by Chanthy Toeung 726: * <chanthy.toeung@ca.kontron.com>. 727: */ 728: #define DLT_IPMB 199 729: 730: /* 731: * Juniper-private data link type, as per request from 732: * Hannes Gredler <hannes@juniper.net>. 733: * The DLT_ is used for capturing data on a secure tunnel interface. 734: */ 735: #define DLT_JUNIPER_ST 200 736: 737: /* 738: * Bluetooth HCI UART transport layer (part H:4), with pseudo-header 739: * that includes direction information; requested by Paolo Abeni. 740: */ 741: #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 742: 743: /* 744: * AX.25 packet with a 1-byte KISS header; see 745: * 746: * http://www.ax25.net/kiss.htm 747: * 748: * as per Richard Stearn <richard@rns-stearn.demon.co.uk>. 749: */ 750: #define DLT_AX25_KISS 202 751: 752: /* 753: * LAPD packets from an ISDN channel, starting with the address field, 754: * with no pseudo-header. 755: * Requested by Varuna De Silva <varunax@gmail.com>. 756: */ 757: #define DLT_LAPD 203 758: 759: /* 760: * Variants of various link-layer headers, with a one-byte direction 761: * pseudo-header prepended - zero means "received by this host", 762: * non-zero (any non-zero value) means "sent by this host" - as per 763: * Will Barker <w.barker@zen.co.uk>. 764: */ 765: #define DLT_PPP_WITH_DIR 204 /* PPP - don't confuse with DLT_PPP_WITH_DIRECTION */ 766: #define DLT_C_HDLC_WITH_DIR 205 /* Cisco HDLC */ 767: #define DLT_FRELAY_WITH_DIR 206 /* Frame Relay */ 768: #define DLT_LAPB_WITH_DIR 207 /* LAPB */ 769: 770: /* 771: * 208 is reserved for an as-yet-unspecified proprietary link-layer 772: * type, as requested by Will Barker. 773: */ 774: 775: /* 776: * IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman 777: * <avn@pigeonpoint.com>. 778: */ 779: #define DLT_IPMB_LINUX 209 780: 781: /* 782: * FlexRay automotive bus - http://www.flexray.com/ - as requested 783: * by Hannes Kaelber <hannes.kaelber@x2e.de>. 784: */ 785: #define DLT_FLEXRAY 210 786: 787: /* 788: * Media Oriented Systems Transport (MOST) bus for multimedia 789: * transport - http://www.mostcooperation.com/ - as requested 790: * by Hannes Kaelber <hannes.kaelber@x2e.de>. 791: */ 792: #define DLT_MOST 211 793: 794: /* 795: * Local Interconnect Network (LIN) bus for vehicle networks - 796: * http://www.lin-subbus.org/ - as requested by Hannes Kaelber 797: * <hannes.kaelber@x2e.de>. 798: */ 799: #define DLT_LIN 212 800: 801: /* 802: * X2E-private data link type used for serial line capture, 803: * as requested by Hannes Kaelber <hannes.kaelber@x2e.de>. 804: */ 805: #define DLT_X2E_SERIAL 213 806: 807: /* 808: * X2E-private data link type used for the Xoraya data logger 809: * family, as requested by Hannes Kaelber <hannes.kaelber@x2e.de>. 810: */ 811: #define DLT_X2E_XORAYA 214 812: 813: /* 814: * IEEE 802.15.4, exactly as it appears in the spec (no padding, no 815: * nothing), but with the PHY-level data for non-ASK PHYs (4 octets 816: * of 0 as preamble, one octet of SFD, one octet of frame length+ 817: * reserved bit, and then the MAC-layer data, starting with the 818: * frame control field). 819: * 820: * Requested by Max Filippov <jcmvbkbc@gmail.com>. 821: */ 822: #define DLT_IEEE802_15_4_NONASK_PHY 215 823: 824: 825: /* 826: * DLT and savefile link type values are split into a class and 827: * a member of that class. A class value of 0 indicates a regular 828: * DLT_/LINKTYPE_ value. 829: */ 830: #define DLT_CLASS(x) ((x) & 0x03ff0000) 831: 832: /* 833: * NetBSD-specific generic "raw" link type. The class value indicates 834: * that this is the generic raw type, and the lower 16 bits are the 835: * address family we're dealing with. Those values are NetBSD-specific; 836: * do not assume that they correspond to AF_ values for your operating 837: * system. 838: */ 839: #define DLT_CLASS_NETBSD_RAWAF 0x02240000 840: #define DLT_NETBSD_RAWAF(af) (DLT_CLASS_NETBSD_RAWAF | (af)) 841: #define DLT_NETBSD_RAWAF_AF(x) ((x) & 0x0000ffff) 842: #define DLT_IS_NETBSD_RAWAF(x) (DLT_CLASS(x) == DLT_CLASS_NETBSD_RAWAF) 843: 844: 845: /* 846: * The instruction encodings. 847: */ 848: /* instruction classes */ 849: #define BPF_CLASS(code) ((code) & 0x07) 850: #define BPF_LD 0x00 851: #define BPF_LDX 0x01 852: #define BPF_ST 0x02 853: #define BPF_STX 0x03 854: #define BPF_ALU 0x04 855: #define BPF_JMP 0x05 856: #define BPF_RET 0x06 857: #define BPF_MISC 0x07 858: 859: /* ld/ldx fields */ 860: #define BPF_SIZE(code) ((code) & 0x18) 861: #define BPF_W 0x00 862: #define BPF_H 0x08 863: #define BPF_B 0x10 864: #define BPF_MODE(code) ((code) & 0xe0) 865: #define BPF_IMM 0x00 866: #define BPF_ABS 0x20 867: #define BPF_IND 0x40 868: #define BPF_MEM 0x60 869: #define BPF_LEN 0x80 870: #define BPF_MSH 0xa0 871: 872: /* alu/jmp fields */ 873: #define BPF_OP(code) ((code) & 0xf0) 874: #define BPF_ADD 0x00 875: #define BPF_SUB 0x10 876: #define BPF_MUL 0x20 877: #define BPF_DIV 0x30 878: #define BPF_OR 0x40 879: #define BPF_AND 0x50 880: #define BPF_LSH 0x60 881: #define BPF_RSH 0x70 882: #define BPF_NEG 0x80 883: #define BPF_JA 0x00 884: #define BPF_JEQ 0x10 885: #define BPF_JGT 0x20 886: #define BPF_JGE 0x30 887: #define BPF_JSET 0x40 888: #define BPF_SRC(code) ((code) & 0x08) 889: #define BPF_K 0x00 890: #define BPF_X 0x08 891: 892: /* ret - BPF_K and BPF_X also apply */ 893: #define BPF_RVAL(code) ((code) & 0x18) 894: #define BPF_A 0x10 895: 896: /* misc */ 897: #define BPF_MISCOP(code) ((code) & 0xf8) 898: #define BPF_TAX 0x00 899: #define BPF_TXA 0x80 900: 901: /* 902: * The instruction data structure. 903: */ 904: struct bpf_insn { 905: u_short code; 906: u_char jt; 907: u_char jf; 908: bpf_u_int32 k; 909: }; 910: 911: /* 912: * Macros for insn array initializers. 913: */ 914: #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } 915: #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } 916: 917: #if __STDC__ || defined(__cplusplus) 918: extern int bpf_validate(const struct bpf_insn *, int); 919: extern u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 920: #else 921: extern int bpf_validate(); 922: extern u_int bpf_filter(); 923: #endif 924: 925: /* 926: * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 927: */ 928: #define BPF_MEMWORDS 16 929: 930: #ifdef __cplusplus 931: } 932: #endif 933: 934: #endif