1 | /* |
2 | * Copyright (c) 2000-2022 Apple Inc. All rights reserved. |
3 | * |
4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
5 | * |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License |
8 | * Version 2.0 (the 'License'). You may not use this file except in |
9 | * compliance with the License. The rights granted to you under the License |
10 | * may not be used to create, or enable the creation or redistribution of, |
11 | * unlawful or unlicensed copies of an Apple operating system, or to |
12 | * circumvent, violate, or enable the circumvention or violation of, any |
13 | * terms of an Apple operating system software license agreement. |
14 | * |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. |
17 | * |
18 | * The Original Code and all software distributed under the License are |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and |
24 | * limitations under the License. |
25 | * |
26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
27 | */ |
28 | /* |
29 | * Copyright (c) 1990, 1991, 1993 |
30 | * The Regents of the University of California. All rights reserved. |
31 | * |
32 | * This code is derived from the Stanford/CMU enet packet filter, |
33 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed |
34 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence |
35 | * Berkeley Laboratory. |
36 | * |
37 | * Redistribution and use in source and binary forms, with or without |
38 | * modification, are permitted provided that the following conditions |
39 | * are met: |
40 | * 1. Redistributions of source code must retain the above copyright |
41 | * notice, this list of conditions and the following disclaimer. |
42 | * 2. Redistributions in binary form must reproduce the above copyright |
43 | * notice, this list of conditions and the following disclaimer in the |
44 | * documentation and/or other materials provided with the distribution. |
45 | * 3. All advertising materials mentioning features or use of this software |
46 | * must display the following acknowledgement: |
47 | * This product includes software developed by the University of |
48 | * California, Berkeley and its contributors. |
49 | * 4. Neither the name of the University nor the names of its contributors |
50 | * may be used to endorse or promote products derived from this software |
51 | * without specific prior written permission. |
52 | * |
53 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
54 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
55 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
56 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
57 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
58 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
59 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
60 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
61 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
62 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
63 | * SUCH DAMAGE. |
64 | * |
65 | * @(#)bpf.h 8.1 (Berkeley) 6/10/93 |
66 | * @(#)bpf.h 1.34 (LBL) 6/16/96 |
67 | * |
68 | * $FreeBSD: src/sys/net/bpf.h,v 1.21.2.3 2001/08/01 00:23:13 fenner Exp $ |
69 | */ |
70 | /* |
71 | * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce |
72 | * support for mandatory and extensible security protections. This notice |
73 | * is included in support of clause 2.2 (b) of the Apple Public License, |
74 | * Version 2.0. |
75 | */ |
76 | |
77 | #ifndef _NET_BPF_H_ |
78 | #define _NET_BPF_H_ |
79 | |
80 | #include <stdint.h> |
81 | |
82 | #if !defined(DRIVERKIT) |
83 | #include <sys/param.h> |
84 | #include <sys/appleapiopts.h> |
85 | #include <sys/types.h> |
86 | #include <sys/time.h> |
87 | #include <sys/cdefs.h> |
88 | |
89 | #ifdef PRIVATE |
90 | #include <net/if_var.h> |
91 | #include <uuid/uuid.h> |
92 | |
93 | struct bpf_setup_args { |
94 | uuid_t bsa_uuid; |
95 | char bsa_ifname[IFNAMSIZ]; |
96 | }; |
97 | #endif /* PRIVATE */ |
98 | |
99 | #ifdef KERNEL |
100 | #include <sys/kernel_types.h> |
101 | |
102 | #if !defined(__i386__) && !defined(__x86_64__) |
103 | #define BPF_ALIGN 1 |
104 | #else /* defined(__i386__) || defined(__x86_64__) */ |
105 | #define BPF_ALIGN 0 |
106 | #endif /* defined(__i386__) || defined(__x86_64__) */ |
107 | |
108 | #if !BPF_ALIGN |
109 | #define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)(void *)p)) |
110 | #define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)(void *)p)) |
111 | #else |
112 | #define (p) \ |
113 | ((u_int16_t)\ |
114 | ((u_int16_t)*((u_char *)p+0)<<8|\ |
115 | (u_int16_t)*((u_char *)p+1)<<0)) |
116 | #define (p) \ |
117 | ((u_int32_t)*((u_char *)p+0)<<24|\ |
118 | (u_int32_t)*((u_char *)p+1)<<16|\ |
119 | (u_int32_t)*((u_char *)p+2)<<8|\ |
120 | (u_int32_t)*((u_char *)p+3)<<0) |
121 | #endif |
122 | |
123 | #endif /* KERNEL */ |
124 | |
125 | /* BSD style release date */ |
126 | #define BPF_RELEASE 199606 |
127 | |
128 | typedef int32_t bpf_int32; |
129 | typedef u_int32_t bpf_u_int32; |
130 | |
131 | /* |
132 | * Alignment macros. BPF_WORDALIGN rounds up to the next |
133 | * even multiple of BPF_ALIGNMENT. |
134 | */ |
135 | #define BPF_ALIGNMENT sizeof(int32_t) |
136 | #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) |
137 | |
138 | #define BPF_MAXINSNS 512 |
139 | #define BPF_MAXBUFSIZE 0x80000 |
140 | #define BPF_MINBUFSIZE 32 |
141 | |
142 | /* |
143 | * Structure for BIOCSETF. |
144 | */ |
145 | struct bpf_program { |
146 | u_int bf_len; |
147 | struct bpf_insn *bf_insns; |
148 | }; |
149 | |
150 | #ifdef KERNEL_PRIVATE |
151 | /* |
152 | * LP64 version of bpf_program. all pointers |
153 | * grow when we're dealing with a 64-bit process. |
154 | * WARNING - keep in sync with bpf_program |
155 | */ |
156 | struct bpf_program64 { |
157 | u_int bf_len; |
158 | user64_addr_t bf_insns __attribute__((aligned(8))); |
159 | }; |
160 | |
161 | struct bpf_program32 { |
162 | u_int bf_len; |
163 | user32_addr_t bf_insns; |
164 | }; |
165 | #endif /* KERNEL_PRIVATE */ |
166 | |
167 | /* |
168 | * Struct returned by BIOCGSTATS. |
169 | */ |
170 | struct bpf_stat { |
171 | u_int bs_recv; /* number of packets received */ |
172 | u_int bs_drop; /* number of packets dropped */ |
173 | }; |
174 | |
175 | /* |
176 | * Struct return by BIOCVERSION. This represents the version number of |
177 | * the filter language described by the instruction encodings below. |
178 | * bpf understands a program iff kernel_major == filter_major && |
179 | * kernel_minor >= filter_minor, that is, if the value returned by the |
180 | * running kernel has the same major number and a minor number equal |
181 | * equal to or less than the filter being downloaded. Otherwise, the |
182 | * results are undefined, meaning an error may be returned or packets |
183 | * may be accepted haphazardly. |
184 | * It has nothing to do with the source code version. |
185 | */ |
186 | struct bpf_version { |
187 | u_short bv_major; |
188 | u_short bv_minor; |
189 | }; |
190 | |
191 | #ifdef PRIVATE |
192 | struct bpf_comp_stats { |
193 | uint64_t bcs_total_read; /* number of packets read from device */ |
194 | uint64_t bcs_total_size; /* total size of filtered packets */ |
195 | uint64_t bcs_total_hdr_size; /* total header size of captured packets */ |
196 | uint64_t bcs_count_no_common_prefix; /* count of packets not compressible */ |
197 | uint64_t bcs_count_compressed_prefix; /* count of compressed packets */ |
198 | uint64_t bcs_total_compressed_prefix_size; /* total size of compressed data */ |
199 | uint64_t bcs_max_compressed_prefix_size; /* max compressed data size */ |
200 | }; |
201 | #endif /* PRIVATE */ |
202 | |
203 | #if defined(__LP64__) |
204 | #include <sys/_types/_timeval32.h> |
205 | |
206 | #define BPF_TIMEVAL timeval32 |
207 | #else |
208 | #define BPF_TIMEVAL timeval |
209 | #endif /* __LP64__ */ |
210 | /* Current version number of filter architecture. */ |
211 | #define BPF_MAJOR_VERSION 1 |
212 | #define BPF_MINOR_VERSION 1 |
213 | |
214 | #define BIOCGBLEN _IOR('B',102, u_int) |
215 | #define BIOCSBLEN _IOWR('B',102, u_int) |
216 | #define BIOCSETF _IOW('B',103, struct bpf_program) |
217 | #ifdef KERNEL_PRIVATE |
218 | #define BIOCSETF64 _IOW('B',103, struct bpf_program64) |
219 | #define BIOCSETF32 _IOW('B',103, struct bpf_program32) |
220 | #endif /* KERNEL_PRIVATE */ |
221 | #define BIOCFLUSH _IO('B',104) |
222 | #define BIOCPROMISC _IO('B',105) |
223 | #define BIOCGDLT _IOR('B',106, u_int) |
224 | #define BIOCGETIF _IOR('B',107, struct ifreq) |
225 | #define BIOCSETIF _IOW('B',108, struct ifreq) |
226 | #define BIOCSRTIMEOUT _IOW('B',109, struct timeval) |
227 | #ifdef KERNEL_PRIVATE |
228 | #define BIOCSRTIMEOUT64 _IOW('B',109, struct user64_timeval) |
229 | #define BIOCSRTIMEOUT32 _IOW('B',109, struct user32_timeval) |
230 | #endif /* KERNEL_PRIVATE */ |
231 | #define BIOCGRTIMEOUT _IOR('B',110, struct timeval) |
232 | #ifdef KERNEL_PRIVATE |
233 | #define BIOCGRTIMEOUT64 _IOR('B',110, struct user64_timeval) |
234 | #define BIOCGRTIMEOUT32 _IOR('B',110, struct user32_timeval) |
235 | #endif /* KERNEL_PRIVATE */ |
236 | #define BIOCGSTATS _IOR('B',111, struct bpf_stat) |
237 | #define BIOCIMMEDIATE _IOW('B',112, u_int) |
238 | #define BIOCVERSION _IOR('B',113, struct bpf_version) |
239 | #define BIOCGRSIG _IOR('B',114, u_int) |
240 | #define BIOCSRSIG _IOW('B',115, u_int) |
241 | #define BIOCGHDRCMPLT _IOR('B',116, u_int) |
242 | #define BIOCSHDRCMPLT _IOW('B',117, u_int) |
243 | #define BIOCGSEESENT _IOR('B',118, u_int) |
244 | #define BIOCSSEESENT _IOW('B',119, u_int) |
245 | #define BIOCSDLT _IOW('B',120, u_int) |
246 | #define BIOCGDLTLIST _IOWR('B',121, struct bpf_dltlist) |
247 | #ifdef PRIVATE |
248 | #define BIOCGETTC _IOR('B', 122, int) |
249 | #define BIOCSETTC _IOW('B', 123, int) |
250 | #define BIOCSEXTHDR _IOW('B', 124, u_int) |
251 | #define BIOCGIFATTACHCOUNT _IOWR('B', 125, struct ifreq) |
252 | #endif /* PRIVATE */ |
253 | #define BIOCSETFNR _IOW('B', 126, struct bpf_program) |
254 | #ifdef KERNEL_PRIVATE |
255 | #define BIOCSETFNR64 _IOW('B',126, struct bpf_program64) |
256 | #define BIOCSETFNR32 _IOW('B',126, struct bpf_program32) |
257 | #endif /* KERNEL_PRIVATE */ |
258 | #ifdef PRIVATE |
259 | #define BIOCGWANTPKTAP _IOR('B', 127, u_int) |
260 | #define BIOCSWANTPKTAP _IOWR('B', 127, u_int) |
261 | #define BIOCSHEADDROP _IOW('B', 128, int) |
262 | #define BIOCGHEADDROP _IOR('B', 128, int) |
263 | #define BIOCSTRUNCATE _IOW('B', 129, u_int) |
264 | #define BIOCGETUUID _IOR('B', 130, uuid_t) |
265 | #define BIOCSETUP _IOW('B', 131, struct bpf_setup_args) |
266 | #define BIOCSPKTHDRV2 _IOW('B', 132, int) |
267 | #define BIOCGPKTHDRV2 _IOW('B', 133, int) |
268 | #define BIOCGHDRCOMP _IOR('B', 134, int) |
269 | #define BIOCSHDRCOMP _IOW('B', 135, int) |
270 | #define BIOCGHDRCOMPSTATS _IOR('B', 136, struct bpf_comp_stats) |
271 | #define BIOCGHDRCOMPON _IOR('B', 137, int) |
272 | #define BIOCGDIRECTION _IOR('B', 138, int) |
273 | #define BIOCSDIRECTION _IOW('B', 139, int) |
274 | #define BIOCSWRITEMAX _IOW('B', 140, u_int) |
275 | #define BIOCGWRITEMAX _IOR('B', 141, u_int) |
276 | #define BIOCGBATCHWRITE _IOR('B', 142, int) |
277 | #define BIOCSBATCHWRITE _IOW('B', 143, int) |
278 | #endif /* PRIVATE */ |
279 | |
280 | /* |
281 | * Structure prepended to each packet. |
282 | */ |
283 | struct bpf_hdr { |
284 | struct BPF_TIMEVAL bh_tstamp; /* time stamp */ |
285 | bpf_u_int32 bh_caplen; /* length of captured portion */ |
286 | bpf_u_int32 bh_datalen; /* original length of packet */ |
287 | u_short bh_hdrlen; /* length of bpf header (this struct |
288 | * plus alignment padding) */ |
289 | }; |
290 | #ifdef KERNEL |
291 | /* |
292 | * Because the structure above is not a multiple of 4 bytes, some compilers |
293 | * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. |
294 | * Only the kernel needs to know about it; applications use bh_hdrlen. |
295 | */ |
296 | #define SIZEOF_BPF_HDR (sizeof(struct bpf_hdr) <= 20 ? 18 : \ |
297 | sizeof(struct bpf_hdr)) |
298 | #endif |
299 | #ifdef PRIVATE |
300 | /* |
301 | * This structure must be a multiple of 4 bytes. |
302 | * It includes padding and spare fields that we can use later if desired. |
303 | */ |
304 | struct bpf_hdr_ext { |
305 | struct BPF_TIMEVAL bh_tstamp; /* time stamp */ |
306 | bpf_u_int32 bh_caplen; /* length of captured portion */ |
307 | bpf_u_int32 bh_datalen; /* original length of packet */ |
308 | u_short bh_hdrlen; /* length of bpf header */ |
309 | u_char bh_complen; |
310 | u_char bh_flags; |
311 | #define BPF_HDR_EXT_FLAGS_DIR_IN 0x00 |
312 | #define BPF_HDR_EXT_FLAGS_DIR_OUT 0x01 |
313 | #ifdef BSD_KERNEL_PRIVATE |
314 | #define BPF_HDR_EXT_FLAGS_TCP 0x02 |
315 | #define BPF_HDR_EXT_FLAGS_UDP 0x04 |
316 | #endif /* BSD_KERNEL_PRIVATE */ |
317 | pid_t bh_pid; /* process PID */ |
318 | char bh_comm[MAXCOMLEN + 1]; /* process command */ |
319 | u_char bh_pktflags; |
320 | #define BPF_PKTFLAGS_TCP_REXMT 0x01 |
321 | #define BPF_PKTFLAGS_START_SEQ 0x02 |
322 | #define BPF_PKTFLAGS_LAST_PKT 0x04 |
323 | #define BPF_PKTFLAGS_WAKE_PKT 0x08 |
324 | uint16_t bh_trace_tag; |
325 | bpf_u_int32 bh_svc; /* service class */ |
326 | bpf_u_int32 bh_flowid; /* kernel reserved; 0 in userland */ |
327 | bpf_u_int32 bh_unsent_bytes; /* unsent bytes at interface */ |
328 | bpf_u_int32 bh_unsent_snd; /* unsent bytes at socket buffer */ |
329 | }; |
330 | |
331 | #define BPF_HDR_EXT_HAS_TRACE_TAG 1 |
332 | |
333 | /* |
334 | * External representation of the bpf descriptor |
335 | */ |
336 | struct xbpf_d { |
337 | uint32_t bd_structsize; /* Size of this structure. */ |
338 | int32_t bd_dev_minor; |
339 | int32_t bd_sig; |
340 | uint32_t bd_slen; |
341 | uint32_t bd_hlen; |
342 | uint32_t bd_bufsize; |
343 | pid_t bd_pid; |
344 | |
345 | uint8_t bd_promisc; |
346 | uint8_t bd_immediate; |
347 | uint8_t bd_hdrcmplt; |
348 | uint8_t bd_async; |
349 | |
350 | uint8_t bd_headdrop; |
351 | uint8_t bd_direction; |
352 | uint8_t bh_compreq; |
353 | uint8_t bh_compenabled; |
354 | |
355 | uint8_t bd_exthdr; |
356 | uint8_t bd_trunc; |
357 | uint8_t bd_pkthdrv2; |
358 | uint8_t bd_pad; |
359 | |
360 | uint64_t bd_rcount; |
361 | uint64_t bd_dcount; |
362 | uint64_t bd_fcount; |
363 | uint64_t bd_wcount; |
364 | uint64_t bd_wdcount; |
365 | |
366 | char bd_ifname[IFNAMSIZ]; |
367 | |
368 | uint64_t bd_comp_count; |
369 | uint64_t bd_comp_size; |
370 | |
371 | uint32_t bd_scnt; /* number of packets in store buffer */ |
372 | uint32_t bd_hcnt; /* number of packets in hold buffer */ |
373 | |
374 | uint64_t bd_read_count; |
375 | uint64_t bd_fsize; |
376 | }; |
377 | |
378 | #ifndef bd_seesent |
379 | /* |
380 | * Code compatibility workaround so that old versions of network_cmds will continue to build |
381 | * even if netstat -B shows an incorrect value. |
382 | */ |
383 | #define bd_seesent bd_direction |
384 | #endif /* bd_seesent */ |
385 | |
386 | #define _HAS_STRUCT_XBPF_D_ 2 |
387 | |
388 | struct bpf_comp_hdr { |
389 | struct BPF_TIMEVAL bh_tstamp; /* time stamp */ |
390 | bpf_u_int32 bh_caplen; /* length of captured portion */ |
391 | bpf_u_int32 bh_datalen; /* original length of packet */ |
392 | u_short bh_hdrlen; /* length of bpf header (this struct |
393 | * plus alignment padding) */ |
394 | u_char bh_complen; /* data portion compressed */ |
395 | u_char bh_padding; /* data portion compressed */ |
396 | }; |
397 | |
398 | #define HAS_BPF_HDR_COMP 1 |
399 | #define BPF_HDR_COMP_LEN_MAX 255 |
400 | |
401 | /* |
402 | * Packet tap directions |
403 | */ |
404 | #define BPF_D_NONE 0x0 /* See no packet (for writing only) */ |
405 | #define BPF_D_IN 0x1 /* See incoming packets */ |
406 | #define BPF_D_OUT 0x2 /* See outgoing packets */ |
407 | #define BPF_D_INOUT 0x3 /* See incoming and outgoing packets */ |
408 | |
409 | #endif /* PRIVATE */ |
410 | #endif /* !defined(DRIVERKIT) */ |
411 | |
412 | /* |
413 | * Data-link level type codes. |
414 | */ |
415 | #define DLT_NULL 0 /* no link-layer encapsulation */ |
416 | #define DLT_EN10MB 1 /* Ethernet (10Mb) */ |
417 | #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ |
418 | #define DLT_AX25 3 /* Amateur Radio AX.25 */ |
419 | #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ |
420 | #define DLT_CHAOS 5 /* Chaos */ |
421 | #define DLT_IEEE802 6 /* IEEE 802 Networks */ |
422 | #define DLT_ARCNET 7 /* ARCNET */ |
423 | #define DLT_SLIP 8 /* Serial Line IP */ |
424 | #define DLT_PPP 9 /* Point-to-point Protocol */ |
425 | #define DLT_FDDI 10 /* FDDI */ |
426 | #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ |
427 | #define DLT_RAW 12 /* raw IP */ |
428 | |
429 | /* |
430 | * These are values from BSD/OS's "bpf.h". |
431 | * These are not the same as the values from the traditional libpcap |
432 | * "bpf.h"; however, these values shouldn't be generated by any |
433 | * OS other than BSD/OS, so the correct values to use here are the |
434 | * BSD/OS values. |
435 | * |
436 | * Platforms that have already assigned these values to other |
437 | * DLT_ codes, however, should give these codes the values |
438 | * from that platform, so that programs that use these codes will |
439 | * continue to compile - even though they won't correctly read |
440 | * files of these types. |
441 | */ |
442 | #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ |
443 | #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ |
444 | |
445 | /* |
446 | * 17 was used for DLT_PFLOG in OpenBSD; it no longer is. |
447 | * |
448 | * It was DLT_LANE8023 in SuSE 6.3, so we defined LINKTYPE_PFLOG |
449 | * as 117 so that pflog captures would use a link-layer header type |
450 | * value that didn't collide with any other values. On all |
451 | * platforms other than OpenBSD, we defined DLT_PFLOG as 117, |
452 | * and we mapped between LINKTYPE_PFLOG and DLT_PFLOG. |
453 | * |
454 | * OpenBSD eventually switched to using 117 for DLT_PFLOG as well. |
455 | * |
456 | * Don't use 17 for anything else. |
457 | */ |
458 | |
459 | /* |
460 | * 18 is used for DLT_PFSYNC in OpenBSD, NetBSD, DragonFly BSD and |
461 | * Mac OS X; don't use it for anything else. (FreeBSD uses 121, |
462 | * which collides with DLT_HHDLC, even though it doesn't use 18 |
463 | * for anything and doesn't appear to have ever used it for anything.) |
464 | * |
465 | * We define it as 18 on those platforms; it is, unfortunately, used |
466 | * for DLT_CIP in Suse 6.3, so we don't define it as DLT_PFSYNC |
467 | * in general. As the packet format for it, like that for |
468 | * DLT_PFLOG, is not only OS-dependent but OS-version-dependent, |
469 | * we don't support printing it in tcpdump except on OSes that |
470 | * have the relevant header files, so it's not that useful on |
471 | * other platforms. |
472 | */ |
473 | #define DLT_PFSYNC 18 /* Packet filter state syncing */ |
474 | |
475 | #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ |
476 | |
477 | /* |
478 | * These values are defined by NetBSD; other platforms should refrain from |
479 | * using them for other purposes, so that NetBSD savefiles with link |
480 | * types of 50 or 51 can be read as this type on all platforms. |
481 | */ |
482 | #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ |
483 | #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ |
484 | |
485 | /* |
486 | * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses |
487 | * a link-layer type of 99 for the tcpdump it supplies. The link-layer |
488 | * header has 6 bytes of unknown data, something that appears to be an |
489 | * Ethernet type, and 36 bytes that appear to be 0 in at least one capture |
490 | * I've seen. |
491 | */ |
492 | #define DLT_SYMANTEC_FIREWALL 99 |
493 | |
494 | /* |
495 | * Values between 100 and 103 are used in capture file headers as |
496 | * link-layer header type LINKTYPE_ values corresponding to DLT_ types |
497 | * that differ between platforms; don't use those values for new DLT_ |
498 | * new types. |
499 | */ |
500 | |
501 | /* |
502 | * Values starting with 104 are used for newly-assigned link-layer |
503 | * header type values; for those link-layer header types, the DLT_ |
504 | * value returned by pcap_datalink() and passed to pcap_open_dead(), |
505 | * and the LINKTYPE_ value that appears in capture files, are the |
506 | * same. |
507 | * |
508 | * DLT_MATCHING_MIN is the lowest such value; DLT_MATCHING_MAX is |
509 | * the highest such value. |
510 | */ |
511 | #define DLT_MATCHING_MIN 104 |
512 | |
513 | /* |
514 | * This value was defined by libpcap 0.5; platforms that have defined |
515 | * it with a different value should define it here with that value - |
516 | * a link type of 104 in a save file will be mapped to DLT_C_HDLC, |
517 | * whatever value that happens to be, so programs will correctly |
518 | * handle files with that link type regardless of the value of |
519 | * DLT_C_HDLC. |
520 | * |
521 | * The name DLT_C_HDLC was used by BSD/OS; we use that name for source |
522 | * compatibility with programs written for BSD/OS. |
523 | * |
524 | * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, |
525 | * for source compatibility with programs written for libpcap 0.5. |
526 | */ |
527 | #define DLT_C_HDLC 104 /* Cisco HDLC */ |
528 | #define DLT_CHDLC DLT_C_HDLC |
529 | |
530 | #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ |
531 | |
532 | /* |
533 | * Values between 106 and 107 are used in capture file headers as |
534 | * link-layer types corresponding to DLT_ types that might differ |
535 | * between platforms; don't use those values for new DLT_ new types. |
536 | */ |
537 | |
538 | /* |
539 | * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides |
540 | * with other values. |
541 | * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header |
542 | * (DLCI, etc.). |
543 | */ |
544 | #define DLT_FRELAY 107 |
545 | |
546 | /* |
547 | * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except |
548 | * that the AF_ type in the link-layer header is in network byte order. |
549 | * |
550 | * OpenBSD defines it as 12, but that collides with DLT_RAW, so we |
551 | * define it as 108 here. If OpenBSD picks up this file, it should |
552 | * define DLT_LOOP as 12 in its version, as per the comment above - |
553 | * and should not use 108 for any purpose. |
554 | */ |
555 | #define DLT_LOOP 108 |
556 | |
557 | /* |
558 | * Values between 109 and 112 are used in capture file headers as |
559 | * link-layer types corresponding to DLT_ types that might differ |
560 | * between platforms; don't use those values for new DLT_ new types. |
561 | */ |
562 | |
563 | /* |
564 | * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's |
565 | * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other |
566 | * than OpenBSD. |
567 | */ |
568 | #define DLT_ENC 109 |
569 | |
570 | /* |
571 | * This is for Linux cooked sockets. |
572 | */ |
573 | #define DLT_LINUX_SLL 113 |
574 | |
575 | /* |
576 | * Apple LocalTalk hardware. |
577 | */ |
578 | #define DLT_LTALK 114 |
579 | |
580 | /* |
581 | * Acorn Econet. |
582 | */ |
583 | #define DLT_ECONET 115 |
584 | |
585 | /* |
586 | * Reserved for use with OpenBSD ipfilter. |
587 | */ |
588 | #define DLT_IPFILTER 116 |
589 | |
590 | /* |
591 | * For use in capture-file headers as a link-layer type corresponding |
592 | * to OpenBSD PF (Packet Filter) log. |
593 | */ |
594 | #define DLT_PFLOG 117 |
595 | |
596 | /* |
597 | * Registered for Cisco-internal use. |
598 | */ |
599 | #define DLT_CISCO_IOS 118 |
600 | |
601 | /* |
602 | * Reserved for 802.11 cards using the Prism II chips, with a link-layer |
603 | * header including Prism monitor mode information plus an 802.11 |
604 | * header. |
605 | */ |
606 | #define 119 |
607 | |
608 | /* |
609 | * Reserved for Aironet 802.11 cards, with an Aironet link-layer header |
610 | * (see Doug Ambrisko's FreeBSD patches). |
611 | */ |
612 | #define 120 |
613 | |
614 | /* |
615 | * Reserved for Siemens HiPath HDLC. XXX |
616 | */ |
617 | #define DLT_HHDLC 121 |
618 | |
619 | /* |
620 | * Reserved for RFC 2625 IP-over-Fibre Channel. |
621 | */ |
622 | #define DLT_IP_OVER_FC 122 |
623 | |
624 | /* |
625 | * Reserved for Full Frontal ATM on Solaris. |
626 | */ |
627 | #define DLT_SUNATM 123 |
628 | |
629 | /* |
630 | * Reserved as per request from Kent Dahlgren <kent@praesum.com> |
631 | * for private use. |
632 | */ |
633 | #define DLT_RIO 124 /* RapidIO */ |
634 | #define DLT_PCI_EXP 125 /* PCI Express */ |
635 | #define DLT_AURORA 126 /* Xilinx Aurora link layer */ |
636 | |
637 | /* |
638 | * BSD header for 802.11 plus a number of bits of link-layer information |
639 | * including radio information. |
640 | */ |
641 | #ifndef DLT_IEEE802_11_RADIO |
642 | #define DLT_IEEE802_11_RADIO 127 |
643 | #endif |
644 | |
645 | /* |
646 | * Reserved for TZSP encapsulation. |
647 | */ |
648 | #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */ |
649 | |
650 | /* |
651 | * Reserved for Linux ARCNET. |
652 | */ |
653 | #define DLT_ARCNET_LINUX 129 |
654 | |
655 | /* |
656 | * Juniper-private data link types. |
657 | */ |
658 | #define DLT_JUNIPER_MLPPP 130 |
659 | #define DLT_JUNIPER_MLFR 131 |
660 | #define DLT_JUNIPER_ES 132 |
661 | #define DLT_JUNIPER_GGSN 133 |
662 | #define DLT_JUNIPER_MFR 134 |
663 | #define DLT_JUNIPER_ATM2 135 |
664 | #define DLT_JUNIPER_SERVICES 136 |
665 | #define DLT_JUNIPER_ATM1 137 |
666 | |
667 | /* |
668 | * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund |
669 | * <dieter@apple.com>. The header that's presented is an Ethernet-like |
670 | * header: |
671 | * |
672 | * #define FIREWIRE_EUI64_LEN 8 |
673 | * struct firewire_header { |
674 | * u_char firewire_dhost[FIREWIRE_EUI64_LEN]; |
675 | * u_char firewire_shost[FIREWIRE_EUI64_LEN]; |
676 | * u_short firewire_type; |
677 | * }; |
678 | * |
679 | * with "firewire_type" being an Ethernet type value, rather than, |
680 | * for example, raw GASP frames being handed up. |
681 | */ |
682 | #define DLT_APPLE_IP_OVER_IEEE1394 138 |
683 | |
684 | /* |
685 | * Various SS7 encapsulations, as per a request from Jeff Morriss |
686 | * <jeff.morriss[AT]ulticom.com> and subsequent discussions. |
687 | */ |
688 | #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ |
689 | #define DLT_MTP2 140 /* MTP2, without pseudo-header */ |
690 | #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ |
691 | #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ |
692 | |
693 | /* |
694 | * Reserved for DOCSIS. |
695 | */ |
696 | #define DLT_DOCSIS 143 |
697 | |
698 | /* |
699 | * Reserved for Linux IrDA. |
700 | */ |
701 | #define DLT_LINUX_IRDA 144 |
702 | |
703 | /* |
704 | * Reserved for IBM SP switch and IBM Next Federation switch. |
705 | */ |
706 | #define DLT_IBM_SP 145 |
707 | #define DLT_IBM_SN 146 |
708 | |
709 | /* |
710 | * Reserved for private use. If you have some link-layer header type |
711 | * that you want to use within your organization, with the capture files |
712 | * using that link-layer header type not ever be sent outside your |
713 | * organization, you can use these values. |
714 | * |
715 | * No libpcap release will use these for any purpose, nor will any |
716 | * tcpdump release use them, either. |
717 | * |
718 | * Do *NOT* use these in capture files that you expect anybody not using |
719 | * your private versions of capture-file-reading tools to read; in |
720 | * particular, do *NOT* use them in products, otherwise you may find that |
721 | * people won't be able to use tcpdump, or snort, or Ethereal, or... to |
722 | * read capture files from your firewall/intrusion detection/traffic |
723 | * monitoring/etc. appliance, or whatever product uses that DLT_ value, |
724 | * and you may also find that the developers of those applications will |
725 | * not accept patches to let them read those files. |
726 | * |
727 | * Also, do not use them if somebody might send you a capture using them |
728 | * for *their* private type and tools using them for *your* private type |
729 | * would have to read them. |
730 | * |
731 | * Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value, |
732 | * as per the comment above, and use the type you're given. |
733 | */ |
734 | #define DLT_USER0 147 |
735 | #define DLT_USER1 148 |
736 | #define DLT_USER2 149 |
737 | #define DLT_USER3 150 |
738 | #define DLT_USER4 151 |
739 | #define DLT_USER5 152 |
740 | #define DLT_USER6 153 |
741 | #define DLT_USER7 154 |
742 | #define DLT_USER8 155 |
743 | #define DLT_USER9 156 |
744 | #define DLT_USER10 157 |
745 | #define DLT_USER11 158 |
746 | #define DLT_USER12 159 |
747 | #define DLT_USER13 160 |
748 | #define DLT_USER14 161 |
749 | #define DLT_USER15 162 |
750 | |
751 | #ifdef PRIVATE |
752 | /* |
753 | * For Apple private usage |
754 | */ |
755 | #define DLT_USER0_APPLE_INTERNAL DLT_USER0 /* rdar://12019509 */ |
756 | #define DLT_USER1_APPLE_INTERNAL DLT_USER1 /* rdar://12019509 */ |
757 | #define DLT_PKTAP DLT_USER2 /* rdar://11779467 */ |
758 | #define DLT_USER3_APPLE_INTERNAL DLT_USER3 /* rdar://19614531 */ |
759 | #define DLT_USER4_APPLE_INTERNAL DLT_USER4 /* rdar://19614531 */ |
760 | #endif /* PRIVATE */ |
761 | |
762 | /* |
763 | * For future use with 802.11 captures - defined by AbsoluteValue |
764 | * Systems to store a number of bits of link-layer information |
765 | * including radio information: |
766 | * |
767 | * http://www.shaftnet.org/~pizza/software/capturefrm.txt |
768 | * |
769 | * but it might be used by some non-AVS drivers now or in the |
770 | * future. |
771 | */ |
772 | #define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */ |
773 | |
774 | /* |
775 | * Juniper-private data link type, as per request from |
776 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
777 | * for passing on chassis-internal metainformation such as |
778 | * QOS profiles, etc.. |
779 | */ |
780 | #define DLT_JUNIPER_MONITOR 164 |
781 | |
782 | /* |
783 | * Reserved for BACnet MS/TP. |
784 | */ |
785 | #define DLT_BACNET_MS_TP 165 |
786 | |
787 | /* |
788 | * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>. |
789 | * |
790 | * This is used in some OSes to allow a kernel socket filter to distinguish |
791 | * between incoming and outgoing packets, on a socket intended to |
792 | * supply pppd with outgoing packets so it can do dial-on-demand and |
793 | * hangup-on-lack-of-demand; incoming packets are filtered out so they |
794 | * don't cause pppd to hold the connection up (you don't want random |
795 | * input packets such as port scans, packets from old lost connections, |
796 | * etc. to force the connection to stay up). |
797 | * |
798 | * The first byte of the PPP header (0xff03) is modified to accomodate |
799 | * the direction - 0x00 = IN, 0x01 = OUT. |
800 | */ |
801 | #define DLT_PPP_PPPD 166 |
802 | |
803 | /* |
804 | * Names for backwards compatibility with older versions of some PPP |
805 | * software; new software should use DLT_PPP_PPPD. |
806 | */ |
807 | #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD |
808 | #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD |
809 | |
810 | /* |
811 | * Juniper-private data link type, as per request from |
812 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
813 | * for passing on chassis-internal metainformation such as |
814 | * QOS profiles, cookies, etc.. |
815 | */ |
816 | #define DLT_JUNIPER_PPPOE 167 |
817 | #define DLT_JUNIPER_PPPOE_ATM 168 |
818 | |
819 | #define DLT_GPRS_LLC 169 /* GPRS LLC */ |
820 | #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */ |
821 | #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */ |
822 | |
823 | /* |
824 | * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line |
825 | * monitoring equipment. |
826 | */ |
827 | #define DLT_GCOM_T1E1 172 |
828 | #define DLT_GCOM_SERIAL 173 |
829 | |
830 | /* |
831 | * Juniper-private data link type, as per request from |
832 | * Hannes Gredler <hannes@juniper.net>. The DLT_ is used |
833 | * for internal communication to Physical Interface Cards (PIC) |
834 | */ |
835 | #define DLT_JUNIPER_PIC_PEER 174 |
836 | |
837 | /* |
838 | * Link types requested by Gregor Maier <gregor@endace.com> of Endace |
839 | * Measurement Systems. They add an ERF header (see |
840 | * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of |
841 | * the link-layer header. |
842 | */ |
843 | #define DLT_ERF_ETH 175 /* Ethernet */ |
844 | #define DLT_ERF_POS 176 /* Packet-over-SONET */ |
845 | |
846 | /* |
847 | * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD |
848 | * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header |
849 | * includes additional information before the LAPD header, so it's |
850 | * not necessarily a generic LAPD header. |
851 | */ |
852 | #define DLT_LINUX_LAPD 177 |
853 | |
854 | /* |
855 | * Juniper-private data link type, as per request from |
856 | * Hannes Gredler <hannes@juniper.net>. |
857 | * The DLT_ are used for prepending meta-information |
858 | * like interface index, interface name |
859 | * before standard Ethernet, PPP, Frelay & C-HDLC Frames |
860 | */ |
861 | #define DLT_JUNIPER_ETHER 178 |
862 | #define DLT_JUNIPER_PPP 179 |
863 | #define DLT_JUNIPER_FRELAY 180 |
864 | #define DLT_JUNIPER_CHDLC 181 |
865 | |
866 | /* |
867 | * Multi Link Frame Relay (FRF.16) |
868 | */ |
869 | #define DLT_MFR 182 |
870 | |
871 | /* |
872 | * Juniper-private data link type, as per request from |
873 | * Hannes Gredler <hannes@juniper.net>. |
874 | * The DLT_ is used for internal communication with a |
875 | * voice Adapter Card (PIC) |
876 | */ |
877 | #define DLT_JUNIPER_VP 183 |
878 | |
879 | /* |
880 | * Arinc 429 frames. |
881 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
882 | * Every frame contains a 32bit A429 label. |
883 | * More documentation on Arinc 429 can be found at |
884 | * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf |
885 | */ |
886 | #define DLT_A429 184 |
887 | |
888 | /* |
889 | * Arinc 653 Interpartition Communication messages. |
890 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
891 | * Please refer to the A653-1 standard for more information. |
892 | */ |
893 | #define DLT_A653_ICM 185 |
894 | |
895 | /* |
896 | * USB packets, beginning with a USB setup header; requested by |
897 | * Paolo Abeni <paolo.abeni@email.it>. |
898 | */ |
899 | #define DLT_USB 186 |
900 | |
901 | /* |
902 | * Bluetooth HCI UART transport layer (part H:4); requested by |
903 | * Paolo Abeni. |
904 | */ |
905 | #define DLT_BLUETOOTH_HCI_H4 187 |
906 | |
907 | /* |
908 | * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz |
909 | * <cruz_petagay@bah.com>. |
910 | */ |
911 | #define DLT_IEEE802_16_MAC_CPS 188 |
912 | |
913 | /* |
914 | * USB packets, beginning with a Linux USB header; requested by |
915 | * Paolo Abeni <paolo.abeni@email.it>. |
916 | */ |
917 | #define DLT_USB_LINUX 189 |
918 | |
919 | /* |
920 | * Controller Area Network (CAN) v. 2.0B packets. |
921 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
922 | * Used to dump CAN packets coming from a CAN Vector board. |
923 | * More documentation on the CAN v2.0B frames can be found at |
924 | * http://www.can-cia.org/downloads/?269 |
925 | */ |
926 | #define DLT_CAN20B 190 |
927 | |
928 | /* |
929 | * IEEE 802.15.4, with address fields padded, as is done by Linux |
930 | * drivers; requested by Juergen Schimmer. |
931 | */ |
932 | #define DLT_IEEE802_15_4_LINUX 191 |
933 | |
934 | /* |
935 | * Per Packet Information encapsulated packets. |
936 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
937 | */ |
938 | #define DLT_PPI 192 |
939 | |
940 | /* |
941 | * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header; |
942 | * requested by Charles Clancy. |
943 | */ |
944 | #define DLT_IEEE802_16_MAC_CPS_RADIO 193 |
945 | |
946 | /* |
947 | * Juniper-private data link type, as per request from |
948 | * Hannes Gredler <hannes@juniper.net>. |
949 | * The DLT_ is used for internal communication with a |
950 | * integrated service module (ISM). |
951 | */ |
952 | #define DLT_JUNIPER_ISM 194 |
953 | |
954 | /* |
955 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no |
956 | * nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>. |
957 | */ |
958 | #define DLT_IEEE802_15_4 195 |
959 | |
960 | /* |
961 | * Various link-layer types, with a pseudo-header, for SITA |
962 | * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com). |
963 | */ |
964 | #define DLT_SITA 196 |
965 | |
966 | /* |
967 | * Various link-layer types, with a pseudo-header, for Endace DAG cards; |
968 | * encapsulates Endace ERF records. Requested by Stephen Donnelly |
969 | * <stephen@endace.com>. |
970 | */ |
971 | #define DLT_ERF 197 |
972 | |
973 | /* |
974 | * Special header prepended to Ethernet packets when capturing from a |
975 | * u10 Networks board. Requested by Phil Mulholland |
976 | * <phil@u10networks.com>. |
977 | */ |
978 | #define DLT_RAIF1 198 |
979 | |
980 | /* |
981 | * IPMB packet for IPMI, beginning with the I2C slave address, followed |
982 | * by the netFn and LUN, etc.. Requested by Chanthy Toeung |
983 | * <chanthy.toeung@ca.kontron.com>. |
984 | */ |
985 | #define DLT_IPMB 199 |
986 | |
987 | /* |
988 | * Juniper-private data link type, as per request from |
989 | * Hannes Gredler <hannes@juniper.net>. |
990 | * The DLT_ is used for capturing data on a secure tunnel interface. |
991 | */ |
992 | #define DLT_JUNIPER_ST 200 |
993 | |
994 | /* |
995 | * Bluetooth HCI UART transport layer (part H:4), with pseudo-header |
996 | * that includes direction information; requested by Paolo Abeni. |
997 | */ |
998 | #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 |
999 | |
1000 | /* |
1001 | * AX.25 packet with a 1-byte KISS header; see |
1002 | * |
1003 | * http://www.ax25.net/kiss.htm |
1004 | * |
1005 | * as per Richard Stearn <richard@rns-stearn.demon.co.uk>. |
1006 | */ |
1007 | #define DLT_AX25_KISS 202 |
1008 | |
1009 | /* |
1010 | * LAPD packets from an ISDN channel, starting with the address field, |
1011 | * with no pseudo-header. |
1012 | * Requested by Varuna De Silva <varunax@gmail.com>. |
1013 | */ |
1014 | #define DLT_LAPD 203 |
1015 | |
1016 | /* |
1017 | * Variants of various link-layer headers, with a one-byte direction |
1018 | * pseudo-header prepended - zero means "received by this host", |
1019 | * non-zero (any non-zero value) means "sent by this host" - as per |
1020 | * Will Barker <w.barker@zen.co.uk>. |
1021 | */ |
1022 | #define DLT_PPP_WITH_DIR 204 /* PPP - don't confuse with DLT_PPP_WITH_DIRECTION */ |
1023 | #define DLT_C_HDLC_WITH_DIR 205 /* Cisco HDLC */ |
1024 | #define DLT_FRELAY_WITH_DIR 206 /* Frame Relay */ |
1025 | #define DLT_LAPB_WITH_DIR 207 /* LAPB */ |
1026 | |
1027 | /* |
1028 | * 208 is reserved for an as-yet-unspecified proprietary link-layer |
1029 | * type, as requested by Will Barker. |
1030 | */ |
1031 | |
1032 | /* |
1033 | * IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman |
1034 | * <avn@pigeonpoint.com>. |
1035 | */ |
1036 | #define DLT_IPMB_LINUX 209 |
1037 | |
1038 | /* |
1039 | * FlexRay automotive bus - http://www.flexray.com/ - as requested |
1040 | * by Hannes Kaelber <hannes.kaelber@x2e.de>. |
1041 | */ |
1042 | #define DLT_FLEXRAY 210 |
1043 | |
1044 | /* |
1045 | * Media Oriented Systems Transport (MOST) bus for multimedia |
1046 | * transport - http://www.mostcooperation.com/ - as requested |
1047 | * by Hannes Kaelber <hannes.kaelber@x2e.de>. |
1048 | */ |
1049 | #define DLT_MOST 211 |
1050 | |
1051 | /* |
1052 | * Local Interconnect Network (LIN) bus for vehicle networks - |
1053 | * http://www.lin-subbus.org/ - as requested by Hannes Kaelber |
1054 | * <hannes.kaelber@x2e.de>. |
1055 | */ |
1056 | #define DLT_LIN 212 |
1057 | |
1058 | /* |
1059 | * X2E-private data link type used for serial line capture, |
1060 | * as requested by Hannes Kaelber <hannes.kaelber@x2e.de>. |
1061 | */ |
1062 | #define DLT_X2E_SERIAL 213 |
1063 | |
1064 | /* |
1065 | * X2E-private data link type used for the Xoraya data logger |
1066 | * family, as requested by Hannes Kaelber <hannes.kaelber@x2e.de>. |
1067 | */ |
1068 | #define DLT_X2E_XORAYA 214 |
1069 | |
1070 | /* |
1071 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no |
1072 | * nothing), but with the PHY-level data for non-ASK PHYs (4 octets |
1073 | * of 0 as preamble, one octet of SFD, one octet of frame length+ |
1074 | * reserved bit, and then the MAC-layer data, starting with the |
1075 | * frame control field). |
1076 | * |
1077 | * Requested by Max Filippov <jcmvbkbc@gmail.com>. |
1078 | */ |
1079 | #define DLT_IEEE802_15_4_NONASK_PHY 215 |
1080 | |
1081 | /* |
1082 | * David Gibson <david@gibson.dropbear.id.au> requested this for |
1083 | * captures from the Linux kernel /dev/input/eventN devices. This |
1084 | * is used to communicate keystrokes and mouse movements from the |
1085 | * Linux kernel to display systems, such as Xorg. |
1086 | */ |
1087 | #define DLT_LINUX_EVDEV 216 |
1088 | |
1089 | /* |
1090 | * GSM Um and Abis interfaces, preceded by a "gsmtap" header. |
1091 | * |
1092 | * Requested by Harald Welte <laforge@gnumonks.org>. |
1093 | */ |
1094 | #define DLT_GSMTAP_UM 217 |
1095 | #define DLT_GSMTAP_ABIS 218 |
1096 | |
1097 | /* |
1098 | * MPLS, with an MPLS label as the link-layer header. |
1099 | * Requested by Michele Marchetto <michele@openbsd.org> on behalf |
1100 | * of OpenBSD. |
1101 | */ |
1102 | #define DLT_MPLS 219 |
1103 | |
1104 | /* |
1105 | * USB packets, beginning with a Linux USB header, with the USB header |
1106 | * padded to 64 bytes; required for memory-mapped access. |
1107 | */ |
1108 | #define DLT_USB_LINUX_MMAPPED 220 |
1109 | |
1110 | /* |
1111 | * DECT packets, with a pseudo-header; requested by |
1112 | * Matthias Wenzel <tcpdump@mazzoo.de>. |
1113 | */ |
1114 | #define DLT_DECT 221 |
1115 | |
1116 | /* |
1117 | * From: "Lidwa, Eric (GSFC-582.0)[SGT INC]" <eric.lidwa-1@nasa.gov> |
1118 | * Date: Mon, 11 May 2009 11:18:30 -0500 |
1119 | * |
1120 | * DLT_AOS. We need it for AOS Space Data Link Protocol. |
1121 | * I have already written dissectors for but need an OK from |
1122 | * legal before I can submit a patch. |
1123 | * |
1124 | */ |
1125 | #define DLT_AOS 222 |
1126 | |
1127 | /* |
1128 | * Wireless HART (Highway Addressable Remote Transducer) |
1129 | * From the HART Communication Foundation |
1130 | * IES/PAS 62591 |
1131 | * |
1132 | * Requested by Sam Roberts <vieuxtech@gmail.com>. |
1133 | */ |
1134 | #define DLT_WIHART 223 |
1135 | |
1136 | /* |
1137 | * Fibre Channel FC-2 frames, beginning with a Frame_Header. |
1138 | * Requested by Kahou Lei <kahou82@gmail.com>. |
1139 | */ |
1140 | #define DLT_FC_2 224 |
1141 | |
1142 | /* |
1143 | * Fibre Channel FC-2 frames, beginning with an encoding of the |
1144 | * SOF, and ending with an encoding of the EOF. |
1145 | * |
1146 | * The encodings represent the frame delimiters as 4-byte sequences |
1147 | * representing the corresponding ordered sets, with K28.5 |
1148 | * represented as 0xBC, and the D symbols as the corresponding |
1149 | * byte values; for example, SOFi2, which is K28.5 - D21.5 - D1.2 - D21.2, |
1150 | * is represented as 0xBC 0xB5 0x55 0x55. |
1151 | * |
1152 | * Requested by Kahou Lei <kahou82@gmail.com>. |
1153 | */ |
1154 | #define DLT_FC_2_WITH_FRAME_DELIMS 225 |
1155 | |
1156 | /* |
1157 | * Solaris ipnet pseudo-header; requested by Darren Reed <Darren.Reed@Sun.COM>. |
1158 | * |
1159 | * The pseudo-header starts with a one-byte version number; for version 2, |
1160 | * the pseudo-header is: |
1161 | * |
1162 | * struct dl_ipnetinfo { |
1163 | * u_int8_t dli_version; |
1164 | * u_int8_t dli_family; |
1165 | * u_int16_t dli_htype; |
1166 | * u_int32_t dli_pktlen; |
1167 | * u_int32_t dli_ifindex; |
1168 | * u_int32_t dli_grifindex; |
1169 | * u_int32_t dli_zsrc; |
1170 | * u_int32_t dli_zdst; |
1171 | * }; |
1172 | * |
1173 | * dli_version is 2 for the current version of the pseudo-header. |
1174 | * |
1175 | * dli_family is a Solaris address family value, so it's 2 for IPv4 |
1176 | * and 26 for IPv6. |
1177 | * |
1178 | * dli_htype is a "hook type" - 0 for incoming packets, 1 for outgoing |
1179 | * packets, and 2 for packets arriving from another zone on the same |
1180 | * machine. |
1181 | * |
1182 | * dli_pktlen is the length of the packet data following the pseudo-header |
1183 | * (so the captured length minus dli_pktlen is the length of the |
1184 | * pseudo-header, assuming the entire pseudo-header was captured). |
1185 | * |
1186 | * dli_ifindex is the interface index of the interface on which the |
1187 | * packet arrived. |
1188 | * |
1189 | * dli_grifindex is the group interface index number (for IPMP interfaces). |
1190 | * |
1191 | * dli_zsrc is the zone identifier for the source of the packet. |
1192 | * |
1193 | * dli_zdst is the zone identifier for the destination of the packet. |
1194 | * |
1195 | * A zone number of 0 is the global zone; a zone number of 0xffffffff |
1196 | * means that the packet arrived from another host on the network, not |
1197 | * from another zone on the same machine. |
1198 | * |
1199 | * An IPv4 or IPv6 datagram follows the pseudo-header; dli_family indicates |
1200 | * which of those it is. |
1201 | */ |
1202 | #define DLT_IPNET 226 |
1203 | |
1204 | /* |
1205 | * CAN (Controller Area Network) frames, with a pseudo-header as supplied |
1206 | * by Linux SocketCAN. See Documentation/networking/can.txt in the Linux |
1207 | * source. |
1208 | * |
1209 | * Requested by Felix Obenhuber <felix@obenhuber.de>. |
1210 | */ |
1211 | #define DLT_CAN_SOCKETCAN 227 |
1212 | |
1213 | /* |
1214 | * Raw IPv4/IPv6; different from DLT_RAW in that the DLT_ value specifies |
1215 | * whether it's v4 or v6. Requested by Darren Reed <Darren.Reed@Sun.COM>. |
1216 | */ |
1217 | #define DLT_IPV4 228 |
1218 | #define DLT_IPV6 229 |
1219 | |
1220 | /* |
1221 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no |
1222 | * nothing), and with no FCS at the end of the frame; requested by |
1223 | * Jon Smirl <jonsmirl@gmail.com>. |
1224 | */ |
1225 | #define DLT_IEEE802_15_4_NOFCS 230 |
1226 | |
1227 | /* |
1228 | * Raw D-Bus: |
1229 | * |
1230 | * http://www.freedesktop.org/wiki/Software/dbus |
1231 | * |
1232 | * messages: |
1233 | * |
1234 | * http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages |
1235 | * |
1236 | * starting with the endianness flag, followed by the message type, etc., |
1237 | * but without the authentication handshake before the message sequence: |
1238 | * |
1239 | * http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol |
1240 | * |
1241 | * Requested by Martin Vidner <martin@vidner.net>. |
1242 | */ |
1243 | #define DLT_DBUS 231 |
1244 | |
1245 | /* |
1246 | * Juniper-private data link type, as per request from |
1247 | * Hannes Gredler <hannes@juniper.net>. |
1248 | */ |
1249 | #define DLT_JUNIPER_VS 232 |
1250 | #define DLT_JUNIPER_SRX_E2E 233 |
1251 | #define DLT_JUNIPER_FIBRECHANNEL 234 |
1252 | |
1253 | /* |
1254 | * DVB-CI (DVB Common Interface for communication between a PC Card |
1255 | * module and a DVB receiver). See |
1256 | * |
1257 | * http://www.kaiser.cx/pcap-dvbci.html |
1258 | * |
1259 | * for the specification. |
1260 | * |
1261 | * Requested by Martin Kaiser <martin@kaiser.cx>. |
1262 | */ |
1263 | #define DLT_DVB_CI 235 |
1264 | |
1265 | /* |
1266 | * Variant of 3GPP TS 27.010 multiplexing protocol (similar to, but |
1267 | * *not* the same as, 27.010). Requested by Hans-Christoph Schemmel |
1268 | * <hans-christoph.schemmel@cinterion.com>. |
1269 | */ |
1270 | #define DLT_MUX27010 236 |
1271 | |
1272 | /* |
1273 | * STANAG 5066 D_PDUs. Requested by M. Baris Demiray |
1274 | * <barisdemiray@gmail.com>. |
1275 | */ |
1276 | #define DLT_STANAG_5066_D_PDU 237 |
1277 | |
1278 | /* |
1279 | * Juniper-private data link type, as per request from |
1280 | * Hannes Gredler <hannes@juniper.net>. |
1281 | */ |
1282 | #define DLT_JUNIPER_ATM_CEMIC 238 |
1283 | |
1284 | /* |
1285 | * NetFilter LOG messages |
1286 | * (payload of netlink NFNL_SUBSYS_ULOG/NFULNL_MSG_PACKET packets) |
1287 | * |
1288 | * Requested by Jakub Zawadzki <darkjames-ws@darkjames.pl> |
1289 | */ |
1290 | #define DLT_NFLOG 239 |
1291 | |
1292 | /* |
1293 | * Hilscher Gesellschaft fuer Systemautomation mbH link-layer type |
1294 | * for Ethernet packets with a 4-byte pseudo-header and always |
1295 | * with the payload including the FCS, as supplied by their |
1296 | * netANALYZER hardware and software. |
1297 | * |
1298 | * Requested by Holger P. Frommer <HPfrommer@hilscher.com> |
1299 | */ |
1300 | #define DLT_NETANALYZER 240 |
1301 | |
1302 | /* |
1303 | * Hilscher Gesellschaft fuer Systemautomation mbH link-layer type |
1304 | * for Ethernet packets with a 4-byte pseudo-header and FCS and |
1305 | * with the Ethernet header preceded by 7 bytes of preamble and |
1306 | * 1 byte of SFD, as supplied by their netANALYZER hardware and |
1307 | * software. |
1308 | * |
1309 | * Requested by Holger P. Frommer <HPfrommer@hilscher.com> |
1310 | */ |
1311 | #define DLT_NETANALYZER_TRANSPARENT 241 |
1312 | |
1313 | /* |
1314 | * IP-over-Infiniband, as specified by RFC 4391. |
1315 | * |
1316 | * Requested by Petr Sumbera <petr.sumbera@oracle.com>. |
1317 | */ |
1318 | #define DLT_IPOIB 242 |
1319 | |
1320 | /* |
1321 | * MPEG-2 transport stream (ISO 13818-1/ITU-T H.222.0). |
1322 | * |
1323 | * Requested by Guy Martin <gmsoft@tuxicoman.be>. |
1324 | */ |
1325 | #define DLT_MPEG_2_TS 243 |
1326 | |
1327 | /* |
1328 | * ng4T GmbH's UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP format as |
1329 | * used by their ng40 protocol tester. |
1330 | * |
1331 | * Requested by Jens Grimmer <jens.grimmer@ng4t.com>. |
1332 | */ |
1333 | #define DLT_NG40 244 |
1334 | |
1335 | /* |
1336 | * Pseudo-header giving adapter number and flags, followed by an NFC |
1337 | * (Near-Field Communications) Logical Link Control Protocol (LLCP) PDU, |
1338 | * as specified by NFC Forum Logical Link Control Protocol Technical |
1339 | * Specification LLCP 1.1. |
1340 | * |
1341 | * Requested by Mike Wakerly <mikey@google.com>. |
1342 | */ |
1343 | #define DLT_NFC_LLCP 245 |
1344 | |
1345 | /* |
1346 | * USB packets, beginning with a Darwin (macOS, etc.) USB header. |
1347 | */ |
1348 | #define DLT_USB_DARWIN 266 |
1349 | |
1350 | #define DLT_MATCHING_MAX 266 /* highest value in the "matching" range */ |
1351 | |
1352 | #if !defined(DRIVERKIT) |
1353 | /* |
1354 | * The instruction encodings. |
1355 | */ |
1356 | /* instruction classes */ |
1357 | #define BPF_CLASS(code) ((code) & 0x07) |
1358 | #define BPF_LD 0x00 |
1359 | #define BPF_LDX 0x01 |
1360 | #define BPF_ST 0x02 |
1361 | #define BPF_STX 0x03 |
1362 | #define BPF_ALU 0x04 |
1363 | #define BPF_JMP 0x05 |
1364 | #define BPF_RET 0x06 |
1365 | #define BPF_MISC 0x07 |
1366 | |
1367 | /* ld/ldx fields */ |
1368 | #define BPF_SIZE(code) ((code) & 0x18) |
1369 | #define BPF_W 0x00 |
1370 | #define BPF_H 0x08 |
1371 | #define BPF_B 0x10 |
1372 | #define BPF_MODE(code) ((code) & 0xe0) |
1373 | #define BPF_IMM 0x00 |
1374 | #define BPF_ABS 0x20 |
1375 | #define BPF_IND 0x40 |
1376 | #define BPF_MEM 0x60 |
1377 | #define BPF_LEN 0x80 |
1378 | #define BPF_MSH 0xa0 |
1379 | |
1380 | /* alu/jmp fields */ |
1381 | #define BPF_OP(code) ((code) & 0xf0) |
1382 | #define BPF_ADD 0x00 |
1383 | #define BPF_SUB 0x10 |
1384 | #define BPF_MUL 0x20 |
1385 | #define BPF_DIV 0x30 |
1386 | #define BPF_OR 0x40 |
1387 | #define BPF_AND 0x50 |
1388 | #define BPF_LSH 0x60 |
1389 | #define BPF_RSH 0x70 |
1390 | #define BPF_NEG 0x80 |
1391 | #define BPF_JA 0x00 |
1392 | #define BPF_JEQ 0x10 |
1393 | #define BPF_JGT 0x20 |
1394 | #define BPF_JGE 0x30 |
1395 | #define BPF_JSET 0x40 |
1396 | #define BPF_SRC(code) ((code) & 0x08) |
1397 | #define BPF_K 0x00 |
1398 | #define BPF_X 0x08 |
1399 | |
1400 | /* ret - BPF_K and BPF_X also apply */ |
1401 | #define BPF_RVAL(code) ((code) & 0x18) |
1402 | #define BPF_A 0x10 |
1403 | |
1404 | /* misc */ |
1405 | #define BPF_MISCOP(code) ((code) & 0xf8) |
1406 | #define BPF_TAX 0x00 |
1407 | #define BPF_TXA 0x80 |
1408 | |
1409 | /* |
1410 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). |
1411 | */ |
1412 | #define BPF_MEMWORDS 16 |
1413 | |
1414 | /* |
1415 | * The instruction data structure. |
1416 | */ |
1417 | struct bpf_insn { |
1418 | u_short code; |
1419 | u_char jt; |
1420 | u_char jf; |
1421 | bpf_u_int32 k; |
1422 | }; |
1423 | |
1424 | /* |
1425 | * Macros for insn array initializers. |
1426 | */ |
1427 | #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } |
1428 | #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } |
1429 | |
1430 | #pragma pack(4) |
1431 | |
1432 | /* |
1433 | * Structure to retrieve available DLTs for the interface. |
1434 | */ |
1435 | struct bpf_dltlist { |
1436 | u_int32_t bfl_len; /* number of bfd_list array */ |
1437 | union { |
1438 | u_int32_t *bflu_list; /* array of DLTs */ |
1439 | u_int64_t bflu_pad; |
1440 | } bfl_u; |
1441 | }; |
1442 | #define bfl_list bfl_u.bflu_list |
1443 | |
1444 | #pragma pack() |
1445 | |
1446 | #ifdef KERNEL_PRIVATE |
1447 | #define BPF_MIN_PKT_SIZE 40 |
1448 | #define PORT_DNS 53 |
1449 | #define PORT_BOOTPS 67 |
1450 | #define PORT_BOOTPC 68 |
1451 | #define PORT_ISAKMP 500 |
1452 | #define PORT_ISAKMP_NATT 4500 /* rfc3948 */ |
1453 | |
1454 | /* Forward declerations */ |
1455 | struct ifnet; |
1456 | struct mbuf; |
1457 | |
1458 | #define BPF_PACKET_TYPE_MBUF 0 |
1459 | #if SKYWALK |
1460 | #define BPF_PACKET_TYPE_PKT 1 |
1461 | #include <skywalk/os_skywalk.h> |
1462 | #endif /* SKYWALK */ |
1463 | |
1464 | struct bpf_packet { |
1465 | int bpfp_type; |
1466 | void * ; /* optional */ |
1467 | size_t ; |
1468 | union { |
1469 | struct mbuf *bpfpu_mbuf; |
1470 | void * bpfpu_ptr; |
1471 | #if SKYWALK |
1472 | kern_packet_t bpfpu_pkt; |
1473 | #define bpfp_pkt bpfp_u.bpfpu_pkt |
1474 | #endif /* SKYWALK */ |
1475 | } bpfp_u; |
1476 | #define bpfp_mbuf bpfp_u.bpfpu_mbuf |
1477 | #define bpfp_ptr bpfp_u.bpfpu_ptr |
1478 | size_t bpfp_total_length; /* length including optional header */ |
1479 | }; |
1480 | |
1481 | extern int bpf_validate(const struct bpf_insn *, int); |
1482 | extern void bpfdetach(struct ifnet *); |
1483 | extern void bpfilterattach(int); |
1484 | extern u_int bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int); |
1485 | #endif /* KERNEL_PRIVATE */ |
1486 | |
1487 | #endif /* !defined(DRIVERKIT) */ |
1488 | |
1489 | #if defined(DRIVERKIT) || defined(KERNEL) |
1490 | #ifndef BPF_TAP_MODE_T |
1491 | #define BPF_TAP_MODE_T |
1492 | /*! |
1493 | * @enum BPF tap mode |
1494 | * @abstract Constants defining interface families. |
1495 | * @constant BPF_MODE_DISABLED Disable bpf. |
1496 | * @constant BPF_MODE_INPUT Enable input only. |
1497 | * @constant BPF_MODE_OUTPUT Enable output only. |
1498 | * @constant BPF_MODE_INPUT_OUTPUT Enable input and output. |
1499 | */ |
1500 | |
1501 | enum { |
1502 | BPF_MODE_DISABLED = 0, |
1503 | BPF_MODE_INPUT = 1, |
1504 | BPF_MODE_OUTPUT = 2, |
1505 | BPF_MODE_INPUT_OUTPUT = 3 |
1506 | }; |
1507 | /*! |
1508 | * @typedef bpf_tap_mode |
1509 | * @abstract Mode for tapping. BPF_MODE_DISABLED/BPF_MODE_INPUT_OUTPUT etc. |
1510 | */ |
1511 | typedef uint32_t bpf_tap_mode; |
1512 | #endif /* !BPF_TAP_MODE_T */ |
1513 | #endif /* defined(DRIVERKIT) || defined(KERNEL) */ |
1514 | |
1515 | #ifdef KERNEL |
1516 | /*! |
1517 | * @typedef bpf_send_func |
1518 | * @discussion bpf_send_func is called when a bpf file descriptor is |
1519 | * used to send a raw packet on the interface. The mbuf and data |
1520 | * link type are specified. The callback is responsible for |
1521 | * releasing the mbuf whether or not it returns an error. |
1522 | * @param interface The interface the packet is being sent on. |
1523 | * @param data_link_type The data link type the bpf device is attached to. |
1524 | * @param packet The packet to be sent. |
1525 | */ |
1526 | typedef errno_t (*bpf_send_func)(ifnet_t interface, u_int32_t data_link_type, |
1527 | mbuf_t packet); |
1528 | |
1529 | /*! |
1530 | * @typedef bpf_tap_func |
1531 | * @discussion bpf_tap_func is called when the tap state of the |
1532 | * interface changes. This happens when a bpf device attaches to an |
1533 | * interface or detaches from an interface. The tap mode will join |
1534 | * together (bit or) the modes of all bpf devices using that |
1535 | * interface for that dlt. If you return an error from this |
1536 | * function, the bpf device attach attempt that triggered the tap |
1537 | * will fail. If this function was called bacuse the tap state was |
1538 | * decreasing (tap in or out is stopping), the error will be |
1539 | * ignored. |
1540 | * @param interface The interface being tapped. |
1541 | * @param data_link_type The data link type being tapped. |
1542 | * @param direction The direction of the tap. |
1543 | */ |
1544 | typedef errno_t (*bpf_tap_func)(ifnet_t interface, u_int32_t data_link_type, |
1545 | bpf_tap_mode direction); |
1546 | |
1547 | /*! |
1548 | * @function bpfattach |
1549 | * @discussion Registers an interface with BPF. This allows bpf devices |
1550 | * to attach to your interface to capture packets. Your interface |
1551 | * will be unregistered automatically when your interface is |
1552 | * detached. |
1553 | * @param interface The interface to register with BPF. |
1554 | * @param data_link_type The data link type of the interface. See the |
1555 | * DLT_* defines in bpf.h. |
1556 | * @param header_length The length, in bytes, of the data link header. |
1557 | */ |
1558 | extern void bpfattach(ifnet_t interface, u_int data_link_type, |
1559 | u_int ); |
1560 | |
1561 | /*! |
1562 | * @function bpf_attach |
1563 | * @discussion Registers an interface with BPF. This allows bpf devices |
1564 | * to attach to your interface to capture and transmit packets. |
1565 | * Your interface will be unregistered automatically when your |
1566 | * interface is detached. You may register multiple times with |
1567 | * different data link types. An 802.11 interface would use this to |
1568 | * allow clients to pick whether they want just an ethernet style |
1569 | * frame or the 802.11 wireless headers as well. The first dlt you |
1570 | * register will be considered the default. Any bpf device attaches |
1571 | * that do not specify a data link type will use the default. |
1572 | * @param interface The interface to register with BPF. |
1573 | * @param data_link_type The data link type of the interface. See the |
1574 | * DLT_* defines in bpf.h. |
1575 | * @param header_length The length, in bytes, of the data link header. |
1576 | * @param send See the bpf_send_func described above. |
1577 | * @param tap See the bpf_tap_func described above. |
1578 | */ |
1579 | extern errno_t bpf_attach(ifnet_t interface, u_int32_t data_link_type, |
1580 | u_int32_t , bpf_send_func send, bpf_tap_func tap); |
1581 | |
1582 | /*! |
1583 | * @function bpf_tap_in |
1584 | * @discussion Call this function when your interface receives a |
1585 | * packet. This function will check if any bpf devices need a |
1586 | * a copy of the packet. |
1587 | * @param interface The interface the packet was received on. |
1588 | * @param dlt The data link type of the packet. |
1589 | * @param packet The packet received. |
1590 | * @param header An optional pointer to a header that will be prepended. |
1591 | * @param header_len If the header was specified, the length of the header. |
1592 | */ |
1593 | extern void bpf_tap_in(ifnet_t interface, u_int32_t dlt, mbuf_t packet, |
1594 | void *, size_t ); |
1595 | |
1596 | /*! |
1597 | * @function bpf_tap_out |
1598 | * @discussion Call this function when your interface transmits a |
1599 | * packet. This function will check if any bpf devices need a |
1600 | * a copy of the packet. |
1601 | * @param interface The interface the packet was or will be transmitted on. |
1602 | * @param dlt The data link type of the packet. |
1603 | * @param packet The packet received. |
1604 | * @param header An optional pointer to a header that will be prepended. |
1605 | * @param header_len If the header was specified, the length of the header. |
1606 | */ |
1607 | extern void bpf_tap_out(ifnet_t interface, u_int32_t dlt, mbuf_t packet, |
1608 | void *, size_t ); |
1609 | |
1610 | #if SKYWALK |
1611 | /*! |
1612 | * @function bpf_tap_packet_in |
1613 | * @discussion Call this function when your interface receives a |
1614 | * packet. This function will check if any bpf devices need a |
1615 | * a copy of the packet. |
1616 | * @param interface The interface the packet was received on. |
1617 | * @param dlt The data link type of the packet. |
1618 | * @param packet The packet received. |
1619 | * @param header An optional pointer to a header that will be prepended. |
1620 | * @param header_len If the header was specified, the length of the header. |
1621 | */ |
1622 | extern void bpf_tap_packet_in(ifnet_t interface, u_int32_t dlt, |
1623 | kern_packet_t packet, void *, size_t ); |
1624 | |
1625 | /*! |
1626 | * @function bpf_tap_packet_out |
1627 | * @discussion Call this function when your interface transmits a |
1628 | * packet. This function will check if any bpf devices need a |
1629 | * a copy of the packet. |
1630 | * @param interface The interface the packet was or will be transmitted on. |
1631 | * @param dlt The data link type of the packet. |
1632 | * @param packet The packet received. |
1633 | * @param header An optional pointer to a header that will be prepended. |
1634 | * @param header_len If the header was specified, the length of the header. |
1635 | */ |
1636 | extern void bpf_tap_packet_out(ifnet_t interface, u_int32_t dlt, |
1637 | kern_packet_t packet, void *, size_t ); |
1638 | |
1639 | #endif /* SKYWALK */ |
1640 | #endif /* KERNEL */ |
1641 | |
1642 | #endif /* _NET_BPF_H_ */ |
1643 | |