1/*
2 * Copyright (c) 2000-2022 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28/*
29 * Copyright (c) 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from the Stanford/CMU enet packet filter,
33 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
34 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
35 * Berkeley Laboratory.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)bpf.h 8.1 (Berkeley) 6/10/93
66 * @(#)bpf.h 1.34 (LBL) 6/16/96
67 *
68 * $FreeBSD: src/sys/net/bpf.h,v 1.21.2.3 2001/08/01 00:23:13 fenner Exp $
69 */
70/*
71 * NOTICE: This file was modified by SPARTA, Inc. in 2006 to introduce
72 * support for mandatory and extensible security protections. This notice
73 * is included in support of clause 2.2 (b) of the Apple Public License,
74 * Version 2.0.
75 */
76
77#ifndef _NET_BPF_H_
78#define _NET_BPF_H_
79
80#include <stdint.h>
81
82#if !defined(DRIVERKIT)
83#include <sys/param.h>
84#include <sys/appleapiopts.h>
85#include <sys/types.h>
86#include <sys/time.h>
87#include <sys/cdefs.h>
88
89#ifdef PRIVATE
90#include <net/if_var.h>
91#include <uuid/uuid.h>
92
93struct bpf_setup_args {
94 uuid_t bsa_uuid;
95 char bsa_ifname[IFNAMSIZ];
96};
97#endif /* PRIVATE */
98
99#ifdef KERNEL
100#include <sys/kernel_types.h>
101
102#if !defined(__i386__) && !defined(__x86_64__)
103#define BPF_ALIGN 1
104#else /* defined(__i386__) || defined(__x86_64__) */
105#define BPF_ALIGN 0
106#endif /* defined(__i386__) || defined(__x86_64__) */
107
108#if !BPF_ALIGN
109#define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)(void *)p))
110#define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)(void *)p))
111#else
112#define EXTRACT_SHORT(p) \
113 ((u_int16_t)\
114 ((u_int16_t)*((u_char *)p+0)<<8|\
115 (u_int16_t)*((u_char *)p+1)<<0))
116#define EXTRACT_LONG(p) \
117 ((u_int32_t)*((u_char *)p+0)<<24|\
118 (u_int32_t)*((u_char *)p+1)<<16|\
119 (u_int32_t)*((u_char *)p+2)<<8|\
120 (u_int32_t)*((u_char *)p+3)<<0)
121#endif
122
123#endif /* KERNEL */
124
125/* BSD style release date */
126#define BPF_RELEASE 199606
127
128typedef int32_t bpf_int32;
129typedef u_int32_t bpf_u_int32;
130
131/*
132 * Alignment macros. BPF_WORDALIGN rounds up to the next
133 * even multiple of BPF_ALIGNMENT.
134 */
135#define BPF_ALIGNMENT sizeof(int32_t)
136#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
137
138#define BPF_MAXINSNS 512
139#define BPF_MAXBUFSIZE 0x80000
140#define BPF_MINBUFSIZE 32
141
142/*
143 * Structure for BIOCSETF.
144 */
145struct bpf_program {
146 u_int bf_len;
147 struct bpf_insn *bf_insns;
148};
149
150#ifdef KERNEL_PRIVATE
151/*
152 * LP64 version of bpf_program. all pointers
153 * grow when we're dealing with a 64-bit process.
154 * WARNING - keep in sync with bpf_program
155 */
156struct bpf_program64 {
157 u_int bf_len;
158 user64_addr_t bf_insns __attribute__((aligned(8)));
159};
160
161struct bpf_program32 {
162 u_int bf_len;
163 user32_addr_t bf_insns;
164};
165#endif /* KERNEL_PRIVATE */
166
167/*
168 * Struct returned by BIOCGSTATS.
169 */
170struct bpf_stat {
171 u_int bs_recv; /* number of packets received */
172 u_int bs_drop; /* number of packets dropped */
173};
174
175/*
176 * Struct return by BIOCVERSION. This represents the version number of
177 * the filter language described by the instruction encodings below.
178 * bpf understands a program iff kernel_major == filter_major &&
179 * kernel_minor >= filter_minor, that is, if the value returned by the
180 * running kernel has the same major number and a minor number equal
181 * equal to or less than the filter being downloaded. Otherwise, the
182 * results are undefined, meaning an error may be returned or packets
183 * may be accepted haphazardly.
184 * It has nothing to do with the source code version.
185 */
186struct bpf_version {
187 u_short bv_major;
188 u_short bv_minor;
189};
190
191#ifdef PRIVATE
192struct bpf_comp_stats {
193 uint64_t bcs_total_read; /* number of packets read from device */
194 uint64_t bcs_total_size; /* total size of filtered packets */
195 uint64_t bcs_total_hdr_size; /* total header size of captured packets */
196 uint64_t bcs_count_no_common_prefix; /* count of packets not compressible */
197 uint64_t bcs_count_compressed_prefix; /* count of compressed packets */
198 uint64_t bcs_total_compressed_prefix_size; /* total size of compressed data */
199 uint64_t bcs_max_compressed_prefix_size; /* max compressed data size */
200};
201#endif /* PRIVATE */
202
203#if defined(__LP64__)
204#include <sys/_types/_timeval32.h>
205
206#define BPF_TIMEVAL timeval32
207#else
208#define BPF_TIMEVAL timeval
209#endif /* __LP64__ */
210/* Current version number of filter architecture. */
211#define BPF_MAJOR_VERSION 1
212#define BPF_MINOR_VERSION 1
213
214#define BIOCGBLEN _IOR('B',102, u_int)
215#define BIOCSBLEN _IOWR('B',102, u_int)
216#define BIOCSETF _IOW('B',103, struct bpf_program)
217#ifdef KERNEL_PRIVATE
218#define BIOCSETF64 _IOW('B',103, struct bpf_program64)
219#define BIOCSETF32 _IOW('B',103, struct bpf_program32)
220#endif /* KERNEL_PRIVATE */
221#define BIOCFLUSH _IO('B',104)
222#define BIOCPROMISC _IO('B',105)
223#define BIOCGDLT _IOR('B',106, u_int)
224#define BIOCGETIF _IOR('B',107, struct ifreq)
225#define BIOCSETIF _IOW('B',108, struct ifreq)
226#define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
227#ifdef KERNEL_PRIVATE
228#define BIOCSRTIMEOUT64 _IOW('B',109, struct user64_timeval)
229#define BIOCSRTIMEOUT32 _IOW('B',109, struct user32_timeval)
230#endif /* KERNEL_PRIVATE */
231#define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
232#ifdef KERNEL_PRIVATE
233#define BIOCGRTIMEOUT64 _IOR('B',110, struct user64_timeval)
234#define BIOCGRTIMEOUT32 _IOR('B',110, struct user32_timeval)
235#endif /* KERNEL_PRIVATE */
236#define BIOCGSTATS _IOR('B',111, struct bpf_stat)
237#define BIOCIMMEDIATE _IOW('B',112, u_int)
238#define BIOCVERSION _IOR('B',113, struct bpf_version)
239#define BIOCGRSIG _IOR('B',114, u_int)
240#define BIOCSRSIG _IOW('B',115, u_int)
241#define BIOCGHDRCMPLT _IOR('B',116, u_int)
242#define BIOCSHDRCMPLT _IOW('B',117, u_int)
243#define BIOCGSEESENT _IOR('B',118, u_int)
244#define BIOCSSEESENT _IOW('B',119, u_int)
245#define BIOCSDLT _IOW('B',120, u_int)
246#define BIOCGDLTLIST _IOWR('B',121, struct bpf_dltlist)
247#ifdef PRIVATE
248#define BIOCGETTC _IOR('B', 122, int)
249#define BIOCSETTC _IOW('B', 123, int)
250#define BIOCSEXTHDR _IOW('B', 124, u_int)
251#define BIOCGIFATTACHCOUNT _IOWR('B', 125, struct ifreq)
252#endif /* PRIVATE */
253#define BIOCSETFNR _IOW('B', 126, struct bpf_program)
254#ifdef KERNEL_PRIVATE
255#define BIOCSETFNR64 _IOW('B',126, struct bpf_program64)
256#define BIOCSETFNR32 _IOW('B',126, struct bpf_program32)
257#endif /* KERNEL_PRIVATE */
258#ifdef PRIVATE
259#define BIOCGWANTPKTAP _IOR('B', 127, u_int)
260#define BIOCSWANTPKTAP _IOWR('B', 127, u_int)
261#define BIOCSHEADDROP _IOW('B', 128, int)
262#define BIOCGHEADDROP _IOR('B', 128, int)
263#define BIOCSTRUNCATE _IOW('B', 129, u_int)
264#define BIOCGETUUID _IOR('B', 130, uuid_t)
265#define BIOCSETUP _IOW('B', 131, struct bpf_setup_args)
266#define BIOCSPKTHDRV2 _IOW('B', 132, int)
267#define BIOCGPKTHDRV2 _IOW('B', 133, int)
268#define BIOCGHDRCOMP _IOR('B', 134, int)
269#define BIOCSHDRCOMP _IOW('B', 135, int)
270#define BIOCGHDRCOMPSTATS _IOR('B', 136, struct bpf_comp_stats)
271#define BIOCGHDRCOMPON _IOR('B', 137, int)
272#define BIOCGDIRECTION _IOR('B', 138, int)
273#define BIOCSDIRECTION _IOW('B', 139, int)
274#define BIOCSWRITEMAX _IOW('B', 140, u_int)
275#define BIOCGWRITEMAX _IOR('B', 141, u_int)
276#define BIOCGBATCHWRITE _IOR('B', 142, int)
277#define BIOCSBATCHWRITE _IOW('B', 143, int)
278#endif /* PRIVATE */
279
280/*
281 * Structure prepended to each packet.
282 */
283struct bpf_hdr {
284 struct BPF_TIMEVAL bh_tstamp; /* time stamp */
285 bpf_u_int32 bh_caplen; /* length of captured portion */
286 bpf_u_int32 bh_datalen; /* original length of packet */
287 u_short bh_hdrlen; /* length of bpf header (this struct
288 * plus alignment padding) */
289};
290#ifdef KERNEL
291/*
292 * Because the structure above is not a multiple of 4 bytes, some compilers
293 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
294 * Only the kernel needs to know about it; applications use bh_hdrlen.
295 */
296#define SIZEOF_BPF_HDR (sizeof(struct bpf_hdr) <= 20 ? 18 : \
297 sizeof(struct bpf_hdr))
298#endif
299#ifdef PRIVATE
300/*
301 * This structure must be a multiple of 4 bytes.
302 * It includes padding and spare fields that we can use later if desired.
303 */
304struct bpf_hdr_ext {
305 struct BPF_TIMEVAL bh_tstamp; /* time stamp */
306 bpf_u_int32 bh_caplen; /* length of captured portion */
307 bpf_u_int32 bh_datalen; /* original length of packet */
308 u_short bh_hdrlen; /* length of bpf header */
309 u_char bh_complen;
310 u_char bh_flags;
311#define BPF_HDR_EXT_FLAGS_DIR_IN 0x00
312#define BPF_HDR_EXT_FLAGS_DIR_OUT 0x01
313#ifdef BSD_KERNEL_PRIVATE
314#define BPF_HDR_EXT_FLAGS_TCP 0x02
315#define BPF_HDR_EXT_FLAGS_UDP 0x04
316#endif /* BSD_KERNEL_PRIVATE */
317 pid_t bh_pid; /* process PID */
318 char bh_comm[MAXCOMLEN + 1]; /* process command */
319 u_char bh_pktflags;
320#define BPF_PKTFLAGS_TCP_REXMT 0x01
321#define BPF_PKTFLAGS_START_SEQ 0x02
322#define BPF_PKTFLAGS_LAST_PKT 0x04
323#define BPF_PKTFLAGS_WAKE_PKT 0x08
324 uint16_t bh_trace_tag;
325 bpf_u_int32 bh_svc; /* service class */
326 bpf_u_int32 bh_flowid; /* kernel reserved; 0 in userland */
327 bpf_u_int32 bh_unsent_bytes; /* unsent bytes at interface */
328 bpf_u_int32 bh_unsent_snd; /* unsent bytes at socket buffer */
329};
330
331#define BPF_HDR_EXT_HAS_TRACE_TAG 1
332
333/*
334 * External representation of the bpf descriptor
335 */
336struct xbpf_d {
337 uint32_t bd_structsize; /* Size of this structure. */
338 int32_t bd_dev_minor;
339 int32_t bd_sig;
340 uint32_t bd_slen;
341 uint32_t bd_hlen;
342 uint32_t bd_bufsize;
343 pid_t bd_pid;
344
345 uint8_t bd_promisc;
346 uint8_t bd_immediate;
347 uint8_t bd_hdrcmplt;
348 uint8_t bd_async;
349
350 uint8_t bd_headdrop;
351 uint8_t bd_direction;
352 uint8_t bh_compreq;
353 uint8_t bh_compenabled;
354
355 uint8_t bd_exthdr;
356 uint8_t bd_trunc;
357 uint8_t bd_pkthdrv2;
358 uint8_t bd_pad;
359
360 uint64_t bd_rcount;
361 uint64_t bd_dcount;
362 uint64_t bd_fcount;
363 uint64_t bd_wcount;
364 uint64_t bd_wdcount;
365
366 char bd_ifname[IFNAMSIZ];
367
368 uint64_t bd_comp_count;
369 uint64_t bd_comp_size;
370
371 uint32_t bd_scnt; /* number of packets in store buffer */
372 uint32_t bd_hcnt; /* number of packets in hold buffer */
373
374 uint64_t bd_read_count;
375 uint64_t bd_fsize;
376};
377
378#ifndef bd_seesent
379/*
380 * Code compatibility workaround so that old versions of network_cmds will continue to build
381 * even if netstat -B shows an incorrect value.
382 */
383#define bd_seesent bd_direction
384#endif /* bd_seesent */
385
386#define _HAS_STRUCT_XBPF_D_ 2
387
388struct bpf_comp_hdr {
389 struct BPF_TIMEVAL bh_tstamp; /* time stamp */
390 bpf_u_int32 bh_caplen; /* length of captured portion */
391 bpf_u_int32 bh_datalen; /* original length of packet */
392 u_short bh_hdrlen; /* length of bpf header (this struct
393 * plus alignment padding) */
394 u_char bh_complen; /* data portion compressed */
395 u_char bh_padding; /* data portion compressed */
396};
397
398#define HAS_BPF_HDR_COMP 1
399#define BPF_HDR_COMP_LEN_MAX 255
400
401/*
402 * Packet tap directions
403 */
404#define BPF_D_NONE 0x0 /* See no packet (for writing only) */
405#define BPF_D_IN 0x1 /* See incoming packets */
406#define BPF_D_OUT 0x2 /* See outgoing packets */
407#define BPF_D_INOUT 0x3 /* See incoming and outgoing packets */
408
409#endif /* PRIVATE */
410#endif /* !defined(DRIVERKIT) */
411
412/*
413 * Data-link level type codes.
414 */
415#define DLT_NULL 0 /* no link-layer encapsulation */
416#define DLT_EN10MB 1 /* Ethernet (10Mb) */
417#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
418#define DLT_AX25 3 /* Amateur Radio AX.25 */
419#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
420#define DLT_CHAOS 5 /* Chaos */
421#define DLT_IEEE802 6 /* IEEE 802 Networks */
422#define DLT_ARCNET 7 /* ARCNET */
423#define DLT_SLIP 8 /* Serial Line IP */
424#define DLT_PPP 9 /* Point-to-point Protocol */
425#define DLT_FDDI 10 /* FDDI */
426#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
427#define DLT_RAW 12 /* raw IP */
428
429/*
430 * These are values from BSD/OS's "bpf.h".
431 * These are not the same as the values from the traditional libpcap
432 * "bpf.h"; however, these values shouldn't be generated by any
433 * OS other than BSD/OS, so the correct values to use here are the
434 * BSD/OS values.
435 *
436 * Platforms that have already assigned these values to other
437 * DLT_ codes, however, should give these codes the values
438 * from that platform, so that programs that use these codes will
439 * continue to compile - even though they won't correctly read
440 * files of these types.
441 */
442#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
443#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
444
445/*
446 * 17 was used for DLT_PFLOG in OpenBSD; it no longer is.
447 *
448 * It was DLT_LANE8023 in SuSE 6.3, so we defined LINKTYPE_PFLOG
449 * as 117 so that pflog captures would use a link-layer header type
450 * value that didn't collide with any other values. On all
451 * platforms other than OpenBSD, we defined DLT_PFLOG as 117,
452 * and we mapped between LINKTYPE_PFLOG and DLT_PFLOG.
453 *
454 * OpenBSD eventually switched to using 117 for DLT_PFLOG as well.
455 *
456 * Don't use 17 for anything else.
457 */
458
459/*
460 * 18 is used for DLT_PFSYNC in OpenBSD, NetBSD, DragonFly BSD and
461 * Mac OS X; don't use it for anything else. (FreeBSD uses 121,
462 * which collides with DLT_HHDLC, even though it doesn't use 18
463 * for anything and doesn't appear to have ever used it for anything.)
464 *
465 * We define it as 18 on those platforms; it is, unfortunately, used
466 * for DLT_CIP in Suse 6.3, so we don't define it as DLT_PFSYNC
467 * in general. As the packet format for it, like that for
468 * DLT_PFLOG, is not only OS-dependent but OS-version-dependent,
469 * we don't support printing it in tcpdump except on OSes that
470 * have the relevant header files, so it's not that useful on
471 * other platforms.
472 */
473#define DLT_PFSYNC 18 /* Packet filter state syncing */
474
475#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
476
477/*
478 * These values are defined by NetBSD; other platforms should refrain from
479 * using them for other purposes, so that NetBSD savefiles with link
480 * types of 50 or 51 can be read as this type on all platforms.
481 */
482#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
483#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
484
485/*
486 * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses
487 * a link-layer type of 99 for the tcpdump it supplies. The link-layer
488 * header has 6 bytes of unknown data, something that appears to be an
489 * Ethernet type, and 36 bytes that appear to be 0 in at least one capture
490 * I've seen.
491 */
492#define DLT_SYMANTEC_FIREWALL 99
493
494/*
495 * Values between 100 and 103 are used in capture file headers as
496 * link-layer header type LINKTYPE_ values corresponding to DLT_ types
497 * that differ between platforms; don't use those values for new DLT_
498 * new types.
499 */
500
501/*
502 * Values starting with 104 are used for newly-assigned link-layer
503 * header type values; for those link-layer header types, the DLT_
504 * value returned by pcap_datalink() and passed to pcap_open_dead(),
505 * and the LINKTYPE_ value that appears in capture files, are the
506 * same.
507 *
508 * DLT_MATCHING_MIN is the lowest such value; DLT_MATCHING_MAX is
509 * the highest such value.
510 */
511#define DLT_MATCHING_MIN 104
512
513/*
514 * This value was defined by libpcap 0.5; platforms that have defined
515 * it with a different value should define it here with that value -
516 * a link type of 104 in a save file will be mapped to DLT_C_HDLC,
517 * whatever value that happens to be, so programs will correctly
518 * handle files with that link type regardless of the value of
519 * DLT_C_HDLC.
520 *
521 * The name DLT_C_HDLC was used by BSD/OS; we use that name for source
522 * compatibility with programs written for BSD/OS.
523 *
524 * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
525 * for source compatibility with programs written for libpcap 0.5.
526 */
527#define DLT_C_HDLC 104 /* Cisco HDLC */
528#define DLT_CHDLC DLT_C_HDLC
529
530#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
531
532/*
533 * Values between 106 and 107 are used in capture file headers as
534 * link-layer types corresponding to DLT_ types that might differ
535 * between platforms; don't use those values for new DLT_ new types.
536 */
537
538/*
539 * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides
540 * with other values.
541 * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header
542 * (DLCI, etc.).
543 */
544#define DLT_FRELAY 107
545
546/*
547 * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
548 * that the AF_ type in the link-layer header is in network byte order.
549 *
550 * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
551 * define it as 108 here. If OpenBSD picks up this file, it should
552 * define DLT_LOOP as 12 in its version, as per the comment above -
553 * and should not use 108 for any purpose.
554 */
555#define DLT_LOOP 108
556
557/*
558 * Values between 109 and 112 are used in capture file headers as
559 * link-layer types corresponding to DLT_ types that might differ
560 * between platforms; don't use those values for new DLT_ new types.
561 */
562
563/*
564 * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's
565 * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other
566 * than OpenBSD.
567 */
568#define DLT_ENC 109
569
570/*
571 * This is for Linux cooked sockets.
572 */
573#define DLT_LINUX_SLL 113
574
575/*
576 * Apple LocalTalk hardware.
577 */
578#define DLT_LTALK 114
579
580/*
581 * Acorn Econet.
582 */
583#define DLT_ECONET 115
584
585/*
586 * Reserved for use with OpenBSD ipfilter.
587 */
588#define DLT_IPFILTER 116
589
590/*
591 * For use in capture-file headers as a link-layer type corresponding
592 * to OpenBSD PF (Packet Filter) log.
593 */
594#define DLT_PFLOG 117
595
596/*
597 * Registered for Cisco-internal use.
598 */
599#define DLT_CISCO_IOS 118
600
601/*
602 * Reserved for 802.11 cards using the Prism II chips, with a link-layer
603 * header including Prism monitor mode information plus an 802.11
604 * header.
605 */
606#define DLT_PRISM_HEADER 119
607
608/*
609 * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
610 * (see Doug Ambrisko's FreeBSD patches).
611 */
612#define DLT_AIRONET_HEADER 120
613
614/*
615 * Reserved for Siemens HiPath HDLC. XXX
616 */
617#define DLT_HHDLC 121
618
619/*
620 * Reserved for RFC 2625 IP-over-Fibre Channel.
621 */
622#define DLT_IP_OVER_FC 122
623
624/*
625 * Reserved for Full Frontal ATM on Solaris.
626 */
627#define DLT_SUNATM 123
628
629/*
630 * Reserved as per request from Kent Dahlgren <kent@praesum.com>
631 * for private use.
632 */
633#define DLT_RIO 124 /* RapidIO */
634#define DLT_PCI_EXP 125 /* PCI Express */
635#define DLT_AURORA 126 /* Xilinx Aurora link layer */
636
637/*
638 * BSD header for 802.11 plus a number of bits of link-layer information
639 * including radio information.
640 */
641#ifndef DLT_IEEE802_11_RADIO
642#define DLT_IEEE802_11_RADIO 127
643#endif
644
645/*
646 * Reserved for TZSP encapsulation.
647 */
648#define DLT_TZSP 128 /* Tazmen Sniffer Protocol */
649
650/*
651 * Reserved for Linux ARCNET.
652 */
653#define DLT_ARCNET_LINUX 129
654
655/*
656 * Juniper-private data link types.
657 */
658#define DLT_JUNIPER_MLPPP 130
659#define DLT_JUNIPER_MLFR 131
660#define DLT_JUNIPER_ES 132
661#define DLT_JUNIPER_GGSN 133
662#define DLT_JUNIPER_MFR 134
663#define DLT_JUNIPER_ATM2 135
664#define DLT_JUNIPER_SERVICES 136
665#define DLT_JUNIPER_ATM1 137
666
667/*
668 * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund
669 * <dieter@apple.com>. The header that's presented is an Ethernet-like
670 * header:
671 *
672 * #define FIREWIRE_EUI64_LEN 8
673 * struct firewire_header {
674 * u_char firewire_dhost[FIREWIRE_EUI64_LEN];
675 * u_char firewire_shost[FIREWIRE_EUI64_LEN];
676 * u_short firewire_type;
677 * };
678 *
679 * with "firewire_type" being an Ethernet type value, rather than,
680 * for example, raw GASP frames being handed up.
681 */
682#define DLT_APPLE_IP_OVER_IEEE1394 138
683
684/*
685 * Various SS7 encapsulations, as per a request from Jeff Morriss
686 * <jeff.morriss[AT]ulticom.com> and subsequent discussions.
687 */
688#define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */
689#define DLT_MTP2 140 /* MTP2, without pseudo-header */
690#define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */
691#define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */
692
693/*
694 * Reserved for DOCSIS.
695 */
696#define DLT_DOCSIS 143
697
698/*
699 * Reserved for Linux IrDA.
700 */
701#define DLT_LINUX_IRDA 144
702
703/*
704 * Reserved for IBM SP switch and IBM Next Federation switch.
705 */
706#define DLT_IBM_SP 145
707#define DLT_IBM_SN 146
708
709/*
710 * Reserved for private use. If you have some link-layer header type
711 * that you want to use within your organization, with the capture files
712 * using that link-layer header type not ever be sent outside your
713 * organization, you can use these values.
714 *
715 * No libpcap release will use these for any purpose, nor will any
716 * tcpdump release use them, either.
717 *
718 * Do *NOT* use these in capture files that you expect anybody not using
719 * your private versions of capture-file-reading tools to read; in
720 * particular, do *NOT* use them in products, otherwise you may find that
721 * people won't be able to use tcpdump, or snort, or Ethereal, or... to
722 * read capture files from your firewall/intrusion detection/traffic
723 * monitoring/etc. appliance, or whatever product uses that DLT_ value,
724 * and you may also find that the developers of those applications will
725 * not accept patches to let them read those files.
726 *
727 * Also, do not use them if somebody might send you a capture using them
728 * for *their* private type and tools using them for *your* private type
729 * would have to read them.
730 *
731 * Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value,
732 * as per the comment above, and use the type you're given.
733 */
734#define DLT_USER0 147
735#define DLT_USER1 148
736#define DLT_USER2 149
737#define DLT_USER3 150
738#define DLT_USER4 151
739#define DLT_USER5 152
740#define DLT_USER6 153
741#define DLT_USER7 154
742#define DLT_USER8 155
743#define DLT_USER9 156
744#define DLT_USER10 157
745#define DLT_USER11 158
746#define DLT_USER12 159
747#define DLT_USER13 160
748#define DLT_USER14 161
749#define DLT_USER15 162
750
751#ifdef PRIVATE
752/*
753 * For Apple private usage
754 */
755#define DLT_USER0_APPLE_INTERNAL DLT_USER0 /* rdar://12019509 */
756#define DLT_USER1_APPLE_INTERNAL DLT_USER1 /* rdar://12019509 */
757#define DLT_PKTAP DLT_USER2 /* rdar://11779467 */
758#define DLT_USER3_APPLE_INTERNAL DLT_USER3 /* rdar://19614531 */
759#define DLT_USER4_APPLE_INTERNAL DLT_USER4 /* rdar://19614531 */
760#endif /* PRIVATE */
761
762/*
763 * For future use with 802.11 captures - defined by AbsoluteValue
764 * Systems to store a number of bits of link-layer information
765 * including radio information:
766 *
767 * http://www.shaftnet.org/~pizza/software/capturefrm.txt
768 *
769 * but it might be used by some non-AVS drivers now or in the
770 * future.
771 */
772#define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */
773
774/*
775 * Juniper-private data link type, as per request from
776 * Hannes Gredler <hannes@juniper.net>. The DLT_s are used
777 * for passing on chassis-internal metainformation such as
778 * QOS profiles, etc..
779 */
780#define DLT_JUNIPER_MONITOR 164
781
782/*
783 * Reserved for BACnet MS/TP.
784 */
785#define DLT_BACNET_MS_TP 165
786
787/*
788 * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>.
789 *
790 * This is used in some OSes to allow a kernel socket filter to distinguish
791 * between incoming and outgoing packets, on a socket intended to
792 * supply pppd with outgoing packets so it can do dial-on-demand and
793 * hangup-on-lack-of-demand; incoming packets are filtered out so they
794 * don't cause pppd to hold the connection up (you don't want random
795 * input packets such as port scans, packets from old lost connections,
796 * etc. to force the connection to stay up).
797 *
798 * The first byte of the PPP header (0xff03) is modified to accomodate
799 * the direction - 0x00 = IN, 0x01 = OUT.
800 */
801#define DLT_PPP_PPPD 166
802
803/*
804 * Names for backwards compatibility with older versions of some PPP
805 * software; new software should use DLT_PPP_PPPD.
806 */
807#define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD
808#define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD
809
810/*
811 * Juniper-private data link type, as per request from
812 * Hannes Gredler <hannes@juniper.net>. The DLT_s are used
813 * for passing on chassis-internal metainformation such as
814 * QOS profiles, cookies, etc..
815 */
816#define DLT_JUNIPER_PPPOE 167
817#define DLT_JUNIPER_PPPOE_ATM 168
818
819#define DLT_GPRS_LLC 169 /* GPRS LLC */
820#define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */
821#define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */
822
823/*
824 * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line
825 * monitoring equipment.
826 */
827#define DLT_GCOM_T1E1 172
828#define DLT_GCOM_SERIAL 173
829
830/*
831 * Juniper-private data link type, as per request from
832 * Hannes Gredler <hannes@juniper.net>. The DLT_ is used
833 * for internal communication to Physical Interface Cards (PIC)
834 */
835#define DLT_JUNIPER_PIC_PEER 174
836
837/*
838 * Link types requested by Gregor Maier <gregor@endace.com> of Endace
839 * Measurement Systems. They add an ERF header (see
840 * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of
841 * the link-layer header.
842 */
843#define DLT_ERF_ETH 175 /* Ethernet */
844#define DLT_ERF_POS 176 /* Packet-over-SONET */
845
846/*
847 * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD
848 * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header
849 * includes additional information before the LAPD header, so it's
850 * not necessarily a generic LAPD header.
851 */
852#define DLT_LINUX_LAPD 177
853
854/*
855 * Juniper-private data link type, as per request from
856 * Hannes Gredler <hannes@juniper.net>.
857 * The DLT_ are used for prepending meta-information
858 * like interface index, interface name
859 * before standard Ethernet, PPP, Frelay & C-HDLC Frames
860 */
861#define DLT_JUNIPER_ETHER 178
862#define DLT_JUNIPER_PPP 179
863#define DLT_JUNIPER_FRELAY 180
864#define DLT_JUNIPER_CHDLC 181
865
866/*
867 * Multi Link Frame Relay (FRF.16)
868 */
869#define DLT_MFR 182
870
871/*
872 * Juniper-private data link type, as per request from
873 * Hannes Gredler <hannes@juniper.net>.
874 * The DLT_ is used for internal communication with a
875 * voice Adapter Card (PIC)
876 */
877#define DLT_JUNIPER_VP 183
878
879/*
880 * Arinc 429 frames.
881 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
882 * Every frame contains a 32bit A429 label.
883 * More documentation on Arinc 429 can be found at
884 * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf
885 */
886#define DLT_A429 184
887
888/*
889 * Arinc 653 Interpartition Communication messages.
890 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
891 * Please refer to the A653-1 standard for more information.
892 */
893#define DLT_A653_ICM 185
894
895/*
896 * USB packets, beginning with a USB setup header; requested by
897 * Paolo Abeni <paolo.abeni@email.it>.
898 */
899#define DLT_USB 186
900
901/*
902 * Bluetooth HCI UART transport layer (part H:4); requested by
903 * Paolo Abeni.
904 */
905#define DLT_BLUETOOTH_HCI_H4 187
906
907/*
908 * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz
909 * <cruz_petagay@bah.com>.
910 */
911#define DLT_IEEE802_16_MAC_CPS 188
912
913/*
914 * USB packets, beginning with a Linux USB header; requested by
915 * Paolo Abeni <paolo.abeni@email.it>.
916 */
917#define DLT_USB_LINUX 189
918
919/*
920 * Controller Area Network (CAN) v. 2.0B packets.
921 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
922 * Used to dump CAN packets coming from a CAN Vector board.
923 * More documentation on the CAN v2.0B frames can be found at
924 * http://www.can-cia.org/downloads/?269
925 */
926#define DLT_CAN20B 190
927
928/*
929 * IEEE 802.15.4, with address fields padded, as is done by Linux
930 * drivers; requested by Juergen Schimmer.
931 */
932#define DLT_IEEE802_15_4_LINUX 191
933
934/*
935 * Per Packet Information encapsulated packets.
936 * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
937 */
938#define DLT_PPI 192
939
940/*
941 * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header;
942 * requested by Charles Clancy.
943 */
944#define DLT_IEEE802_16_MAC_CPS_RADIO 193
945
946/*
947 * Juniper-private data link type, as per request from
948 * Hannes Gredler <hannes@juniper.net>.
949 * The DLT_ is used for internal communication with a
950 * integrated service module (ISM).
951 */
952#define DLT_JUNIPER_ISM 194
953
954/*
955 * IEEE 802.15.4, exactly as it appears in the spec (no padding, no
956 * nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>.
957 */
958#define DLT_IEEE802_15_4 195
959
960/*
961 * Various link-layer types, with a pseudo-header, for SITA
962 * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com).
963 */
964#define DLT_SITA 196
965
966/*
967 * Various link-layer types, with a pseudo-header, for Endace DAG cards;
968 * encapsulates Endace ERF records. Requested by Stephen Donnelly
969 * <stephen@endace.com>.
970 */
971#define DLT_ERF 197
972
973/*
974 * Special header prepended to Ethernet packets when capturing from a
975 * u10 Networks board. Requested by Phil Mulholland
976 * <phil@u10networks.com>.
977 */
978#define DLT_RAIF1 198
979
980/*
981 * IPMB packet for IPMI, beginning with the I2C slave address, followed
982 * by the netFn and LUN, etc.. Requested by Chanthy Toeung
983 * <chanthy.toeung@ca.kontron.com>.
984 */
985#define DLT_IPMB 199
986
987/*
988 * Juniper-private data link type, as per request from
989 * Hannes Gredler <hannes@juniper.net>.
990 * The DLT_ is used for capturing data on a secure tunnel interface.
991 */
992#define DLT_JUNIPER_ST 200
993
994/*
995 * Bluetooth HCI UART transport layer (part H:4), with pseudo-header
996 * that includes direction information; requested by Paolo Abeni.
997 */
998#define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201
999
1000/*
1001 * AX.25 packet with a 1-byte KISS header; see
1002 *
1003 * http://www.ax25.net/kiss.htm
1004 *
1005 * as per Richard Stearn <richard@rns-stearn.demon.co.uk>.
1006 */
1007#define DLT_AX25_KISS 202
1008
1009/*
1010 * LAPD packets from an ISDN channel, starting with the address field,
1011 * with no pseudo-header.
1012 * Requested by Varuna De Silva <varunax@gmail.com>.
1013 */
1014#define DLT_LAPD 203
1015
1016/*
1017 * Variants of various link-layer headers, with a one-byte direction
1018 * pseudo-header prepended - zero means "received by this host",
1019 * non-zero (any non-zero value) means "sent by this host" - as per
1020 * Will Barker <w.barker@zen.co.uk>.
1021 */
1022#define DLT_PPP_WITH_DIR 204 /* PPP - don't confuse with DLT_PPP_WITH_DIRECTION */
1023#define DLT_C_HDLC_WITH_DIR 205 /* Cisco HDLC */
1024#define DLT_FRELAY_WITH_DIR 206 /* Frame Relay */
1025#define DLT_LAPB_WITH_DIR 207 /* LAPB */
1026
1027/*
1028 * 208 is reserved for an as-yet-unspecified proprietary link-layer
1029 * type, as requested by Will Barker.
1030 */
1031
1032/*
1033 * IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman
1034 * <avn@pigeonpoint.com>.
1035 */
1036#define DLT_IPMB_LINUX 209
1037
1038/*
1039 * FlexRay automotive bus - http://www.flexray.com/ - as requested
1040 * by Hannes Kaelber <hannes.kaelber@x2e.de>.
1041 */
1042#define DLT_FLEXRAY 210
1043
1044/*
1045 * Media Oriented Systems Transport (MOST) bus for multimedia
1046 * transport - http://www.mostcooperation.com/ - as requested
1047 * by Hannes Kaelber <hannes.kaelber@x2e.de>.
1048 */
1049#define DLT_MOST 211
1050
1051/*
1052 * Local Interconnect Network (LIN) bus for vehicle networks -
1053 * http://www.lin-subbus.org/ - as requested by Hannes Kaelber
1054 * <hannes.kaelber@x2e.de>.
1055 */
1056#define DLT_LIN 212
1057
1058/*
1059 * X2E-private data link type used for serial line capture,
1060 * as requested by Hannes Kaelber <hannes.kaelber@x2e.de>.
1061 */
1062#define DLT_X2E_SERIAL 213
1063
1064/*
1065 * X2E-private data link type used for the Xoraya data logger
1066 * family, as requested by Hannes Kaelber <hannes.kaelber@x2e.de>.
1067 */
1068#define DLT_X2E_XORAYA 214
1069
1070/*
1071 * IEEE 802.15.4, exactly as it appears in the spec (no padding, no
1072 * nothing), but with the PHY-level data for non-ASK PHYs (4 octets
1073 * of 0 as preamble, one octet of SFD, one octet of frame length+
1074 * reserved bit, and then the MAC-layer data, starting with the
1075 * frame control field).
1076 *
1077 * Requested by Max Filippov <jcmvbkbc@gmail.com>.
1078 */
1079#define DLT_IEEE802_15_4_NONASK_PHY 215
1080
1081/*
1082 * David Gibson <david@gibson.dropbear.id.au> requested this for
1083 * captures from the Linux kernel /dev/input/eventN devices. This
1084 * is used to communicate keystrokes and mouse movements from the
1085 * Linux kernel to display systems, such as Xorg.
1086 */
1087#define DLT_LINUX_EVDEV 216
1088
1089/*
1090 * GSM Um and Abis interfaces, preceded by a "gsmtap" header.
1091 *
1092 * Requested by Harald Welte <laforge@gnumonks.org>.
1093 */
1094#define DLT_GSMTAP_UM 217
1095#define DLT_GSMTAP_ABIS 218
1096
1097/*
1098 * MPLS, with an MPLS label as the link-layer header.
1099 * Requested by Michele Marchetto <michele@openbsd.org> on behalf
1100 * of OpenBSD.
1101 */
1102#define DLT_MPLS 219
1103
1104/*
1105 * USB packets, beginning with a Linux USB header, with the USB header
1106 * padded to 64 bytes; required for memory-mapped access.
1107 */
1108#define DLT_USB_LINUX_MMAPPED 220
1109
1110/*
1111 * DECT packets, with a pseudo-header; requested by
1112 * Matthias Wenzel <tcpdump@mazzoo.de>.
1113 */
1114#define DLT_DECT 221
1115
1116/*
1117 * From: "Lidwa, Eric (GSFC-582.0)[SGT INC]" <eric.lidwa-1@nasa.gov>
1118 * Date: Mon, 11 May 2009 11:18:30 -0500
1119 *
1120 * DLT_AOS. We need it for AOS Space Data Link Protocol.
1121 * I have already written dissectors for but need an OK from
1122 * legal before I can submit a patch.
1123 *
1124 */
1125#define DLT_AOS 222
1126
1127/*
1128 * Wireless HART (Highway Addressable Remote Transducer)
1129 * From the HART Communication Foundation
1130 * IES/PAS 62591
1131 *
1132 * Requested by Sam Roberts <vieuxtech@gmail.com>.
1133 */
1134#define DLT_WIHART 223
1135
1136/*
1137 * Fibre Channel FC-2 frames, beginning with a Frame_Header.
1138 * Requested by Kahou Lei <kahou82@gmail.com>.
1139 */
1140#define DLT_FC_2 224
1141
1142/*
1143 * Fibre Channel FC-2 frames, beginning with an encoding of the
1144 * SOF, and ending with an encoding of the EOF.
1145 *
1146 * The encodings represent the frame delimiters as 4-byte sequences
1147 * representing the corresponding ordered sets, with K28.5
1148 * represented as 0xBC, and the D symbols as the corresponding
1149 * byte values; for example, SOFi2, which is K28.5 - D21.5 - D1.2 - D21.2,
1150 * is represented as 0xBC 0xB5 0x55 0x55.
1151 *
1152 * Requested by Kahou Lei <kahou82@gmail.com>.
1153 */
1154#define DLT_FC_2_WITH_FRAME_DELIMS 225
1155
1156/*
1157 * Solaris ipnet pseudo-header; requested by Darren Reed <Darren.Reed@Sun.COM>.
1158 *
1159 * The pseudo-header starts with a one-byte version number; for version 2,
1160 * the pseudo-header is:
1161 *
1162 * struct dl_ipnetinfo {
1163 * u_int8_t dli_version;
1164 * u_int8_t dli_family;
1165 * u_int16_t dli_htype;
1166 * u_int32_t dli_pktlen;
1167 * u_int32_t dli_ifindex;
1168 * u_int32_t dli_grifindex;
1169 * u_int32_t dli_zsrc;
1170 * u_int32_t dli_zdst;
1171 * };
1172 *
1173 * dli_version is 2 for the current version of the pseudo-header.
1174 *
1175 * dli_family is a Solaris address family value, so it's 2 for IPv4
1176 * and 26 for IPv6.
1177 *
1178 * dli_htype is a "hook type" - 0 for incoming packets, 1 for outgoing
1179 * packets, and 2 for packets arriving from another zone on the same
1180 * machine.
1181 *
1182 * dli_pktlen is the length of the packet data following the pseudo-header
1183 * (so the captured length minus dli_pktlen is the length of the
1184 * pseudo-header, assuming the entire pseudo-header was captured).
1185 *
1186 * dli_ifindex is the interface index of the interface on which the
1187 * packet arrived.
1188 *
1189 * dli_grifindex is the group interface index number (for IPMP interfaces).
1190 *
1191 * dli_zsrc is the zone identifier for the source of the packet.
1192 *
1193 * dli_zdst is the zone identifier for the destination of the packet.
1194 *
1195 * A zone number of 0 is the global zone; a zone number of 0xffffffff
1196 * means that the packet arrived from another host on the network, not
1197 * from another zone on the same machine.
1198 *
1199 * An IPv4 or IPv6 datagram follows the pseudo-header; dli_family indicates
1200 * which of those it is.
1201 */
1202#define DLT_IPNET 226
1203
1204/*
1205 * CAN (Controller Area Network) frames, with a pseudo-header as supplied
1206 * by Linux SocketCAN. See Documentation/networking/can.txt in the Linux
1207 * source.
1208 *
1209 * Requested by Felix Obenhuber <felix@obenhuber.de>.
1210 */
1211#define DLT_CAN_SOCKETCAN 227
1212
1213/*
1214 * Raw IPv4/IPv6; different from DLT_RAW in that the DLT_ value specifies
1215 * whether it's v4 or v6. Requested by Darren Reed <Darren.Reed@Sun.COM>.
1216 */
1217#define DLT_IPV4 228
1218#define DLT_IPV6 229
1219
1220/*
1221 * IEEE 802.15.4, exactly as it appears in the spec (no padding, no
1222 * nothing), and with no FCS at the end of the frame; requested by
1223 * Jon Smirl <jonsmirl@gmail.com>.
1224 */
1225#define DLT_IEEE802_15_4_NOFCS 230
1226
1227/*
1228 * Raw D-Bus:
1229 *
1230 * http://www.freedesktop.org/wiki/Software/dbus
1231 *
1232 * messages:
1233 *
1234 * http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages
1235 *
1236 * starting with the endianness flag, followed by the message type, etc.,
1237 * but without the authentication handshake before the message sequence:
1238 *
1239 * http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
1240 *
1241 * Requested by Martin Vidner <martin@vidner.net>.
1242 */
1243#define DLT_DBUS 231
1244
1245/*
1246 * Juniper-private data link type, as per request from
1247 * Hannes Gredler <hannes@juniper.net>.
1248 */
1249#define DLT_JUNIPER_VS 232
1250#define DLT_JUNIPER_SRX_E2E 233
1251#define DLT_JUNIPER_FIBRECHANNEL 234
1252
1253/*
1254 * DVB-CI (DVB Common Interface for communication between a PC Card
1255 * module and a DVB receiver). See
1256 *
1257 * http://www.kaiser.cx/pcap-dvbci.html
1258 *
1259 * for the specification.
1260 *
1261 * Requested by Martin Kaiser <martin@kaiser.cx>.
1262 */
1263#define DLT_DVB_CI 235
1264
1265/*
1266 * Variant of 3GPP TS 27.010 multiplexing protocol (similar to, but
1267 * *not* the same as, 27.010). Requested by Hans-Christoph Schemmel
1268 * <hans-christoph.schemmel@cinterion.com>.
1269 */
1270#define DLT_MUX27010 236
1271
1272/*
1273 * STANAG 5066 D_PDUs. Requested by M. Baris Demiray
1274 * <barisdemiray@gmail.com>.
1275 */
1276#define DLT_STANAG_5066_D_PDU 237
1277
1278/*
1279 * Juniper-private data link type, as per request from
1280 * Hannes Gredler <hannes@juniper.net>.
1281 */
1282#define DLT_JUNIPER_ATM_CEMIC 238
1283
1284/*
1285 * NetFilter LOG messages
1286 * (payload of netlink NFNL_SUBSYS_ULOG/NFULNL_MSG_PACKET packets)
1287 *
1288 * Requested by Jakub Zawadzki <darkjames-ws@darkjames.pl>
1289 */
1290#define DLT_NFLOG 239
1291
1292/*
1293 * Hilscher Gesellschaft fuer Systemautomation mbH link-layer type
1294 * for Ethernet packets with a 4-byte pseudo-header and always
1295 * with the payload including the FCS, as supplied by their
1296 * netANALYZER hardware and software.
1297 *
1298 * Requested by Holger P. Frommer <HPfrommer@hilscher.com>
1299 */
1300#define DLT_NETANALYZER 240
1301
1302/*
1303 * Hilscher Gesellschaft fuer Systemautomation mbH link-layer type
1304 * for Ethernet packets with a 4-byte pseudo-header and FCS and
1305 * with the Ethernet header preceded by 7 bytes of preamble and
1306 * 1 byte of SFD, as supplied by their netANALYZER hardware and
1307 * software.
1308 *
1309 * Requested by Holger P. Frommer <HPfrommer@hilscher.com>
1310 */
1311#define DLT_NETANALYZER_TRANSPARENT 241
1312
1313/*
1314 * IP-over-Infiniband, as specified by RFC 4391.
1315 *
1316 * Requested by Petr Sumbera <petr.sumbera@oracle.com>.
1317 */
1318#define DLT_IPOIB 242
1319
1320/*
1321 * MPEG-2 transport stream (ISO 13818-1/ITU-T H.222.0).
1322 *
1323 * Requested by Guy Martin <gmsoft@tuxicoman.be>.
1324 */
1325#define DLT_MPEG_2_TS 243
1326
1327/*
1328 * ng4T GmbH's UMTS Iub/Iur-over-ATM and Iub/Iur-over-IP format as
1329 * used by their ng40 protocol tester.
1330 *
1331 * Requested by Jens Grimmer <jens.grimmer@ng4t.com>.
1332 */
1333#define DLT_NG40 244
1334
1335/*
1336 * Pseudo-header giving adapter number and flags, followed by an NFC
1337 * (Near-Field Communications) Logical Link Control Protocol (LLCP) PDU,
1338 * as specified by NFC Forum Logical Link Control Protocol Technical
1339 * Specification LLCP 1.1.
1340 *
1341 * Requested by Mike Wakerly <mikey@google.com>.
1342 */
1343#define DLT_NFC_LLCP 245
1344
1345/*
1346 * USB packets, beginning with a Darwin (macOS, etc.) USB header.
1347 */
1348#define DLT_USB_DARWIN 266
1349
1350#define DLT_MATCHING_MAX 266 /* highest value in the "matching" range */
1351
1352#if !defined(DRIVERKIT)
1353/*
1354 * The instruction encodings.
1355 */
1356/* instruction classes */
1357#define BPF_CLASS(code) ((code) & 0x07)
1358#define BPF_LD 0x00
1359#define BPF_LDX 0x01
1360#define BPF_ST 0x02
1361#define BPF_STX 0x03
1362#define BPF_ALU 0x04
1363#define BPF_JMP 0x05
1364#define BPF_RET 0x06
1365#define BPF_MISC 0x07
1366
1367/* ld/ldx fields */
1368#define BPF_SIZE(code) ((code) & 0x18)
1369#define BPF_W 0x00
1370#define BPF_H 0x08
1371#define BPF_B 0x10
1372#define BPF_MODE(code) ((code) & 0xe0)
1373#define BPF_IMM 0x00
1374#define BPF_ABS 0x20
1375#define BPF_IND 0x40
1376#define BPF_MEM 0x60
1377#define BPF_LEN 0x80
1378#define BPF_MSH 0xa0
1379
1380/* alu/jmp fields */
1381#define BPF_OP(code) ((code) & 0xf0)
1382#define BPF_ADD 0x00
1383#define BPF_SUB 0x10
1384#define BPF_MUL 0x20
1385#define BPF_DIV 0x30
1386#define BPF_OR 0x40
1387#define BPF_AND 0x50
1388#define BPF_LSH 0x60
1389#define BPF_RSH 0x70
1390#define BPF_NEG 0x80
1391#define BPF_JA 0x00
1392#define BPF_JEQ 0x10
1393#define BPF_JGT 0x20
1394#define BPF_JGE 0x30
1395#define BPF_JSET 0x40
1396#define BPF_SRC(code) ((code) & 0x08)
1397#define BPF_K 0x00
1398#define BPF_X 0x08
1399
1400/* ret - BPF_K and BPF_X also apply */
1401#define BPF_RVAL(code) ((code) & 0x18)
1402#define BPF_A 0x10
1403
1404/* misc */
1405#define BPF_MISCOP(code) ((code) & 0xf8)
1406#define BPF_TAX 0x00
1407#define BPF_TXA 0x80
1408
1409/*
1410 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
1411 */
1412#define BPF_MEMWORDS 16
1413
1414/*
1415 * The instruction data structure.
1416 */
1417struct bpf_insn {
1418 u_short code;
1419 u_char jt;
1420 u_char jf;
1421 bpf_u_int32 k;
1422};
1423
1424/*
1425 * Macros for insn array initializers.
1426 */
1427#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
1428#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
1429
1430#pragma pack(4)
1431
1432/*
1433 * Structure to retrieve available DLTs for the interface.
1434 */
1435struct bpf_dltlist {
1436 u_int32_t bfl_len; /* number of bfd_list array */
1437 union {
1438 u_int32_t *bflu_list; /* array of DLTs */
1439 u_int64_t bflu_pad;
1440 } bfl_u;
1441};
1442#define bfl_list bfl_u.bflu_list
1443
1444#pragma pack()
1445
1446#ifdef KERNEL_PRIVATE
1447#define BPF_MIN_PKT_SIZE 40
1448#define PORT_DNS 53
1449#define PORT_BOOTPS 67
1450#define PORT_BOOTPC 68
1451#define PORT_ISAKMP 500
1452#define PORT_ISAKMP_NATT 4500 /* rfc3948 */
1453
1454/* Forward declerations */
1455struct ifnet;
1456struct mbuf;
1457
1458#define BPF_PACKET_TYPE_MBUF 0
1459#if SKYWALK
1460#define BPF_PACKET_TYPE_PKT 1
1461#include <skywalk/os_skywalk.h>
1462#endif /* SKYWALK */
1463
1464struct bpf_packet {
1465 int bpfp_type;
1466 void * bpfp_header; /* optional */
1467 size_t bpfp_header_length;
1468 union {
1469 struct mbuf *bpfpu_mbuf;
1470 void * bpfpu_ptr;
1471#if SKYWALK
1472 kern_packet_t bpfpu_pkt;
1473#define bpfp_pkt bpfp_u.bpfpu_pkt
1474#endif /* SKYWALK */
1475 } bpfp_u;
1476#define bpfp_mbuf bpfp_u.bpfpu_mbuf
1477#define bpfp_ptr bpfp_u.bpfpu_ptr
1478 size_t bpfp_total_length; /* length including optional header */
1479};
1480
1481extern int bpf_validate(const struct bpf_insn *, int);
1482extern void bpfdetach(struct ifnet *);
1483extern void bpfilterattach(int);
1484extern u_int bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int);
1485#endif /* KERNEL_PRIVATE */
1486
1487#endif /* !defined(DRIVERKIT) */
1488
1489#if defined(DRIVERKIT) || defined(KERNEL)
1490#ifndef BPF_TAP_MODE_T
1491#define BPF_TAP_MODE_T
1492/*!
1493 * @enum BPF tap mode
1494 * @abstract Constants defining interface families.
1495 * @constant BPF_MODE_DISABLED Disable bpf.
1496 * @constant BPF_MODE_INPUT Enable input only.
1497 * @constant BPF_MODE_OUTPUT Enable output only.
1498 * @constant BPF_MODE_INPUT_OUTPUT Enable input and output.
1499 */
1500
1501enum {
1502 BPF_MODE_DISABLED = 0,
1503 BPF_MODE_INPUT = 1,
1504 BPF_MODE_OUTPUT = 2,
1505 BPF_MODE_INPUT_OUTPUT = 3
1506};
1507/*!
1508 * @typedef bpf_tap_mode
1509 * @abstract Mode for tapping. BPF_MODE_DISABLED/BPF_MODE_INPUT_OUTPUT etc.
1510 */
1511typedef uint32_t bpf_tap_mode;
1512#endif /* !BPF_TAP_MODE_T */
1513#endif /* defined(DRIVERKIT) || defined(KERNEL) */
1514
1515#ifdef KERNEL
1516/*!
1517 * @typedef bpf_send_func
1518 * @discussion bpf_send_func is called when a bpf file descriptor is
1519 * used to send a raw packet on the interface. The mbuf and data
1520 * link type are specified. The callback is responsible for
1521 * releasing the mbuf whether or not it returns an error.
1522 * @param interface The interface the packet is being sent on.
1523 * @param data_link_type The data link type the bpf device is attached to.
1524 * @param packet The packet to be sent.
1525 */
1526typedef errno_t (*bpf_send_func)(ifnet_t interface, u_int32_t data_link_type,
1527 mbuf_t packet);
1528
1529/*!
1530 * @typedef bpf_tap_func
1531 * @discussion bpf_tap_func is called when the tap state of the
1532 * interface changes. This happens when a bpf device attaches to an
1533 * interface or detaches from an interface. The tap mode will join
1534 * together (bit or) the modes of all bpf devices using that
1535 * interface for that dlt. If you return an error from this
1536 * function, the bpf device attach attempt that triggered the tap
1537 * will fail. If this function was called bacuse the tap state was
1538 * decreasing (tap in or out is stopping), the error will be
1539 * ignored.
1540 * @param interface The interface being tapped.
1541 * @param data_link_type The data link type being tapped.
1542 * @param direction The direction of the tap.
1543 */
1544typedef errno_t (*bpf_tap_func)(ifnet_t interface, u_int32_t data_link_type,
1545 bpf_tap_mode direction);
1546
1547/*!
1548 * @function bpfattach
1549 * @discussion Registers an interface with BPF. This allows bpf devices
1550 * to attach to your interface to capture packets. Your interface
1551 * will be unregistered automatically when your interface is
1552 * detached.
1553 * @param interface The interface to register with BPF.
1554 * @param data_link_type The data link type of the interface. See the
1555 * DLT_* defines in bpf.h.
1556 * @param header_length The length, in bytes, of the data link header.
1557 */
1558extern void bpfattach(ifnet_t interface, u_int data_link_type,
1559 u_int header_length);
1560
1561/*!
1562 * @function bpf_attach
1563 * @discussion Registers an interface with BPF. This allows bpf devices
1564 * to attach to your interface to capture and transmit packets.
1565 * Your interface will be unregistered automatically when your
1566 * interface is detached. You may register multiple times with
1567 * different data link types. An 802.11 interface would use this to
1568 * allow clients to pick whether they want just an ethernet style
1569 * frame or the 802.11 wireless headers as well. The first dlt you
1570 * register will be considered the default. Any bpf device attaches
1571 * that do not specify a data link type will use the default.
1572 * @param interface The interface to register with BPF.
1573 * @param data_link_type The data link type of the interface. See the
1574 * DLT_* defines in bpf.h.
1575 * @param header_length The length, in bytes, of the data link header.
1576 * @param send See the bpf_send_func described above.
1577 * @param tap See the bpf_tap_func described above.
1578 */
1579extern errno_t bpf_attach(ifnet_t interface, u_int32_t data_link_type,
1580 u_int32_t header_length, bpf_send_func send, bpf_tap_func tap);
1581
1582/*!
1583 * @function bpf_tap_in
1584 * @discussion Call this function when your interface receives a
1585 * packet. This function will check if any bpf devices need a
1586 * a copy of the packet.
1587 * @param interface The interface the packet was received on.
1588 * @param dlt The data link type of the packet.
1589 * @param packet The packet received.
1590 * @param header An optional pointer to a header that will be prepended.
1591 * @param header_len If the header was specified, the length of the header.
1592 */
1593extern void bpf_tap_in(ifnet_t interface, u_int32_t dlt, mbuf_t packet,
1594 void *header, size_t header_len);
1595
1596/*!
1597 * @function bpf_tap_out
1598 * @discussion Call this function when your interface transmits a
1599 * packet. This function will check if any bpf devices need a
1600 * a copy of the packet.
1601 * @param interface The interface the packet was or will be transmitted on.
1602 * @param dlt The data link type of the packet.
1603 * @param packet The packet received.
1604 * @param header An optional pointer to a header that will be prepended.
1605 * @param header_len If the header was specified, the length of the header.
1606 */
1607extern void bpf_tap_out(ifnet_t interface, u_int32_t dlt, mbuf_t packet,
1608 void *header, size_t header_len);
1609
1610#if SKYWALK
1611/*!
1612 * @function bpf_tap_packet_in
1613 * @discussion Call this function when your interface receives a
1614 * packet. This function will check if any bpf devices need a
1615 * a copy of the packet.
1616 * @param interface The interface the packet was received on.
1617 * @param dlt The data link type of the packet.
1618 * @param packet The packet received.
1619 * @param header An optional pointer to a header that will be prepended.
1620 * @param header_len If the header was specified, the length of the header.
1621 */
1622extern void bpf_tap_packet_in(ifnet_t interface, u_int32_t dlt,
1623 kern_packet_t packet, void *header, size_t header_len);
1624
1625/*!
1626 * @function bpf_tap_packet_out
1627 * @discussion Call this function when your interface transmits a
1628 * packet. This function will check if any bpf devices need a
1629 * a copy of the packet.
1630 * @param interface The interface the packet was or will be transmitted on.
1631 * @param dlt The data link type of the packet.
1632 * @param packet The packet received.
1633 * @param header An optional pointer to a header that will be prepended.
1634 * @param header_len If the header was specified, the length of the header.
1635 */
1636extern void bpf_tap_packet_out(ifnet_t interface, u_int32_t dlt,
1637 kern_packet_t packet, void *header, size_t header_len);
1638
1639#endif /* SKYWALK */
1640#endif /* KERNEL */
1641
1642#endif /* _NET_BPF_H_ */
1643