1 /*-
2  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * This code is derived from the Stanford/CMU enet packet filter,
6  * (net/enet.c) distributed as part of 4.3BSD, and code contributed
7  * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
8  * Berkeley Laboratory.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. All advertising materials mentioning features or use of this software
19  *    must display the following acknowledgement:
20  *      This product includes software developed by the University of
21  *      California, Berkeley and its contributors.
22  * 4. Neither the name of the University nor the names of its contributors
23  *    may be used to endorse or promote products derived from this software
24  *    without specific prior written permission.
25  *
26  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36  * SUCH DAMAGE.
37  *
38  *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
39  *
40  * @(#) $Header$ (LBL)
41  */
42 
43 /*
44  * This is the DLT definition section of original libpcap bpf.h header;
45  * it includes only the what is required by the code generator and the
46  * userland BPF interpreter, and the libpcap APIs for setting filters,
47  * etc..
48  *
49  * "pcap-bpf.c" will include the native OS version, as it deals with
50  * the OS's BPF implementation.
51  */
52 
53 /*
54  * Data-link level type codes.
55  *
56  * Do *NOT* add new values to this list without asking
57  * "tcpdump-workers@tcpdump.org" for a value.  Otherwise, you run the
58  * risk of using a value that's already being used for some other purpose,
59  * and of having tools that read libpcap-format captures not being able
60  * to handle captures with your new DLT_ value, with no hope that they
61  * will ever be changed to do so (as that would destroy their ability
62  * to read captures using that value for that other purpose).
63  */
64 
65 /*
66  * These are the types that are the same on all platforms, and that
67  * have been defined by <net/bpf.h> for ages.
68  */
69 #ifndef DLT_NULL
70 #define DLT_NULL	0	/* no link-layer encapsulation */
71 #endif
72 
73 #ifndef DLT_EN10MB
74 #define DLT_EN10MB	1	/* Ethernet (10Mb) */
75 #endif
76 
77 #ifndef DLT_EN3MB
78 #define DLT_EN3MB	2	/* Experimental Ethernet (3Mb) */
79 #endif
80 
81 #ifndef DLT_AX25
82 #define DLT_AX25	3	/* Amateur Radio AX.25 */
83 #endif
84 
85 #ifndef DLT_PRONET
86 #define DLT_PRONET	4	/* Proteon ProNET Token Ring */
87 #endif
88 
89 #ifndef DLT_CHAOS
90 #define DLT_CHAOS	5	/* Chaos */
91 #endif
92 
93 #ifndef DLT_IEEE802
94 #define DLT_IEEE802	6	/* IEEE 802 Networks */
95 #endif
96 
97 #ifndef DLT_ARCNET
98 #define DLT_ARCNET	7	/* ARCNET, with BSD-style header */
99 #endif
100 
101 #ifndef DLT_SLIP
102 #define DLT_SLIP	8	/* Serial Line IP */
103 #endif
104 
105 #ifndef DLT_PPP
106 #define DLT_PPP		9	/* Point-to-point Protocol */
107 #endif
108 
109 #ifndef DLT_FDDI
110 #define DLT_FDDI	10	/* FDDI */
111 #endif
112 
113 /*
114  * These are types that are different on some platforms, and that
115  * have been defined by <net/bpf.h> for ages.  We use #ifdefs to
116  * detect the BSDs that define them differently from the traditional
117  * libpcap <net/bpf.h>
118  *
119  * XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS,
120  * but I don't know what the right #define is for BSD/OS.
121  */
122 #ifndef DLT_ATM_RFC1483
123 #define DLT_ATM_RFC1483	11	/* LLC/SNAP encapsulated atm */
124 #endif
125 
126 #ifndef DLT_RAW
127 #ifdef __OpenBSD__
128 #define DLT_RAW		14	/* raw IP */
129 #else
130 #define DLT_RAW		12	/* raw IP */
131 #endif
132 #endif
133 
134 /*
135  * Given that the only OS that currently generates BSD/OS SLIP or PPP
136  * is, well, BSD/OS, arguably everybody should have chosen its values
137  * for DLT_SLIP_BSDOS and DLT_PPP_BSDOS, which are 15 and 16, but they
138  * didn't.  So it goes.
139  */
140 #if defined(__NetBSD__) || defined(__FreeBSD__)
141 #ifndef DLT_SLIP_BSDOS
142 #define DLT_SLIP_BSDOS	13	/* BSD/OS Serial Line IP */
143 #define DLT_PPP_BSDOS	14	/* BSD/OS Point-to-point Protocol */
144 #endif
145 #else
146 #define DLT_SLIP_BSDOS	15	/* BSD/OS Serial Line IP */
147 #define DLT_PPP_BSDOS	16	/* BSD/OS Point-to-point Protocol */
148 #endif
149 
150 /*
151  * 17 is used for DLT_PFLOG in OpenBSD; don't use it for anything else.
152  */
153 
154 #ifndef DLT_ATM_CLIP
155 #define DLT_ATM_CLIP	19	/* Linux Classical-IP over ATM */
156 #endif
157 
158 /*
159  * These values are defined by NetBSD; other platforms should refrain from
160  * using them for other purposes, so that NetBSD savefiles with link
161  * types of 50 or 51 can be read as this type on all platforms.
162  */
163 #ifndef DLT_PPP_SERIAL
164 #define DLT_PPP_SERIAL	50	/* PPP over serial with HDLC encapsulation */
165 #endif
166 
167 #ifndef DLT_PPP_ETHER
168 #define DLT_PPP_ETHER	51	/* PPP over Ethernet */
169 #endif
170 
171 /*
172  * Values between 100 and 103 are used in capture file headers as
173  * link-layer types corresponding to DLT_ types that differ
174  * between platforms; don't use those values for new DLT_ new types.
175  */
176 
177 /*
178  * This value was defined by libpcap 0.5; platforms that have defined
179  * it with a different value should define it here with that value -
180  * a link type of 104 in a save file will be mapped to DLT_C_HDLC,
181  * whatever value that happens to be, so programs will correctly
182  * handle files with that link type regardless of the value of
183  * DLT_C_HDLC.
184  *
185  * The name DLT_C_HDLC was used by BSD/OS; we use that name for source
186  * compatibility with programs written for BSD/OS.
187  *
188  * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
189  * for source compatibility with programs written for libpcap 0.5.
190  */
191 
192 #ifndef DLT_C_HDLC
193 #define DLT_C_HDLC	104	/* Cisco HDLC */
194 #endif
195 
196 #ifndef DLT_CHDLC
197 #define DLT_CHDLC	DLT_C_HDLC
198 #endif
199 
200 #ifndef DLT_IEEE802_11
201 #define DLT_IEEE802_11	105	/* IEEE 802.11 wireless */
202 #endif
203 
204 /*
205  * 106 is reserved for Linux Classical IP over ATM; it's like DLT_RAW,
206  * except when it isn't.  (I.e., sometimes it's just raw IP, and
207  * sometimes it isn't.)  We currently handle it as DLT_LINUX_SLL,
208  * so that we don't have to worry about the link-layer header.)
209  */
210 
211 /*
212  * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides
213  * with other values.
214  * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header
215  * (DLCI, etc.).
216  */
217 #ifndef DLT_FRELAY
218 #define DLT_FRELAY	107
219 #endif
220 
221 /*
222  * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
223  * that the AF_ type in the link-layer header is in network byte order.
224  *
225  * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
226  * define it as 108 here.  If OpenBSD picks up this file, it should
227  * define DLT_LOOP as 12 in its version, as per the comment above -
228  * and should not use 108 as a DLT_ value.
229  */
230 #ifndef DLT_LOOP
231 #define DLT_LOOP	108
232 #endif
233 
234 /*
235  * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's
236  * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other
237  * than OpenBSD.
238  */
239 #ifndef DLT_ENC
240 #ifdef __OpenBSD__
241 #define DLT_ENC		13
242 #else
243 #define DLT_ENC		109
244 #endif
245 #endif
246 
247 /*
248  * Values between 110 and 112 are reserved for use in capture file headers
249  * as link-layer types corresponding to DLT_ types that might differ
250  * between platforms; don't use those values for new DLT_ types
251  * other than the corresponding DLT_ types.
252  */
253 
254 /*
255  * This is for Linux cooked sockets.
256  */
257 #ifndef DLT_LINUX_SLL
258 #define DLT_LINUX_SLL	113
259 #endif
260 
261 /*
262  * Apple LocalTalk hardware.
263  */
264 #ifndef DLT_LTALK
265 #define DLT_LTALK	114
266 #endif
267 
268 /*
269  * Acorn Econet.
270  */
271 #ifndef DLT_ECONET
272 #define DLT_ECONET	115
273 #endif
274 
275 /*
276  * Reserved for use with OpenBSD ipfilter.
277  */
278 #ifndef DLT_IPFILTER
279 #define DLT_IPFILTER	116
280 #endif
281 
282 /*
283  * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023
284  * in SuSE 6.3, so we can't use 17 for it in capture-file headers.
285  */
286 #ifndef DLT_PFLOG
287 #ifdef __OpenBSD__
288 #define DLT_PFLOG	17
289 #else
290 #define DLT_PFLOG	117
291 #endif
292 #endif
293 
294 /*
295  * Registered for Cisco-internal use.
296  */
297 #ifndef DLT_CISCO_IOS
298 #define DLT_CISCO_IOS	118
299 #endif
300 
301 /*
302  * For 802.11 cards using the Prism II chips, with a link-layer
303  * header including Prism monitor mode information plus an 802.11
304  * header.
305  */
306 #ifndef DLT_PRISM_HEADER
307 #define DLT_PRISM_HEADER	119
308 #endif
309 
310 /*
311  * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
312  * (see Doug Ambrisko's FreeBSD patches).
313  */
314 #ifndef DLT_AIRONET_HEADER
315 #define DLT_AIRONET_HEADER	120
316 #endif
317 
318 /*
319  * Reserved for Siemens HiPath HDLC.
320  */
321 #ifndef DLT_HHDLC
322 #define DLT_HHDLC		121
323 #endif
324 
325 /*
326  * This is for RFC 2625 IP-over-Fibre Channel.
327  *
328  * This is not for use with raw Fibre Channel, where the link-layer
329  * header starts with a Fibre Channel frame header; it's for IP-over-FC,
330  * where the link-layer header starts with an RFC 2625 Network_Header
331  * field.
332  */
333 #ifndef DLT_IP_OVER_FC
334 #define DLT_IP_OVER_FC		122
335 #endif
336 
337 /*
338  * This is for Full Frontal ATM on Solaris with SunATM, with a
339  * pseudo-header followed by an AALn PDU.
340  *
341  * There may be other forms of Full Frontal ATM on other OSes,
342  * with different pseudo-headers.
343  *
344  * If ATM software returns a pseudo-header with VPI/VCI information
345  * (and, ideally, packet type information, e.g. signalling, ILMI,
346  * LANE, LLC-multiplexed traffic, etc.), it should not use
347  * DLT_ATM_RFC1483, but should get a new DLT_ value, so tcpdump
348  * and the like don't have to infer the presence or absence of a
349  * pseudo-header and the form of the pseudo-header.
350  */
351 #ifndef DLT_SUNATM
352 #define DLT_SUNATM		123	/* Solaris+SunATM */
353 #endif
354 
355 /*
356  * Reserved as per request from Kent Dahlgren <kent@praesum.com>
357  * for private use.
358  */
359 #ifndef DLT_RIO
360 #define DLT_RIO                 124     /* RapidIO */
361 #endif
362 
363 #ifndef DLT_PCI_EXP
364 #define DLT_PCI_EXP             125     /* PCI Express */
365 #endif
366 
367 #ifndef DLT_AURORA
368 #define DLT_AURORA              126     /* Xilinx Aurora link layer */
369 #endif
370 
371 /*
372  * For future use with 802.11 captures - defined by AbsoluteValue
373  * Systems to store a number of bits of link-layer information:
374  *
375  *	http://www.shaftnet.org/~pizza/software/capturefrm.txt
376  *
377  * but could and arguably should also be used by non-AVS Linux
378  * 802.11 drivers and BSD drivers; that may happen in the future.
379  */
380 #ifndef DLT_IEEE802_11_RADIO
381 #define DLT_IEEE802_11_RADIO	127	/* 802.11 plus WLAN header */
382 #endif
383 
384 /*
385  * Reserved for the TZSP encapsulation, as per request from
386  * Chris Waters <chris.waters@networkchemistry.com>
387  * TZSP is a generic encapsulation for any other link type,
388  * which includes a means to include meta-information
389  * with the packet, e.g. signal strength and channel
390  * for 802.11 packets.
391  */
392 #ifndef DLT_TZSP
393 #define DLT_TZSP                128     /* Tazmen Sniffer Protocol */
394 #endif
395 
396 /*
397  * BSD's ARCNET headers have the source host, destination host,
398  * and type at the beginning of the packet; that's what's handed
399  * up to userland via BPF.
400  *
401  * Linux's ARCNET headers, however, have a 2-byte offset field
402  * between the host IDs and the type; that's what's handed up
403  * to userland via PF_PACKET sockets.
404  *
405  * We therefore have to have separate DLT_ values for them.
406  */
407 #ifndef DLT_ARCNET_LINUX
408 #define DLT_ARCNET_LINUX	129	/* ARCNET */
409 #endif
410 
411 /*
412  * juniper-private data link types, as per request from
413  * Hannes Gredler <hannes@juniper.net> the DLT_s are used
414  * for passing on chassis-internal metainformation like
415  * QOS profiles etc.
416  */
417 #ifndef DLT_JUNIPER_MLPPP
418 #define DLT_JUNIPER_MLPPP       130
419 #endif
420 #ifndef DLT_JUNIPER_MLFR
421 #define DLT_JUNIPER_MLFR        131
422 #endif
423 #ifndef DLT_JUNIPER_ES
424 #define DLT_JUNIPER_ES          132
425 #endif
426 #ifndef DLT_JUNIPER_GGSN
427 #define DLT_JUNIPER_GGSN        133
428 #endif
429 #ifndef DLT_JUNIPER_MFR
430 #define DLT_JUNIPER_MFR         134
431 #endif
432 #ifndef DLT_JUNIPER_ATM2
433 #define DLT_JUNIPER_ATM2        135
434 #endif
435 #ifndef DLT_JUNIPER_SERVICES
436 #define DLT_JUNIPER_SERVICES    136
437 #endif
438 #ifndef DLT_JUNIPER_ATM1
439 #define DLT_JUNIPER_ATM1        137
440 #endif
441 
442 /*
443  * Reserved for Apple IP-over-IEEE 1394, as per a request from Dieter
444  * Siegmund <dieter@apple.com>.  The header that would be presented
445  * would be an Ethernet-like header:
446  *
447  *	#define FIREWIRE_EUI64_LEN	8
448  *	struct firewire_header {
449  *		u_char  firewire_dhost[FIREWIRE_EUI64_LEN];
450  *		u_char  firewire_dhost[FIREWIRE_EUI64_LEN];
451  *		u_short firewire_type;
452  *	};
453  *
454  * with "firewire_type" being an Ethernet type value, rather than,
455  * for example, raw GASP frames being handed up.
456  */
457 #ifndef DLT_APPLE_IP_OVER_IEEE1394
458 #define DLT_APPLE_IP_OVER_IEEE1394	138
459 #endif
460 
461 /*
462  * 139 through 142 are reserved for SS7.
463  */
464 
465 /*
466  * Reserved for DOCSIS MAC frames.
467  */
468 #ifndef DLT_DOCSIS
469 #define DLT_DOCSIS		143
470 #endif
471 
472 /*
473  * Linux-IrDA packets. Protocol defined at http://www.irda.org.
474  * Those packets include IrLAP headers and above (IrLMP...), but
475  * don't include Phy framing (SOF/EOF/CRC & byte stuffing), because Phy
476  * framing can be handled by the hardware and depend on the bitrate.
477  * This is exactly the format you would get capturing on a Linux-IrDA
478  * interface (irdaX), but not on a raw serial port.
479  * Note the capture is done in "Linux-cooked" mode, so each packet include
480  * a fake packet header (struct sll_header). This is because IrDA packet
481  * decoding is dependant on the direction of the packet (incomming or
482  * outgoing).
483  * When/if other platform implement IrDA capture, we may revisit the
484  * issue and define a real DLT_IRDA...
485  * Jean II
486  */
487 #ifndef DLT_LINUX_IRDA
488 #define DLT_LINUX_IRDA		144
489 #endif
490 
491 /*
492  * Reserved for IBM SP switch and IBM Next Federation switch.
493  */
494 #ifndef DLT_IBM_SP
495 #define DLT_IBM_SP		145
496 #endif
497 #ifndef DLT_IBM_SN
498 #define DLT_IBM_SN		146
499 #endif
500 
501 /*
502  * Reserved for private use.  If you have some link-layer header type
503  * that you want to use within your organization, with the capture files
504  * using that link-layer header type not ever be sent outside your
505  * organization, you can use these values.
506  *
507  * No libpcap release will use these for any purpose, nor will any
508  * tcpdump release use them, either.
509  *
510  * Do *NOT* use these in capture files that you expect anybody not using
511  * your private versions of capture-file-reading tools to read; in
512  * particular, do *NOT* use them in products, otherwise you may find that
513  * people won't be able to use tcpdump, or snort, or Ethereal, or... to
514  * read capture files from your firewall/intrusion detection/traffic
515  * monitoring/etc. appliance, or whatever product uses that DLT_ value,
516  * and you may also find that the developers of those applications will
517  * not accept patches to let them read those files.
518  *
519  * Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value,
520  * as per the comment above.
521  */
522 #ifndef DLT_USER0
523 #define DLT_USER0		147
524 #endif
525 #ifndef DLT_USER1
526 #define DLT_USER1		148
527 #endif
528 #ifndef DLT_USER2
529 #define DLT_USER2		149
530 #endif
531 #ifndef DLT_USER3
532 #define DLT_USER3		150
533 #endif
534 #ifndef DLT_USER4
535 #define DLT_USER4		151
536 #endif
537 #ifndef DLT_USER5
538 #define DLT_USER5		152
539 #endif
540 #ifndef DLT_USER6
541 #define DLT_USER6		153
542 #endif
543 #ifndef DLT_USER7
544 #define DLT_USER7		154
545 #endif
546 #ifndef DLT_USER8
547 #define DLT_USER8		155
548 #endif
549 #ifndef DLT_USER9
550 #define DLT_USER9		156
551 #endif
552 #ifndef DLT_USER10
553 #define DLT_USER10		157
554 #endif
555 #ifndef DLT_USER11
556 #define DLT_USER11		158
557 #endif
558 #ifndef DLT_USER12
559 #define DLT_USER12		159
560 #endif
561 #ifndef DLT_USER13
562 #define DLT_USER13		160
563 #endif
564 #ifndef DLT_USER14
565 #define DLT_USER14		161
566 #endif
567 #ifndef DLT_USER15
568 #define DLT_USER15		162
569 #endif
570 
571