1 /* 2 * exported_pdu_tlvs.h 3 * Definitions for exported_pdu TLVs 4 * Copyright 2013, Anders Broman <anders-broman@ericsson.com> 5 * 6 * Wireshark - Network traffic analyzer 7 * By Gerald Combs <gerald@wireshark.org> 8 * Copyright 1998 Gerald Combs 9 * 10 * SPDX-License-Identifier: GPL-2.0-or-later 11 */ 12 13 #ifndef EXPORTED_PDU_TLVS_H 14 #define EXPORTED_PDU_TLVS_H 15 16 /** 17 * This is the format of the link-layer header of packets of type 18 * LINKTYPE_WIRESHARK_UPPER_PDU in pcap and pcapng files. 19 * 20 * It is a sequence of TLVs; at least one TLV MUST indicate what protocol is 21 * in the PDU following the TLVs. 22 * 23 * Each TLV contains, in order: 24 * 25 * a 2-byte big-endian type field; 26 * a 2-byte big-endian length field; 27 * a value, the length of which is indicated by the value of 28 * the length field (that value does not include the length 29 * of the type or length fields themselves). 30 * 31 * TLVs are not guaranteed to be aligned to any particular number 32 * of bytes. 33 * 34 * The list of TLVs may begin with a TLV of type EXP_PDU_TAG_OPTIONS_LENGTH; 35 * its value is a 4-byte integer value, giving the length of all TLVs 36 * following that TLV (i.e., the length does not include the length of 37 * the EXP_PDU_TAG_OPTIONS_LENGTH TLV). This tag is deprecated; it is 38 * not guaranteed to be present, and code reading packets should not 39 * require it to be present. 40 * 41 * The last TLV is of type EXP_PDU_TAG_END_OF_OPT; it has a length 42 * of 0, and the value is zero-length. 43 * 44 * For string values, a string may have zero, one, or more null bytes 45 * at the end; code that reads the string value must not assume that 46 * there are, or are not, null bytes at the end. Null bytes are included 47 * in the length field, but are not part of the string value. 48 * 49 * For integral values, the values are in big-endian format. 50 */ 51 52 /* Tag values 53 * 54 * Do NOT add new values to this list without asking 55 * wireshark-dev[AT]wireshark.org for a value. Otherwise, you run the risk of 56 * using a value that's already being used for some other purpose, and of 57 * having tools that read exported_pdu captures not being able to handle 58 * captures with your new tag value, with no hope that they will ever be 59 * changed to do so (as that would destroy their ability to read captures 60 * using that value for that other purpose). 61 */ 62 #define EXP_PDU_TAG_END_OF_OPT 0 /**< End-of-options Tag. */ 63 /* 1 - 9 reserved */ 64 #define EXP_PDU_TAG_OPTIONS_LENGTH 10 /**< Total length of the options excluding this TLV 65 * Deprecated - do not use 66 */ 67 #define EXP_PDU_TAG_LINKTYPE 11 /**< Deprecated - do not use */ 68 #define EXP_PDU_TAG_PROTO_NAME 12 /**< The value part should be an ASCII non NULL terminated string 69 * of the registered dissector used by Wireshark e.g "sip" 70 * Will be used to call the next dissector. 71 */ 72 #define EXP_PDU_TAG_HEUR_PROTO_NAME 13 /**< The value part should be an ASCII non NULL terminated string 73 * containing the heuristic unique short protocol name given 74 * during registration, e.g "sip_udp" 75 * Will be used to call the next dissector. 76 */ 77 #define EXP_PDU_TAG_DISSECTOR_TABLE_NAME 14 /**< The value part should be an ASCII non NULL terminated string 78 * containing the dissector table name given 79 * during registration, e.g "gsm_map.v3.arg.opcode" 80 * Will be used to call the next dissector. 81 */ 82 83 /* Add protocol type related tags here. 84 * NOTE Only one protocol type tag may be present in a packet, the first one 85 * found will be used*/ 86 /* 13 - 19 reserved */ 87 #define EXP_PDU_TAG_IPV4_SRC 20 /**< IPv4 source address - 4 bytes */ 88 #define EXP_PDU_TAG_IPV4_DST 21 /**< IPv4 destination address - 4 bytes */ 89 #define EXP_PDU_TAG_IPV6_SRC 22 /**< IPv6 source address - 16 bytes */ 90 #define EXP_PDU_TAG_IPV6_DST 23 /**< IPv6 destination address - 16 bytes */ 91 92 /* Port type values for EXP_PDU_TAG_PORT_TYPE; these do not necessarily 93 * correspond to port type values inside libwireshark. */ 94 #define EXP_PDU_PT_NONE 0 95 #define EXP_PDU_PT_SCTP 1 96 #define EXP_PDU_PT_TCP 2 97 #define EXP_PDU_PT_UDP 3 98 #define EXP_PDU_PT_DCCP 4 99 #define EXP_PDU_PT_IPX 5 100 #define EXP_PDU_PT_NCP 6 101 #define EXP_PDU_PT_EXCHG 7 102 #define EXP_PDU_PT_DDP 8 103 #define EXP_PDU_PT_SBCCS 9 104 #define EXP_PDU_PT_IDP 10 105 #define EXP_PDU_PT_TIPC 11 106 #define EXP_PDU_PT_USB 12 107 #define EXP_PDU_PT_I2C 13 108 #define EXP_PDU_PT_IBQP 14 109 #define EXP_PDU_PT_BLUETOOTH 15 110 #define EXP_PDU_PT_TDMOP 16 111 #define EXP_PDU_PT_IWARP_MPA 17 112 113 #define EXP_PDU_TAG_PORT_TYPE 24 /**< part type - 4 bytes, EXP_PDU_PT value */ 114 #define EXP_PDU_TAG_SRC_PORT 25 /**< source port - 4 bytes (even for protocols with 2-byte ports) */ 115 #define EXP_PDU_TAG_DST_PORT 26 /**< destination port - 4 bytes (even for protocols with 2-byte ports) */ 116 117 #define EXP_PDU_TAG_SS7_OPC 28 118 #define EXP_PDU_TAG_SS7_DPC 29 119 120 #define EXP_PDU_TAG_ORIG_FNO 30 121 122 #define EXP_PDU_TAG_DVBCI_EVT 31 123 124 #define EXP_PDU_TAG_DISSECTOR_TABLE_NAME_NUM_VAL 32 /**< value part is the numeric value to be used calling the dissector table 125 * given with tag EXP_PDU_TAG_DISSECTOR_TABLE_NAME, must follow immediately after the table tag. 126 */ 127 128 #define EXP_PDU_TAG_COL_PROT_TEXT 33 /**< UTF-8 text string to put in COL_PROTOCOL, one use case is in conjunction with dissector tables where 129 * COL_PROTOCOL might not be filled in. 130 */ 131 132 133 /**< value part is structure passed into TCP subdissectors. The field 134 begins with a 2-byte version number; if the version number value is 135 1, the value part is in the form: 136 137 version 2 bytes - xport PDU version of structure (for backwards/forwards compatibility) 138 seq 4 bytes - Sequence number of first byte in the data 139 nxtseq 4 bytes - Sequence number of first byte after data 140 lastackseq 4 bytes - Sequence number of last ack 141 is_reassembled 1 byte - Non-zero if this is reassembled data 142 flags 2 bytes - TCP flags 143 urgent_pointer 2 bytes - Urgent pointer value for the current packet 144 145 All multi-byte values are in big-endian format. There is no alignment 146 padding between values, so seq. nxtseq, and lastackseq are not aligned 147 on 4-byte boundaries, andflags and urgent_pointer are not aligned on 148 2-byte boundaries. 149 */ 150 #define EXP_PDU_TAG_TCP_INFO_DATA 34 151 152 #define EXP_PDU_TAG_P2P_DIRECTION 35 /**< The packet direction (P2P_DIR_SENT, P2P_DIR_RECV). */ 153 154 #define EXP_PDU_TAG_IPV4_LEN 4 155 #define EXP_PDU_TAG_IPV6_LEN 16 156 157 #define EXP_PDU_TAG_PORT_TYPE_LEN 4 158 #define EXP_PDU_TAG_PORT_LEN 4 159 160 #define EXP_PDU_TAG_SS7_OPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */ 161 #define EXP_PDU_TAG_SS7_DPC_LEN 8 /* 4 bytes PC, 2 bytes standard type, 1 byte NI, 1 byte padding */ 162 163 #define EXP_PDU_TAG_ORIG_FNO_LEN 4 164 165 #define EXP_PDU_TAG_DVBCI_EVT_LEN 1 166 167 #define EXP_PDU_TAG_DISSECTOR_TABLE_NUM_VAL_LEN 4 168 169 #endif /* EXPORTED_PDU_TLVS_H */ 170