1 /*- 2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from the Stanford/CMU enet packet filter, 6 * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 * Berkeley Laboratory. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 /* 40 * For captures on Linux cooked sockets, we construct a fake header 41 * that includes: 42 * 43 * a 2-byte "packet type" which is one of: 44 * 45 * LINUX_SLL_HOST packet was sent to us 46 * LINUX_SLL_BROADCAST packet was broadcast 47 * LINUX_SLL_MULTICAST packet was multicast 48 * LINUX_SLL_OTHERHOST packet was sent to somebody else 49 * LINUX_SLL_OUTGOING packet was sent *by* us; 50 * 51 * a 2-byte Ethernet protocol field; 52 * 53 * a 2-byte link-layer type; 54 * 55 * a 2-byte link-layer address length; 56 * 57 * an 8-byte source link-layer address, whose actual length is 58 * specified by the previous value. 59 * 60 * All fields except for the link-layer address are in network byte order. 61 * 62 * DO NOT change the layout of this structure, or change any of the 63 * LINUX_SLL_ values below. If you must change the link-layer header 64 * for a "cooked" Linux capture, introduce a new DLT_ type (ask 65 * "tcpdump-workers (at) lists.tcpdump.org" for one, so that you don't give it 66 * a value that collides with a value already being used), and use the 67 * new header in captures of that type, so that programs that can 68 * handle DLT_LINUX_SLL captures will continue to handle them correctly 69 * without any change, and so that capture files with different headers 70 * can be told apart and programs that read them can dissect the 71 * packets in them. 72 */ 73 74 #ifndef lib_pcap_sll_h 75 #define lib_pcap_sll_h 76 77 /* 78 * A DLT_LINUX_SLL fake link-layer header. 79 */ 80 #define SLL_HDR_LEN 16 /* total header length */ 81 #define SLL_ADDRLEN 8 /* length of address field */ 82 83 struct sll_header { 84 u_int16_t sll_pkttype; /* packet type */ 85 u_int16_t sll_hatype; /* link-layer address type */ 86 u_int16_t sll_halen; /* link-layer address length */ 87 u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */ 88 u_int16_t sll_protocol; /* protocol */ 89 }; 90 91 /* 92 * The LINUX_SLL_ values for "sll_pkttype"; these correspond to the 93 * PACKET_ values on Linux, but are defined here so that they're 94 * available even on systems other than Linux, and so that they 95 * don't change even if the PACKET_ values change. 96 */ 97 #define LINUX_SLL_HOST 0 98 #define LINUX_SLL_BROADCAST 1 99 #define LINUX_SLL_MULTICAST 2 100 #define LINUX_SLL_OTHERHOST 3 101 #define LINUX_SLL_OUTGOING 4 102 103 /* 104 * The LINUX_SLL_ values for "sll_protocol"; these correspond to the 105 * ETH_P_ values on Linux, but are defined here so that they're 106 * available even on systems other than Linux. We assume, for now, 107 * that the ETH_P_ values won't change in Linux; if they do, then: 108 * 109 * if we don't translate them in "pcap-linux.c", capture files 110 * won't necessarily be readable if captured on a system that 111 * defines ETH_P_ values that don't match these values; 112 * 113 * if we do translate them in "pcap-linux.c", that makes life 114 * unpleasant for the BPF code generator, as the values you test 115 * for in the kernel aren't the values that you test for when 116 * reading a capture file, so the fixup code run on BPF programs 117 * handed to the kernel ends up having to do more work. 118 * 119 * Add other values here as necessary, for handling packet types that 120 * might show up on non-Ethernet, non-802.x networks. (Not all the ones 121 * in the Linux "if_ether.h" will, I suspect, actually show up in 122 * captures.) 123 */ 124 #define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */ 125 #define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */ 126 #define LINUX_SLL_P_CAN 0x000C /* CAN frames, with SocketCAN pseudo-headers */ 127 #define LINUX_SLL_P_CANFD 0x000D /* CAN FD frames, with SocketCAN pseudo-headers */ 128 129 #endif 130
