Expand description
[Internal] Block definitions.
Caveat: This is an internal module, and is exposed for the sake of interest only. The API may change in a patch bump. The user may need to enforce invariants. The documentation may be inaccurate.
That said, if you want to get an idea of how the pcap-ng format works,
take a look at Block
.
All documentation in this module is taken from the pcap-ng spec. It is copyright (c) 2018 IETF Trust and the persons identified as the authors of the linked document. All rights reserved.
Structs
- An iterator that reads blocks from a pcap
- Contains a single captured packet, or a portion of it. It represents an evolution of the original, now obsolete, Packet Block. If this appears in a file, an Interface Description Block is also required, before this block.
- Defines the most important characteristics of the interface(s) used for capturing traffic. This block is required in certain cases, as described later.
- Defines how to store some statistical data (e.g. packet dropped, etc) which can be useful to understand the conditions in which the capture has been made. If this appears in a file, an Interface Description Block is also required, before this block.
- Defines the mapping from numeric addresses present in the packet capture and the canonical name counterpart.
- Contains a single captured packet, or a portion of it. It is OBSOLETE, and superseded by the Enhanced Packet Block.
- Defines the most important characteristics of the capture file.
- Contains a single captured packet, or a portion of it, with only a minimal set of information about it. If this appears in a file, an Interface Description Block is also required, before this block.
- A certain number of “units” since the epoch
Enums
- A block is corrupt. We can continue parsing further blocks
- The pcap’s superstructure is corrupt; further parsing is impossible