#include <epan/address.h>
#include <epan/tvbuff.h>
#include <wsutil/inet_cidr.h>
#include <epan/to_str.h>
#include <wiretap/wtap.h>
#include "ws_symbol_export.h"

Classes
struct	_e_addr_resolve
	Flags to control name resolution. More...

struct	_serv_port_key

struct	_resolved_name

Macros
#define	MAXNAMELEN 64 /* max name length (most names: DNS labels, services, eth) */

#define	MAXVLANNAMELEN 128 /* max vlan name length */

#define	MAXDNSNAMELEN 256 /* max total length of a domain name in the DNS */

#define	BASE_ENTERPRISES BASE_CUSTOM

#define	STRINGS_ENTERPRISES CF_FUNC(enterprises_base_custom)

#define	ADDR_RESOLV_MACADDR(at) (((at)->type == AT_ETHER) \|\| ((at)->type == AT_EUI64))

#define	ADDR_RESOLV_NETADDR(at) (((at)->type == AT_IPv4) \|\| ((at)->type == AT_IPv6) \|\| ((at)->type == AT_IPX))

#define	TRIED_RESOLVE_ADDRESS (1U<<0) /* name resolution is being/has been tried */

#define	NAME_RESOLVED (1U<<1) /* the name field contains a host name, not a printable address */

#define	RESOLVED_ADDRESS_USED (1U<<2) /* a get_hostname* call returned the host name */

#define	STATIC_HOSTNAME (1U<<3) /* do not update entries from hosts file with DNS responses */

#define	NAME_RESOLVED_PREFIX (1U<<4) /* name was generated from a prefix (e.g., OUI) instead of the entire address */

#define	TRIED_OR_RESOLVED_MASK (TRIED_RESOLVE_ADDRESS \| NAME_RESOLVED)

#define	USED_AND_RESOLVED_MASK (NAME_RESOLVED \| RESOLVED_ADDRESS_USED)

Typedefs
typedef struct _e_addr_resolve	e_addr_resolve
	Flags to control name resolution.

typedef struct hashether	hashether_t

typedef struct hasheui64	hasheui64_t

typedef struct hashwka	hashwka_t

typedef struct hashmanuf	hashmanuf_t

typedef struct _serv_port_key	serv_port_key_t

typedef struct _resolved_name	resolved_name_t

Functions
WS_DLL_PUBLIC hashipv4_t *	new_ipv4 (const unsigned addr)
	Construct a new IPv4 object from a 32-bit address.

WS_DLL_PUBLIC bool	fill_dummy_ip4 (const unsigned addr, hashipv4_t *volatile tp)
	Populate a dummy IPv4 object with the specified address.

WS_DLL_PUBLIC char *	udp_port_to_display (wmem_allocator_t *allocator, unsigned port)
	Resolve a UDP port number to its display name.

WS_DLL_PUBLIC char *	tcp_port_to_display (wmem_allocator_t *allocator, unsigned port)
	Resolve a TCP port number to its display name.

char *	dccp_port_to_display (wmem_allocator_t *allocator, unsigned port)
	Resolve a DCCP port number to its display name.

WS_DLL_PUBLIC char *	sctp_port_to_display (wmem_allocator_t *allocator, unsigned port)
	Resolve an SCTP port number to its display name.

WS_DLL_PUBLIC const char *	serv_name_lookup (port_type proto, unsigned port)
	Resolve a port number to its well-known service name.

WS_DLL_PUBLIC const char *	enterprises_lookup (uint32_t value, const char *unknown_str)
	Resolve a private enterprise code to its registered name.

WS_DLL_PUBLIC const char *	try_enterprises_lookup (uint32_t value)
	Attempt to resolve a private enterprise code to its registered name.

WS_DLL_PUBLIC void	enterprises_base_custom (char *buf, uint32_t value)
	Format a private enterprise code as "name (decimal)" into a buffer.

WS_DLL_PUBLIC const char *	try_serv_name_lookup (port_type proto, unsigned port)
	Attempt to resolve a port number to its well-known service name.

WS_DLL_PUBLIC char *	port_with_resolution_to_str (wmem_allocator_t *scope, port_type proto, unsigned port)
	Format a port number with its resolved service name.

WS_DLL_PUBLIC int	port_with_resolution_to_str_buf (char *buf, unsigned long buf_size, port_type proto, unsigned port)
	Format a port number with its resolved service name into a buffer.

void	addr_resolve_pref_init (struct pref_module *nameres)

void	addr_resolve_pref_apply (void)

WS_DLL_PUBLIC void	disable_name_resolution (void)
	Disable all forms of name resolution.

WS_DLL_PUBLIC bool	host_name_lookup_process (void)
	Process outstanding asynchronous host name lookups via c-ares.

WS_DLL_PUBLIC const char *	get_hostname (const unsigned addr)
	Resolve an IPv4 address to its host name.

WS_DLL_PUBLIC char *	get_hostname_wmem (wmem_allocator_t *allocator, const unsigned addr)
	Resolve an IPv4 address to its host name using scoped memory allocation.

WS_DLL_PUBLIC const char *	get_hostname6 (const ws_in6_addr *ad)

WS_DLL_PUBLIC char *	get_hostname6_wmem (wmem_allocator_t allocator, const ws_in6_addr ad)

WS_DLL_PUBLIC const char *	get_ether_name (const uint8_t *addr)

const char *	get_hostname_ss7pc (const uint8_t ni, const uint32_t pc)

void	fill_unresolved_ss7pc (const char *pc_addr, const uint8_t ni, const uint32_t pc)

WS_DLL_PUBLIC const char *	tvb_get_ether_name (tvbuff_t *tvb, int offset)

const char *	get_ether_name_if_known (const uint8_t *addr)

const char *	get_manuf_name (const uint8_t *addr, size_t size)

WS_DLL_PUBLIC const char *	get_manuf_name_if_known (const uint8_t *addr, size_t size)

const char *	uint_get_manuf_name_if_known (const uint32_t oid)

WS_DLL_PUBLIC const char *	tvb_get_manuf_name (tvbuff_t *tvb, int offset)

WS_DLL_PUBLIC const char *	tvb_get_manuf_name_if_known (tvbuff_t *tvb, int offset)

const char *	get_eui64_name (const uint8_t *addr)

char *	eui64_to_display (wmem_allocator_t *allocator, const uint64_t addr)

char *	get_ipxnet_name (wmem_allocator_t *allocator, const uint32_t addr)

char *	get_vlan_name (wmem_allocator_t *allocator, const uint16_t id)

WS_DLL_PUBLIC unsigned	get_hash_ether_status (hashether_t *ether)

WS_DLL_PUBLIC bool	get_hash_ether_used (hashether_t *ether)

WS_DLL_PUBLIC char *	get_hash_ether_hexaddr (hashether_t *ether)

WS_DLL_PUBLIC char *	get_hash_ether_resolved_name (hashether_t *ether)

WS_DLL_PUBLIC bool	get_hash_manuf_used (hashmanuf_t *manuf)

WS_DLL_PUBLIC char *	get_hash_manuf_resolved_name (hashmanuf_t *manuf)

WS_DLL_PUBLIC bool	get_hash_wka_used (hashwka_t *wka)

WS_DLL_PUBLIC char *	get_hash_wka_resolved_name (hashwka_t *wka)

WS_DLL_PUBLIC void	add_ipv4_name (const unsigned addr, const char *name, const bool static_entry)

WS_DLL_PUBLIC void	add_ipv6_name (const ws_in6_addr addr, const char name, const bool static_entry)

WS_DLL_PUBLIC bool	add_hosts_file (const char *hosts_file)

WS_DLL_PUBLIC bool	add_ip_name_from_string (const char addr, const char name)

WS_DLL_PUBLIC resolved_name_t *	get_edited_resolved_name (const char *addr)

WS_DLL_PUBLIC addrinfo_lists_t *	get_addrinfo_list (void)

void	add_ether_byip (const unsigned ip, const uint8_t *eth)

WS_DLL_PUBLIC bool	get_host_ipaddr (const char host, uint32_t addrp)

WS_DLL_PUBLIC bool	get_host_ipaddr6 (const char host, ws_in6_addr addrp)

WS_DLL_PUBLIC wmem_map_t *	get_manuf_hashtable (void)

WS_DLL_PUBLIC wmem_map_t *	get_wka_hashtable (void)

WS_DLL_PUBLIC wmem_map_t *	get_eth_hashtable (void)

WS_DLL_PUBLIC wmem_map_t *	get_serv_port_hashtable (void)

WS_DLL_PUBLIC wmem_map_t *	get_ipxnet_hash_table (void)

WS_DLL_PUBLIC wmem_map_t *	get_vlan_hash_table (void)

WS_DLL_PUBLIC wmem_map_t *	get_ipv4_hash_table (void)

WS_DLL_PUBLIC wmem_map_t *	get_ipv6_hash_table (void)

WS_DLL_PUBLIC void	set_resolution_synchrony (bool synchronous)

WS_DLL_LOCAL void	name_resolver_init (void)

WS_DLL_LOCAL void	host_name_lookup_reset (void)

WS_DLL_LOCAL void	addr_resolv_init (void)

WS_DLL_LOCAL void	addr_resolv_cleanup (void)

WS_DLL_PUBLIC bool	str_to_ip (const char str, void dst)

WS_DLL_PUBLIC bool	str_to_ip6 (const char str, void dst)

WS_DLL_LOCAL bool	str_to_eth (const char str, char eth_bytes)

WS_DLL_LOCAL unsigned	ipv6_oat_hash (const void *key)

WS_DLL_LOCAL gboolean	ipv6_equal (const void v1, const void v2)

Variables
WS_DLL_PUBLIC e_addr_resolve	gbl_resolv_flags

char *	g_ethers_path

char *	g_ipxnets_path

char *	g_pethers_path

char *	g_pipxnets_path

Detailed Description

Definitions for network object lookup

Laurent Deniel laure.nosp@m.nt.d.nosp@m.eniel.nosp@m.@fre.nosp@m.e.fr

SPDX-License-Identifier: GPL-2.0-or-later

Function Documentation

◆ add_hosts_file()

WS_DLL_PUBLIC bool add_hosts_file ( const char * hosts_file )

Add an additional "hosts" file for IPv4 and IPv6 name resolution.

The file can be added before host_name_lookup_init() is called and will be re-read each time host_name_lookup_init() is called.

Parameters

hosts_file Absolute path to the hosts file.

Returns: true if the hosts file can be read.

◆ dccp_port_to_display()

char * dccp_port_to_display	(	wmem_allocator_t *	allocator,
		unsigned	port
	)

extern

Resolve a DCCP port number to its display name.

Returns a human-readable name for the specified DCCP port, such as "RTP" or "DCCP-Test". If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters

allocator	Memory allocator used to allocate the returned string.
port	DCCP port number to resolve.

Returns: Allocated string containing the port name or numeric value.

◆ disable_name_resolution()

WS_DLL_PUBLIC void disable_name_resolution ( void )

Disable all forms of name resolution.

Sets all relevant global resolution flags (gbl_resolv_flags) to false, effectively disabling hostname, service name, and other symbolic resolution features. This is typically used to improve performance or enforce numeric-only output in protocol analysis and logging.

◆ enterprises_base_custom()

WS_DLL_PUBLIC void enterprises_base_custom	(	char *	buf,
		uint32_t	value
	)

Format a private enterprise code as "name (decimal)" into a buffer.

Writes a string representation of the given enterprise code to buf, using the format "Name (1234)". If the code is unknown, the name portion is resolved via enterprises_lookup() and may fall back to "<Unknown>".

Parameters

buf	Output buffer to receive the formatted string.
value	Private enterprise code to format.

◆ enterprises_lookup()

WS_DLL_PUBLIC const char * enterprises_lookup	(	uint32_t	value,
		const char *	unknown_str
	)

Resolve a private enterprise code to its registered name.

Returns the name associated with the given private enterprise code (PEC), commonly used in SNMP, IPFIX, and other protocol metadata. If no known name exists for the specified code, the function returns unknown_str, or the string "<Unknown>" if unknown_str is NULL.

This is typically used for display, logging, or protocol dissection.

Parameters

value	Private enterprise code to resolve.
unknown_str	Fallback string if the code is not recognized.

Returns: Constant string containing the enterprise name or fallback.

◆ fill_dummy_ip4()

WS_DLL_PUBLIC bool fill_dummy_ip4	(	const unsigned	addr,
		hashipv4_t *volatile	tp
	)

Populate a dummy IPv4 object with the specified address.

Initializes the given hashipv4_t pointer with the provided IPv4 address, marking it as a placeholder or synthetic entry. This is typically used for testing, fallback logic, or internal bookkeeping where a non-real IP is required.

Parameters

addr	IPv4 address in host byte order.
tp	Pointer to a `hashipv4_t` object to populate.

Returns: true on success, false on failure.

◆ get_addrinfo_list()

WS_DLL_PUBLIC addrinfo_lists_t * get_addrinfo_list ( void )

Get lists of host name to address mappings we know about.

The struct contains two g_lists one with hashipv4_t entries and one with hashipv6_t entries.

Returns: a struct with lists of known addresses(IPv4 and IPv6). May be NULL.

◆ get_host_ipaddr()

WS_DLL_PUBLIC bool get_host_ipaddr	(	const char *	host,
		uint32_t *	addrp
	)

Translates a string representing a hostname or dotted-decimal IPv4 address into a numeric IPv4 address value in network byte order. If compiled with c-ares, the request will wait a maximum of 250ms for the request to finish. Otherwise the wait time will be system-dependent, usually much longer. Immediately returns false for hostnames if network name resolution is disabled.

Parameters

[in]	host	The hostname.
[out]	addrp	The numeric IPv4 address in network byte order.

Returns: true on success, false on failure, timeout.

◆ get_host_ipaddr6()

WS_DLL_PUBLIC bool get_host_ipaddr6	(	const char *	host,
		ws_in6_addr *	addrp
	)

Translates a string representing a hostname or colon-hex IPv6 address into a numeric IPv6 address value in network byte order. If compiled with c-ares, the request will wait a maximum of 250ms for the request to finish. Otherwise the wait time will be system-dependent, usually much longer. Immediately returns false for hostnames if network name resolution is disabled.

Parameters

[in]	host	The hostname.
[out]	addrp	The numeric IPv6 address in network byte order.

Returns: true on success, false on failure or timeout.

◆ get_hostname()

WS_DLL_PUBLIC const char * get_hostname ( const unsigned addr )

Resolve an IPv4 address to its host name.

Returns a string containing the host name associated with the given IPv4 address, or a numeric string in the format "%d.%d.%d.%d" if no name is found. The returned string is managed internally and must not be freed by the caller. It will be released when address hashtables are cleared (e.g., due to preference changes or redissection).

Note: This function may increase persistent memory usage even when host name resolution is disabled. It may be deprecated in favor of get_hostname_wmem() for better memory management.

Parameters

addr	IPv4 address in host byte order.

Returns: Constant string containing the resolved host name or numeric address.

◆ get_hostname_wmem()

WS_DLL_PUBLIC char * get_hostname_wmem	(	wmem_allocator_t *	allocator,
		const unsigned	addr
	)

Resolve an IPv4 address to its host name using scoped memory allocation.

Returns a string containing the host name associated with the given IPv4 address, or a numeric string in the format "%d.%d.%d.%d" if no name is found. The returned string is allocated using the provided wmem_allocator_t, allowing flexible memory management across dissector passes or UI components.

This function is preferred over get_hostname() for memory safety and scoped lifetime control, especially in environments with redissection or preference reloads.

Parameters

allocator	Memory allocator used to allocate the returned string.
addr	IPv4 address in host byte order.

Returns: Allocated string containing the resolved host name or numeric address.

◆ host_name_lookup_process()

WS_DLL_PUBLIC bool host_name_lookup_process ( void )

Process outstanding asynchronous host name lookups via c-ares.

If c-ares is enabled, this function checks for completed host name resolutions and updates internal state accordingly. It is invoked periodically via a GLIB timeout in Wireshark, and before each packet is processed during the first pass of two-pass TShark analysis.

Returns: True if any new objects have been resolved since the previous call. This can be used to trigger a display update, e.g. in Wireshark.

◆ new_ipv4()

WS_DLL_PUBLIC hashipv4_t * new_ipv4 ( const unsigned addr )

Construct a new IPv4 object from a 32-bit address.

Creates and returns a hashipv4_t instance initialized with the given IPv4 address. The address should be provided in host byte order as a 32-bit unsigned integer.

Parameters

addr	IPv4 address in host byte order.

Returns: Pointer to a newly allocated hashipv4_t object.

◆ port_with_resolution_to_str()

WS_DLL_PUBLIC char * port_with_resolution_to_str	(	wmem_allocator_t *	scope,
		port_type	proto,
		unsigned	port
	)

Format a port number with its resolved service name.

Returns a string in the format "ServiceName (port)", such as "HTTP (80)", based on the specified protocol and port number. If no known service name exists for the port, the numeric value is used as both the name and number. The result is allocated using the provided wmem_allocator_t.

Parameters

scope	Memory allocator used to allocate the returned string.
proto	Protocol type (e.g., PT_TCP, PT_UDP).
port	Port number to format.

Returns: Allocated string containing the formatted port representation.

◆ port_with_resolution_to_str_buf()

WS_DLL_PUBLIC int port_with_resolution_to_str_buf	(	char *	buf,
		unsigned long	buf_size,
		port_type	proto,
		unsigned	port
	)

Format a port number with its resolved service name into a buffer.

Writes a string in the format "ServiceName (port)"—such as "SSH (22)"— to the provided buffer, based on the specified protocol and port number. If no known service name exists, the numeric value is used as both name and number. This function is typically used for logging, diagnostics, or UI display where fixed-size output is required.

The return value matches that of snprintf(): the number of characters that would have been written if the buffer were large enough.

Parameters

buf	Output buffer to receive the formatted string.
buf_size	Size of the output buffer in bytes.
proto	Protocol type (e.g., PT_TCP, PT_UDP).
port	Port number to format.

Returns: Number of characters that would have been written.

◆ sctp_port_to_display()

WS_DLL_PUBLIC char * sctp_port_to_display	(	wmem_allocator_t *	allocator,
		unsigned	port
	)

Resolve an SCTP port number to its display name.

Returns a human-readable name for the specified SCTP port, such as "Diameter" for port 3868. If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters

allocator	Memory allocator used to allocate the returned string.
port	SCTP port number to resolve.

Returns: Allocated string containing the port name or numeric value.

◆ serv_name_lookup()

WS_DLL_PUBLIC const char * serv_name_lookup	(	port_type	proto,
		unsigned	port
	)

Resolve a port number to its well-known service name.

Returns a string representing the service name associated with the given port and protocol (e.g., "HTTP" for TCP port 80). If no known service name exists for the specified port, the function returns the numeric port value as a string.

Parameters

proto	Protocol type (e.g., PT_TCP, PT_UDP).
port	Port number to resolve.

Returns: Constant string containing the service name or numeric value.

◆ tcp_port_to_display()

WS_DLL_PUBLIC char * tcp_port_to_display	(	wmem_allocator_t *	allocator,
		unsigned	port
	)

Resolve a TCP port number to its display name.

Returns a human-readable name for the specified TCP port, such as "HTTP" for port 80. If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters

allocator	Memory allocator used to allocate the returned string.
port	TCP port number to resolve.

Returns: Allocated string containing the port name or numeric value.

◆ try_enterprises_lookup()

WS_DLL_PUBLIC const char * try_enterprises_lookup ( uint32_t value )

Attempt to resolve a private enterprise code to its registered name.

Returns the name associated with the given private enterprise code (PEC), commonly used in SNMP, IPFIX, and other protocol metadata. If the code is not recognized, the function returns NULL.

Parameters

value Private enterprise code to resolve.

Returns: Constant string containing the enterprise name, or NULL if not found.

◆ try_serv_name_lookup()

WS_DLL_PUBLIC const char * try_serv_name_lookup	(	port_type	proto,
		unsigned	port
	)

Attempt to resolve a port number to its well-known service name.

Returns the service name associated with the specified port and protocol (e.g., "HTTPS" for TCP port 443). If no known service name exists for the given combination, the function returns NULL.

Parameters

proto	Protocol type (e.g., PT_TCP, PT_UDP).
port	Port number to resolve.

Returns: Constant string containing the service name, or NULL if not found.

◆ udp_port_to_display()

WS_DLL_PUBLIC char * udp_port_to_display	(	wmem_allocator_t *	allocator,
		unsigned	port
	)

Resolve a UDP port number to its display name.

Returns a human-readable name for the specified UDP port, such as "DNS" for port 53. If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters

allocator	Memory allocator used to allocate the returned string.
port	UDP port number to resolve.

Returns: Allocated string containing the port name or numeric value.

Classes

Macros

Typedefs

Functions

Variables

Detailed Description

Function Documentation

◆ add_hosts_file()

◆ dccp_port_to_display()

◆ disable_name_resolution()

◆ enterprises_base_custom()

◆ enterprises_lookup()

◆ fill_dummy_ip4()

◆ get_addrinfo_list()

◆ get_host_ipaddr()

◆ get_host_ipaddr6()

◆ get_hostname()

◆ get_hostname_wmem()

◆ host_name_lookup_process()

◆ new_ipv4()

◆ port_with_resolution_to_str()

◆ port_with_resolution_to_str_buf()

◆ sctp_port_to_display()

◆ serv_name_lookup()

◆ tcp_port_to_display()

◆ try_enterprises_lookup()

◆ try_serv_name_lookup()

◆ udp_port_to_display()