Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Classes | Macros | Typedefs | Functions | Variables
addr_resolv.h File Reference
#include <epan/address.h>
#include <epan/tvbuff.h>
#include <wsutil/inet_cidr.h>
#include <epan/to_str.h>
#include <wiretap/wtap.h>
#include "ws_symbol_export.h"

Go to the source code of this file.

Classes

struct  _e_addr_resolve
 Flags to control name resolution. More...
 
struct  _serv_port_key
 
struct  _resolved_name
 

Macros

#define MAXNAMELEN   64 /* max name length (most names: DNS labels, services, eth) */
 
#define MAXVLANNAMELEN   128 /* max vlan name length */
 
#define MAXDNSNAMELEN   256 /* max total length of a domain name in the DNS */
 
#define BASE_ENTERPRISES   BASE_CUSTOM
 
#define STRINGS_ENTERPRISES   CF_FUNC(enterprises_base_custom)
 
#define ADDR_RESOLV_MACADDR(at)    (((at)->type == AT_ETHER) || ((at)->type == AT_EUI64))
 
#define ADDR_RESOLV_NETADDR(at)    (((at)->type == AT_IPv4) || ((at)->type == AT_IPv6) || ((at)->type == AT_IPX))
 
#define TRIED_RESOLVE_ADDRESS   (1U<<0) /* name resolution is being/has been tried */
 
#define NAME_RESOLVED   (1U<<1) /* the name field contains a host name, not a printable address */
 
#define RESOLVED_ADDRESS_USED   (1U<<2) /* a get_hostname* call returned the host name */
 
#define STATIC_HOSTNAME   (1U<<3) /* do not update entries from hosts file with DNS responses */
 
#define NAME_RESOLVED_PREFIX   (1U<<4) /* name was generated from a prefix (e.g., OUI) instead of the entire address */
 
#define TRIED_OR_RESOLVED_MASK   (TRIED_RESOLVE_ADDRESS | NAME_RESOLVED)
 
#define USED_AND_RESOLVED_MASK   (NAME_RESOLVED | RESOLVED_ADDRESS_USED)
 

Typedefs

typedef struct _e_addr_resolve e_addr_resolve
 Flags to control name resolution.
 
typedef struct hashether hashether_t
 
typedef struct hasheui64 hasheui64_t
 
typedef struct hashwka hashwka_t
 
typedef struct hashmanuf hashmanuf_t
 
typedef struct _serv_port_key serv_port_key_t
 
typedef struct _resolved_name resolved_name_t
 

Functions

WS_DLL_PUBLIC hashipv4_tnew_ipv4 (const unsigned addr)
 Construct a new IPv4 object from a 32-bit address.
 
WS_DLL_PUBLIC bool fill_dummy_ip4 (const unsigned addr, hashipv4_t *volatile tp)
 Populate a dummy IPv4 object with the specified address.
 
WS_DLL_PUBLIC char * udp_port_to_display (wmem_allocator_t *allocator, unsigned port)
 Resolve a UDP port number to its display name.
 
WS_DLL_PUBLIC char * tcp_port_to_display (wmem_allocator_t *allocator, unsigned port)
 Resolve a TCP port number to its display name.
 
WS_DLL_PUBLIC char * dccp_port_to_display (wmem_allocator_t *allocator, unsigned port)
 Resolve a DCCP port number to its display name.
 
WS_DLL_PUBLIC char * sctp_port_to_display (wmem_allocator_t *allocator, unsigned port)
 Resolve an SCTP port number to its display name.
 
WS_DLL_PUBLIC const char * serv_name_lookup (port_type proto, unsigned port)
 Resolve a port number to its well-known service name.
 
WS_DLL_PUBLIC const char * enterprises_lookup (uint32_t value, const char *unknown_str)
 Resolve a private enterprise code to its registered name.
 
WS_DLL_PUBLIC const char * try_enterprises_lookup (uint32_t value)
 Attempt to resolve a private enterprise code to its registered name.
 
WS_DLL_PUBLIC void enterprises_base_custom (char *buf, uint32_t value)
 Format a private enterprise code as "name (decimal)" into a buffer.
 
WS_DLL_PUBLIC const char * try_serv_name_lookup (port_type proto, unsigned port)
 Attempt to resolve a port number to its well-known service name.
 
WS_DLL_PUBLIC char * port_with_resolution_to_str (wmem_allocator_t *scope, port_type proto, unsigned port)
 Format a port number with its resolved service name.
 
WS_DLL_PUBLIC int port_with_resolution_to_str_buf (char *buf, unsigned long buf_size, port_type proto, unsigned port)
 Format a port number with its resolved service name into a buffer.
 
void addr_resolve_pref_init (struct pref_module *nameres)
 
void addr_resolve_pref_apply (void)
 
WS_DLL_PUBLIC void disable_name_resolution (void)
 Disable all forms of name resolution.
 
WS_DLL_PUBLIC bool host_name_lookup_process (void)
 Process outstanding asynchronous host name lookups via c-ares.
 
WS_DLL_PUBLIC const char * get_hostname (const unsigned addr)
 Resolve an IPv4 address to its host name.
 
WS_DLL_PUBLIC char * get_hostname_wmem (wmem_allocator_t *allocator, const unsigned addr)
 Resolve an IPv4 address to its host name using scoped memory allocation.
 
WS_DLL_PUBLIC const char * get_hostname6 (const ws_in6_addr *ad)
 Resolves an IPv6 address to a hostname or numeric string.
 
WS_DLL_PUBLIC char * get_hostname6_wmem (wmem_allocator_t *allocator, const ws_in6_addr *ad)
 Resolves an IPv6 address to a hostname using a memory allocator.
 
WS_DLL_PUBLIC const char * get_ether_name (const uint8_t *addr)
 Resolves an Ethernet address to a logical name or vendor string.
 
WS_DLL_PUBLIC const char * get_hostname_ss7pc (const uint8_t ni, const uint32_t pc)
 Resolves an SS7 Point Code to a hostname.
 
WS_DLL_PUBLIC void fill_unresolved_ss7pc (const char *pc_addr, const uint8_t ni, const uint32_t pc)
 Initializes unresolved SS7 Point Code entries in the hashtable.
 
WS_DLL_PUBLIC const char * tvb_get_ether_name (tvbuff_t *tvb, int offset)
 Resolves an Ethernet address from a tvbuff.
 
WS_DLL_PUBLIC const char * get_ether_name_if_known (const uint8_t *addr)
 Resolves an Ethernet address only if an exact match is known.
 
const char * get_manuf_name (const uint8_t *addr, size_t size)
 Resolves a 3-octet OUI to a short vendor name.
 
WS_DLL_PUBLIC const char * get_manuf_name_if_known (const uint8_t *addr, size_t size)
 Resolves an OUI to a full vendor name if known.
 
WS_DLL_PUBLIC const char * uint_get_manuf_name_if_known (const uint32_t oid)
 Resolves a 24-bit OUI integer to a vendor name.
 
WS_DLL_PUBLIC const char * tvb_get_manuf_name (tvbuff_t *tvb, int offset)
 Resolves a 3-octet OUI from a tvbuff to a short vendor name.
 
WS_DLL_PUBLIC const char * tvb_get_manuf_name_if_known (tvbuff_t *tvb, int offset)
 Resolves a 3-octet OUI from a tvbuff to a full vendor name.
 
const char * get_eui64_name (const uint8_t *addr)
 Resolves an EUI-64 address to a logical name or vendor string.
 
WS_DLL_PUBLIC char * eui64_to_display (wmem_allocator_t *allocator, const uint64_t addr)
 Converts a uint64_t EUI-64 address to a display string.
 
WS_DLL_PUBLIC char * get_ipxnet_name (wmem_allocator_t *allocator, const uint32_t addr)
 Resolves an IPX network number to a name.
 
WS_DLL_PUBLIC char * get_vlan_name (wmem_allocator_t *allocator, const uint16_t id)
 Resolves a VLAN ID to a name.
 
WS_DLL_PUBLIC unsigned get_hash_ether_status (hashether_t *ether)
 Gets the status code for a resolved Ethernet entry.
 
WS_DLL_PUBLIC bool get_hash_ether_used (hashether_t *ether)
 Checks if an Ethernet hash entry was used.
 
WS_DLL_PUBLIC char * get_hash_ether_hexaddr (hashether_t *ether)
 Gets the hex string representation of an Ethernet address.
 
WS_DLL_PUBLIC char * get_hash_ether_resolved_name (hashether_t *ether)
 Gets the resolved name for an Ethernet hash entry.
 
WS_DLL_PUBLIC bool get_hash_manuf_used (hashmanuf_t *manuf)
 Checks if a manufacturer hash entry was used.
 
WS_DLL_PUBLIC char * get_hash_manuf_resolved_name (hashmanuf_t *manuf)
 Gets the resolved name for a manufacturer hash entry.
 
WS_DLL_PUBLIC bool get_hash_wka_used (hashwka_t *wka)
 Checks if a WKA hash entry was used.
 
WS_DLL_PUBLIC char * get_hash_wka_resolved_name (hashwka_t *wka)
 Gets the resolved name for a WKA hash entry.
 
WS_DLL_PUBLIC void add_ipv4_name (const unsigned addr, const char *name, const bool static_entry)
 Adds a static or dynamic IPv4 name mapping.
 
WS_DLL_PUBLIC void add_ipv6_name (const ws_in6_addr *addr, const char *name, const bool static_entry)
 Adds a Hostname/IPv4 in the hash table.
 
WS_DLL_PUBLIC bool add_hosts_file (const char *hosts_file)
 Adds an additional "hosts" file for IPv4 and IPv6 name resolution.
 
WS_DLL_PUBLIC bool add_ip_name_from_string (const char *addr, const char *name)
 Adds a hostname mapping for a given IP address string.
 
WS_DLL_PUBLIC resolved_name_tget_edited_resolved_name (const char *addr)
 Retrieves the user-defined name for a given address.
 
WS_DLL_PUBLIC addrinfo_lists_tget_addrinfo_list (void)
 Retrieves known host-to-address mappings.
 
WS_DLL_PUBLIC void add_ether_byip (const unsigned ip, const uint8_t *eth)
 Associates an Ethernet (MAC) address / name to an IPv4 address.
 
WS_DLL_PUBLIC bool get_host_ipaddr (const char *host, uint32_t *addrp)
 Resolves a hostname or IPv4 string to a numeric IPv4 address.
 
WS_DLL_PUBLIC bool get_host_ipaddr6 (const char *host, ws_in6_addr *addrp)
 Resolves a hostname or IPv6 string to a numeric IPv6 address.
 
WS_DLL_PUBLIC wmem_map_tget_manuf_hashtable (void)
 Retrieves the manufacturer hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_wka_hashtable (void)
 Retrieves the well-known address (WKA) hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_eth_hashtable (void)
 Retrieves the Ethernet address hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_serv_port_hashtable (void)
 Retrieves the service port hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_ipxnet_hash_table (void)
 Retrieves the IPX network hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_vlan_hash_table (void)
 Retrieves the VLAN ID hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_ipv4_hash_table (void)
 Retrieves the IPv4 address hashtable.
 
WS_DLL_PUBLIC wmem_map_tget_ipv6_hash_table (void)
 Retrieves the IPv6 address hashtable.
 
WS_DLL_PUBLIC void set_resolution_synchrony (bool synchronous)
 Sets the resolution mode to synchronous or asynchronous.
 
WS_DLL_LOCAL void name_resolver_init (void)
 Initializes the name resolution subsystem.
 
WS_DLL_LOCAL void host_name_lookup_reset (const char *app_env_var_prefix)
 Reinitialize hostname resolution subsystem.
 
WS_DLL_LOCAL void addr_resolv_init (const char *app_env_var_prefix)
 Initializes the address resolution subsystem.
 
WS_DLL_LOCAL void addr_resolv_cleanup (void)
 Cleans up the address resolution subsystem.
 
WS_DLL_PUBLIC bool str_to_ip (const char *str, void *dst)
 Parses a string as an IPv4 address.
 
WS_DLL_PUBLIC bool str_to_ip6 (const char *str, void *dst)
 Parses a string as an IPv6 address.
 
WS_DLL_LOCAL bool str_to_eth (const char *str, uint8_t(*eth_bytes)[6])
 Parses a string as an Ethernet (MAC) address.
 
WS_DLL_LOCAL unsigned ipv6_oat_hash (const void *key)
 Computes a hash value for an IPv6 address using OAT hashing.
 
WS_DLL_LOCAL gboolean ipv6_equal (const void *v1, const void *v2)
 Compares two IPv6 addresses for equality.
 

Variables

WS_DLL_PUBLIC e_addr_resolve gbl_resolv_flags
 
char * g_ethers_path
 
char * g_ipxnets_path
 
char * g_pethers_path
 
char * g_pipxnets_path
 

Detailed Description

Definitions for network object lookup

Laurent Deniel laure.nosp@m.nt.d.nosp@m.eniel.nosp@m.@fre.nosp@m.e.fr

Wireshark - Network traffic analyzer By Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg Copyright 1998 Gerald Combs

SPDX-License-Identifier: GPL-2.0-or-later

Function Documentation

◆ add_ether_byip()

WS_DLL_PUBLIC void add_ether_byip ( const unsigned  ip,
const uint8_t *  eth 
)

Associates an Ethernet (MAC) address / name to an IPv4 address.

Adds a mapping between the given IPv4 address and its corresponding Ethernet address. Used for name resolution and display purposes.

Parameters
ipIPv4 address in host byte order.
ethPointer to a 6-byte Ethernet address.

◆ add_hosts_file()

WS_DLL_PUBLIC bool add_hosts_file ( const char *  hosts_file)

Adds an additional "hosts" file for IPv4 and IPv6 name resolution.

Registers a user-specified hosts file to be used for resolving IP addresses. The file can be added before host_name_lookup_init() is called and will be re-read each time that function is invoked.

Parameters
hosts_fileAbsolute path to the hosts file.
Returns
true if the file was successfully read, false otherwise.

◆ add_ip_name_from_string()

WS_DLL_PUBLIC bool add_ip_name_from_string ( const char *  addr,
const char *  name 
)

Adds a hostname mapping for a given IP address string.

Inserts a user-defined name for an IP address into the resolution table. The address string may represent either an IPv4 or IPv6 address.

Parameters
addrIP address string (e.g., "192.168.0.1" or "2001:db8::1").
nameHostname to associate with the address.
Returns
true if the entry was successfully added, false otherwise.

◆ add_ipv4_name()

WS_DLL_PUBLIC void add_ipv4_name ( const unsigned  addr,
const char *  name,
const bool  static_entry 
)

Adds a static or dynamic IPv4 name mapping.

Inserts a hostname for the given IPv4 address into the resolution table.

Parameters
addrIPv4 address in host byte order.
nameHostname to associate.
static_entrytrue if the entry is static.

◆ add_ipv6_name()

WS_DLL_PUBLIC void add_ipv6_name ( const ws_in6_addr addr,
const char *  name,
const bool  static_entry 
)

Adds a Hostname/IPv4 in the hash table.

Inserts a hostname for the given IPv6 address into the resolution table.

Parameters
addrPointer to the IPv6 address.
nameHostname to associate.
static_entrytrue if the entry is static.

◆ addr_resolv_cleanup()

WS_DLL_LOCAL void addr_resolv_cleanup ( void  )

Cleans up the address resolution subsystem.

Frees resources and resets state related to address resolution. Intended for internal use by the epan core only.

◆ addr_resolv_init()

WS_DLL_LOCAL void addr_resolv_init ( const char *  app_env_var_prefix)

Initializes the address resolution subsystem.

Prepares internal structures for resolving network addresses. Intended for internal use by the epan core only.

◆ dccp_port_to_display()

WS_DLL_PUBLIC char * dccp_port_to_display ( wmem_allocator_t allocator,
unsigned  port 
)

Resolve a DCCP port number to its display name.

Returns a human-readable name for the specified DCCP port, such as "RTP" or "DCCP-Test". If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters
allocatorMemory allocator used to allocate the returned string.
portDCCP port number to resolve.
Returns
Allocated string containing the port name or numeric value.

◆ disable_name_resolution()

WS_DLL_PUBLIC void disable_name_resolution ( void  )

Disable all forms of name resolution.

Sets all relevant global resolution flags (gbl_resolv_flags) to false, effectively disabling hostname, service name, and other symbolic resolution features. This is typically used to improve performance or enforce numeric-only output in protocol analysis and logging.

◆ enterprises_base_custom()

WS_DLL_PUBLIC void enterprises_base_custom ( char *  buf,
uint32_t  value 
)

Format a private enterprise code as "name (decimal)" into a buffer.

Writes a string representation of the given enterprise code to buf, using the format "Name (1234)". If the code is unknown, the name portion is resolved via enterprises_lookup() and may fall back to "<Unknown>".

Parameters
bufOutput buffer to receive the formatted string.
valuePrivate enterprise code to format.

◆ enterprises_lookup()

WS_DLL_PUBLIC const char * enterprises_lookup ( uint32_t  value,
const char *  unknown_str 
)

Resolve a private enterprise code to its registered name.

Returns the name associated with the given private enterprise code (PEC), commonly used in SNMP, IPFIX, and other protocol metadata. If no known name exists for the specified code, the function returns unknown_str, or the string "<Unknown>" if unknown_str is NULL.

This is typically used for display, logging, or protocol dissection.

Parameters
valuePrivate enterprise code to resolve.
unknown_strFallback string if the code is not recognized.
Returns
Constant string containing the enterprise name or fallback.

◆ eui64_to_display()

WS_DLL_PUBLIC char * eui64_to_display ( wmem_allocator_t allocator,
const uint64_t  addr 
)

Converts a uint64_t EUI-64 address to a display string.

Returns a vendor-prefixed or full hex string using the given allocator.

eui64_to_display returns "<vendor>_%02x:%02x:%02x:%02x:%02x:%02x" if the vendor code is known (or as appropriate for MA-M and MA-S), and if not, "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x". Gives the same results as address_to_display, but for when the EUI-64 address is a host endian uint64_t instead of bytes / an AT_EUI64 address.

Parameters
allocatorMemory allocator scope.
addrEUI-64 address as uint64_t.
Returns
Allocated display string.

◆ fill_dummy_ip4()

WS_DLL_PUBLIC bool fill_dummy_ip4 ( const unsigned  addr,
hashipv4_t *volatile  tp 
)

Populate a dummy IPv4 object with the specified address.

Initializes the given hashipv4_t pointer with the provided IPv4 address, marking it as a placeholder or synthetic entry. This is typically used for testing, fallback logic, or internal bookkeeping where a non-real IP is required.

Parameters
addrIPv4 address in host byte order.
tpPointer to a hashipv4_t object to populate.
Returns
true on success, false on failure.

◆ fill_unresolved_ss7pc()

WS_DLL_PUBLIC void fill_unresolved_ss7pc ( const char *  pc_addr,
const uint8_t  ni,
const uint32_t  pc 
)

Initializes unresolved SS7 Point Code entries in the hashtable.

Adds a placeholder entry for an unresolved SS7 Point Code.

Parameters
pc_addrString representation of the Point Code.
niNetwork Indicator.
pcPoint Code.

◆ get_addrinfo_list()

WS_DLL_PUBLIC addrinfo_lists_t * get_addrinfo_list ( void  )

Retrieves known host-to-address mappings.

Returns a structure containing two GLists: one with hashipv4_t entries for IPv4 mappings and one with hashipv6_t entries for IPv6 mappings.

Returns
Pointer to an addrinfo_lists_t structure, or NULL if no mappings are available.

◆ get_edited_resolved_name()

WS_DLL_PUBLIC resolved_name_t * get_edited_resolved_name ( const char *  addr)

Retrieves the user-defined name for a given address.

Returns a pointer to a resolved_name_t structure containing the custom name associated with the given address, if one exists.

Parameters
addrIP address string.
Returns
Pointer to the resolved name structure, or NULL if not found.

◆ get_eth_hashtable()

WS_DLL_PUBLIC wmem_map_t * get_eth_hashtable ( void  )

Retrieves the Ethernet address hashtable.

Returns a pointer to the hashtable mapping full Ethernet (MAC) addresses to resolved names.

Returns
Pointer to the Ethernet address hashtable.

◆ get_ether_name()

WS_DLL_PUBLIC const char * get_ether_name ( const uint8_t *  addr)

Resolves an Ethernet address to a logical name or vendor string.

Returns a logical name if found in ethers files, or a vendor-prefixed string if the vendor is known, or a full MAC address string otherwise.

For example: "<vendor>_%02x:%02x:%02x" if the vendor code is known else "%02x:%02x:%02x:%02x:%02x:%02x"

Parameters
addrPointer to the 6-byte Ethernet address.
Returns
Resolved name or formatted MAC string: "<vendor>_%02x:%02x:%02x" if the vendor code is known else "%02x:%02x:%02x:%02x:%02x:%02x".

◆ get_ether_name_if_known()

WS_DLL_PUBLIC const char * get_ether_name_if_known ( const uint8_t *  addr)

Resolves an Ethernet address only if an exact match is known.

Returns a logical name if the full address is known from the ethers file or ARP, otherwise returns NULL.

Note
: It returns NULL for addresses if only a prefix can be resolved into a manufacturer name.
Parameters
addrPointer to the 6-byte Ethernet address.
Returns
Resolved name or NULL.

◆ get_eui64_name()

const char * get_eui64_name ( const uint8_t *  addr)
extern

Resolves an EUI-64 address to a logical name or vendor string.

Returns a logical name, vendor-prefixed string, or full EUI-64 hex string. get_eui64_name returns the logical name if found in ethers files else "<vendor>_%02x:%02x:%02x:%02x:%02x:%02x" if the vendor code is known (or as appropriate for MA-M and MA-S), and if not, "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x"

Parameters
addrPointer to the 8-byte EUI-64 address.
Returns
Resolved name or formatted EUI-64 string.

◆ get_hash_ether_hexaddr()

WS_DLL_PUBLIC char * get_hash_ether_hexaddr ( hashether_t ether)

Gets the hex string representation of an Ethernet address.

Parameters
etherPointer to the Ethernet hash entry.
Returns
Hex string of the address.

◆ get_hash_ether_resolved_name()

WS_DLL_PUBLIC char * get_hash_ether_resolved_name ( hashether_t ether)

Gets the resolved name for an Ethernet hash entry.

Parameters
etherPointer to the Ethernet hash entry.
Returns
Resolved name string.

◆ get_hash_ether_status()

WS_DLL_PUBLIC unsigned get_hash_ether_status ( hashether_t ether)

Gets the status code for a resolved Ethernet entry.

Parameters
etherPointer to the Ethernet hash entry.
Returns
Status code.

◆ get_hash_ether_used()

WS_DLL_PUBLIC bool get_hash_ether_used ( hashether_t ether)

Checks if an Ethernet hash entry was used.

Parameters
etherPointer to the Ethernet hash entry.
Returns
true if used, false otherwise.

◆ get_hash_manuf_resolved_name()

WS_DLL_PUBLIC char * get_hash_manuf_resolved_name ( hashmanuf_t manuf)

Gets the resolved name for a manufacturer hash entry.

Parameters
manufPointer to the manufacturer hash entry.
Returns
Resolved name string.

◆ get_hash_manuf_used()

WS_DLL_PUBLIC bool get_hash_manuf_used ( hashmanuf_t manuf)

Checks if a manufacturer hash entry was used.

Parameters
manufPointer to the manufacturer hash entry.
Returns
true if used, false otherwise.

◆ get_hash_wka_resolved_name()

WS_DLL_PUBLIC char * get_hash_wka_resolved_name ( hashwka_t wka)

Gets the resolved name for a WKA hash entry.

Parameters
wkaPointer to the WKA hash entry.
Returns
Resolved name string.

◆ get_hash_wka_used()

WS_DLL_PUBLIC bool get_hash_wka_used ( hashwka_t wka)

Checks if a WKA hash entry was used.

Parameters
wkaPointer to the WKA hash entry.
Returns
true if used, false otherwise.

◆ get_host_ipaddr()

WS_DLL_PUBLIC bool get_host_ipaddr ( const char *  host,
uint32_t *  addrp 
)

Resolves a hostname or IPv4 string to a numeric IPv4 address.

Translates a string representing a hostname or dotted-decimal IPv4 address into a numeric IPv4 address value in network byte order. If compiled with c-ares, the request will wait a maximum of 250ms for the request to finish. Otherwise the wait time will be system-dependent, usually much longer. Immediately returns false for hostnames if network name resolution is disabled.

Parameters
[in]hostThe hostname or IPv4 string to resolve.
[out]addrpPointer to receive the resolved IPv4 address in network byte order.
Returns
true on success, false on failure or timeout.

◆ get_host_ipaddr6()

WS_DLL_PUBLIC bool get_host_ipaddr6 ( const char *  host,
ws_in6_addr addrp 
)

Resolves a hostname or IPv6 string to a numeric IPv6 address.

Translates a string representing a hostname or colon-hex IPv6 address into a numeric IPv6 address value in network byte order. If compiled with c-ares, the request will wait a maximum of 250ms for the request to finish. Otherwise the wait time will be system-dependent, usually much longer. Immediately returns false for hostnames if network name resolution is disabled.

Parameters
[in]hostThe hostname or IPv6 string to resolve.
[out]addrpPointer to receive the resolved IPv6 address in network byte order.
Returns
true on success, false on failure or timeout.

◆ get_hostname()

WS_DLL_PUBLIC const char * get_hostname ( const unsigned  addr)

Resolve an IPv4 address to its host name.

Returns a string containing the host name associated with the given IPv4 address, or a numeric string in the format "%d.%d.%d.%d" if no name is found. The returned string is managed internally and must not be freed by the caller. It will be released when address hashtables are cleared (e.g., due to preference changes or redissection).

Note
This function may increase persistent memory usage even when host name resolution is disabled. It may be deprecated in favor of get_hostname_wmem() for better memory management.
Parameters
addrIPv4 address in host byte order.
Returns
Constant string containing the resolved host name or numeric address.

◆ get_hostname6()

WS_DLL_PUBLIC const char * get_hostname6 ( const ws_in6_addr ad)

Resolves an IPv6 address to a hostname or numeric string.

get_hostname6 returns the host name, or numeric addr if not found. The string does not have to be freed; it will be freed when the address hashtables are emptied (e.g., when preferences change or upon redissection.) However, this increases persistent memory usage even when host name lookups are off.

This might get deprecated in the future for get_hostname6_wmem.

Parameters
adPointer to the IPv6 address.
Returns
Hostname or numeric address string.

◆ get_hostname6_wmem()

WS_DLL_PUBLIC char * get_hostname6_wmem ( wmem_allocator_t allocator,
const ws_in6_addr ad 
)

Resolves an IPv6 address to a hostname using a memory allocator.

Returns a newly allocated string representing the hostname or numeric address for the given IPv6 address.

Parameters
allocatorMemory allocator scope.
adPointer to the IPv6 address.
Returns
Allocated hostname or numeric address string.

◆ get_hostname_ss7pc()

WS_DLL_PUBLIC const char * get_hostname_ss7pc ( const uint8_t  ni,
const uint32_t  pc 
)

Resolves an SS7 Point Code to a hostname.

Returns a logical name if found, or a formatted Point Code string.

Parameters
niNetwork Indicator.
pcPoint Code.
Returns
Hostname if in the ss7pcs file or '\0' on the first call or the unresolved Point Code in the subsequent calls.

◆ get_hostname_wmem()

WS_DLL_PUBLIC char * get_hostname_wmem ( wmem_allocator_t allocator,
const unsigned  addr 
)

Resolve an IPv4 address to its host name using scoped memory allocation.

Returns a string containing the host name associated with the given IPv4 address, or a numeric string in the format "%d.%d.%d.%d" if no name is found. The returned string is allocated using the provided wmem_allocator_t, allowing flexible memory management across dissector passes or UI components.

This function is preferred over get_hostname() for memory safety and scoped lifetime control, especially in environments with redissection or preference reloads.

Parameters
allocatorMemory allocator used to allocate the returned string.
addrIPv4 address in host byte order.
Returns
Allocated string containing the resolved host name or numeric address.

◆ get_ipv4_hash_table()

WS_DLL_PUBLIC wmem_map_t * get_ipv4_hash_table ( void  )

Retrieves the IPv4 address hashtable.

Returns a pointer to the hashtable mapping IPv4 addresses to resolved hostnames.

Returns
Pointer to the IPv4 address hashtable.

◆ get_ipv6_hash_table()

WS_DLL_PUBLIC wmem_map_t * get_ipv6_hash_table ( void  )

Retrieves the IPv6 address hashtable.

Returns a pointer to the hashtable mapping IPv6 addresses to resolved hostnames.

Returns
Pointer to the IPv6 address hashtable.

◆ get_ipxnet_hash_table()

WS_DLL_PUBLIC wmem_map_t * get_ipxnet_hash_table ( void  )

Retrieves the IPX network hashtable.

Returns a pointer to the hashtable mapping IPX network numbers to resolved names.

Returns
Pointer to the IPX network hashtable.

◆ get_ipxnet_name()

WS_DLL_PUBLIC char * get_ipxnet_name ( wmem_allocator_t allocator,
const uint32_t  addr 
)

Resolves an IPX network number to a name.

Returns a logical name or formatted hex string.

get_ipxnet_name returns the logical name if found in an ipxnets file, or a string formatted with "%X" if not.

Parameters
allocatorMemory allocator scope.
addrIPX network number.
Returns
Allocated name or hex string.

◆ get_manuf_hashtable()

WS_DLL_PUBLIC wmem_map_t * get_manuf_hashtable ( void  )

Retrieves the manufacturer hashtable.

Returns a pointer to the hashtable mapping MAC address prefixes to manufacturer names.

Returns
Pointer to the manufacturer hashtable.

◆ get_manuf_name()

const char * get_manuf_name ( const uint8_t *  addr,
size_t  size 
)
extern

Resolves a 3-octet OUI to a short vendor name.

Given a sequence of 3 octets containing an OID, get_manuf_name() returns an abbreviated form of the vendor name, or "%02x:%02x:%02x" if not known. (The short form of the name is roughly similar in length to the hexstring, so that they may be used in similar places.)

Note
: This only looks up entries in the 24-bit OUI table (and the CID table), not the MA-M and MA-S tables. The hex byte string is returned for sequences registered to the IEEE Registration Authority for the purposes of being subdivided into MA-M and MA-S.
Parameters
addrPointer to the OUI bytes.
sizeNumber of bytes (typically 3).
Returns
Short vendor name or hex string.

◆ get_manuf_name_if_known()

WS_DLL_PUBLIC const char * get_manuf_name_if_known ( const uint8_t *  addr,
size_t  size 
)

Resolves an OUI to a full vendor name if known.

Given a sequence of 3 or more octets containing an OUI, get_manuf_name_if_known() returns the vendor name, or NULL if not known.

Note
Unlike get_manuf_name() above, this returns the full vendor name.
If size is 6 or larger, vendor names will be looked up in the MA-M and MA-S tables as well (but note that the length of the sequence is not returned.) If size is less than 6, only the 24 bit tables are searched, and NULL is returned for sequences registered to the IEEE Registration Authority for purposes of being subdivided into MA-M and MA-S.
Parameters
addrPointer to the OUI bytes.
sizeNumber of bytes (≥3).
Returns
Full vendor name or NULL.

◆ get_serv_port_hashtable()

WS_DLL_PUBLIC wmem_map_t * get_serv_port_hashtable ( void  )

Retrieves the service port hashtable.

Returns a pointer to the hashtable mapping TCP/UDP port numbers to service names.

Returns
Pointer to the service port hashtable.

◆ get_vlan_hash_table()

WS_DLL_PUBLIC wmem_map_t * get_vlan_hash_table ( void  )

Retrieves the VLAN ID hashtable.

Returns a pointer to the hashtable mapping VLAN identifiers to resolved names.

Returns
Pointer to the VLAN hashtable.

◆ get_vlan_name()

WS_DLL_PUBLIC char * get_vlan_name ( wmem_allocator_t allocator,
const uint16_t  id 
)

Resolves a VLAN ID to a name.

Returns a logical name or the VLAN ID as a string.

get_vlan_name returns the logical name if found in a vlans file, or the VLAN ID itself as a string if not found

Parameters
allocatorMemory allocator scope.
idVLAN identifier.
Returns
Allocated name or ID string.

◆ get_wka_hashtable()

WS_DLL_PUBLIC wmem_map_t * get_wka_hashtable ( void  )

Retrieves the well-known address (WKA) hashtable.

Returns a pointer to the hashtable mapping protocol-specific well-known addresses to names.

Returns
Pointer to the WKA hashtable.

◆ host_name_lookup_process()

WS_DLL_PUBLIC bool host_name_lookup_process ( void  )

Process outstanding asynchronous host name lookups via c-ares.

If c-ares is enabled, this function checks for completed host name resolutions and updates internal state accordingly. It is invoked periodically via a GLIB timeout in Wireshark, and before each packet is processed during the first pass of two-pass TShark analysis.

Returns
True if any new objects have been resolved since the previous call. This can be used to trigger a display update, e.g. in Wireshark.

◆ host_name_lookup_reset()

WS_DLL_LOCAL void host_name_lookup_reset ( const char *  app_env_var_prefix)

Reinitialize hostname resolution subsystem.

Clears any cached hostname resolution results. Intended for internal use by the epan core only.

◆ ipv6_equal()

WS_DLL_LOCAL gboolean ipv6_equal ( const void *  v1,
const void *  v2 
)

Compares two IPv6 addresses for equality.

Performs a byte-wise comparison of two IPv6 addresses. Intended for internal use by the epan core only.

Parameters
v1Pointer to the first IPv6 address.
v2Pointer to the second IPv6 address.
Returns
TRUE if equal, FALSE otherwise.

◆ ipv6_oat_hash()

WS_DLL_LOCAL unsigned ipv6_oat_hash ( const void *  key)

Computes a hash value for an IPv6 address using OAT hashing.

Generates a hash suitable for use in hash tables. Intended for internal use by the epan core only.

Parameters
keyPointer to the IPv6 address (e.g., struct in6_addr*).
Returns
Hash value.

◆ name_resolver_init()

WS_DLL_LOCAL void name_resolver_init ( void  )

Initializes the name resolution subsystem.

Sets up internal state for hostname and address resolution. Intended for internal use by the epan core only.

◆ new_ipv4()

WS_DLL_PUBLIC hashipv4_t * new_ipv4 ( const unsigned  addr)

Construct a new IPv4 object from a 32-bit address.

Creates and returns a hashipv4_t instance initialized with the given IPv4 address. The address should be provided in host byte order as a 32-bit unsigned integer.

Parameters
addrIPv4 address in host byte order.
Returns
Pointer to a newly allocated hashipv4_t object.

◆ port_with_resolution_to_str()

WS_DLL_PUBLIC char * port_with_resolution_to_str ( wmem_allocator_t scope,
port_type  proto,
unsigned  port 
)

Format a port number with its resolved service name.

Returns a string in the format "ServiceName (port)", such as "HTTP (80)", based on the specified protocol and port number. If no known service name exists for the port, the numeric value is used as both the name and number. The result is allocated using the provided wmem_allocator_t.

Parameters
scopeMemory allocator used to allocate the returned string.
protoProtocol type (e.g., PT_TCP, PT_UDP).
portPort number to format.
Returns
Allocated string containing the formatted port representation.

◆ port_with_resolution_to_str_buf()

WS_DLL_PUBLIC int port_with_resolution_to_str_buf ( char *  buf,
unsigned long  buf_size,
port_type  proto,
unsigned  port 
)

Format a port number with its resolved service name into a buffer.

Writes a string in the format "ServiceName (port)"—such as "SSH (22)"— to the provided buffer, based on the specified protocol and port number. If no known service name exists, the numeric value is used as both name and number. This function is typically used for logging, diagnostics, or UI display where fixed-size output is required.

The return value matches that of snprintf(): the number of characters that would have been written if the buffer were large enough.

Parameters
bufOutput buffer to receive the formatted string.
buf_sizeSize of the output buffer in bytes.
protoProtocol type (e.g., PT_TCP, PT_UDP).
portPort number to format.
Returns
Number of characters that would have been written.

◆ sctp_port_to_display()

WS_DLL_PUBLIC char * sctp_port_to_display ( wmem_allocator_t allocator,
unsigned  port 
)

Resolve an SCTP port number to its display name.

Returns a human-readable name for the specified SCTP port, such as "Diameter" for port 3868. If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters
allocatorMemory allocator used to allocate the returned string.
portSCTP port number to resolve.
Returns
Allocated string containing the port name or numeric value.

◆ serv_name_lookup()

WS_DLL_PUBLIC const char * serv_name_lookup ( port_type  proto,
unsigned  port 
)

Resolve a port number to its well-known service name.

Returns a string representing the service name associated with the given port and protocol (e.g., "HTTP" for TCP port 80). If no known service name exists for the specified port, the function returns the numeric port value as a string.

Parameters
protoProtocol type (e.g., PT_TCP, PT_UDP).
portPort number to resolve.
Returns
Constant string containing the service name or numeric value.

◆ set_resolution_synchrony()

WS_DLL_PUBLIC void set_resolution_synchrony ( bool  synchronous)

Sets the resolution mode to synchronous or asynchronous.

Controls whether name/address resolution is performed synchronously or deferred. Intended for global configuration; future versions may support per-session control.

Parameters
synchronousIf true, resolution is performed synchronously.

◆ str_to_eth()

WS_DLL_LOCAL bool str_to_eth ( const char *  str,
uint8_t(*)  eth_bytes[6] 
)

Parses a string as an Ethernet (MAC) address.

Converts a colon- or dash-separated MAC address string into a 6-byte array. Intended for internal use by the epan core only.

Parameters
strThe input string (e.g., "00:11:22:33:44:55").
eth_bytesPointer to a 6-byte buffer to receive the parsed address.
Returns
true if parsing succeeds, false otherwise.

◆ str_to_ip()

WS_DLL_PUBLIC bool str_to_ip ( const char *  str,
void *  dst 
)

Parses a string as an IPv4 address.

Converts a dotted-decimal IPv4 string into a binary representation.

Parameters
strThe input string (e.g., "192.168.0.1").
dstPointer to a buffer to receive the parsed address (e.g., uint32_t*).
Returns
true if parsing succeeds, false otherwise.

◆ str_to_ip6()

WS_DLL_PUBLIC bool str_to_ip6 ( const char *  str,
void *  dst 
)

Parses a string as an IPv6 address.

Converts a colon-separated IPv6 string into a binary representation.

Parameters
strThe input string (e.g., "2001:db8::1").
dstPointer to a buffer to receive the parsed address (e.g., struct in6_addr*).
Returns
true if parsing succeeds, false otherwise.

◆ tcp_port_to_display()

WS_DLL_PUBLIC char * tcp_port_to_display ( wmem_allocator_t allocator,
unsigned  port 
)

Resolve a TCP port number to its display name.

Returns a human-readable name for the specified TCP port, such as "HTTP" for port 80. If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters
allocatorMemory allocator used to allocate the returned string.
portTCP port number to resolve.
Returns
Allocated string containing the port name or numeric value.

◆ try_enterprises_lookup()

WS_DLL_PUBLIC const char * try_enterprises_lookup ( uint32_t  value)

Attempt to resolve a private enterprise code to its registered name.

Returns the name associated with the given private enterprise code (PEC), commonly used in SNMP, IPFIX, and other protocol metadata. If the code is not recognized, the function returns NULL.

Parameters
valuePrivate enterprise code to resolve.
Returns
Constant string containing the enterprise name, or NULL if not found.

◆ try_serv_name_lookup()

WS_DLL_PUBLIC const char * try_serv_name_lookup ( port_type  proto,
unsigned  port 
)

Attempt to resolve a port number to its well-known service name.

Returns the service name associated with the specified port and protocol (e.g., "HTTPS" for TCP port 443). If no known service name exists for the given combination, the function returns NULL.

Parameters
protoProtocol type (e.g., PT_TCP, PT_UDP).
portPort number to resolve.
Returns
Constant string containing the service name, or NULL if not found.

◆ tvb_get_ether_name()

WS_DLL_PUBLIC const char * tvb_get_ether_name ( tvbuff_t tvb,
int  offset 
)

Resolves an Ethernet address from a tvbuff.

Returns a logical name or vendor string for the Ethernet address at the given offset.

Note
This is the same as get_ether_name with tvb support
Parameters
tvbPointer to the tvbuff.
offsetOffset of the Ethernet address.
Returns
Resolved name or formatted MAC string.

◆ tvb_get_manuf_name()

WS_DLL_PUBLIC const char * tvb_get_manuf_name ( tvbuff_t tvb,
int  offset 
)

Resolves a 3-octet OUI from a tvbuff to a short vendor name.

Given a tvbuff and an offset in that tvbuff for a 3-octet OID, tvb_get_manuf_name() returns an abbreviated vendor name, or "%02x:%02x:%02x" if not known.

Note
: This only looks up entries in the 24-bit OUI table (and the CID table), not the MA-M and MA-S tables. The hex byte string is returned for sequences registered to the IEEE Registration Authority for the purposes of being subdivided into MA-M and MA-S.
Parameters
tvbPointer to the tvbuff.
offsetOffset of the OUI.
Returns
Short vendor name or hex string.

◆ tvb_get_manuf_name_if_known()

WS_DLL_PUBLIC const char * tvb_get_manuf_name_if_known ( tvbuff_t tvb,
int  offset 
)

Resolves a 3-octet OUI from a tvbuff to a full vendor name.

Given a tvbuff and an offset in that tvbuff for a 3-octet OID, tvb_get_manuf_name_if_known() returns the full vendor name, or NULL if not known.

Note
NULL is returned for sequences registered to the IEEE Registration Authority for purposes of being subdivided into MA-M and MA-S.
Parameters
tvbPointer to the tvbuff.
offsetOffset of the OUI.
Returns
Full vendor name or NULL.

◆ udp_port_to_display()

WS_DLL_PUBLIC char * udp_port_to_display ( wmem_allocator_t allocator,
unsigned  port 
)

Resolve a UDP port number to its display name.

Returns a human-readable name for the specified UDP port, such as "DNS" for port 53. If no known name is associated with the port, the function returns the numeric port value as a string. The result is allocated using the provided wmem_allocator_t.

Parameters
allocatorMemory allocator used to allocate the returned string.
portUDP port number to resolve.
Returns
Allocated string containing the port name or numeric value.

◆ uint_get_manuf_name_if_known()

WS_DLL_PUBLIC const char * uint_get_manuf_name_if_known ( const uint32_t  oid)

Resolves a 24-bit OUI integer to a vendor name.

Given an integer containing a 24-bit OUI (or CID), uint_get_manuf_name_if_known() returns the vendor name, or NULL if not known.

Note
NULL is returned for sequences registered to the IEEE Registration Authority for purposes of being subdivided into MA-M and MA-S.
Parameters
oid24-bit OUI or CID.
Returns
Full vendor name or NULL.
Generated by doxygen 1.9.8