cfile.h File Reference

#include <epan/epan.h>
#include <epan/column-info.h>
#include <epan/dfilter/dfilter.h>
#include <epan/frame_data.h>
#include <epan/frame_data_sequence.h>
#include <wiretap/wtap.h>
#include <wsutil/file_compressed.h>
#include <wsutil/buffer.h>

Go to the source code of this file.

Classes
struct	packet_provider_data
struct	_capture_file

Typedefs
typedef struct _capture_file	capture_file

Enumerations
enum	file_state {   FILE_CLOSED , FILE_READ_PENDING , FILE_READ_IN_PROGRESS , FILE_READ_ABORTED ,   FILE_READ_DONE }
enum	rescan_type { RESCAN_NONE = 0 , RESCAN_SCAN , RESCAN_REDISSECT }
enum	search_charset_t { SCS_NARROW_AND_WIDE , SCS_NARROW , SCS_WIDE }
enum	search_direction { SD_FORWARD , SD_BACKWARD }

Functions
WS_DLL_PUBLIC void	cap_file_init (capture_file *cf)
	Initialize a capture file structure.
WS_DLL_PUBLIC const nstime_t *	cap_file_provider_get_frame_ts (struct packet_provider_data *prov, uint32_t frame_num)
WS_DLL_PUBLIC const nstime_t *	cap_file_provider_get_start_ts (struct packet_provider_data *prov)
WS_DLL_PUBLIC const nstime_t *	cap_file_provider_get_end_ts (struct packet_provider_data *prov)
	Get the end timestamp of a capture file.
WS_DLL_PUBLIC const char *	cap_file_provider_get_interface_name (struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number)
	Retrieves the name of a network interface from a capture file.
WS_DLL_PUBLIC const char *	cap_file_provider_get_interface_description (struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number)
	Retrieves a description for a network interface from a capture file.
WS_DLL_PUBLIC int32_t	cap_file_provider_get_process_id (struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number)
	Retrieves the process ID associated with a given process information ID and section number.
WS_DLL_PUBLIC const char *	cap_file_provider_get_process_name (struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number)
WS_DLL_PUBLIC const uint8_t *	cap_file_provider_get_process_uuid (struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number, size_t *uuid_size)
	Retrieves the UUID of a process from a capture file.
WS_DLL_PUBLIC wtap_block_t	cap_file_provider_get_modified_block (struct packet_provider_data *prov, const frame_data *fd)
WS_DLL_PUBLIC void	cap_file_provider_set_modified_block (struct packet_provider_data *prov, frame_data *fd, const wtap_block_t new_block)
	Set a modified block for a frame in the packet provider.

Detailed Description

capture_file definition & GUI-independent manipulation

Wireshark - Network traffic analyzer By Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg Copyright 1998 Gerald Combs

SPDX-License-Identifier: GPL-2.0-or-later

Function Documentation

cap_file_init()

WS_DLL_PUBLIC void cap_file_init

(

capture_file *

cf

)

Initialize a capture file structure.

Parameters

cf	Pointer to the capture file structure to be initialized.

cap_file_provider_get_end_ts()

WS_DLL_PUBLIC const nstime_t * cap_file_provider_get_end_ts

(

struct packet_provider_data *

prov

)

Get the end timestamp of a capture file.

Parameters

prov	Pointer to the packet provider data structure.

Returns

const nstime_t* Pointer to the end timestamp, or NULL if not available.

cap_file_provider_get_interface_description()

WS_DLL_PUBLIC const char * cap_file_provider_get_interface_description	(	struct packet_provider_data *	prov,
		uint32_t	interface_id,
		unsigned	section_number
	)

Retrieves a description for a network interface from a capture file.

Parameters

prov	Pointer to the packet provider data structure.
interface_id	The ID of the network interface.
section_number	The section number in the capture file.

Returns

A string containing the description of the network interface, or NULL if not found.

cap_file_provider_get_interface_name()

WS_DLL_PUBLIC const char * cap_file_provider_get_interface_name	(	struct packet_provider_data *	prov,
		uint32_t	interface_id,
		unsigned	section_number
	)

Retrieves the name of a network interface from a capture file.

Parameters

prov	Pointer to the packet provider data structure.
interface_id	The ID of the interface to retrieve.
section_number	The section number in the capture file.

Returns

const char* The name of the interface, or "unknown" if not found.

cap_file_provider_get_process_id()

WS_DLL_PUBLIC int32_t cap_file_provider_get_process_id	(	struct packet_provider_data *	prov,
		uint32_t	process_info_id,
		unsigned	section_number
	)

Retrieves the process ID associated with a given process information ID and section number.

Parameters

prov	Pointer to the packet provider data structure.
process_info_id	The ID of the process information.
section_number	The section number within the capture file.

Returns

int32_t The process ID, or -1 if an error occurred.

cap_file_provider_get_process_uuid()

WS_DLL_PUBLIC const uint8_t * cap_file_provider_get_process_uuid	(	struct packet_provider_data *	prov,
		uint32_t	process_info_id,
		unsigned	section_number,
		size_t *	uuid_size
	)

Retrieves the UUID of a process from a capture file.

Parameters

prov	Pointer to the packet provider data structure.
process_info_id	Identifier for the process information.
section_number	The section number (currently unused).
uuid_size	Pointer to store the size of the UUID.

Returns

const uint8_t* Pointer to the UUID or NULL if not found.

cap_file_provider_set_modified_block()

WS_DLL_PUBLIC void cap_file_provider_set_modified_block	(	struct packet_provider_data *	prov,
		frame_data *	fd,
		const wtap_block_t	new_block
	)

Set a modified block for a frame in the packet provider.

This function updates or inserts a new wtap_block_t into the frames_modified_blocks tree of the packet_provider_data structure.

Parameters

prov	Pointer to the packet_provider_data structure.
fd	Pointer to the frame_data structure representing the frame.
new_block	The new wtap_block_t to be set for the frame.