Wireshark  4.3.0
The Wireshark network protocol analyzer
Classes | Typedefs | Functions | Variables
epan.h File Reference
#include <wireshark.h>
#include <wsutil/feature_list.h>
#include <epan/tvbuff.h>
#include <epan/prefs.h>
#include <epan/frame_data.h>
#include <epan/register.h>
#include <wiretap/wtap_opttypes.h>

Go to the source code of this file.

Classes

struct  packet_provider_funcs
 
struct  epan_plugin
 

Typedefs

typedef struct epan_dissect epan_dissect_t
 
typedef struct epan_session epan_t
 

Functions

WS_DLL_PUBLIC gboolean epan_init (register_cb cb, void *client_data, gboolean load_plugins)
 
WS_DLL_PUBLIC e_prefsepan_load_settings (void)
 
WS_DLL_PUBLIC void epan_cleanup (void)
 
WS_DLL_PUBLIC void epan_register_plugin (const epan_plugin *plugin)
 
WS_DLL_PUBLIC int epan_plugins_supported (void)
 
void epan_conversation_init (void)
 
WS_DLL_PUBLIC epan_tepan_new (struct packet_provider_data *prov, const struct packet_provider_funcs *funcs)
 
WS_DLL_PUBLIC wtap_block_t epan_get_modified_block (const epan_t *session, const frame_data *fd)
 
WS_DLL_PUBLIC const char * epan_get_interface_name (const epan_t *session, guint32 interface_id, unsigned section_number)
 
WS_DLL_PUBLIC const char * epan_get_interface_description (const epan_t *session, guint32 interface_id, unsigned section_number)
 
const nstime_tepan_get_frame_ts (const epan_t *session, guint32 frame_num)
 
WS_DLL_PUBLIC void epan_free (epan_t *session)
 
WS_DLL_PUBLIC const gchar * epan_get_version (void)
 
WS_DLL_PUBLIC void epan_get_version_number (int *major, int *minor, int *micro)
 
WS_DLL_PUBLIC void epan_set_always_visible (gboolean force)
 
WS_DLL_PUBLIC void epan_dissect_init (epan_dissect_t *edt, epan_t *session, const gboolean create_proto_tree, const gboolean proto_tree_visible)
 
WS_DLL_PUBLIC epan_dissect_tepan_dissect_new (epan_t *session, const gboolean create_proto_tree, const gboolean proto_tree_visible)
 
WS_DLL_PUBLIC void epan_dissect_reset (epan_dissect_t *edt)
 
WS_DLL_PUBLIC void epan_dissect_fake_protocols (epan_dissect_t *edt, const gboolean fake_protocols)
 
WS_DLL_PUBLIC void epan_dissect_run (epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_run_with_taps (epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_file_run (epan_dissect_t *edt, wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_file_run_with_taps (epan_dissect_t *edt, wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter (epan_dissect_t *edt, const struct epan_dfilter *dfcode)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid (epan_dissect_t *edt, int hfid)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid_array (epan_dissect_t *edt, GArray *hfids)
 
WS_DLL_PUBLIC void epan_dissect_fill_in_columns (epan_dissect_t *edt, const gboolean fill_col_exprs, const gboolean fill_fd_colums)
 
WS_DLL_PUBLIC gboolean epan_dissect_packet_contains_field (epan_dissect_t *edt, const char *field_name)
 
WS_DLL_PUBLIC void epan_dissect_cleanup (epan_dissect_t *edt)
 
WS_DLL_PUBLIC void epan_dissect_free (epan_dissect_t *edt)
 
const gchar * epan_custom_set (epan_dissect_t *edt, GSList *ids, gint occurrence, gchar *result, gchar *expr, const int size)
 
WS_DLL_PUBLIC void epan_gather_compile_info (feature_list l)
 
WS_DLL_PUBLIC void epan_gather_runtime_info (feature_list l)
 

Variables

gboolean wireshark_abort_on_dissector_bug
 
gboolean wireshark_abort_on_too_many_items
 

Detailed Description

Wireshark Protocol Analyzer Library

Copyright (c) 2001 by Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg

SPDX-License-Identifier: GPL-2.0-or-later

Typedef Documentation

◆ epan_t

typedef struct epan_session epan_t

A client will create one epan_t for an entire dissection session. A single epan_t will be used to analyze the entire sequence of packets, sequentially, in a single session. A session corresponds to a single packet trace file. The reasons epan_t exists is that some packets in some protocols cannot be decoded without knowledge of previous packets. This inter-packet "state" is stored in the epan_t.

Function Documentation

◆ epan_cleanup()

WS_DLL_PUBLIC void epan_cleanup ( void  )

cleanup the whole epan module, this is used to be called only once in a program

◆ epan_conversation_init()

void epan_conversation_init ( void  )

Initialize the table of conversations. Conversations are identified by their endpoints; they are used for protocols such as IP, TCP, and UDP, where packets contain endpoint information but don't contain a single value indicating to which flow the packet belongs.

◆ epan_custom_set()

const gchar* epan_custom_set ( epan_dissect_t edt,
GSList *  ids,
gint  occurrence,
gchar *  result,
gchar *  expr,
const int  size 
)

Sets custom column

◆ epan_dissect_cleanup()

WS_DLL_PUBLIC void epan_dissect_cleanup ( epan_dissect_t edt)

releases resources attached to the packet dissection. DOES NOT free the actual pointer

◆ epan_dissect_fake_protocols()

WS_DLL_PUBLIC void epan_dissect_fake_protocols ( epan_dissect_t edt,
const gboolean  fake_protocols 
)

Indicate whether we should fake protocols or not

◆ epan_dissect_file_run()

WS_DLL_PUBLIC void epan_dissect_file_run ( epan_dissect_t edt,
wtap_rec rec,
tvbuff_t tvb,
frame_data *  fd,
struct epan_column_info cinfo 
)

run a single file packet dissection

◆ epan_dissect_fill_in_columns()

WS_DLL_PUBLIC void epan_dissect_fill_in_columns ( epan_dissect_t edt,
const gboolean  fill_col_exprs,
const gboolean  fill_fd_colums 
)

fill the dissect run output into the packet list columns

◆ epan_dissect_free()

WS_DLL_PUBLIC void epan_dissect_free ( epan_dissect_t edt)

free a single packet dissection

◆ epan_dissect_init()

WS_DLL_PUBLIC void epan_dissect_init ( epan_dissect_t edt,
epan_t session,
const gboolean  create_proto_tree,
const gboolean  proto_tree_visible 
)

initialize an existing single packet dissection

◆ epan_dissect_new()

WS_DLL_PUBLIC epan_dissect_t* epan_dissect_new ( epan_t session,
const gboolean  create_proto_tree,
const gboolean  proto_tree_visible 
)

get a new single packet dissection should be freed using epan_dissect_free() after packet dissection completed

◆ epan_dissect_packet_contains_field()

WS_DLL_PUBLIC gboolean epan_dissect_packet_contains_field ( epan_dissect_t edt,
const char *  field_name 
)

Check whether a dissected packet contains a given named field

◆ epan_dissect_prime_with_dfilter()

WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter ( epan_dissect_t edt,
const struct epan_dfilter dfcode 
)

Prime an epan_dissect_t's proto_tree using the fields/protocols used in a dfilter.

◆ epan_dissect_prime_with_hfid()

WS_DLL_PUBLIC void epan_dissect_prime_with_hfid ( epan_dissect_t edt,
int  hfid 
)

Prime an epan_dissect_t's proto_tree with a field/protocol specified by its hfid

◆ epan_dissect_prime_with_hfid_array()

WS_DLL_PUBLIC void epan_dissect_prime_with_hfid_array ( epan_dissect_t edt,
GArray *  hfids 
)

Prime an epan_dissect_t's proto_tree with a set of fields/protocols specified by their hfids in a GArray

◆ epan_dissect_run()

WS_DLL_PUBLIC void epan_dissect_run ( epan_dissect_t edt,
int  file_type_subtype,
wtap_rec rec,
tvbuff_t tvb,
frame_data *  fd,
struct epan_column_info cinfo 
)

run a single packet dissection

◆ epan_gather_compile_info()

WS_DLL_PUBLIC void epan_gather_compile_info ( feature_list  l)

Get compile-time information for libraries used by libwireshark.

◆ epan_gather_runtime_info()

WS_DLL_PUBLIC void epan_gather_runtime_info ( feature_list  l)

Get runtime information for libraries used by libwireshark.

◆ epan_init()

WS_DLL_PUBLIC gboolean epan_init ( register_cb  cb,
void *  client_data,
gboolean  load_plugins 
)

The Enhanced Packet ANalyzer

XXX

Sections: Init the whole epan module.

Must be called only once in a program.

Returns TRUE on success, FALSE on failure.

◆ epan_load_settings()

WS_DLL_PUBLIC e_prefs* epan_load_settings ( void  )

Load all settings, from the current profile, that affect epan.

◆ epan_plugins_supported()

WS_DLL_PUBLIC int epan_plugins_supported ( void  )

Returns_ 0 if plugins can be loaded for all of libwireshark (tap, dissector, epan). 1 if plugins are not supported by the platform. -1 if plugins were disabled in the build configuration.

◆ epan_set_always_visible()

WS_DLL_PUBLIC void epan_set_always_visible ( gboolean  force)

Set/unset the tree to always be visible when epan_dissect_init() is called. This state change sticks until cleared, rather than being done per function call. This is currently used when Lua scripts request all fields be generated. By default it only becomes visible if epan_dissect_init() makes it so, usually only when a packet is selected. Setting this overrides that so it's always visible, although it will still not be created if create_proto_tree is false in the call to epan_dissect_init(). Clearing this reverts the decision to epan_dissect_init() and proto_tree_visible.

Variable Documentation

◆ wireshark_abort_on_dissector_bug

gboolean wireshark_abort_on_dissector_bug
extern

Global variable holding the content of the corresponding environment variable to save fetching it repeatedly.

Generated by doxygen 1.9.1