docs/wsar_html/epan_8h_source.html

#ifndef __EPAN_H__

#define __EPAN_H__


#include <wsutil/feature_list.h>

#include <epan/tvbuff.h>

#include <epan/prefs.h>

#include <epan/frame_data.h>

#include <epan/register.h>

#include <wiretap/wtap_opttypes.h>


#ifdef __cplusplus

extern "C" {

#endif /* __cplusplus */


extern bool wireshark_abort_on_dissector_bug;


extern bool wireshark_abort_on_too_many_items;


WS_DLL_PUBLIC void ws_dissector_bug(const char *format, ...)

    G_GNUC_PRINTF(1,2);


#define ws_dissector_oops(_fmt, ...) ws_dissector_bug("OOPS: " _fmt, __VA_ARGS__)


typedef struct epan_dissect epan_dissect_t;


struct epan_dfilter;

struct epan_column_info;


struct packet_provider_data;


struct packet_provider_funcs {

    const nstime_t *(*get_frame_ts)(struct packet_provider_data *prov, uint32_t frame_num);


    const nstime_t *(*get_start_ts)(struct packet_provider_data *prov);


    const nstime_t *(*get_end_ts)(struct packet_provider_data *prov);


    const char *(*get_interface_name)(struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number);


    const char *(*get_interface_description)(struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number);


    wtap_block_t (*get_modified_block)(struct packet_provider_data *prov, const frame_data *fd);


    int32_t (*get_process_id)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number);


    const char *(*get_process_name)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number);


    const uint8_t *(*get_process_uuid)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number, size_t *uuid_size);

};


/*

Ref 1

Epan

Enhanced Packet ANalyzer, aka the packet analyzing engine. Source code can be found in the epan directory.


Protocol-Tree - Keep data of the capture file protocol information.


Dissectors - The various protocol dissectors in epan/dissectors.


Plugins - Some of the protocol dissectors are implemented as plugins. Source code can be found at plugins.


Display-Filters - the display filter engine at epan/dfilter


*/


typedef struct {

    const char* env_var_prefix;

    const char** col_fmt;

    int num_cols;

    bool supports_packets;

    register_entity_func register_func;

    register_entity_func handoff_func;

    struct _tap_reg const* tap_reg_listeners;

} epan_app_data_t;


WS_DLL_PUBLIC

bool epan_init(register_cb cb, void *client_data, bool load_plugins, epan_app_data_t* app_data);


WS_DLL_PUBLIC

e_prefs *epan_load_settings(void);


WS_DLL_PUBLIC

void epan_cleanup(void);


typedef struct {

    void (*init)(void);


    void (*post_init)(void);


    void (*dissect_init)(epan_dissect_t *);


    void (*dissect_cleanup)(epan_dissect_t *);


    void (*cleanup)(void);


    void (*register_all_protocols)(register_cb cb, void *user_data);


    void (*register_all_handoffs)(register_cb cb, void *user_data);


    void (*register_all_tap_listeners)(void);

} epan_plugin;


WS_DLL_PUBLIC void epan_register_plugin(const epan_plugin *plugin);


WS_DLL_PUBLIC int epan_plugins_supported(void);


void epan_conversation_init(void);


typedef struct epan_session epan_t;

typedef struct epan_session epan_t;


WS_DLL_PUBLIC epan_t *epan_new(struct packet_provider_data *prov,

    const struct packet_provider_funcs *funcs);


WS_DLL_PUBLIC wtap_block_t epan_get_modified_block(const epan_t *session, const frame_data *fd);


WS_DLL_PUBLIC const char *epan_get_interface_name(const epan_t *session, uint32_t interface_id, unsigned section_number);


WS_DLL_PUBLIC const char *epan_get_interface_description(const epan_t *session, uint32_t interface_id, unsigned section_number);


WS_DLL_PUBLIC int32_t epan_get_process_id(const epan_t *session, uint32_t process_info_id, unsigned section_number);


WS_DLL_PUBLIC const char *epan_get_process_name(const epan_t *session, uint32_t process_info_id, unsigned section_number);


WS_DLL_PUBLIC const uint8_t *epan_get_process_uuid(const epan_t *session, uint32_t process_info_id, unsigned section_number, size_t *uuid_size);


const nstime_t *epan_get_frame_ts(const epan_t *session, uint32_t frame_num);


const nstime_t *epan_get_start_ts(const epan_t *session);


WS_DLL_PUBLIC void epan_free(epan_t *session);


WS_DLL_PUBLIC const char* epan_get_version(void);


WS_DLL_PUBLIC void epan_get_version_number(int *major, int *minor, int *micro);


WS_DLL_PUBLIC const char* epan_get_environment_prefix(void);


bool epan_supports_packets(void);


WS_DLL_PUBLIC

void epan_set_always_visible(bool force);


WS_DLL_PUBLIC

void

epan_dissect_init(epan_dissect_t *edt, epan_t *session, const bool create_proto_tree, const bool proto_tree_visible);


WS_DLL_PUBLIC

epan_dissect_t*

epan_dissect_new(epan_t *session, const bool create_proto_tree, const bool proto_tree_visible);


WS_DLL_PUBLIC

void

epan_dissect_reset(epan_dissect_t *edt);


WS_DLL_PUBLIC

void

epan_dissect_fake_protocols(epan_dissect_t *edt, const bool fake_protocols);


WS_DLL_PUBLIC

void

epan_dissect_run(epan_dissect_t *edt, int file_type_subtype,

        wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_run_with_taps(epan_dissect_t *edt, int file_type_subtype,

        wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_file_run(epan_dissect_t *edt, wtap_rec *rec,

        frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_file_run_with_taps(epan_dissect_t *edt, wtap_rec *rec,

        frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_dfilter(epan_dissect_t *edt, const struct epan_dfilter *dfcode);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_dfilter_print(epan_dissect_t *edt, const struct epan_dfilter *dfcode);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_hfid(epan_dissect_t *edt, int hfid);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_hfid_array(epan_dissect_t *edt, GArray *hfids);


WS_DLL_PUBLIC

void

epan_dissect_fill_in_columns(epan_dissect_t *edt, const bool fill_col_exprs, const bool fill_fd_colums);


WS_DLL_PUBLIC

bool

epan_dissect_packet_contains_field(epan_dissect_t* edt,

                                   const char *field_name);


WS_DLL_PUBLIC

void

epan_dissect_cleanup(epan_dissect_t* edt);


WS_DLL_PUBLIC

void

epan_dissect_free(epan_dissect_t* edt);


const char *

epan_custom_set(epan_dissect_t *edt, GSList *ids, int occurrence, bool display_details,

                char *result, char *expr, const int size);


WS_DLL_PUBLIC

void

epan_gather_compile_info(feature_list l);


WS_DLL_PUBLIC

void

epan_gather_runtime_info(feature_list l);


#ifdef __cplusplus

}

#endif /* __cplusplus */


#endif /* __EPAN_H__ */

epan_dissect_init
WS_DLL_PUBLIC void epan_dissect_init(epan_dissect_t *edt, epan_t *session, const bool create_proto_tree, const bool proto_tree_visible)
Initialize an existing single packet dissection.
Definition epan.c:656

epan_dissect_fake_protocols
WS_DLL_PUBLIC void epan_dissect_fake_protocols(epan_dissect_t *edt, const bool fake_protocols)
Indicate whether protocols should be faked during dissection.
Definition epan.c:727

epan_get_process_id
WS_DLL_PUBLIC int32_t epan_get_process_id(const epan_t *session, uint32_t process_info_id, unsigned section_number)
Retrieve the process ID associated with a given process info record.
Definition epan.c:588

epan_init
WS_DLL_PUBLIC bool epan_init(register_cb cb, void *client_data, bool load_plugins, epan_app_data_t *app_data)
Initialize the entire epan module.
Definition epan.c:272

epan_conversation_init
void epan_conversation_init(void)
Initialize the table of conversations.
Definition epan.c:635

epan_dissect_file_run
WS_DLL_PUBLIC void epan_dissect_file_run(epan_dissect_t *edt, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a dissection of file-based packet data.
Definition epan.c:764

wireshark_abort_on_dissector_bug
bool wireshark_abort_on_dissector_bug
Controls whether Wireshark should abort on a dissector bug.
Definition epan.c:123

epan_gather_compile_info
WS_DLL_PUBLIC void epan_gather_compile_info(feature_list l)
Get compile-time information for libraries used by libwireshark.
Definition epan.c:897

epan_dissect_cleanup
WS_DLL_PUBLIC void epan_dissect_cleanup(epan_dissect_t *edt)
Release resources associated with a packet dissection context.
Definition epan.c:791

epan_get_process_name
WS_DLL_PUBLIC const char * epan_get_process_name(const epan_t *session, uint32_t process_info_id, unsigned section_number)
Retrieve the name of a process associated with a given process info record.
Definition epan.c:606

epan_new
WS_DLL_PUBLIC epan_t * epan_new(struct packet_provider_data *prov, const struct packet_provider_funcs *funcs)
Create a new epan dissection session.
Definition epan.c:515

epan_get_interface_description
WS_DLL_PUBLIC const char * epan_get_interface_description(const epan_t *session, uint32_t interface_id, unsigned section_number)
Retrieve the description of a network interface.
Definition epan.c:548

epan_load_settings
WS_DLL_PUBLIC e_prefs * epan_load_settings(void)
Load all settings from the current profile that affect epan.
Definition epan.c:414

epan_free
WS_DLL_PUBLIC void epan_free(epan_t *session)
Free an epan dissection session.
Definition epan.c:624

epan_dissect_prime_with_hfid
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid(epan_dissect_t *edt, int hfid)
Prime a dissection context's protocol tree with a specific field or protocol.
Definition epan.c:840

epan_dissect_reset
WS_DLL_PUBLIC void epan_dissect_reset(epan_dissect_t *edt)
Reset a dissection context for reuse.
Definition epan.c:685

epan_plugins_supported
WS_DLL_PUBLIC int epan_plugins_supported(void)
Check plugin support status for libwireshark components.
Definition epan.c:255

epan_cleanup
WS_DLL_PUBLIC void epan_cleanup(void)
Clean up the entire epan module.
Definition epan.c:433

epan_dissect_free
WS_DLL_PUBLIC void epan_dissect_free(epan_dissect_t *edt)
Free a single packet dissection context.
Definition epan.c:821

epan_dissect_fill_in_columns
WS_DLL_PUBLIC void epan_dissect_fill_in_columns(epan_dissect_t *edt, const bool fill_col_exprs, const bool fill_fd_colums)
Populate packet list columns with dissection output.
Definition epan.c:868

epan_get_version_number
WS_DLL_PUBLIC void epan_get_version_number(int *major, int *minor, int *micro)
Retrieve the version number of the epan library.
Definition epan.c:153

epan_get_modified_block
WS_DLL_PUBLIC wtap_block_t epan_get_modified_block(const epan_t *session, const frame_data *fd)
Retrieve a modified capture block associated with a specific frame.
Definition epan.c:530

epan_get_environment_prefix
WS_DLL_PUBLIC const char * epan_get_environment_prefix(void)
Retrieve the environment prefix string used by epan.
Definition epan.c:164

ws_dissector_bug
WS_DLL_PUBLIC void ws_dissector_bug(const char *format,...) G_GNUC_PRINTF(1
Report a dissector bug (and optionally abort).

epan_supports_packets
bool epan_supports_packets(void)
TEMPORARY HACK to indicate whether epan supports packet dissection.
Definition epan.c:169

epan_dissect_packet_contains_field
WS_DLL_PUBLIC bool epan_dissect_packet_contains_field(epan_dissect_t *edt, const char *field_name)
Check whether a dissected packet contains a specific named field.
Definition epan.c:875

epan_get_frame_ts
const nstime_t * epan_get_frame_ts(const epan_t *session, uint32_t frame_num)
Retrieve the timestamp of a specific frame.
Definition epan.c:557

epan_dissect_prime_with_dfilter
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter(epan_dissect_t *edt, const struct epan_dfilter *dfcode)
Prime a dissection context's protocol tree using a display filter.

epan_get_process_uuid
WS_DLL_PUBLIC const uint8_t * epan_get_process_uuid(const epan_t *session, uint32_t process_info_id, unsigned section_number, size_t *uuid_size)
Retrieve the UUID of a process associated with a given process info record.
Definition epan.c:615

epan_get_start_ts
const nstime_t * epan_get_start_ts(const epan_t *session)
Retrieve the start timestamp of the capture session.
Definition epan.c:572

epan_dissect_run
WS_DLL_PUBLIC void epan_dissect_run(epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a single packet dissection.
Definition epan.c:734

epan_gather_runtime_info
WS_DLL_PUBLIC void epan_gather_runtime_info(feature_list l)
Get runtime information for libraries used by libwireshark.
Definition epan.c:1006

epan_dissect_prime_with_hfid_array
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid_array(epan_dissect_t *edt, GArray *hfids)
Prime a dissection context's protocol tree with a set of fields or protocols.
Definition epan.c:846

epan_get_version
WS_DLL_PUBLIC const char * epan_get_version(void)
Retrieve the epan library's version as a string.
Definition epan.c:148

epan_dissect_new
WS_DLL_PUBLIC epan_dissect_t * epan_dissect_new(epan_t *session, const bool create_proto_tree, const bool proto_tree_visible)
Create a new single packet dissection.
Definition epan.c:716

epan_dissect_prime_with_dfilter_print
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter_print(epan_dissect_t *edt, const struct epan_dfilter *dfcode)
Prime a dissection context's protocol tree using a display filter, marking fields for print output.

wireshark_abort_on_too_many_items
bool wireshark_abort_on_too_many_items
Controls whether Wireshark should abort when too many items are added to a tree.
Definition epan.c:124

epan_dissect_file_run_with_taps
WS_DLL_PUBLIC void epan_dissect_file_run_with_taps(epan_dissect_t *edt, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a dissection of file-based packet data and invoke tap listeners.
Definition epan.c:778

epan_set_always_visible
WS_DLL_PUBLIC void epan_set_always_visible(bool force)
Set or unset the tree to always be visible when epan_dissect_init() is called.
Definition epan.c:647

epan_dissect_run_with_taps
WS_DLL_PUBLIC void epan_dissect_run_with_taps(epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a single packet dissection and invoke tap listeners.
Definition epan.c:751

epan_custom_set
const char * epan_custom_set(epan_dissect_t *edt, GSList *ids, int occurrence, bool display_details, char *result, char *expr, const int size)
Set the value of a custom column based on specified fields and expression.
Definition epan.c:858

epan_register_plugin
WS_DLL_PUBLIC void epan_register_plugin(const epan_plugin *plugin)
Register an epan plugin with the dissection engine.

epan_get_interface_name
WS_DLL_PUBLIC const char * epan_get_interface_name(const epan_t *session, uint32_t interface_id, unsigned section_number)
Retrieve the name of a network interface.
Definition epan.c:539

feature_list.h

feature_list
GList ** feature_list
Semi-opaque handle to a list of features or dependencies.
Definition feature_list.h:33

frame_data.h

prefs.h

register.h

_e_prefs
Definition prefs.h:174

_plugin
Definition plugins.c:29

_tap_reg
Definition tap.h:82

epan_app_data_t
Information about the application that wants to use epan.
Definition epan.h:196

epan_app_data_t::register_func
register_entity_func register_func
Definition epan.h:201

epan_app_data_t::num_cols
int num_cols
Definition epan.h:199

epan_app_data_t::env_var_prefix
const char * env_var_prefix
Definition epan.h:197

epan_app_data_t::tap_reg_listeners
struct _tap_reg const  * tap_reg_listeners
Definition epan.h:203

epan_app_data_t::col_fmt
const char ** col_fmt
Definition epan.h:198

epan_app_data_t::handoff_func
register_entity_func handoff_func
Definition epan.h:202

epan_app_data_t::supports_packets
bool supports_packets
Definition epan.h:200

epan_column_info
Definition column-info.h:62

epan_dfilter
Definition dfilter-int.h:35

epan_dissect
Definition epan_dissect.h:28

epan_plugin
Plugin interface for EPAN modules.
Definition epan.h:245

epan_session
Definition epan.c:509

nstime_t
Definition nstime.h:26

packet_provider_data
Definition cfile.h:58

packet_provider_funcs
Structure containing pointers to functions supplied by the user of libwireshark.
Definition epan.h:84

packet_provider_funcs::get_modified_block
wtap_block_t(* get_modified_block)(struct packet_provider_data *prov, const frame_data *fd)
Get a modified WTAP block for a given frame.
Definition epan.h:137

packet_provider_funcs::get_process_id
int32_t(* get_process_id)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number)
Get the process ID associated with a packet.
Definition epan.h:147

wtap_block
Definition wtap_opttypes.h:272

wtap_rec
Definition wtap.h:1512

tvbuff.h

wtap_opttypes.h