Classes
struct	_guid_key

struct	heur_dtbl_entry

struct	frame_data_s

struct	file_data_s

struct	ethertype_data_s

Macros
#define	hi_nibble(b) (((b) & 0xf0) >> 4)

#define	lo_nibble(b) ((b) & 0x0f)

#define	array_length(x) (sizeof x / sizeof x[0])

#define	BYTES_ARE_IN_FRAME(offset, captured_len, len)

#define	STRING_CASE_SENSITIVE 0

#define	STRING_CASE_INSENSITIVE 1

Typedefs
typedef struct dissector_handle *	dissector_handle_t

typedef struct dissector_table *	dissector_table_t

typedef int(*	dissector_t) (tvbuff_t , packet_info , proto_tree , void )

typedef int(*	dissector_cb_t) (tvbuff_t , packet_info , proto_tree , void , void *)

typedef gboolean(*	heur_dissector_t) (tvbuff_t tvb, packet_info pinfo, proto_tree tree, void )

typedef void(*	DATFunc) (const gchar *table_name, ftenum_t selector_type, gpointer key, gpointer value, gpointer user_data)

typedef void(*	DATFunc_handle) (const gchar *table_name, gpointer value, gpointer user_data)

typedef void(*	DATFunc_table) (const gchar table_name, const gchar ui_name, gpointer user_data)

typedef struct dtbl_entry	dtbl_entry_t

typedef struct _guid_key	guid_key

typedef struct heur_dissector_list *	heur_dissector_list_t

typedef struct heur_dtbl_entry	heur_dtbl_entry_t

typedef void(*	DATFunc_heur) (const gchar table_name, struct heur_dtbl_entry entry, gpointer user_data)

typedef void(*	DATFunc_heur_table) (const char table_name, struct heur_dissector_list table, gpointer user_data)

typedef struct depend_dissector_list *	depend_dissector_list_t

typedef struct frame_data_s	frame_data_t

typedef struct file_data_s	file_data_t

typedef struct ethertype_data_s	ethertype_data_t

Enumerations
enum	heuristic_enable_e { HEURISTIC_DISABLE , HEURISTIC_ENABLE }

Functions
void	packet_init (void)

void	packet_cache_proto_handles (void)

void	packet_cleanup (void)

WS_DLL_PUBLIC dissector_handle_t	dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)

WS_DLL_PUBLIC dissector_handle_t	dtbl_entry_get_initial_handle (dtbl_entry_t *entry)

void	dissector_table_foreach_changed (const char *table_name, DATFunc func, gpointer user_data)

WS_DLL_PUBLIC void	dissector_table_foreach (const char *table_name, DATFunc func, gpointer user_data)

WS_DLL_PUBLIC void	dissector_all_tables_foreach_changed (DATFunc func, gpointer user_data)

WS_DLL_PUBLIC void	dissector_table_foreach_handle (const char *table_name, DATFunc_handle func, gpointer user_data)

WS_DLL_PUBLIC void	dissector_all_tables_foreach_table (DATFunc_table func, gpointer user_data, GCompareFunc compare_key_func)

WS_DLL_PUBLIC dissector_table_t	register_dissector_table (const char name, const char ui_name, const int proto, const ftenum_t type, const int param)

WS_DLL_PUBLIC dissector_table_t	register_custom_dissector_table (const char name, const char ui_name, const int proto, GHashFunc hash_func, GEqualFunc key_equal_func, GDestroyNotify key_destroy_func)

WS_DLL_PUBLIC void	register_dissector_table_alias (dissector_table_t dissector_table, const char *alias_name)

void	deregister_dissector_table (const char *name)

WS_DLL_PUBLIC dissector_table_t	find_dissector_table (const char *name)

WS_DLL_PUBLIC const char *	get_dissector_table_ui_name (const char *name)

WS_DLL_PUBLIC ftenum_t	get_dissector_table_selector_type (const char *name)

WS_DLL_PUBLIC int	get_dissector_table_param (const char *name)

WS_DLL_PUBLIC void	dissector_dump_dissector_tables (void)

WS_DLL_PUBLIC void	dissector_add_uint (const char *name, const guint32 pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_add_uint_with_preference (const char *name, const guint32 pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_add_uint_range (const char abbrev, struct epan_range range, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_add_uint_range_with_preference (const char abbrev, const char range_str, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_delete_uint (const char *name, const guint32 pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_delete_uint_range (const char abbrev, struct epan_range range, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_delete_all (const char *name, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_change_uint (const char *abbrev, const guint32 pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_reset_uint (const char *name, const guint32 pattern)

WS_DLL_PUBLIC gboolean	dissector_is_uint_changed (dissector_table_t const sub_dissectors, const guint32 uint_val)

WS_DLL_PUBLIC int	dissector_try_uint (dissector_table_t sub_dissectors, const guint32 uint_val, tvbuff_t tvb, packet_info pinfo, proto_tree *tree)

WS_DLL_PUBLIC int	dissector_try_uint_new (dissector_table_t sub_dissectors, const guint32 uint_val, tvbuff_t tvb, packet_info pinfo, proto_tree tree, const gboolean add_proto_name, void data)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_uint_handle (dissector_table_t const sub_dissectors, const guint32 uint_val)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_default_uint_handle (const char *name, const guint32 uint_val)

WS_DLL_PUBLIC void	dissector_add_string (const char name, const gchar pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_delete_string (const char name, const gchar pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_change_string (const char name, const gchar pattern, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_reset_string (const char name, const gchar pattern)

WS_DLL_PUBLIC gboolean	dissector_is_string_changed (dissector_table_t const subdissectors, const gchar *string)

WS_DLL_PUBLIC int	dissector_try_string (dissector_table_t sub_dissectors, const gchar string, tvbuff_t tvb, packet_info pinfo, proto_tree tree, void *data)

WS_DLL_PUBLIC int	dissector_try_string_new (dissector_table_t sub_dissectors, const gchar string, tvbuff_t tvb, packet_info pinfo, proto_tree tree, const gboolean add_proto_name, void *data)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_string_handle (dissector_table_t sub_dissectors, const gchar *string)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_default_string_handle (const char name, const gchar string)

WS_DLL_PUBLIC void	dissector_add_custom_table_handle (const char name, void pattern, dissector_handle_t handle)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_custom_table_handle (dissector_table_t sub_dissectors, void *key)

WS_DLL_PUBLIC void	dissector_add_guid (const char name, guid_key guid_val, dissector_handle_t handle)

WS_DLL_PUBLIC int	dissector_try_guid (dissector_table_t sub_dissectors, guid_key guid_val, tvbuff_t tvb, packet_info pinfo, proto_tree tree)

WS_DLL_PUBLIC int	dissector_try_guid_new (dissector_table_t sub_dissectors, guid_key guid_val, tvbuff_t tvb, packet_info pinfo, proto_tree tree, const gboolean add_proto_name, void *data)

WS_DLL_PUBLIC void	dissector_delete_guid (const char name, guid_key guid_val, dissector_handle_t handle)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_guid_handle (dissector_table_t const sub_dissectors, guid_key *guid_val)

WS_DLL_PUBLIC int	dissector_try_payload (dissector_table_t sub_dissectors, tvbuff_t tvb, packet_info pinfo, proto_tree *tree)

WS_DLL_PUBLIC int	dissector_try_payload_new (dissector_table_t sub_dissectors, tvbuff_t tvb, packet_info pinfo, proto_tree tree, const gboolean add_proto_name, void data)

WS_DLL_PUBLIC void	dissector_change_payload (const char *abbrev, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_reset_payload (const char *name)

WS_DLL_PUBLIC dissector_handle_t	dissector_get_payload_handle (dissector_table_t const dissector_table)

WS_DLL_PUBLIC void	dissector_add_for_decode_as (const char *name, dissector_handle_t handle)

WS_DLL_PUBLIC void	dissector_add_for_decode_as_with_preference (const char *name, dissector_handle_t handle)

WS_DLL_PUBLIC GSList *	dissector_table_get_dissector_handles (dissector_table_t dissector_table)

WS_DLL_PUBLIC dissector_handle_t	dissector_table_get_dissector_handle (dissector_table_t dissector_table, const gchar *description)

WS_DLL_PUBLIC ftenum_t	dissector_table_get_type (dissector_table_t dissector_table)

WS_DLL_PUBLIC void	dissector_table_allow_decode_as (dissector_table_t dissector_table)

WS_DLL_PUBLIC gboolean	dissector_table_supports_decode_as (dissector_table_t dissector_table)

WS_DLL_PUBLIC heur_dissector_list_t	register_heur_dissector_list_with_description (const char name, const char ui_name, const int proto)

WS_DLL_PUBLIC const char *	heur_dissector_list_get_description (heur_dissector_list_t list)

WS_DLL_PUBLIC heur_dissector_list_t	register_heur_dissector_list (const char *name, const int proto)

void	deregister_heur_dissector_list (const char *name)

WS_DLL_PUBLIC void	heur_dissector_table_foreach (const char *table_name, DATFunc_heur func, gpointer user_data)

WS_DLL_PUBLIC void	dissector_all_heur_tables_foreach_table (DATFunc_heur_table func, gpointer user_data, GCompareFunc compare_key_func)

WS_DLL_PUBLIC gboolean	has_heur_dissector_list (const gchar *name)

WS_DLL_PUBLIC gboolean	dissector_try_heuristic (heur_dissector_list_t sub_dissectors, tvbuff_t tvb, packet_info pinfo, proto_tree tree, heur_dtbl_entry_t hdtbl_entry, void data)

WS_DLL_PUBLIC heur_dissector_list_t	find_heur_dissector_list (const char *name)

WS_DLL_PUBLIC heur_dtbl_entry_t *	find_heur_dissector_by_unique_short_name (const char *short_name)

WS_DLL_PUBLIC void	heur_dissector_add (const char name, heur_dissector_t dissector, const char display_name, const char *internal_name, const int proto, heuristic_enable_e enable)

WS_DLL_PUBLIC void	heur_dissector_delete (const char *name, heur_dissector_t dissector, const int proto)

WS_DLL_PUBLIC dissector_handle_t	register_dissector (const char *name, dissector_t dissector, const int proto)

WS_DLL_PUBLIC dissector_handle_t	register_dissector_with_description (const char name, const char description, dissector_t dissector, const int proto)

WS_DLL_PUBLIC dissector_handle_t	register_dissector_with_data (const char name, dissector_cb_t dissector, const int proto, void cb_data)

void	deregister_dissector (const char *name)

WS_DLL_PUBLIC const char *	dissector_handle_get_protocol_long_name (const dissector_handle_t handle)

WS_DLL_PUBLIC const char *	dissector_handle_get_protocol_short_name (const dissector_handle_t handle)

WS_DLL_PUBLIC const char *	dissector_handle_get_short_name (const dissector_handle_t handle)

WS_DLL_PUBLIC const char *	dissector_handle_get_description (const dissector_handle_t handle)

WS_DLL_PUBLIC int	dissector_handle_get_protocol_index (const dissector_handle_t handle)

WS_DLL_PUBLIC GList *	get_dissector_names (void)

WS_DLL_PUBLIC dissector_handle_t	find_dissector (const char *name)

WS_DLL_PUBLIC dissector_handle_t	find_dissector_add_dependency (const char *name, const int parent_proto)

WS_DLL_PUBLIC const char *	dissector_handle_get_dissector_name (const dissector_handle_t handle)

WS_DLL_PUBLIC dissector_handle_t	create_dissector_handle (dissector_t dissector, const int proto)

WS_DLL_PUBLIC dissector_handle_t	create_dissector_handle_with_name (dissector_t dissector, const int proto, const char *name)

WS_DLL_PUBLIC dissector_handle_t	create_dissector_handle_with_name_and_description (dissector_t dissector, const int proto, const char name, const char description)

WS_DLL_PUBLIC dissector_handle_t	create_dissector_handle_with_data (dissector_cb_t dissector, const int proto, void *cb_data)

WS_DLL_PUBLIC void	dissector_dump_dissectors (void)

WS_DLL_PUBLIC int	call_dissector_with_data (dissector_handle_t handle, tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data)

WS_DLL_PUBLIC int	call_dissector (dissector_handle_t handle, tvbuff_t tvb, packet_info pinfo, proto_tree *tree)

WS_DLL_PUBLIC int	call_data_dissector (tvbuff_t tvb, packet_info pinfo, proto_tree *tree)

WS_DLL_PUBLIC int	call_dissector_only (dissector_handle_t handle, tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data)

WS_DLL_PUBLIC void	call_heur_dissector_direct (heur_dtbl_entry_t heur_dtbl_entry, tvbuff_t tvb, packet_info pinfo, proto_tree tree, void *data)

WS_DLL_PUBLIC gboolean	register_depend_dissector (const char parent, const char dependent)

WS_DLL_PUBLIC gboolean	deregister_depend_dissector (const char parent, const char dependent)

WS_DLL_PUBLIC depend_dissector_list_t	find_depend_dissector_list (const char *name)

void	dissect_init (void)

void	dissect_cleanup (void)

WS_DLL_PUBLIC void	set_actual_length (tvbuff_t *tvb, const guint specified_len)

WS_DLL_PUBLIC void	register_init_routine (void(*func)(void))

WS_DLL_PUBLIC void	register_cleanup_routine (void(*func)(void))

WS_DLL_PUBLIC void	register_shutdown_routine (void(*func)(void))

void	init_dissection (void)

void	cleanup_dissection (void)

WS_DLL_PUBLIC void	register_postseq_cleanup_routine (void(*func)(void))

WS_DLL_PUBLIC void	postseq_cleanup_all_protocols (void)

WS_DLL_PUBLIC void	register_final_registration_routine (void(*func)(void))

void	final_registration_all_protocols (void)

WS_DLL_PUBLIC void	add_new_data_source (packet_info pinfo, tvbuff_t tvb, const char *name)

WS_DLL_PUBLIC void	remove_last_data_source (packet_info *pinfo)

WS_DLL_PUBLIC char *	get_data_source_name (const struct data_source *src)

WS_DLL_PUBLIC tvbuff_t *	get_data_source_tvb (const struct data_source *src)

WS_DLL_PUBLIC tvbuff_t *	get_data_source_tvb_by_name (packet_info pinfo, const char name)

void	free_data_sources (packet_info *pinfo)

WS_DLL_PUBLIC void	mark_frame_as_depended_upon (frame_data *fd, guint32 frame_num)

void	dissect_record (struct epan_dissect edt, int file_type_subtype, wtap_rec rec, tvbuff_t tvb, frame_data fd, column_info *cinfo)

void	dissect_file (struct epan_dissect edt, wtap_rec rec, tvbuff_t tvb, frame_data fd, column_info *cinfo)

WS_DLL_PUBLIC void	dissector_dump_decodes (void)

WS_DLL_PUBLIC void	dissector_dump_heur_decodes (void)

WS_DLL_PUBLIC void	register_postdissector (dissector_handle_t handle)

WS_DLL_PUBLIC void	set_postdissector_wanted_hfids (dissector_handle_t handle, GArray *wanted_hfids)

void	deregister_postdissector (dissector_handle_t handle)

gboolean	have_postdissector (void)

void	call_all_postdissectors (tvbuff_t tvb, packet_info pinfo, proto_tree *tree)

WS_DLL_PUBLIC gboolean	postdissectors_want_hfids (void)

WS_DLL_PUBLIC void	prime_epan_dissect_with_postdissector_wanted_hfids (epan_dissect_t *edt)

WS_DLL_PUBLIC void	increment_dissection_depth (packet_info *pinfo)

WS_DLL_PUBLIC void	decrement_dissection_depth (packet_info *pinfo)

Detailed Description

Macro Definition Documentation

◆ BYTES_ARE_IN_FRAME

#define BYTES_ARE_IN_FRAME	(	offset,
		captured_len,
		len
	)

Value:

((guint)(offset) + (guint)(len) > (guint)(offset) && \

(guint)(offset) + (guint)(len) <= (guint)(captured_len))

Typedef Documentation

◆ heur_dissector_t

typedef gboolean(* heur_dissector_t) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *)

Type of a heuristic dissector, used in heur_dissector_add().

Parameters

tvb	the tvbuff with the (remaining) packet data
pinfo	the packet info of this packet (additional info)
tree	the protocol tree to be build or NULL

Returns: TRUE if the packet was recognized by the sub-dissector (stop dissection here)

Function Documentation

◆ call_dissector_only()

WS_DLL_PUBLIC int call_dissector_only	(	dissector_handle_t	handle,
		tvbuff_t *	tvb,
		packet_info *	pinfo,
		proto_tree *	tree,
		void *	data
	)

Call a dissector through a handle but if no dissector was found just return 0 and do not call the "data" dissector instead.

Parameters

handle	The dissector to call.
tvb	The buffer to dissect.
pinfo	Packet Info.
tree	The protocol tree.
data	parameter to pass to dissector

Returns: If the protocol for that handle isn't enabled, return 0 without calling the dissector. Otherwise, if the handle refers to a new-style dissector, call the dissector and return its return value, otherwise call it and return the length of the tvbuff pointed to by the argument.

◆ call_dissector_with_data()

WS_DLL_PUBLIC int call_dissector_with_data	(	dissector_handle_t	handle,
		tvbuff_t *	tvb,
		packet_info *	pinfo,
		proto_tree *	tree,
		void *	data
	)

Call a dissector through a handle and if no dissector was found pass it over to the "data" dissector instead.

Parameters

handle	The dissector to call.
tvb	The buffer to dissect.
pinfo	Packet Info.
tree	The protocol tree.
data	parameter to pass to dissector

Returns: If the protocol for that handle isn't enabled call the data dissector. Otherwise, if the handle refers to a new-style dissector, call the dissector and return its return value, otherwise call it and return the length of the tvbuff pointed to by the argument.

◆ call_heur_dissector_direct()

WS_DLL_PUBLIC void call_heur_dissector_direct	(	heur_dtbl_entry_t *	heur_dtbl_entry,
		tvbuff_t *	tvb,
		packet_info *	pinfo,
		proto_tree *	tree,
		void *	data
	)

Parameters

heur_dtbl_entry	The heur_dtbl_entry of the dissector to call.
tvb	The buffer to dissect.
pinfo	Packet Info.
tree	The protocol tree.
data	parameter to pass to dissector

◆ create_dissector_handle()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle	(	dissector_t	dissector,
		const int	proto
	)

Create an anonymous handle for a dissector.

◆ decrement_dissection_depth()

WS_DLL_PUBLIC void decrement_dissection_depth ( packet_info * pinfo )

Decrement the dissection depth.

Parameters

pinfo Packet Info.

◆ deregister_depend_dissector()

WS_DLL_PUBLIC gboolean deregister_depend_dissector	(	const char *	parent,
		const char *	dependent
	)

Unregister a protocol dependency This is done automatically when removing from a dissector or heuristic table. This is for "manual" deregistration for things like Lua.

Parameters

parent	"Parent" protocol short name
dependent	"Dependent" protocol short name

Returns: return TRUE if dependency was successfully unregistered

◆ deregister_dissector()

void deregister_dissector ( const char * name )

Deregister a dissector.

◆ deregister_dissector_table()

void deregister_dissector_table ( const char * name )

Deregister the dissector table by table name.

◆ deregister_heur_dissector_list()

void deregister_heur_dissector_list ( const char * name )

Deregister a heuristic dissector list by unique short name.

◆ dissector_all_heur_tables_foreach_table()

WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table	(	DATFunc_heur_table	func,
		gpointer	user_data,
		GCompareFunc	compare_key_func
	)

Iterate over all heuristic dissector tables.

Walk the set of heuristic dissector tables calling a user supplied function on each table.

Parameters

[in]	func	The function to call for each table.
[in]	user_data	User data to pass to the function.
[in]	compare_key_func	Function used to sort the set of tables before calling the function. No sorting is done if NULL.

◆ dissector_all_tables_foreach_changed()

WS_DLL_PUBLIC void dissector_all_tables_foreach_changed	(	DATFunc	func,
		gpointer	user_data
	)

Iterate over dissectors with non-default "decode as" settings.

Walk all dissector tables calling a user supplied function only on any "decode as" entry that has been changed from its original state.

Parameters

[in]	func	The function to call for each dissector.
[in]	user_data	User data to pass to the function.

◆ dissector_all_tables_foreach_table()

WS_DLL_PUBLIC void dissector_all_tables_foreach_table	(	DATFunc_table	func,
		gpointer	user_data,
		GCompareFunc	compare_key_func
	)

Iterate over all dissector tables.

Walk the set of dissector tables calling a user supplied function on each table.

Parameters

[in]	func	The function to call for each table.
[in]	user_data	User data to pass to the function.
[in]	compare_key_func	Function used to sort the set of tables before calling the function. No sorting is done if NULL.

◆ dissector_get_custom_table_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle	(	dissector_table_t	sub_dissectors,
		void *	key
	)

Look for a given key in a given "custom" dissector table and, if found, return the current dissector handle for that key.

Parameters

[in]	sub_dissectors	Dissector table to search.
[in]	key	Value to match, e.g. RPC key for its subdissectors

Returns: The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_default_string_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle	(	const char *	name,
		const gchar *	string
	)

Look for a given value in a given string dissector table and, if found, return the default dissector handle for that value.

Parameters

[in]	name	Dissector table name.
[in]	string	Value to match, e.g. the OID for the BER dissector.

Returns: The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_default_uint_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle	(	const char *	name,
		const guint32	uint_val
	)

Look for a given value in a given uint dissector table and, if found, return the default dissector handle for that value.

Parameters

[in]	name	Dissector table name.
[in]	uint_val	Value to match, e.g. the port number for the TCP dissector.

Returns: The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_guid_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle	(	dissector_table_t const	sub_dissectors,
		guid_key *	guid_val
	)

Look for a given value in a given guid dissector table and, if found, return the current dissector handle for that value.

Parameters

[in]	sub_dissectors	Dissector table to search.
[in]	guid_val	Value to match, e.g. the GUID number for the GUID dissector.

Returns: The matching dissector handle on success, NULL if no match is found.

Look for a given value in a given guid dissector table and, if found, return the current dissector handle for that value.

Parameters

[in]	sub_dissectors	Dissector table to search.
[in]	guid_val	Value to match.

Returns: The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_string_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle	(	dissector_table_t	sub_dissectors,
		const gchar *	string
	)

Look for a given value in a given string dissector table and, if found, return the current dissector handle for that value.

Parameters

[in]	sub_dissectors	Dissector table to search.
[in]	string	Value to match, e.g. the OID for the BER dissector.

Returns: The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_uint_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle	(	dissector_table_t const	sub_dissectors,
		const guint32	uint_val
	)

Look for a given value in a given uint dissector table and, if found, return the current dissector handle for that value.

Parameters

[in]	sub_dissectors	Dissector table to search.
[in]	uint_val	Value to match, e.g. the port number for the TCP dissector.

Returns: The matching dissector handle on success, NULL if no match is found.

◆ dissector_handle_get_description()

WS_DLL_PUBLIC const char* dissector_handle_get_description ( const dissector_handle_t handle )

Get the description for what the dissector for a dissector handle dissects.

◆ dissector_handle_get_dissector_name()

WS_DLL_PUBLIC const char* dissector_handle_get_dissector_name ( const dissector_handle_t handle )

Get a dissector name from handle.

◆ dissector_handle_get_protocol_index()

WS_DLL_PUBLIC int dissector_handle_get_protocol_index ( const dissector_handle_t handle )

Get the index of the protocol for a dissector handle.

◆ dissector_handle_get_protocol_long_name()

WS_DLL_PUBLIC const char* dissector_handle_get_protocol_long_name ( const dissector_handle_t handle )

Get the long name of the protocol for a dissector handle.

◆ dissector_handle_get_protocol_short_name()

WS_DLL_PUBLIC const char* dissector_handle_get_protocol_short_name ( const dissector_handle_t handle )

Get the short name of the protocol for a dissector handle.

◆ dissector_table_allow_decode_as()

WS_DLL_PUBLIC void dissector_table_allow_decode_as ( dissector_table_t dissector_table )

Mark a dissector table as allowing "Decode As"

◆ dissector_table_foreach()

WS_DLL_PUBLIC void dissector_table_foreach	(	const char *	table_name,
		DATFunc	func,
		gpointer	user_data
	)

Iterate over dissectors in a table.

Walk one dissector table's hash table calling a user supplied function on each entry.

Parameters

[in]	table_name	The name of the dissector table, e.g. "ip.proto".
[in]	func	The function to call for each dissector.
[in]	user_data	User data to pass to the function.

◆ dissector_table_foreach_changed()

void dissector_table_foreach_changed	(	const char *	table_name,
		DATFunc	func,
		gpointer	user_data
	)

Iterate over dissectors in a table with non-default "decode as" settings.

Walk one dissector table calling a user supplied function only on any entry that has been changed from its original state.

Parameters

[in]	table_name	The name of the dissector table, e.g. "ip.proto".
[in]	func	The function to call for each dissector.
[in]	user_data	User data to pass to the function.

◆ dissector_table_foreach_handle()

WS_DLL_PUBLIC void dissector_table_foreach_handle	(	const char *	table_name,
		DATFunc_handle	func,
		gpointer	user_data
	)

Iterate over dissectors in a table by handle.

Walk one dissector table's list of handles calling a user supplied function on each entry.

Parameters

[in]	table_name	The name of the dissector table, e.g. "ip.proto".
[in]	func	The function to call for each dissector.
[in]	user_data	User data to pass to the function.

◆ dissector_table_get_dissector_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle	(	dissector_table_t	dissector_table,
		const gchar *	description
	)

Get a handle to dissector out of a dissector table given the description of what the dissector dissects.

◆ dissector_table_get_dissector_handles()

WS_DLL_PUBLIC GSList* dissector_table_get_dissector_handles ( dissector_table_t dissector_table )

Get the list of handles for a dissector table

◆ dissector_table_get_type()

WS_DLL_PUBLIC ftenum_t dissector_table_get_type ( dissector_table_t dissector_table )

Get a dissector table's type

◆ dissector_table_supports_decode_as()

WS_DLL_PUBLIC gboolean dissector_table_supports_decode_as ( dissector_table_t dissector_table )

Returns TRUE if dissector table allows "Decode As"

◆ dissector_try_heuristic()

WS_DLL_PUBLIC gboolean dissector_try_heuristic	(	heur_dissector_list_t	sub_dissectors,
		tvbuff_t *	tvb,
		packet_info *	pinfo,
		proto_tree *	tree,
		heur_dtbl_entry_t **	hdtbl_entry,
		void *	data
	)

Try all the dissectors in a given heuristic dissector list. This is done, until we find one that recognizes the protocol. Call this while the parent dissector running.

Parameters

sub_dissectors	the sub-dissector list
tvb	the tvbuff with the (remaining) packet data
pinfo	the packet info of this packet (additional info)
tree	the protocol tree to be build or NULL
hdtbl_entry	returns the last tried dissectors hdtbl_entry.
data	parameter to pass to subdissector

Returns: TRUE if the packet was recognized by the sub-dissector (stop dissection here)

◆ find_depend_dissector_list()

WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list ( const char * name )

Find the list of protocol dependencies

Parameters

name	Protocol short name to search for

Returns: return list of dependent was successfully registered

◆ find_dissector()

WS_DLL_PUBLIC dissector_handle_t find_dissector ( const char * name )

Find a dissector by name.

◆ find_dissector_add_dependency()

WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency	(	const char *	name,
		const int	parent_proto
	)

Find a dissector by name and add parent protocol as a dependency.

Find a dissector by name and add parent protocol as a dependency

◆ find_heur_dissector_by_unique_short_name()

WS_DLL_PUBLIC heur_dtbl_entry_t* find_heur_dissector_by_unique_short_name ( const char * short_name )

Find a heuristic dissector by the unique short protocol name provided during registration.

Parameters

short_name short name of the protocol to look at

Returns: pointer to the heuristic dissector entry, NULL if not such dissector exists

◆ find_heur_dissector_list()

WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list ( const char * name )

Find a heuristic dissector table by table name.

Parameters

name	name of the dissector table

Returns: pointer to the table on success, NULL if no such table exists

◆ get_dissector_names()

WS_DLL_PUBLIC GList* get_dissector_names ( void )

Get a GList of all registered dissector names.

◆ heur_dissector_add()

WS_DLL_PUBLIC void heur_dissector_add	(	const char *	name,
		heur_dissector_t	dissector,
		const char *	display_name,
		const char *	internal_name,
		const int	proto,
		heuristic_enable_e	enable
	)

Add a sub-dissector to a heuristic dissector list. Call this in the proto_handoff function of the sub-dissector.

Parameters

name	the name of the heuristic dissector table into which to register the dissector, e.g. "tcp"
dissector	the sub-dissector to be registered
display_name	the string used to present heuristic to user, e.g. "HTTP over TCP"
internal_name	the string used for "internal" use to identify heuristic, e.g. "http_tcp"
proto	the protocol id of the sub-dissector
enable	initially enabled or not

◆ heur_dissector_delete()

WS_DLL_PUBLIC void heur_dissector_delete	(	const char *	name,
		heur_dissector_t	dissector,
		const int	proto
	)

Remove a sub-dissector from a heuristic dissector list. Call this in the prefs_reinit function of the sub-dissector.

Parameters

name	the name of the "parent" protocol, e.g. "tcp"
dissector	the sub-dissector to be unregistered
proto	the protocol id of the sub-dissector

◆ heur_dissector_list_get_description()

WS_DLL_PUBLIC const char* heur_dissector_list_get_description ( heur_dissector_list_t list )

Get description of heuristic sub-dissector list.

Parameters

list	the dissector list

◆ heur_dissector_table_foreach()

WS_DLL_PUBLIC void heur_dissector_table_foreach	(	const char *	table_name,
		DATFunc_heur	func,
		gpointer	user_data
	)

Iterate over heuristic dissectors in a table.

Walk one heuristic dissector table's list calling a user supplied function on each entry.

Parameters

[in]	table_name	The name of the dissector table, e.g. "tcp".
[in]	func	The function to call for each dissector.
[in]	user_data	User data to pass to the function.

◆ increment_dissection_depth()

WS_DLL_PUBLIC void increment_dissection_depth ( packet_info * pinfo )

Increment the dissection depth. This should be used to limit recursion outside the tree depth checks in call_dissector and dissector_try_heuristic.

Parameters

pinfo Packet Info.

◆ register_cleanup_routine()

WS_DLL_PUBLIC void register_cleanup_routine ( void(*)(void) func )

Allows protocols to register "cleanup" routines, which are called after closing a capture file (or when preferences are changed, in that case these routines are called before the init routines are executed). It can be used to release resources that are allocated in an "init" routine.

◆ register_depend_dissector()

WS_DLL_PUBLIC gboolean register_depend_dissector	(	const char *	parent,
		const char *	dependent
	)

Register a protocol dependency This is done automatically when registering with a dissector or heuristic table. This is for "manual" registration when a dissector ends up calling another through call_dissector (or similar) so dependencies can be determined

Parameters

parent	"Parent" protocol short name
dependent	"Dependent" protocol short name

Returns: return TRUE if dependency was successfully registered

◆ register_dissector()

WS_DLL_PUBLIC dissector_handle_t register_dissector	(	const char *	name,
		dissector_t	dissector,
		const int	proto
	)

Register a new dissector.

◆ register_dissector_table_alias()

WS_DLL_PUBLIC void register_dissector_table_alias	(	dissector_table_t	dissector_table,
		const char *	alias_name
	)

Register a dissector table alias. This is for dissectors whose original name has changed, e.g. SSL to TLS.

Parameters

dissector_table	dissector table returned by register_dissector_table.
alias_name	alias for the dissector table name.

◆ register_dissector_with_data()

WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data	(	const char *	name,
		dissector_cb_t	dissector,
		const int	proto,
		void *	cb_data
	)

Register a new dissector with a callback pointer.

◆ register_dissector_with_description()

WS_DLL_PUBLIC dissector_handle_t register_dissector_with_description	(	const char *	name,
		const char *	description,
		dissector_t	dissector,
		const int	proto
	)

Register a new dissector with a description.

◆ register_heur_dissector_list()

WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list	(	const char *	name,
		const int	proto
	)

A protocol uses this function to register a heuristic sub-dissector list. Call this in the parent dissectors proto_register function.

Parameters

name	the name of this protocol
proto	the value obtained when registering the protocol

◆ register_heur_dissector_list_with_description()

WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list_with_description	(	const char *	name,
		const char *	ui_name,
		const int	proto
	)

A protocol uses this function to register a heuristic sub-dissector list. Call this in the parent dissectors proto_register function.

Parameters

name	a unique short name for the list
ui_name	the name used in the user interface
proto	the value obtained when registering the protocol

◆ register_init_routine()

WS_DLL_PUBLIC void register_init_routine ( void(*)(void) func )

Allow protocols to register "init" routines, which are called before we make a pass through a capture file and dissect all its packets (e.g., when we read in a new capture file, or run a "filter packets" or "colorize packets" pass over the current capture file or when the preferences are changed).

Classes

Macros

Typedefs

Enumerations

Functions

Detailed Description

Macro Definition Documentation

◆ BYTES_ARE_IN_FRAME

Typedef Documentation

◆ heur_dissector_t

Function Documentation

◆ call_dissector_only()

◆ call_dissector_with_data()

◆ call_heur_dissector_direct()

◆ create_dissector_handle()

◆ decrement_dissection_depth()

◆ deregister_depend_dissector()

◆ deregister_dissector()

◆ deregister_dissector_table()

◆ deregister_heur_dissector_list()

◆ dissector_all_heur_tables_foreach_table()

◆ dissector_all_tables_foreach_changed()

◆ dissector_all_tables_foreach_table()

◆ dissector_get_custom_table_handle()

◆ dissector_get_default_string_handle()

◆ dissector_get_default_uint_handle()

◆ dissector_get_guid_handle()

◆ dissector_get_string_handle()

◆ dissector_get_uint_handle()

◆ dissector_handle_get_description()

◆ dissector_handle_get_dissector_name()

◆ dissector_handle_get_protocol_index()

◆ dissector_handle_get_protocol_long_name()

◆ dissector_handle_get_protocol_short_name()

◆ dissector_table_allow_decode_as()

◆ dissector_table_foreach()

◆ dissector_table_foreach_changed()

◆ dissector_table_foreach_handle()

◆ dissector_table_get_dissector_handle()

◆ dissector_table_get_dissector_handles()

◆ dissector_table_get_type()

◆ dissector_table_supports_decode_as()

◆ dissector_try_heuristic()

◆ find_depend_dissector_list()

◆ find_dissector()

◆ find_dissector_add_dependency()

◆ find_heur_dissector_by_unique_short_name()

◆ find_heur_dissector_list()

◆ get_dissector_names()

◆ heur_dissector_add()

◆ heur_dissector_delete()

◆ heur_dissector_list_get_description()

◆ heur_dissector_table_foreach()

◆ increment_dissection_depth()

◆ register_cleanup_routine()

◆ register_depend_dissector()

◆ register_dissector()

◆ register_dissector_table_alias()

◆ register_dissector_with_data()

◆ register_dissector_with_description()

◆ register_heur_dissector_list()

◆ register_heur_dissector_list_with_description()

◆ register_init_routine()