 |
Wireshark 4.7.0
The Wireshark network protocol analyzer
|
Loading...
Searching...
No Matches
|
Wireshark 4.7.0
The Wireshark network protocol analyzer
|
| nstime_t _packet_info::abs_ts |
Packet absolute timestamp
| uint32_t _packet_info::bytes_until_next_pdu |
Number of bytes until the next PDU starts beyond the next segment
| uint16_t _packet_info::can_desegment |
>0 if this segment could be desegmented. A dissector that can offer this API (e.g. TCP) sets can_desegment=2, then can_desegment is decremented by 1 each time we pass to the next subdissector. Thus only the dissector immediately above the protocol which sets the flag can use it
| struct epan_column_info* _packet_info::cinfo |
Column formatting information
| uint16_t _packet_info::clnp_dstref |
CLNP/COTP destination reference (cannot use dstport to avoid confusion with TPKT)
| uint16_t _packet_info::clnp_srcref |
CLNP/COTP source reference (cannot use srcport to avoid confusion with TPKT)
| struct conversation_addr_port_endpoints* _packet_info::conv_addr_port_endpoints |
Address+port conversation data, including wildcarding
| struct conversation_element* _packet_info::conv_elements |
Arbitrary conversation identifier (cannot be wildcarded)
| uint8_t _packet_info::curr_layer_num |
Current "depth" or layer number in the current frame
| uint8_t _packet_info::curr_proto_layer_num |
Current "depth" or layer number for this dissector in the current frame
| const char* _packet_info::current_proto |
Name of protocol currently being dissected
| GSList* _packet_info::data_src |
Frame data sources
| uint32_t _packet_info::desegment_len |
requested desegmentation additional length or DESEGMENT_ONE_MORE_SEGMENT: Desegment one more full segment (warning! only partially implemented) DESEGMENT_UNTIL_FIN: Desegment all data for this tcp session until the FIN segment.
| int _packet_info::desegment_offset |
Offset to data needing desegmentation
| uint32_t _packet_info::destport |
Destination port
| int _packet_info::dissection_depth |
Current "depth" or layer number in the current frame
| address _packet_info::dl_dst |
Link-layer destination address
| address _packet_info::dl_src |
Link-layer source address
| address _packet_info::dst |
Destination address (network if present, else DL)
| int16_t _packet_info::dst_win_scale |
Rcv.Wind.Shift dst applies when sending segments; -1 unknown; -2 disabled
| struct epan_session* _packet_info::epan |
Pointer to the current epan session context
| uint32_t _packet_info::expert_severity |
Highest expert severity level
| frame_data* _packet_info::fd |
Frame metadata and indexing information
| bool _packet_info::fragmented |
True if the protocol is a fragment
| GSList* _packet_info::frame_end_routines |
List of routines to execute after frame dissection
| const char* _packet_info::heur_list_name |
Name of heuristic list if packet is being heuristically dissected
| uint32_t _packet_info::in_error_pkt |
True if inside an error packet (e.g., ICMP, CLNP)
| uint32_t _packet_info::in_gre_pkt |
True if encapsulated inside a GRE packet
| wmem_list_t* _packet_info::layers |
List of protocol layers
| int _packet_info::link_dir |
Link direction (e.g., 3GPP uplink or downlink)
| uint16_t _packet_info::link_number |
Link-layer interface index
| const char* _packet_info::match_string |
Matched string for calling subdissector from a table
| uint32_t _packet_info::match_uint |
Matched uint for calling subdissector from a table
| address _packet_info::net_dst |
Network-layer destination address
| address _packet_info::net_src |
Network-layer source address
| const char* _packet_info::noreassembly_reason |
Reason why reassembly was not performed, if any
| uint32_t _packet_info::num |
Frame number
| int _packet_info::p2p_dir |
Packet was captured as an outbound (P2P_DIR_SENT) inbound (P2P_DIR_RECV) unknown (P2P_DIR_UNKNOWN)
| wmem_allocator_t* _packet_info::pool |
Memory pool scoped to this pinfo
| uint32_t _packet_info::presence_flags |
Presence flags for some items
| GHashTable* _packet_info::private_table |
Hash table passed between dissectors
| GSList* _packet_info::proto_data |
Per-packet protocol data
| wmem_map_t* _packet_info::proto_layers |
Map from proto_id to curr_proto_layer_num
| union wtap_pseudo_header* _packet_info::pseudo_header |
Capture-specific pseudo header (e.g., Ethernet, 802.11)
| port_type _packet_info::ptype |
Type of the srcport and destport
| wtap_rec* _packet_info::rec |
Record metadata
| nstime_t _packet_info::rel_cap_ts |
Relative timestamp from capture start (may be negative for broken files)
| bool _packet_info::rel_cap_ts_present |
True if relative capture timestamp is valid
| nstime_t _packet_info::rel_ts |
Relative timestamp (can be negative)
| uint16_t _packet_info::saved_can_desegment |
Value of can_desegment before current dissector was called. Supplied so that dissectors for proxy protocols such as SOCKS can restore it, allowing the dissectors that they call to use the TCP dissector's desegmentation (SOCKS just retransmits TCP segments once it's finished setting things up, so the TCP desegmentor can desegment its payload).
| address _packet_info::src |
Source address (network if present, else DL)
| int16_t _packet_info::src_win_scale |
Rcv.Wind.Shift src applies when sending segments; -1 unknown; -2 disabled
| uint32_t _packet_info::srcport |
Source port
| uint32_t _packet_info::stream_id |
Conversation stream ID of the highest protocol
| uint32_t _packet_info::track_ctype |
Tracks the conversation type for these protocols subscribing to an error packet follow-up. Typically transport protocols such as UDP or TCP are likely to be followed up by ICMP.
| bool _packet_info::use_conv_addr_port_endpoints |
True if address/port endpoints should be used for conversations
| uint32_t _packet_info::vlan_id |
First encountered VLAN ID if present, else 0
| uint16_t _packet_info::want_pdu_tracking |
>0 if the subdissector has specified a value in 'bytes_until_next_pdu'. When a dissector detects that the next PDU will start beyond the start of the next segment, it can set this value to 2 and 'bytes_until_next_pdu' to the number of bytes beyond the next segment where the next PDU starts.
If the protocol dissector below this one is capable of PDU tracking it can use this hint to detect PDUs that starts unaligned to the segment boundaries. The TCP dissector is using this hint from (some) protocols to detect when a new PDU starts in the middle of a tcp segment.
There is intelligence in the glue between dissector layers to make sure that this request is only passed down to the protocol immediately below the current one and not any further.
1.9.8