Wireshark  4.3.0
The Wireshark network protocol analyzer
Public Attributes | List of all members
_packet_info Struct Reference

Public Attributes

const char * current_proto
struct epan_column_infocinfo
guint32 presence_flags
guint32 num
nstime_t abs_ts
nstime_t rel_ts
nstime_t rel_cap_ts
gboolean rel_cap_ts_present
frame_data * fd
union wtap_pseudo_headerpseudo_header
GSList * data_src
address dl_src
address dl_dst
address net_src
address net_dst
address src
address dst
guint32 vlan_id
const char * noreassembly_reason
gboolean fragmented
struct {
   guint32   in_error_pkt:1
   guint32   in_gre_pkt:1
port_type ptype
guint32 srcport
guint32 destport
guint32 match_uint
const char * match_string
gboolean use_conv_addr_port_endpoints
struct conversation_addr_port_endpointsconv_addr_port_endpoints
struct conversation_elementconv_elements
guint16 can_desegment
guint16 saved_can_desegment
int desegment_offset
guint32 desegment_len
guint16 want_pdu_tracking
guint32 bytes_until_next_pdu
int p2p_dir
GHashTable * private_table
guint8 curr_layer_num
guint8 curr_proto_layer_num
guint16 link_number
guint16 clnp_srcref
guint16 clnp_dstref
int link_dir
gint16 src_win_scale
gint16 dst_win_scale
GSList * proto_data
GSList * frame_end_routines
struct epan_sessionepan
const gchar * heur_list_name
int dissection_depth
guint32 stream_id

Member Data Documentation

◆ abs_ts

nstime_t _packet_info::abs_ts

Packet absolute time stamp

◆ can_desegment

guint16 _packet_info::can_desegment

>0 if this segment could be desegmented. A dissector that can offer this API (e.g. TCP) sets can_desegment=2, then can_desegment is decremented by 1 each time we pass to the next subdissector. Thus only the dissector immediately above the protocol which sets the flag can use it

◆ cinfo

struct epan_column_info* _packet_info::cinfo

Column formatting information

◆ clnp_dstref

guint16 _packet_info::clnp_dstref

clnp/cotp destination reference (can't use dstport, this would confuse tpkt)

◆ clnp_srcref

guint16 _packet_info::clnp_srcref

clnp/cotp source reference (can't use srcport, this would confuse tpkt)

◆ conv_addr_port_endpoints

struct conversation_addr_port_endpoints* _packet_info::conv_addr_port_endpoints

Data that can be used for address+port conversations, including wildcarding

◆ conv_elements

struct conversation_element* _packet_info::conv_elements

Arbritrary conversation identifier; can't be wildcarded

◆ curr_layer_num

guint8 _packet_info::curr_layer_num

map of proto_id to curr_proto_layer_num. The current "depth" or layer number in the current frame

◆ curr_proto_layer_num

guint8 _packet_info::curr_proto_layer_num

The current "depth" or layer number for this dissector in the current frame

◆ current_proto

const char* _packet_info::current_proto

name of protocol currently being dissected

◆ data_src

GSList* _packet_info::data_src

Frame data sources

◆ desegment_len

guint32 _packet_info::desegment_len

requested desegmentation additional length or DESEGMENT_ONE_MORE_SEGMENT: Desegment one more full segment (warning! only partially implemented) DESEGMENT_UNTIL_FIN: Desgment all data for this tcp session until the FIN segment.

◆ desegment_offset

int _packet_info::desegment_offset

offset to stuff needing desegmentation

◆ destport

guint32 _packet_info::destport

destination port

◆ dissection_depth

int _packet_info::dissection_depth

The current "depth" or layer number in the current frame

◆ dl_dst

address _packet_info::dl_dst

link-layer destination address

◆ dl_src

address _packet_info::dl_src

link-layer source address

◆ dst

address _packet_info::dst

destination address (net if present, DL otherwise )

◆ dst_win_scale

gint16 _packet_info::dst_win_scale

Rcv.Wind.Shift dst applies when sending segments; -1 unknown; -2 disabled

◆ fragmented

gboolean _packet_info::fragmented

TRUE if the protocol is only a fragment

◆ heur_list_name

const gchar* _packet_info::heur_list_name

name of heur list if this packet is being heuristically dissected

◆ in_error_pkt

guint32 _packet_info::in_error_pkt

TRUE if we're inside an {ICMP,CLNP,...} error packet

◆ in_gre_pkt

guint32 _packet_info::in_gre_pkt

TRUE if we're encapsulated inside a GRE packet

◆ layers

wmem_list_t* _packet_info::layers

layers of each protocol

◆ link_dir

int _packet_info::link_dir

3GPP messages are sometime different UP link(UL) or Downlink(DL)

◆ match_string

const char* _packet_info::match_string

matched string for calling subdissector from table

◆ match_uint

guint32 _packet_info::match_uint

matched uint for calling subdissector from table

◆ net_dst

address _packet_info::net_dst

network-layer destination address

◆ net_src

address _packet_info::net_src

network-layer source address

◆ noreassembly_reason

const char* _packet_info::noreassembly_reason

reason why reassembly wasn't done, if any

◆ num

guint32 _packet_info::num

Frame number

◆ p2p_dir

int _packet_info::p2p_dir

Packet was captured as an outbound (P2P_DIR_SENT) inbound (P2P_DIR_RECV) unknown (P2P_DIR_UNKNOWN)

◆ pool

wmem_allocator_t* _packet_info::pool

Memory pool scoped to the pinfo struct

◆ presence_flags

guint32 _packet_info::presence_flags

Presence flags for some items

◆ private_table

GHashTable* _packet_info::private_table

a hash table passed from one dissector to another

◆ proto_data

GSList* _packet_info::proto_data

Per packet proto data

◆ ptype

port_type _packet_info::ptype

type of the following two port numbers

◆ rec

wtap_rec* _packet_info::rec

Record metadata

◆ rel_cap_ts

nstime_t _packet_info::rel_cap_ts

Relative timestamp from capture start (might be negative for broken files)

◆ rel_cap_ts_present

gboolean _packet_info::rel_cap_ts_present

Relative timestamp from capture start valid

◆ rel_ts

nstime_t _packet_info::rel_ts

Relative timestamp (yes, it can be negative)

◆ saved_can_desegment

guint16 _packet_info::saved_can_desegment

Value of can_desegment before current dissector was called. Supplied so that dissectors for proxy protocols such as SOCKS can restore it, allowing the dissectors that they call to use the TCP dissector's desegmentation (SOCKS just retransmits TCP segments once it's finished setting things up, so the TCP desegmentor can desegment its payload).

◆ src

address _packet_info::src

source address (net if present, DL otherwise )

◆ src_win_scale

gint16 _packet_info::src_win_scale

Rcv.Wind.Shift src applies when sending segments; -1 unknown; -2 disabled

◆ srcport

guint32 _packet_info::srcport

source port

◆ stream_id

guint32 _packet_info::stream_id

Conversation Stream ID of the highest protocol

◆ use_conv_addr_port_endpoints

gboolean _packet_info::use_conv_addr_port_endpoints

TRUE if address/port endpoints member should be used for conversations

◆ vlan_id

guint32 _packet_info::vlan_id

First encountered VLAN Id if present otherwise 0

◆ want_pdu_tracking

guint16 _packet_info::want_pdu_tracking

>0 if the subdissector has specified a value in 'bytes_until_next_pdu'. When a dissector detects that the next PDU will start beyond the start of the next segment, it can set this value to 2 and 'bytes_until_next_pdu' to the number of bytes beyond the next segment where the next PDU starts.

If the protocol dissector below this one is capable of PDU tracking it can use this hint to detect PDUs that starts unaligned to the segment boundaries. The TCP dissector is using this hint from (some) protocols to detect when a new PDU starts in the middle of a tcp segment.

There is intelligence in the glue between dissector layers to make sure that this request is only passed down to the protocol immediately below the current one and not any further.

The documentation for this struct was generated from the following file: