Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Public Attributes | List of all members
plugin_field_extract_t Struct Reference

Holds a single field extraction request/result for a plugin event. More...

#include <sinsp-span.h>

Public Attributes

uint32_t field_id
 
const char * field_name
 
enum ftenum type
 
bool is_present
 
bool is_generated
 
union { 
 
   uint8_t *   bytes 
 
   const char *   str 
 
   int32_t   i32 
 
   int64_t   i64 
 
   uint32_t   u32 
 
   uint64_t   u64 
 
   double   dbl 
 
   uint8_t   ipv6 [16] 
 
   bool   boolean 
 
res 
 Extracted value; the active member is determined by type.
 
int data_start
 
int data_length
 

Detailed Description

Holds a single field extraction request/result for a plugin event.

Members marked [in] are populated by the caller before extraction; members marked [out] are filled in by the extraction routine. Members marked [in, out] serve a dual role.

Member Data Documentation

◆ boolean

bool plugin_field_extract_t::boolean

Boolean value.

◆ bytes

uint8_t* plugin_field_extract_t::bytes

Raw byte buffer.

◆ data_length

int plugin_field_extract_t::data_length

[out] Byte length of the field data within the event buffer.

◆ data_start

int plugin_field_extract_t::data_start

[out] Byte offset within the event buffer where the field data begins.

◆ dbl

double plugin_field_extract_t::dbl

Double-precision float.

◆ field_id

uint32_t plugin_field_extract_t::field_id

[out] Matched field ID for syscall events; [in] requested field ID for plugin events.

◆ field_name

const char* plugin_field_extract_t::field_name

[in] Field name string as used in filter expressions.

◆ i32

int32_t plugin_field_extract_t::i32

Signed 32-bit integer.

◆ i64

int64_t plugin_field_extract_t::i64

Signed 64-bit integer.

◆ ipv6

uint8_t plugin_field_extract_t::ipv6[16]

IPv6 address (128-bit, network byte order).

◆ is_generated

bool plugin_field_extract_t::is_generated

[out] true if the value was synthetically generated rather than decoded from raw data.

◆ is_present

bool plugin_field_extract_t::is_present

[out] true if the field was present and successfully extracted.

◆ str

const char* plugin_field_extract_t::str

NUL-terminated string pointer.

◆ type

enum ftenum plugin_field_extract_t::type

[in, out] Wireshark field type; may be refined by the extractor.

◆ u32

uint32_t plugin_field_extract_t::u32

Unsigned 32-bit integer.

◆ u64

uint64_t plugin_field_extract_t::u64

Unsigned 64-bit integer.

The documentation for this struct was generated from the following file:
Generated by doxygen 1.9.8