Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Classes | Typedefs | Enumerations | Functions
cfile.h File Reference
#include <epan/epan.h>
#include <epan/column-info.h>
#include <epan/dfilter/dfilter.h>
#include <epan/frame_data.h>
#include <epan/frame_data_sequence.h>
#include <wiretap/wtap.h>
#include <wsutil/file_compressed.h>
#include <wsutil/buffer.h>

Go to the source code of this file.

Classes

struct  packet_provider_data
 Packet provider context for programs operating on a capture file. More...
 
struct  _capture_file
 Represents a capture file and its associated metadata. More...
 

Typedefs

typedef struct _capture_file capture_file
 Represents a capture file and its associated metadata.
 

Enumerations

enum  file_state {
  FILE_CLOSED , FILE_READ_PENDING , FILE_READ_IN_PROGRESS , FILE_READ_ABORTED ,
  FILE_READ_DONE
}
 Lifecycle state of a capture file. More...
 
enum  rescan_type { RESCAN_NONE = 0 , RESCAN_SCAN , RESCAN_REDISSECT }
 Requested packet rescan action to be performed on the current capture. More...
 
enum  search_charset_t { SCS_NARROW_AND_WIDE , SCS_NARROW , SCS_WIDE }
 Character width filter for text search operations. More...
 
enum  search_direction { SD_FORWARD , SD_BACKWARD }
 Direction of a packet search through the capture. More...
 

Functions

WS_DLL_PUBLIC void cap_file_init (capture_file *cf)
 Initialize a capture file structure.
 
WS_DLL_PUBLIC const nstime_tcap_file_provider_get_frame_ts (struct packet_provider_data *prov, uint32_t frame_num)
 Get the timestamp of a frame.
 
WS_DLL_PUBLIC const nstime_tcap_file_provider_get_start_ts (struct packet_provider_data *prov)
 Get the start timestamp of a capture file.
 
WS_DLL_PUBLIC const nstime_tcap_file_provider_get_end_ts (struct packet_provider_data *prov)
 Get the end timestamp of a capture file.
 
WS_DLL_PUBLIC const char * cap_file_provider_get_interface_name (struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number)
 Retrieves the name of a network interface from a capture file.
 
WS_DLL_PUBLIC const char * cap_file_provider_get_interface_description (struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number)
 Retrieves a description for a network interface from a capture file.
 
WS_DLL_PUBLIC int32_t cap_file_provider_get_process_id (struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number)
 Retrieves the process ID associated with a given process information ID and section number.
 
WS_DLL_PUBLIC const char * cap_file_provider_get_process_name (struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number)
 Retrieves the name of a process from a capture file.
 
WS_DLL_PUBLIC const uint8_t * cap_file_provider_get_process_uuid (struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number, size_t *uuid_size)
 Retrieves the UUID of a process from a capture file.
 
WS_DLL_PUBLIC wtap_block_t cap_file_provider_get_modified_block (struct packet_provider_data *prov, const frame_data *fd)
 Get a modified block for a frame from the packet provider.
 
WS_DLL_PUBLIC void cap_file_provider_set_modified_block (struct packet_provider_data *prov, frame_data *fd, const wtap_block_t new_block)
 Set a modified block for a frame in the packet provider.
 

Detailed Description

capture_file definition & GUI-independent manipulation

Wireshark - Network traffic analyzer By Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg Copyright 1998 Gerald Combs

SPDX-License-Identifier: GPL-2.0-or-later

Enumeration Type Documentation

◆ file_state

enum file_state

Lifecycle state of a capture file.

Enumerator
FILE_CLOSED 

No file is currently open

FILE_READ_PENDING 

A file is queued to be read but has not been opened yet

FILE_READ_IN_PROGRESS 

A file has been opened and is actively being read

FILE_READ_ABORTED 

File read was cancelled by the user

FILE_READ_DONE 

File read completed successfully

◆ rescan_type

enum rescan_type

Requested packet rescan action to be performed on the current capture.

Enumerator
RESCAN_NONE 

No rescan requested

RESCAN_SCAN 

Rescan packets without performing full redissection

RESCAN_REDISSECT 

Rescan packets with full redissection

◆ search_charset_t

enum search_charset_t

Character width filter for text search operations.

Enumerator
SCS_NARROW_AND_WIDE 

Search both narrow (single-byte) and wide (multi-byte) character strings

SCS_NARROW 

Search narrow (single-byte) character strings only

SCS_WIDE 

Search wide (multi-byte) character strings only

◆ search_direction

enum search_direction

Direction of a packet search through the capture.

Enumerator
SD_FORWARD 

Search forward (toward newer packets)

SD_BACKWARD 

Search backward (toward older packets)

Function Documentation

◆ cap_file_init()

WS_DLL_PUBLIC void cap_file_init ( capture_file cf)

Initialize a capture file structure.

Parameters
cfPointer to the capture file structure to be initialized.

◆ cap_file_provider_get_end_ts()

WS_DLL_PUBLIC const nstime_t * cap_file_provider_get_end_ts ( struct packet_provider_data prov)

Get the end timestamp of a capture file.

Parameters
provPointer to the packet provider data structure.
Returns
const nstime_t* Pointer to the end timestamp, or NULL if not available.

◆ cap_file_provider_get_frame_ts()

WS_DLL_PUBLIC const nstime_t * cap_file_provider_get_frame_ts ( struct packet_provider_data prov,
uint32_t  frame_num 
)

Get the timestamp of a frame.

Parameters
provPointer to the packet provider data structure.
frame_numThe number of the frame for which to retrieve the timestamp.
Returns
Pointer to the end timestamp, or NULL if not available.

◆ cap_file_provider_get_interface_description()

WS_DLL_PUBLIC const char * cap_file_provider_get_interface_description ( struct packet_provider_data prov,
uint32_t  interface_id,
unsigned  section_number 
)

Retrieves a description for a network interface from a capture file.

Parameters
provPointer to the packet provider data structure.
interface_idThe ID of the network interface.
section_numberThe section number in the capture file.
Returns
A string containing the description of the network interface, or NULL if not found.

◆ cap_file_provider_get_interface_name()

WS_DLL_PUBLIC const char * cap_file_provider_get_interface_name ( struct packet_provider_data prov,
uint32_t  interface_id,
unsigned  section_number 
)

Retrieves the name of a network interface from a capture file.

Parameters
provPointer to the packet provider data structure.
interface_idThe ID of the interface to retrieve.
section_numberThe section number in the capture file.
Returns
The name of the interface, or "unknown" if not found.

◆ cap_file_provider_get_modified_block()

WS_DLL_PUBLIC wtap_block_t cap_file_provider_get_modified_block ( struct packet_provider_data prov,
const frame_data fd 
)

Get a modified block for a frame from the packet provider.

Parameters
provPointer to the packet_provider_data structure.
fdPointer to the frame_data structure representing the frame.
Returns
The modified block if found, otherwise NULL.

◆ cap_file_provider_get_process_id()

WS_DLL_PUBLIC int32_t cap_file_provider_get_process_id ( struct packet_provider_data prov,
uint32_t  process_info_id,
unsigned  section_number 
)

Retrieves the process ID associated with a given process information ID and section number.

Parameters
provPointer to the packet provider data structure.
process_info_idThe ID of the process information.
section_numberThe section number within the capture file.
Returns
int32_t The process ID, or -1 if an error occurred.

◆ cap_file_provider_get_process_name()

WS_DLL_PUBLIC const char * cap_file_provider_get_process_name ( struct packet_provider_data prov,
uint32_t  process_info_id,
unsigned  section_number 
)

Retrieves the name of a process from a capture file.

Parameters
provPointer to the packet provider data structure.
process_info_idIdentifier for the process information.
section_numberThe section number (currently unused).
Returns
The process's name, or NULL if not found.

◆ cap_file_provider_get_process_uuid()

WS_DLL_PUBLIC const uint8_t * cap_file_provider_get_process_uuid ( struct packet_provider_data prov,
uint32_t  process_info_id,
unsigned  section_number,
size_t *  uuid_size 
)

Retrieves the UUID of a process from a capture file.

Parameters
provPointer to the packet provider data structure.
process_info_idIdentifier for the process information.
section_numberThe section number (currently unused).
uuid_sizePointer to store the size of the UUID.
Returns
Pointer to the UUID or NULL if not found.

◆ cap_file_provider_get_start_ts()

WS_DLL_PUBLIC const nstime_t * cap_file_provider_get_start_ts ( struct packet_provider_data prov)

Get the start timestamp of a capture file.

Parameters
provPointer to the packet provider data structure.
Returns
Pointer to the start timestamp, or NULL if not available.

◆ cap_file_provider_set_modified_block()

WS_DLL_PUBLIC void cap_file_provider_set_modified_block ( struct packet_provider_data prov,
frame_data fd,
const wtap_block_t  new_block 
)

Set a modified block for a frame in the packet provider.

This function updates or inserts a new wtap_block_t into the frames_modified_blocks tree of the packet_provider_data structure.

Parameters
provPointer to the packet_provider_data structure.
fdPointer to the frame_data structure representing the frame.
new_blockThe new wtap_block_t to be set for the frame.
Generated by doxygen 1.9.8