Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Classes | Macros | Typedefs | Enumerations | Functions
conversation.h File Reference
#include "ws_symbol_export.h"
#include <epan/packet.h>
#include <epan/wmem_scopes.h>

Go to the source code of this file.

Classes

struct  conversation_element
 
struct  conversation
 

Macros

#define NO_ADDR2   0x01
 
#define NO_PORT2   0x02
 
#define NO_PORT2_FORCE   0x04
 
#define CONVERSATION_TEMPLATE   0x08
 
#define NO_PORTS   0x010
 
#define NO_MASK_B   0xFFFF0000
 
#define NO_ADDR_B   0x00010000
 
#define NO_PORT_B   0x00020000
 
#define NO_PORT_X   0x00040000
 
#define NO_GREEDY   0x00100000
 
#define EXACT_EXCLUDED   0x00200000
 
#define USE_LAST_ENDPOINT   0x08
 
#define ENDPOINT_NONE   CONVERSATION_NONE
 
#define ENDPOINT_SCTP   CONVERSATION_SCTP
 
#define ENDPOINT_TCP   CONVERSATION_TCP
 
#define ENDPOINT_UDP   CONVERSATION_UDP
 
#define ENDPOINT_DCCP   CONVERSATION_DCCP
 
#define ENDPOINT_IPX   CONVERSATION_IPX
 
#define ENDPOINT_NCP   CONVERSATION_NCP
 
#define ENDPOINT_EXCHG   CONVERSATION_EXCHG
 
#define ENDPOINT_DDP   CONVERSATION_DDP
 
#define ENDPOINT_SBCCS   CONVERSATION_SBCCS
 
#define ENDPOINT_IDP   CONVERSATION_IDP
 
#define ENDPOINT_TIPC   CONVERSATION_TIPC
 
#define ENDPOINT_USB   CONVERSATION_USB
 
#define ENDPOINT_I2C   CONVERSATION_I2C
 
#define ENDPOINT_IBQP   CONVERSATION_IBQP
 
#define ENDPOINT_BLUETOOTH   CONVERSATION_BLUETOOTH
 
#define ENDPOINT_TDMOP   CONVERSATION_TDMOP
 
#define ENDPOINT_DVBCI   CONVERSATION_DVBCI
 
#define ENDPOINT_ISO14443   CONVERSATION_ISO14443
 
#define ENDPOINT_ISDN   CONVERSATION_ISDN
 
#define ENDPOINT_H223   CONVERSATION_H223
 
#define ENDPOINT_X25   CONVERSATION_X25
 
#define ENDPOINT_IAX2   CONVERSATION_IAX2
 
#define ENDPOINT_DLCI   CONVERSATION_DLCI
 
#define ENDPOINT_ISUP   CONVERSATION_ISUP
 
#define ENDPOINT_BICC   CONVERSATION_BICC
 
#define ENDPOINT_GSMTAP   CONVERSATION_GSMTAP
 
#define ENDPOINT_IUUP   CONVERSATION_IUUP
 
#define ENDPOINT_DVBBBF   CONVERSATION_DVBBBF
 
#define ENDPOINT_IWARP_MPA   CONVERSATION_IWARP_MPA
 
#define ENDPOINT_BT_UTP   CONVERSATION_BT_UTP
 
#define ENDPOINT_LOG   CONVERSATION_LOG
 
#define ENDPOINT_MCTP   CONVERSATION_MCTP
 
#define ENDPOINT_NVME_MI   CONVERSATION_NVME_MI
 
#define ENDPOINT_SNMP   CONVERSATION_SNMP
 
#define ENDPOINT_IP   CONVERSATION_IP
 
#define ENDPOINT_IPv6   CONVERSATION_IPv6
 
#define ENDPOINT_ETH   CONVERSATION_ETH
 
#define ENDPOINT_ILNP   CONVERSATION_ILNP
 

Typedefs

typedef conversation_type endpoint_type
 
typedef struct conversation_element conversation_element_t
 
typedef struct conversation conversation_t
 
typedef struct conversation_addr_port_endpointsconversation_addr_port_endpoints_t
 

Enumerations

enum  conversation_type {
  CONVERSATION_NONE , CONVERSATION_SCTP , CONVERSATION_TCP , CONVERSATION_UDP ,
  CONVERSATION_DCCP , CONVERSATION_IPX , CONVERSATION_NCP , CONVERSATION_EXCHG ,
  CONVERSATION_DDP , CONVERSATION_SBCCS , CONVERSATION_IDP , CONVERSATION_TIPC ,
  CONVERSATION_USB , CONVERSATION_I2C , CONVERSATION_IBQP , CONVERSATION_BLUETOOTH ,
  CONVERSATION_TDMOP , CONVERSATION_DVBCI , CONVERSATION_ISO14443 , CONVERSATION_ISDN ,
  CONVERSATION_H223 , CONVERSATION_X25 , CONVERSATION_IAX2 , CONVERSATION_DLCI ,
  CONVERSATION_ISUP , CONVERSATION_BICC , CONVERSATION_GSMTAP , CONVERSATION_IUUP ,
  CONVERSATION_DVBBBF , CONVERSATION_IWARP_MPA , CONVERSATION_BT_UTP , CONVERSATION_LOG ,
  CONVERSATION_LTP , CONVERSATION_MCTP , CONVERSATION_NVME_MI , CONVERSATION_BP ,
  CONVERSATION_SNMP , CONVERSATION_QUIC , CONVERSATION_IDN , CONVERSATION_IP ,
  CONVERSATION_IPV6 , CONVERSATION_ETH , CONVERSATION_ETH_NN , CONVERSATION_ETH_NV ,
  CONVERSATION_ETH_IN , CONVERSATION_ETH_IV , CONVERSATION_VSPC_VMOTION , CONVERSATION_OPENVPN ,
  CONVERSATION_PROXY , CONVERSATION_GNSS , CONVERSATION_DNP3 , CONVERSATION_ILNP
}
 Conversation key types recognized by Wireshark dissectors. More...
 
enum  conversation_element_type {
  CE_CONVERSATION_TYPE , CE_ADDRESS , CE_PORT , CE_STRING ,
  CE_UINT , CE_UINT64 , CE_INT , CE_INT64 ,
  CE_BLOB
}
 

Functions

WS_DLL_PUBLIC const addressconversation_key_addr1 (const conversation_element_t *key)
 Retrieve the first address from a conversation key.
 
WS_DLL_PUBLIC uint32_t conversation_key_port1 (const conversation_element_t *key)
 Retrieve the first port from a conversation key.
 
WS_DLL_PUBLIC const addressconversation_key_addr2 (const conversation_element_t *key)
 Retrieve the second address from a conversation key.
 
WS_DLL_PUBLIC uint32_t conversation_key_port2 (const conversation_element_t *key)
 Retrieve the second port from a conversation key.
 
void conversation_init (void)
 Create a new hash tables for conversations.
 
void conversation_epan_reset (void)
 Initialize some variables every time a file is loaded or re-loaded.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_full (const uint32_t setup_frame, conversation_element_t *elements)
 Create a new conversation identified by a list of elements.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new (const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t port1, const uint32_t port2, const unsigned options)
 Given two address/port pairs for a packet, create a new conversation identified by address/port pairs.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_by_id (const uint32_t setup_frame, const conversation_type ctype, const uint32_t id)
 Create a new conversation identified by a conversation index.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_err_pkts (const uint32_t setup_frame, const conversation_type ctype, const uint32_t id, const uint32_t rid)
 Create a new conversation in the err_pkts table.
 
WS_DLL_PUBLIC bool is_deinterlacing_supported (const packet_info *pinfo)
 Returns the Deinterlacing support status.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_deinterlaced (const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t port1, const uint32_t port2, const uint32_t anchor, const unsigned options)
 Create a deinterlaced conversation, based on two addresses, a type, and several keys (VLAN, Mac, Interface).
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_deinterlacer (const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t key1, const uint32_t key2, const uint32_t key3)
 Create a deinterlacer conversation, based on two addresses, a type, and several keys (VLAN, Mac, Interface).
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_strat (const packet_info *pinfo, const conversation_type ctype, const unsigned options)
 A helper function for creating conversations according to the runtime deinterlacing strategy, which means the returned conversation is either a classic (historical) object, or a deinterlaced one.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tconversation_new_strat_xtd (const packet_info *pinfo, const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t port1, const uint32_t port2, const unsigned options)
 A helper function for creating conversations according to the runtime deinterlacing strategy, which means the returned conversation is either a classic (historical) object, or a deinterlaced one.
 
WS_DLL_PUBLIC conversation_tfind_conversation_full (const uint32_t frame_num, conversation_element_t *elements)
 Search for a conversation based on the structure and values of an element list.
 
WS_DLL_PUBLIC conversation_tfind_conversation (const uint32_t frame_num, const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t port_a, const uint32_t port_b, const unsigned options)
 
WS_DLL_PUBLIC conversation_tfind_conversation_deinterlaced (const uint32_t frame_num, const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t port_a, const uint32_t port_b, const uint32_t anchor, const unsigned options)
 Finds a conversation using deinterlacing based on frame number, addresses, ports, and type.
 
WS_DLL_PUBLIC conversation_tfind_conversation_deinterlacer (const uint32_t frame_num, const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t key_a, const uint32_t key_b, const uint32_t key_c)
 Finds a conversation using deinterlacing based on frame number and addresses.
 
WS_DLL_PUBLIC conversation_tfind_conversation_deinterlacer_pinfo (const packet_info *pinfo)
 A wrapper function of find_conversation_deinterlacer().
 
WS_DLL_PUBLIC conversation_tfind_conversation_by_id (const uint32_t frame, const conversation_type ctype, const uint32_t id)
 Finds a conversation by its ID.
 
WS_DLL_PUBLIC conversation_tfind_conversation_err_pkts (const uint32_t frame, const conversation_type ctype, const uint32_t id, const uint32_t rid)
 Finds a conversation using error packets.
 
WS_DLL_PUBLIC conversation_tfind_conversation_strat (const packet_info *pinfo, const conversation_type ctype, const unsigned options, const bool direction)
 A helper function that calls find_conversation() using data from pinfo, and returns a conversation according to the runtime deinterlacing strategy. The frame number and addresses are taken from pinfo, and direction.
 
WS_DLL_PUBLIC conversation_tfind_conversation_strat_xtd (const packet_info *pinfo, const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t port1, const uint32_t port2, const unsigned options)
 Finds a conversation using extended parameters.
 
WS_DLL_PUBLIC conversation_tfind_conversation_pinfo (const packet_info *pinfo, const unsigned options)
 A helper function that calls find_conversation() using data from pinfo The frame number and addresses are taken from pinfo.
 
WS_DLL_PUBLIC conversation_tfind_conversation_pinfo_strat (const packet_info *pinfo, const unsigned options)
 A helper function that calls find_conversation() using data from pinfo. It's a simplified version of find_conversation_pinfo() to avoid unnecessary checks and be limited to read-only, which is the minimal need for displaying packets in packet_list. The frame number and addresses are taken from pinfo.
 
WS_DLL_PUBLIC conversation_tfind_conversation_pinfo_ro (const packet_info *pinfo, const unsigned options)
 A helper function that calls find_conversation() using data from pinfo.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tfind_or_create_conversation (const packet_info *pinfo)
 A helper function that calls find_conversation() and, if a conversation is not found, calls conversation_new().
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tfind_or_create_conversation_strat (const packet_info *pinfo)
 Finds or creates a conversation based on the provided packet information.
 
WS_DLL_PUBLIC WS_RETNONNULL conversation_tfind_or_create_conversation_by_id (packet_info *pinfo, const conversation_type ctype, const uint32_t id)
 A helper function that calls find_conversation_by_id() and, if a conversation is not found, calls conversation_new_by_id(). The frame number is taken from pinfo.
 
WS_DLL_PUBLIC void conversation_add_proto_data (conversation_t *conv, const int proto, void *proto_data)
 Associate data with a conversation.
 
WS_DLL_PUBLIC void * conversation_get_proto_data (const conversation_t *conv, const int proto)
 Fetch data associated with a conversation.
 
WS_DLL_PUBLIC void conversation_delete_proto_data (conversation_t *conv, const int proto)
 Remove data associated with a conversation.
 
WS_DLL_PUBLIC void conversation_set_dissector (conversation_t *conversation, const dissector_handle_t handle)
 Set the dissector for a conversation.
 
WS_DLL_PUBLIC void conversation_set_dissector_from_frame_number (conversation_t *conversation, const uint32_t starting_frame_num, const dissector_handle_t handle)
 Set a dissector for a conversation starting from a specific frame number.
 
WS_DLL_PUBLIC dissector_handle_t conversation_get_dissector (conversation_t *conversation, const uint32_t frame_num)
 Retrieves the dissector associated with a conversation at a specific frame number.
 
WS_DLL_PUBLIC void conversation_set_conv_addr_port_endpoints (struct _packet_info *pinfo, address *addr1, address *addr2, conversation_type ctype, uint32_t port1, uint32_t port2)
 Set the address and port endpoints for a conversation in the packet info.
 
WS_DLL_PUBLIC void conversation_set_elements_by_id (struct _packet_info *pinfo, conversation_type ctype, uint32_t id)
 Set the conversation elements for a conversation in the packet info.
 
WS_DLL_PUBLIC uint32_t conversation_get_id_from_elements (struct _packet_info *pinfo, conversation_type ctype, const unsigned options)
 Get the ID value from the conversation elements in the packet info.
 
WS_DLL_PUBLIC bool try_conversation_dissector (const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t port_a, const uint32_t port_b, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data, const unsigned options)
 Given two address/port pairs for a packet, search for a matching conversation and, if found and it has a conversation dissector, call that dissector and return true, otherwise return false.
 
WS_DLL_PUBLIC bool try_conversation_dissector_strat (packet_info *pinfo, const conversation_type ctype, tvbuff_t *tvb, proto_tree *tree, void *data, const unsigned options, const bool direction)
 Attempts to dissect a packet using a conversation-based strategy.
 
WS_DLL_PUBLIC bool try_conversation_dissector_by_id (const conversation_type ctype, const uint32_t id, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 Tries to use an existing dissector for a given conversation type and ID. Attempt to dissect a packet using a specific conversation ID.
 
WS_DLL_PUBLIC void conversation_set_port2 (conversation_t *conv, const uint32_t port)
 Set the second port in a conversation created with conversation_new.
 
WS_DLL_PUBLIC void conversation_set_addr2 (conversation_t *conv, const address *addr)
 Set the second address in a conversation created with conversation_new.
 
WS_DLL_PUBLIC wmem_map_tget_conversation_hashtables (void)
 Get a hash table of conversation hash table.
 
WS_DLL_PUBLIC conversation_type conversation_pt_to_conversation_type (port_type pt)
 Converts a port_type to an endpoint_type.
 
WS_DLL_PUBLIC endpoint_type conversation_pt_to_endpoint_type (port_type pt)
 Converts a port_type to an endpoint_type.
 

Detailed Description

The conversation API lets you correlate packets based on values in a packet, typically address+port tuples. You can search for conversations based on their value tuples and attach data to them.

Macro Definition Documentation

◆ NO_ADDR2

#define NO_ADDR2   0x01

Flags to pass to "conversation_new()" to indicate that the address 2 and/or port 2 values for the conversation should be wildcards. The CONVERSATION_TEMPLATE option tells that any of the other supplied port and / or address wildcards will be used to match an infinite number of new connections to the conversation(s) that have the CONVERSATION_- TEMPLATE flag set. Any conversation created without the CONVERSATION_- TEMPLATE flag will be altered once the first connections (connection oriented protocols only) to include the newly found information which matched the wildcard options.

◆ NO_MASK_B

#define NO_MASK_B   0xFFFF0000

Flags to pass to "find_conversation()" to indicate that the address B and/or port B search arguments are wildcards.

◆ USE_LAST_ENDPOINT

#define USE_LAST_ENDPOINT   0x08

Flags to handle endpoints Use last endpoint created, regardless of type

Typedef Documentation

◆ conversation_element_t

typedef struct conversation_element conversation_element_t

Elements used to identify conversations for *_full routines and pinfo->conv_elements. Arrays must be terminated with an element .type set to CE_CONVERSATION_TYPE.

This is currently set only by conversation_set_elements_by_id(); it is not set for conversations identified by address/port endpoints.

In find_conversation_pinfo() and find_or_create_conversation(), if any dissector has set this, then, unless some dissector has set the pair of address/port endpoints (see below), the array of elements is used to look up or create the conversation. Otherwise, the current addresses and ports in the packet_info structure are used.

XXX - is there any reason why we shouldn't use an array of conversation elements, with the appropriate addresses and ports, and set it for all protocols that use conversations specified by a pair of address/port endpoints? That might simplify find_conversation_pinfo() by having them always use the array of elements if it's present, and just fail if it's not.

◆ conversation_t

typedef struct conversation conversation_t

Data structure representing a conversation.

Enumeration Type Documentation

◆ conversation_element_type

enum conversation_element_type

Conversation element type.

Enumerator
CE_CONVERSATION_TYPE 

CONVERSATION_ value

CE_ADDRESS 

address

CE_PORT 

unsigned integer representing a port

CE_STRING 

string

CE_UINT 

unsigned integer not representing a port

CE_UINT64 

64-bit unsigned integer

CE_INT 

signed integer

CE_INT64 

64-bit signed integer

CE_BLOB 

arbitrary binary data

◆ conversation_type

enum conversation_type

Conversation key types recognized by Wireshark dissectors.

XXX: There should be a way to register conversation types used only within one dissector, similar to address types, instead of changing the global typedef.

Enumerator
CONVERSATION_NONE 

No conversation key

CONVERSATION_SCTP 

SCTP association

CONVERSATION_TCP 

TCP address/port pair

CONVERSATION_UDP 

UDP address/port pair

CONVERSATION_DCCP 

Datagram Congestion Control Protocol (DCCP)

CONVERSATION_IPX 

IPX socket number

CONVERSATION_NCP 

NetWare Core Protocol (NCP) connection

CONVERSATION_EXCHG 

Fibre Channel exchange

CONVERSATION_DDP 

AppleTalk Datagram Delivery Protocol (DDP) address/port pair

CONVERSATION_SBCCS 

FICON (SBCCS) channel connection

CONVERSATION_IDP 

XNS Internet Datagram Protocol (IDP) socket

CONVERSATION_TIPC 

TIPC port

CONVERSATION_USB 

USB endpoint; 0xffff denotes the host

CONVERSATION_I2C 

I2C bus conversation

CONVERSATION_IBQP 

InfiniBand Queue Pair (QP) number

CONVERSATION_BLUETOOTH 

Bluetooth connection

CONVERSATION_TDMOP 

TDMoP (TDM over Packet) circuit

CONVERSATION_DVBCI 

DVB Common Interface (DVB-CI) session

CONVERSATION_ISO14443 

ISO 14443 contactless smart card session

CONVERSATION_ISDN 

ISDN channel number

CONVERSATION_H223 

H.223 logical channel number

CONVERSATION_X25 

X.25 logical channel number

CONVERSATION_IAX2 

IAX2 call identifier

CONVERSATION_DLCI 

Frame Relay Data Link Connection Identifier (DLCI)

CONVERSATION_ISUP 

ISDN User Part (ISUP) Circuit Identification Code (CIC)

CONVERSATION_BICC 

Bearer Independent Call Control (BICC) circuit identifier

CONVERSATION_GSMTAP 

GSMTAP virtual radio conversation

CONVERSATION_IUUP 

Iu UP (UMTS Iu interface user plane)

CONVERSATION_DVBBBF 

DVB Base Band Frame ISI/PLP_ID

CONVERSATION_IWARP_MPA 

iWARP Marker PDU Aligned (MPA) framing conversation

CONVERSATION_BT_UTP 

BitTorrent uTP connection ID

CONVERSATION_LOG 

Logging source conversation

CONVERSATION_LTP 

LTP Engine ID and Session Number

CONVERSATION_MCTP 

Management Component Transport Protocol (MCTP)

CONVERSATION_NVME_MI 

NVMe Management Interface (NVMe-MI) conversation

CONVERSATION_BP 

Bundle Protocol endpoint IDs

CONVERSATION_SNMP 

SNMP community/context conversation

CONVERSATION_QUIC 

QUIC connection

CONVERSATION_IDN 

Internationalized Domain Name (IDN) conversation

CONVERSATION_IP 

IPv4 address pair

CONVERSATION_IPV6 

IPv6 address pair

CONVERSATION_ETH 

Classic Ethernet (no interface/VLAN deinterleaving)

CONVERSATION_ETH_NN 

Ethernet deinterleaved: Interface=No, VLAN=No

CONVERSATION_ETH_NV 

Ethernet deinterleaved: Interface=No, VLAN=Yes

CONVERSATION_ETH_IN 

Ethernet deinterleaved: Interface=Yes, VLAN=No

CONVERSATION_ETH_IV 

Ethernet deinterleaved: Interface=Yes, VLAN=Yes

CONVERSATION_VSPC_VMOTION 

VMware vSPC vMotion conversation (Telnet-based)

CONVERSATION_OPENVPN 

OpenVPN tunnel conversation

CONVERSATION_PROXY 

Proxy protocol conversation

CONVERSATION_GNSS 

Global Navigation Satellite System (GNSS) conversation

CONVERSATION_DNP3 

DNP3 (Distributed Network Protocol 3) conversation

CONVERSATION_ILNP 

Identifier-Locator Network Protocol (ILNP) conversation

Function Documentation

◆ conversation_add_proto_data()

WS_DLL_PUBLIC void conversation_add_proto_data ( conversation_t conv,
const int  proto,
void *  proto_data 
)

Associate data with a conversation.

Parameters
convConversation. Must not be NULL.
protoProtocol ID.
proto_dataPointer to the data to associate.

◆ conversation_delete_proto_data()

WS_DLL_PUBLIC void conversation_delete_proto_data ( conversation_t conv,
const int  proto 
)

Remove data associated with a conversation.

Parameters
convConversation. Must not be NULL.
protoProtocol ID.

◆ conversation_epan_reset()

void conversation_epan_reset ( void  )
extern

Initialize some variables every time a file is loaded or re-loaded.

This function initializes necessary variables for handling conversations in Wireshark. It prepares data structures and sets up default values to ensure proper operation when new files are loaded or existing ones are reloaded.

Initialize some variables every time a file is loaded or re-loaded.

◆ conversation_get_dissector()

WS_DLL_PUBLIC dissector_handle_t conversation_get_dissector ( conversation_t conversation,
const uint32_t  frame_num 
)

Retrieves the dissector associated with a conversation at a specific frame number.

Parameters
conversationThe conversation to query.
frame_numThe frame number within the conversation.
Returns
A dissector handle if found, otherwise NULL.

◆ conversation_get_id_from_elements()

WS_DLL_PUBLIC uint32_t conversation_get_id_from_elements ( struct _packet_info pinfo,
conversation_type  ctype,
const unsigned  options 
)

Get the ID value from the conversation elements in the packet info.

Parameters
pinfoPacket info.
ctypeThe conversation type.
optionsUSE_LAST_ENDPOINT or 0.
Returns
The ID value from the elements if successful, or 0 on failure.

< Use last endpoint created, regardless of type

< Use last endpoint created, regardless of type

◆ conversation_get_proto_data()

WS_DLL_PUBLIC void * conversation_get_proto_data ( const conversation_t conv,
const int  proto 
)

Fetch data associated with a conversation.

Parameters
convConversation. Must not be NULL.
protoProtocol ID.
Returns
The data previously set with conversation_add_proto_data, otherwise NULL.

◆ conversation_init()

void conversation_init ( void  )
extern

Create a new hash tables for conversations.

Create a new hash tables for conversations.

◆ conversation_key_addr1()

WS_DLL_PUBLIC const address * conversation_key_addr1 ( const conversation_element_t key)

Retrieve the first address from a conversation key.

Parameters
keyThe conversation element key.
Returns
Pointer to the first address in the key.

◆ conversation_key_addr2()

WS_DLL_PUBLIC const address * conversation_key_addr2 ( const conversation_element_t key)

Retrieve the second address from a conversation key.

Parameters
keyThe conversation element key.
Returns
Pointer to the second address in the key.

◆ conversation_key_port1()

WS_DLL_PUBLIC uint32_t conversation_key_port1 ( const conversation_element_t key)

Retrieve the first port from a conversation key.

Parameters
keyThe conversation element key.
Returns
The first port in the key, or 0 if not present.

◆ conversation_key_port2()

WS_DLL_PUBLIC uint32_t conversation_key_port2 ( const conversation_element_t key)

Retrieve the second port from a conversation key.

Parameters
keyThe conversation element key.
Returns
The second port in the key, or 0 if not present.

◆ conversation_new()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new ( const uint32_t  setup_frame,
const address addr1,
const address addr2,
const conversation_type  ctype,
const uint32_t  port1,
const uint32_t  port2,
const unsigned  options 
)

Given two address/port pairs for a packet, create a new conversation identified by address/port pairs.

The options field is used to specify whether the address 2 value and/or port 2 value are not given and any value is acceptable when searching for this conversation. Null address values will be replaced with empty (AT_NONE) addresses.

Parameters
setup_frameThe first frame in the conversation.
addr1The first address in the identifying tuple.
addr2The second address in the identifying tuple.
ctypeThe conversation type.
port1The first port in the identifying tuple.
port2The second port in the identifying tuple.
optionsNO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE. Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed.
Returns
The new conversation.

◆ conversation_new_by_id()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_by_id ( const uint32_t  setup_frame,
const conversation_type  ctype,
const uint32_t  id 
)

Create a new conversation identified by a conversation index.

Parameters
setup_frameThe first frame in the conversation.
ctypeThe conversation type.
idThe conversation index.
Returns
The new conversation.

◆ conversation_new_deinterlaced()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_deinterlaced ( const uint32_t  setup_frame,
const address addr1,
const address addr2,
const conversation_type  ctype,
const uint32_t  port1,
const uint32_t  port2,
const uint32_t  anchor,
const unsigned  options 
)

Create a deinterlaced conversation, based on two addresses, a type, and several keys (VLAN, Mac, Interface).

Parameters
setup_frameThe first frame in the conversation.
addr1The first address in the identifying tuple.
addr2The second address in the identifying tuple.
ctypeThe conversation type.
port1The first port in the identifying tuple.
port2The second port in the identifying tuple.
anchorThe frame number to anchor the conversation to, which is used to determine the initial frame number of the conversation and to find the other key values (VLAN, Mac, Interface) for the conversation.
optionsNO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE. Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed.
Returns
The new conversation.

◆ conversation_new_deinterlacer()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_deinterlacer ( const uint32_t  setup_frame,
const address addr1,
const address addr2,
const conversation_type  ctype,
const uint32_t  key1,
const uint32_t  key2,
const uint32_t  key3 
)

Create a deinterlacer conversation, based on two addresses, a type, and several keys (VLAN, Mac, Interface).

Parameters
setup_frameThe first frame in the conversation.
addr1The first address in the identifying tuple.
addr2The second address in the identifying tuple.
ctypeThe conversation type.
key1The first key in the identifying tuple.
key2The second key in the identifying tuple.
key3The third key in the identifying tuple.
Returns
The new conversation.

◆ conversation_new_err_pkts()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_err_pkts ( const uint32_t  setup_frame,
const conversation_type  ctype,
const uint32_t  id,
const uint32_t  rid 
)

Create a new conversation in the err_pkts table.

Parameters
setup_frameThe first frame in the conversation.
ctypeThe conversation type.
idThe conversation index.
ridThe reference conversation index, supposedly a member of one of the port_addr tables.
Returns
The new conversation.

◆ conversation_new_full()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_full ( const uint32_t  setup_frame,
conversation_element_t elements 
)

Create a new conversation identified by a list of elements.

Parameters
setup_frameThe first frame in the conversation.
elementsAn array of element types and values. Must not be NULL. Must be terminated with a CE_CONVERSATION_TYPE element.
Returns
The new conversation.

◆ conversation_new_strat()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_strat ( const packet_info pinfo,
const conversation_type  ctype,
const unsigned  options 
)

A helper function for creating conversations according to the runtime deinterlacing strategy, which means the returned conversation is either a classic (historical) object, or a deinterlaced one.

Parameters
pinfoPacket info.
ctypeThe conversation type.
optionsNO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE. Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed.
Returns
The new conversation.

◆ conversation_new_strat_xtd()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_strat_xtd ( const packet_info pinfo,
const uint32_t  setup_frame,
const address addr1,
const address addr2,
const conversation_type  ctype,
const uint32_t  port1,
const uint32_t  port2,
const unsigned  options 
)

A helper function for creating conversations according to the runtime deinterlacing strategy, which means the returned conversation is either a classic (historical) object, or a deinterlaced one.

Parameters
pinfoPacket info.
setup_frameThe first frame in the conversation.
addr1The first address in the identifying tuple.
addr2The second address in the identifying tuple.
ctypeThe conversation type.
port1The first port in the identifying tuple.
port2The second port in the identifying tuple.
optionsNO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE. Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed.
Returns
The new conversation.

◆ conversation_pt_to_conversation_type()

WS_DLL_PUBLIC conversation_type conversation_pt_to_conversation_type ( port_type  pt)

Converts a port_type to an endpoint_type.

This function is used to convert a port_type enumeration value to its corresponding endpoint_type enumeration value. The conversion is currently a 1-1 mapping, but the intention is to remove many of the port_type instances in favor of endpoint_type.

Parameters
ptThe port_type to be converted.
Returns
The corresponding endpoint_type.

◆ conversation_pt_to_endpoint_type()

WS_DLL_PUBLIC endpoint_type conversation_pt_to_endpoint_type ( port_type  pt)

Converts a port_type to an endpoint_type.

This function maps a given port_type to its corresponding endpoint_type. For now, it's a 1-1 mapping, but the intention is to remove many of the port_type instances in favor of endpoint_type.

Parameters
ptThe port_type to convert.
Returns
The corresponding endpoint_type.

◆ conversation_set_addr2()

WS_DLL_PUBLIC void conversation_set_addr2 ( conversation_t conv,
const address addr 
)

Set the second address in a conversation created with conversation_new.

Parameters
convConversation. Must be created with conversation_new.
addrThe second address to set.

◆ conversation_set_conv_addr_port_endpoints()

WS_DLL_PUBLIC void conversation_set_conv_addr_port_endpoints ( struct _packet_info pinfo,
address addr1,
address addr2,
conversation_type  ctype,
uint32_t  port1,
uint32_t  port2 
)

Set the address and port endpoints for a conversation in the packet info.

Save address+port information in the current packet info; it can be matched by find_conversation_pinfo or find_conversation. Supports wildcarding.

Parameters
pinfoPacket info.
addr1The first address in the identifying tuple.
addr2The second address in the identifying tuple.
ctypeThe conversation type.
port1The first port in the identifying tuple.
port2The second port in the identifying tuple.

◆ conversation_set_dissector()

WS_DLL_PUBLIC void conversation_set_dissector ( conversation_t conversation,
const dissector_handle_t  handle 
)

Set the dissector for a conversation.

Parameters
conversationThe conversation to set the dissector for.
handleThe dissector handle to use.

◆ conversation_set_dissector_from_frame_number()

WS_DLL_PUBLIC void conversation_set_dissector_from_frame_number ( conversation_t conversation,
const uint32_t  starting_frame_num,
const dissector_handle_t  handle 
)

Set a dissector for a conversation starting from a specific frame number.

Parameters
conversationThe conversation to set the dissector for.
starting_frame_numThe frame number from which to start setting the dissector.
handleThe dissector handle to set.

◆ conversation_set_elements_by_id()

WS_DLL_PUBLIC void conversation_set_elements_by_id ( struct _packet_info pinfo,
conversation_type  ctype,
uint32_t  id 
)

Set the conversation elements for a conversation in the packet info.

Save conversation elements including ID information in the current packet info which can be matched by conversation_get_id_from_elements. Does not support wildcarding.

Parameters
pinfoPacket info.
ctypeThe conversation type.
idA unique ID.

◆ conversation_set_port2()

WS_DLL_PUBLIC void conversation_set_port2 ( conversation_t conv,
const uint32_t  port 
)

Set the second port in a conversation created with conversation_new.

Parameters
convConversation. Must be created with conversation_new.
portThe second port to set.

◆ find_conversation()

WS_DLL_PUBLIC conversation_t * find_conversation ( const uint32_t  frame_num,
const address addr_a,
const address addr_b,
const conversation_type  ctype,
const uint32_t  port_a,
const uint32_t  port_b,
const unsigned  options 
)

Given two address/port pairs for a packet, search for a conversation containing packets between those address/port pairs. Returns NULL if not found.

We try to find the most exact match that we can, and then proceed to try wildcard matches on the "addr_b" and/or "port_b" argument if a more exact match failed.

Either or both of the "addr_b" and "port_b" arguments may be specified as a wildcard by setting the NO_ADDR_B or NO_PORT_B flags in the "options" argument. We do only wildcard matches on addresses and ports specified as wildcards.

I.e.:

if neither "addr_b" nor "port_b" were specified as wildcards, we do an exact match (addr_a/port_a and addr_b/port_b) and, if that succeeds, we return a pointer to the matched conversation;

otherwise, if "port_b" wasn't specified as a wildcard, we try to match any address 2 with the specified port 2 (addr_a/port_a and {any}/addr_b) and, if that succeeds, we return a pointer to the matched conversation;

otherwise, if "addr_b" wasn't specified as a wildcard, we try to match any port 2 with the specified address 2 (addr_a/port_a and addr_b/{any}) and, if that succeeds, we return a pointer to the matched conversation;

otherwise, we try to match any address 2 and any port 2 (addr_a/port_a and {any}/{any}) and, if that succeeds, we return a pointer to the matched conversation;

otherwise, we found no matching conversation, and return NULL.

Null address values will be replaced with empty (AT_NONE) addresses.

Parameters
frame_numFrame number. Must be greater than or equal to the conversation's initial frame number.
addr_aThe first address in the identifying tuple.
addr_bThe second address in the identifying tuple.
ctypeThe conversation type.
port_aThe first port in the identifying tuple.
port_bThe second port in the identifying tuple.
optionsWildcard options as described above.
Returns
The matching conversation if found, otherwise NULL.

◆ find_conversation_by_id()

WS_DLL_PUBLIC conversation_t * find_conversation_by_id ( const uint32_t  frame,
const conversation_type  ctype,
const uint32_t  id 
)

Finds a conversation by its ID.

Parameters
frameThe frame number associated with the conversation.
ctypeThe type of conversation.
idThe unique identifier for the conversation.
Returns
conversation_t* A pointer to the conversation if found, otherwise NULL.

◆ find_conversation_deinterlaced()

WS_DLL_PUBLIC conversation_t * find_conversation_deinterlaced ( const uint32_t  frame_num,
const address addr_a,
const address addr_b,
const conversation_type  ctype,
const uint32_t  port_a,
const uint32_t  port_b,
const uint32_t  anchor,
const unsigned  options 
)

Finds a conversation using deinterlacing based on frame number, addresses, ports, and type.

Parameters
frame_numThe frame number associated with the conversation.
addr_aThe first address of the conversation.
addr_bThe second address of the conversation.
ctypeThe type of the conversation.
port_aThe port number for the first address.
port_bThe port number for the second address.
anchorThe anchor value for the conversation.
optionsOptions to control the search behavior.
Returns
conversation_t* A pointer to the found conversation, or NULL if not found.

◆ find_conversation_deinterlacer()

WS_DLL_PUBLIC conversation_t * find_conversation_deinterlacer ( const uint32_t  frame_num,
const address addr_a,
const address addr_b,
const conversation_type  ctype,
const uint32_t  key_a,
const uint32_t  key_b,
const uint32_t  key_c 
)

Finds a conversation using deinterlacing based on frame number and addresses.

Parameters
frame_numThe frame number of the packet.
addr_aThe first address of the conversation.
addr_bThe second address of the conversation.
ctypeThe type of conversation.
key_aAdditional key for the conversation (port A).
key_bAdditional key for the conversation (port B).
key_cAdditional key for the conversation (anchor).
Returns
conversation_t* Pointer to the found conversation, or NULL if not found.

◆ find_conversation_deinterlacer_pinfo()

WS_DLL_PUBLIC conversation_t * find_conversation_deinterlacer_pinfo ( const packet_info pinfo)

A wrapper function of find_conversation_deinterlacer().

A wrapper function of find_conversation_deinterlacer() using data from pinfo, which evaluates the execution context first (user preference, VLAN, interface,..), and then calls find_conversation_deinterlacer(). The frame number and addresses are taken from pinfo.

Parameters
pinfoPacket info.
Returns
Pointer to the found conversation, or NULL if not found.

◆ find_conversation_err_pkts()

WS_DLL_PUBLIC conversation_t * find_conversation_err_pkts ( const uint32_t  frame,
const conversation_type  ctype,
const uint32_t  id,
const uint32_t  rid 
)

Finds a conversation using error packets.

Parameters
frameThe frame number.
ctypeThe conversation type.
idThe ID of the conversation element.
ridThe remote ID of the conversation element.
Returns
conversation_t* A pointer to the found conversation, or NULL if not found.

◆ find_conversation_full()

WS_DLL_PUBLIC conversation_t * find_conversation_full ( const uint32_t  frame_num,
conversation_element_t elements 
)

Search for a conversation based on the structure and values of an element list.

Parameters
frame_numFrame number. Must be greater than or equal to the conversation's initial frame number.
elementsAn array of element types and values. Must not be NULL. Must be terminated with a CE_CONVERSATION_TYPE element.
Returns
The matching conversation if found, otherwise NULL.

◆ find_conversation_pinfo()

WS_DLL_PUBLIC conversation_t * find_conversation_pinfo ( const packet_info pinfo,
const unsigned  options 
)

A helper function that calls find_conversation() using data from pinfo The frame number and addresses are taken from pinfo.

Parameters
pinfoPacket info.
optionsOptions to control the search behavior.
Returns
Pointer to the found conversation, or NULL if not found.

A helper function that calls find_conversation() using data from pinfo The frame number and addresses are taken from pinfo.

◆ find_conversation_pinfo_ro()

WS_DLL_PUBLIC conversation_t * find_conversation_pinfo_ro ( const packet_info pinfo,
const unsigned  options 
)

A helper function that calls find_conversation() using data from pinfo.

It's a simplified version of find_conversation_pinfo() to avoid unnecessary checks and be limited to read-only, which is the minimal need for displaying packets in packet_list. The frame number and addresses are taken from pinfo.

Parameters
pinfoPointer to the packet_info structure containing the necessary data.
optionsOptions for finding the conversation.
Returns
Pointer to the found conversation or NULL if not found.

A helper function that calls find_conversation() using data from pinfo, as above, but somewhat simplified for being accessed from packet_list. The frame number and addresses are taken from pinfo.

◆ find_conversation_pinfo_strat()

WS_DLL_PUBLIC conversation_t * find_conversation_pinfo_strat ( const packet_info pinfo,
const unsigned  options 
)

A helper function that calls find_conversation() using data from pinfo. It's a simplified version of find_conversation_pinfo() to avoid unnecessary checks and be limited to read-only, which is the minimal need for displaying packets in packet_list. The frame number and addresses are taken from pinfo.

Parameters
pinfoPointer to the packet_info structure containing the necessary data.
optionsOptions for finding the conversation.
Returns
Pointer to the found conversation or NULL if not found.

◆ find_conversation_strat()

WS_DLL_PUBLIC conversation_t * find_conversation_strat ( const packet_info pinfo,
const conversation_type  ctype,
const unsigned  options,
const bool  direction 
)

A helper function that calls find_conversation() using data from pinfo, and returns a conversation according to the runtime deinterlacing strategy. The frame number and addresses are taken from pinfo, and direction.

Parameters
pinfoPacket info.
ctypeThe conversation type.
optionsOptions to control the search behavior.
directionThe direction of the conversation to find, true for forward and false for reverse.
Returns
Pointer to the found conversation, or NULL if not found.

◆ find_conversation_strat_xtd()

WS_DLL_PUBLIC conversation_t * find_conversation_strat_xtd ( const packet_info pinfo,
const uint32_t  setup_frame,
const address addr1,
const address addr2,
const conversation_type  ctype,
const uint32_t  port1,
const uint32_t  port2,
const unsigned  options 
)

Finds a conversation using extended parameters.

This function searches for an existing conversation based on the provided packet information, frame number, addresses, conversation type, ports, and options. If deinterlacing is supported, it uses the underlying conversation to find the target conversation.

Parameters
pinfoPacket information containing necessary details.
setup_frameFrame number of the setup packet.
addr1First address in the conversation.
addr2Second address in the conversation.
ctypeType of the conversation.
port1Port number for the first address.
port2Port number for the second address.
optionsAdditional options for conversation search.
Returns
Pointer to the found conversation, or NULL if not found.

◆ find_or_create_conversation()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * find_or_create_conversation ( const packet_info pinfo)

A helper function that calls find_conversation() and, if a conversation is not found, calls conversation_new().

A helper function that calls find_conversation() and, if a conversation is not found, calls conversation_new(). The frame number and addresses are taken from pinfo. No options are used, though we could extend this API to include an options parameter.

Parameters
pinfoPacket info.
Returns
The existing or new conversation.

◆ find_or_create_conversation_by_id()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * find_or_create_conversation_by_id ( packet_info pinfo,
const conversation_type  ctype,
const uint32_t  id 
)

A helper function that calls find_conversation_by_id() and, if a conversation is not found, calls conversation_new_by_id(). The frame number is taken from pinfo.

Parameters
pinfoPacket info.
ctypeThe conversation type.
idThe conversation index.
Returns
The existing or new conversation.

◆ find_or_create_conversation_strat()

WS_DLL_PUBLIC WS_RETNONNULL conversation_t * find_or_create_conversation_strat ( const packet_info pinfo)

Finds or creates a conversation based on the provided packet information.

This function attempts to find an existing conversation using the packet's source and destination addresses, protocol type, destination port, and source port. If no conversation is found, it creates a new one.

Parameters
pinfoThe packet information structure containing the necessary details for finding or creating a conversation.
Returns
A pointer to the conversation_t structure representing the found or created conversation.

◆ get_conversation_hashtables()

WS_DLL_PUBLIC wmem_map_t * get_conversation_hashtables ( void  )

Get a hash table of conversation hash table.

Returns
A wmem_map_t * of (const char *: wmem_map_t *). Each value is a wmem_map_t * of (const conversation_element_t *: void *).

◆ is_deinterlacing_supported()

WS_DLL_PUBLIC bool is_deinterlacing_supported ( const packet_info pinfo)

Returns the Deinterlacing support status.

Parameters
pinfoPacket info.
Returns
true if deinterlacing is supported and enabled by the user pref, false otherwise

◆ try_conversation_dissector()

WS_DLL_PUBLIC bool try_conversation_dissector ( const address addr_a,
const address addr_b,
const conversation_type  ctype,
const uint32_t  port_a,
const uint32_t  port_b,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data,
const unsigned  options 
)

Given two address/port pairs for a packet, search for a matching conversation and, if found and it has a conversation dissector, call that dissector and return true, otherwise return false.

This helper uses call_dissector_only which will NOT call the default "data" dissector if the packet was rejected. Our caller is responsible to call the data dissector explicitly in case this function returns false.

Parameters
addr_aThe first address in the identifying tuple.
addr_bThe second address in the identifying tuple.
ctypeThe conversation type.
port_aThe first port in the identifying tuple.
port_bThe second port in the identifying tuple.
tvbThe current data buffer containing the packet.
pinfoPacket information structure.
treeProtocol tree for displaying dissected information.
dataUser-specific data passed to the dissector.
optionsWildcard options as described in find_conversation().
Returns
True if a matching conversation with a dissector was found and called, false otherwise

◆ try_conversation_dissector_by_id()

WS_DLL_PUBLIC bool try_conversation_dissector_by_id ( const conversation_type  ctype,
const uint32_t  id,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)

Tries to use an existing dissector for a given conversation type and ID. Attempt to dissect a packet using a specific conversation ID.

Parameters
ctypeThe type of conversation.
idThe unique identifier of the conversation.
tvbThe current data buffer containing the packet.
pinfoPacket information structure.
treeProtocol tree for displaying dissected information.
dataUser-specific data passed to the dissector.
Returns
True if the packet was successfully dissected, false otherwise.

◆ try_conversation_dissector_strat()

WS_DLL_PUBLIC bool try_conversation_dissector_strat ( packet_info pinfo,
const conversation_type  ctype,
tvbuff_t tvb,
proto_tree tree,
void *  data,
const unsigned  options,
const bool  direction 
)

Attempts to dissect a packet using a conversation-based strategy.

This function tries to find an existing conversation that matches the given parameters and uses it to dissect the packet. If no matching conversation is found, it attempts to create one with specific options.

Parameters
pinfoPointer to the packet information structure.
ctypeThe type of conversation.
tvbPointer to the TVBuffer containing the packet data.
treePointer to the protocol tree for displaying dissected information.
dataUser-specific data passed to the dissector.
optionsOptions for conversation creation, such as NO_ADDR_B or NO_PORT_B.
directionDirection of the conversation (e.g., client-server).
Returns
True if the packet was successfully dissected, false otherwise.
Generated by doxygen 1.9.8