docs/wsar_html.zip:wsar_html/epan_8h_source.html

#pragma once

#include <wsutil/feature_list.h>

#include <epan/tvbuff.h>

#include <epan/prefs.h>

#include <epan/frame_data.h>

#include <epan/register.h>

#include <wiretap/wtap_opttypes.h>


#ifdef __cplusplus

extern "C" {

#endif /* __cplusplus */


extern bool wireshark_abort_on_dissector_bug;


extern bool wireshark_abort_on_too_many_items;


WS_DLL_PUBLIC void ws_dissector_bug(const char *format, ...)

    G_GNUC_PRINTF(1,2);


#define ws_dissector_oops(_fmt, ...) ws_dissector_bug("OOPS: " _fmt, __VA_ARGS__)


typedef struct epan_dissect epan_dissect_t;


struct epan_dfilter;

struct epan_column_info;


struct packet_provider_data;


struct packet_provider_funcs {

    const nstime_t *(*get_frame_ts)(struct packet_provider_data *prov, uint32_t frame_num);


    const nstime_t *(*get_start_ts)(struct packet_provider_data *prov);


    const nstime_t *(*get_end_ts)(struct packet_provider_data *prov);


    const char *(*get_interface_name)(struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number);


    const char *(*get_interface_description)(struct packet_provider_data *prov, uint32_t interface_id, unsigned section_number);


    wtap_block_t (*get_modified_block)(struct packet_provider_data *prov, const frame_data *fd);


    int32_t (*get_process_id)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number);


    const char *(*get_process_name)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number);


    const uint8_t *(*get_process_uuid)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number, size_t *uuid_size);

};


/*

Ref 1

Epan

Enhanced Packet ANalyzer, aka the packet analyzing engine. Source code can be found in the epan directory.


Protocol-Tree - Keep data of the capture file protocol information.


Dissectors - The various protocol dissectors in epan/dissectors.


Plugins - Some of the protocol dissectors are implemented as plugins. Source code can be found at plugins.


Display-Filters - the display filter engine at epan/dfilter


*/


typedef struct {

    const char* env_var_prefix;

    const char** col_fmt;

    int num_cols;

    register_entity_func register_func;

    register_entity_func handoff_func;

    struct _tap_reg const* tap_reg_listeners;

} epan_app_data_t;


WS_DLL_PUBLIC

bool epan_init(register_cb cb, void *client_data, bool load_plugins, epan_app_data_t* app_data);


WS_DLL_PUBLIC

e_prefs *epan_load_settings(void);


WS_DLL_PUBLIC

void epan_cleanup(void);


typedef struct {

    void (*init)(void);


    void (*post_init)(void);


    void (*dissect_init)(epan_dissect_t *);


    void (*dissect_cleanup)(epan_dissect_t *);


    void (*cleanup)(void);


    void (*register_all_protocols)(register_cb cb, void *user_data);


    void (*register_all_handoffs)(register_cb cb, void *user_data);


    void (*register_all_tap_listeners)(void);

} epan_plugin;


WS_DLL_PUBLIC void epan_register_plugin(const epan_plugin *plugin);


WS_DLL_PUBLIC int epan_plugins_supported(void);


void epan_conversation_init(void);


typedef struct epan_session epan_t;

typedef struct epan_session epan_t;


WS_DLL_PUBLIC epan_t *epan_new(struct packet_provider_data *prov,

    const struct packet_provider_funcs *funcs);


WS_DLL_PUBLIC wtap_block_t epan_get_modified_block(const epan_t *session, const frame_data *fd);


WS_DLL_PUBLIC const char *epan_get_interface_name(const epan_t *session, uint32_t interface_id, unsigned section_number);


WS_DLL_PUBLIC const char *epan_get_interface_description(const epan_t *session, uint32_t interface_id, unsigned section_number);


WS_DLL_PUBLIC int32_t epan_get_process_id(const epan_t *session, uint32_t process_info_id, unsigned section_number);


WS_DLL_PUBLIC const char *epan_get_process_name(const epan_t *session, uint32_t process_info_id, unsigned section_number);


WS_DLL_PUBLIC const uint8_t *epan_get_process_uuid(const epan_t *session, uint32_t process_info_id, unsigned section_number, size_t *uuid_size);


const nstime_t *epan_get_frame_ts(const epan_t *session, uint32_t frame_num);


const nstime_t *epan_get_start_ts(const epan_t *session);


WS_DLL_PUBLIC void epan_free(epan_t *session);


WS_DLL_PUBLIC const char* epan_get_version(void);


WS_DLL_PUBLIC void epan_get_version_number(int *major, int *minor, int *micro);


WS_DLL_PUBLIC const char* epan_get_environment_prefix(void);


WS_DLL_PUBLIC

void epan_set_always_visible(bool force);


WS_DLL_PUBLIC

void

epan_dissect_init(epan_dissect_t *edt, epan_t *session, const bool create_proto_tree, const bool proto_tree_visible);


WS_DLL_PUBLIC

epan_dissect_t*

epan_dissect_new(epan_t *session, const bool create_proto_tree, const bool proto_tree_visible);


WS_DLL_PUBLIC

void

epan_dissect_reset(epan_dissect_t *edt);


WS_DLL_PUBLIC

void

epan_dissect_fake_protocols(epan_dissect_t *edt, const bool fake_protocols);


WS_DLL_PUBLIC

void

epan_dissect_run(epan_dissect_t *edt, int file_type_subtype,

        wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_run_with_taps(epan_dissect_t *edt, int file_type_subtype,

        wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_file_run(epan_dissect_t *edt, wtap_rec *rec,

        frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_file_run_with_taps(epan_dissect_t *edt, wtap_rec *rec,

        frame_data *fd, struct epan_column_info *cinfo);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_dfilter(epan_dissect_t *edt, const struct epan_dfilter *dfcode);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_dfilter_print(epan_dissect_t *edt, const struct epan_dfilter *dfcode);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_hfid(epan_dissect_t *edt, int hfid);


WS_DLL_PUBLIC

void

epan_dissect_prime_with_hfid_array(epan_dissect_t *edt, GArray *hfids);


WS_DLL_PUBLIC

void

epan_dissect_fill_in_columns(epan_dissect_t *edt, const bool fill_col_exprs, const bool fill_fd_columns);


WS_DLL_PUBLIC

bool

epan_dissect_packet_contains_field(epan_dissect_t* edt,

                                   const char *field_name);


WS_DLL_PUBLIC

void

epan_dissect_cleanup(epan_dissect_t* edt);


WS_DLL_PUBLIC

void

epan_dissect_free(epan_dissect_t* edt);


const char *

epan_custom_set(epan_dissect_t *edt, GSList *ids, int occurrence, bool display_details,

                char *result, char *expr, const int size);


WS_DLL_PUBLIC

void

epan_gather_compile_info(feature_list l);


WS_DLL_PUBLIC

void

epan_gather_runtime_info(feature_list l);


#ifdef __cplusplus

}

#endif /* __cplusplus */

epan_dissect_init
WS_DLL_PUBLIC void epan_dissect_init(epan_dissect_t *edt, epan_t *session, const bool create_proto_tree, const bool proto_tree_visible)
Initialize an existing single packet dissection.
Definition epan.c:679

epan_dissect_fake_protocols
WS_DLL_PUBLIC void epan_dissect_fake_protocols(epan_dissect_t *edt, const bool fake_protocols)
Indicate whether protocols should be faked during dissection.
Definition epan.c:750

epan_get_process_id
WS_DLL_PUBLIC int32_t epan_get_process_id(const epan_t *session, uint32_t process_info_id, unsigned section_number)
Retrieve the process ID associated with a given process info record.
Definition epan.c:611

epan_init
WS_DLL_PUBLIC bool epan_init(register_cb cb, void *client_data, bool load_plugins, epan_app_data_t *app_data)
Initialize the entire epan module.
Definition epan.c:294

epan_conversation_init
void epan_conversation_init(void)
Initialize the table of conversations.
Definition epan.c:658

epan_dissect_file_run
WS_DLL_PUBLIC void epan_dissect_file_run(epan_dissect_t *edt, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a dissection of file-based packet data.
Definition epan.c:787

wireshark_abort_on_dissector_bug
bool wireshark_abort_on_dissector_bug
Controls whether Wireshark should abort on a dissector bug.
Definition epan.c:124

epan_gather_compile_info
WS_DLL_PUBLIC void epan_gather_compile_info(feature_list l)
Get compile-time information for libraries used by libwireshark.
Definition epan.c:920

epan_dissect_cleanup
WS_DLL_PUBLIC void epan_dissect_cleanup(epan_dissect_t *edt)
Release resources associated with a packet dissection context.
Definition epan.c:814

epan_get_process_name
WS_DLL_PUBLIC const char * epan_get_process_name(const epan_t *session, uint32_t process_info_id, unsigned section_number)
Retrieve the name of a process associated with a given process info record.
Definition epan.c:629

epan_dissect_fill_in_columns
WS_DLL_PUBLIC void epan_dissect_fill_in_columns(epan_dissect_t *edt, const bool fill_col_exprs, const bool fill_fd_columns)
Populate packet list columns with dissection output.
Definition epan.c:891

epan_new
WS_DLL_PUBLIC epan_t * epan_new(struct packet_provider_data *prov, const struct packet_provider_funcs *funcs)
Create a new epan dissection session.
Definition epan.c:538

epan_get_interface_description
WS_DLL_PUBLIC const char * epan_get_interface_description(const epan_t *session, uint32_t interface_id, unsigned section_number)
Retrieve the description of a network interface.
Definition epan.c:571

epan_load_settings
WS_DLL_PUBLIC e_prefs * epan_load_settings(void)
Load all settings from the current profile that affect epan.
Definition epan.c:437

epan_free
WS_DLL_PUBLIC void epan_free(epan_t *session)
Free an epan dissection session.
Definition epan.c:647

epan_dissect_prime_with_hfid
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid(epan_dissect_t *edt, int hfid)
Prime a dissection context's protocol tree with a specific field or protocol.
Definition epan.c:863

epan_dissect_reset
WS_DLL_PUBLIC void epan_dissect_reset(epan_dissect_t *edt)
Reset a dissection context for reuse.
Definition epan.c:708

epan_plugins_supported
WS_DLL_PUBLIC int epan_plugins_supported(void)
Check plugin support status for libwireshark components.
Definition epan.c:277

epan_cleanup
WS_DLL_PUBLIC void epan_cleanup(void)
Clean up the entire epan module.
Definition epan.c:456

epan_dissect_free
WS_DLL_PUBLIC void epan_dissect_free(epan_dissect_t *edt)
Free a single packet dissection context.
Definition epan.c:844

epan_get_version_number
WS_DLL_PUBLIC void epan_get_version_number(int *major, int *minor, int *micro)
Retrieve the version number of the epan library.
Definition epan.c:154

epan_get_modified_block
WS_DLL_PUBLIC wtap_block_t epan_get_modified_block(const epan_t *session, const frame_data *fd)
Retrieve a modified capture block associated with a specific frame.
Definition epan.c:553

epan_get_environment_prefix
WS_DLL_PUBLIC const char * epan_get_environment_prefix(void)
Retrieve the environment prefix string used by epan.
Definition epan.c:165

epan_dissect_packet_contains_field
WS_DLL_PUBLIC bool epan_dissect_packet_contains_field(epan_dissect_t *edt, const char *field_name)
Check whether a dissected packet contains a specific named field.
Definition epan.c:898

epan_get_frame_ts
const nstime_t * epan_get_frame_ts(const epan_t *session, uint32_t frame_num)
Retrieve the timestamp of a specific frame.
Definition epan.c:580

epan_dissect_prime_with_dfilter
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter(epan_dissect_t *edt, const struct epan_dfilter *dfcode)
Prime a dissection context's protocol tree using a display filter.

epan_get_process_uuid
WS_DLL_PUBLIC const uint8_t * epan_get_process_uuid(const epan_t *session, uint32_t process_info_id, unsigned section_number, size_t *uuid_size)
Retrieve the UUID of a process associated with a given process info record.
Definition epan.c:638

epan_get_start_ts
const nstime_t * epan_get_start_ts(const epan_t *session)
Retrieve the start timestamp of the capture session.
Definition epan.c:595

epan_dissect_run
WS_DLL_PUBLIC void epan_dissect_run(epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a single packet dissection.
Definition epan.c:757

epan_gather_runtime_info
WS_DLL_PUBLIC void epan_gather_runtime_info(feature_list l)
Get runtime information for libraries used by libwireshark.
Definition epan.c:1025

epan_dissect_prime_with_hfid_array
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid_array(epan_dissect_t *edt, GArray *hfids)
Prime a dissection context's protocol tree with a set of fields or protocols.
Definition epan.c:869

ws_dissector_bug
WS_DLL_PUBLIC void ws_dissector_bug(const char *format,...)
Report a dissector bug (and optionally abort).
Definition epan.c:128

epan_get_version
WS_DLL_PUBLIC const char * epan_get_version(void)
Retrieve the epan library's version as a string.
Definition epan.c:149

epan_dissect_new
WS_DLL_PUBLIC epan_dissect_t * epan_dissect_new(epan_t *session, const bool create_proto_tree, const bool proto_tree_visible)
Create a new single packet dissection.
Definition epan.c:739

epan_dissect_prime_with_dfilter_print
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter_print(epan_dissect_t *edt, const struct epan_dfilter *dfcode)
Prime a dissection context's protocol tree using a display filter, marking fields for print output.

wireshark_abort_on_too_many_items
bool wireshark_abort_on_too_many_items
Controls whether Wireshark should abort when too many items are added to a tree.
Definition epan.c:125

epan_dissect_file_run_with_taps
WS_DLL_PUBLIC void epan_dissect_file_run_with_taps(epan_dissect_t *edt, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a dissection of file-based packet data and invoke tap listeners.
Definition epan.c:801

epan_set_always_visible
WS_DLL_PUBLIC void epan_set_always_visible(bool force)
Set or unset the tree to always be visible when epan_dissect_init() is called.
Definition epan.c:670

epan_dissect_run_with_taps
WS_DLL_PUBLIC void epan_dissect_run_with_taps(epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, frame_data *fd, struct epan_column_info *cinfo)
Run a single packet dissection and invoke tap listeners.
Definition epan.c:774

epan_custom_set
const char * epan_custom_set(epan_dissect_t *edt, GSList *ids, int occurrence, bool display_details, char *result, char *expr, const int size)
Set the value of a custom column based on specified fields and expression.
Definition epan.c:881

epan_register_plugin
WS_DLL_PUBLIC void epan_register_plugin(const epan_plugin *plugin)
Register an epan plugin with the dissection engine.

epan_get_interface_name
WS_DLL_PUBLIC const char * epan_get_interface_name(const epan_t *session, uint32_t interface_id, unsigned section_number)
Retrieve the name of a network interface.
Definition epan.c:562

feature_list.h

feature_list
GList ** feature_list
Semi-opaque handle to a list of features or dependencies.
Definition feature_list.h:33

frame_data.h

frame_data
DIAG_OFF_PEDANTIC struct _frame_data frame_data
Frame data structure.

prefs.h

register.h

_e_prefs
Global Wireshark preferences structure holding all persistent configuration settings.
Definition prefs.h:213

_plugin
Definition plugins.c:33

_tap_reg
Describes a single built-in tap registration entry, pairing a tap name with its registration callback...
Definition tap.h:90

client_data
Definition packet-bt-dht.c:97

epan_app_data_t
Information about the application that wants to use epan.
Definition epan.h:193

epan_app_data_t::register_func
register_entity_func register_func
Definition epan.h:197

epan_app_data_t::num_cols
int num_cols
Definition epan.h:196

epan_app_data_t::env_var_prefix
const char * env_var_prefix
Definition epan.h:194

epan_app_data_t::tap_reg_listeners
struct _tap_reg const  * tap_reg_listeners
Definition epan.h:199

epan_app_data_t::col_fmt
const char ** col_fmt
Definition epan.h:195

epan_app_data_t::handoff_func
register_entity_func handoff_func
Definition epan.h:198

epan_column_info
Definition column-info.h:59

epan_dfilter
The compiled display filter object passed back to the user.
Definition dfilter-int.h:46

epan_dissect
Holds all state for the dissection of a single byte array, including session, buffer,...
Definition epan_dissect.h:28

epan_plugin
Plugin interface for EPAN modules.
Definition epan.h:241

epan_session
Definition epan.c:532

nstime_t
Definition nstime.h:26

packet_provider_data
Packet provider context for programs operating on a capture file.
Definition cfile.h:72

packet_provider_funcs
Structure containing pointers to functions supplied by the user of libwireshark.
Definition epan.h:81

packet_provider_funcs::get_modified_block
wtap_block_t(* get_modified_block)(struct packet_provider_data *prov, const frame_data *fd)
Get a modified WTAP block for a given frame.
Definition epan.h:134

packet_provider_funcs::get_process_id
int32_t(* get_process_id)(struct packet_provider_data *prov, uint32_t process_info_id, unsigned section_number)
Get the process ID associated with a packet.
Definition epan.h:144

wtap_block
Definition wtap_opttypes.h:272

wtap_rec
Definition wtap.h:1540

register_all_tap_listeners
void register_all_tap_listeners(tap_reg_t const *tap_reg_listeners)
For all taps, call their register routines. Must be called after plugins_init(), if plugins are suppo...
Definition tap.c:132

tvbuff.h

wtap_opttypes.h