#include <epan/proto.h>
#include <epan/packet_info.h>
#include <wsutil/value_string.h>
#include "ws_symbol_export.h"

Classes
struct	expert_info_s
	Holds expert info data for a single packet event; used internally and for display purposes only. More...

struct	expert_field
	Pairs an expert info index with its associated header field index for registration and display. More...

struct	expert_field_info
	Describes a registered expert info field, including dissector-supplied metadata and registration state. More...

struct	ei_register_info
	Bundles an expert_field handle with its expert_field_info for use in bulk registration. More...

Macros
#define	EI_INIT_EI 0

#define	EI_INIT_HF 0

#define	EI_INIT {EI_INIT_EI, EI_INIT_HF}

#define	EXPFILL
	Prefill macro for the registration-managed fields of an expert_field_info; use as a trailing initializer in static declarations.

#define	PRE_ALLOC_EXPERT_FIELDS_MEM 5000

#define	EXPERT_CHECKSUM_DISABLED -2

#define	EXPERT_CHECKSUM_UNKNOWN -1

#define	EXPERT_CHECKSUM_GOOD 0

#define	EXPERT_CHECKSUM_BAD 1

Typedefs
typedef struct expert_info_s	expert_info_t
	Holds expert info data for a single packet event; used internally and for display purposes only.

typedef struct expert_field	expert_field
	Pairs an expert info index with its associated header field index for registration and display.

typedef struct expert_field_info	expert_field_info
	Describes a registered expert info field, including dissector-supplied metadata and registration state.

typedef struct ei_register_info	ei_register_info
	Bundles an expert_field handle with its expert_field_info for use in bulk registration.

typedef struct expert_module	expert_module_t

Functions
void	expert_init (void)
	Initializes expert system.

void	expert_packet_init (void)
	Initializes the expert system for each packet.

void	expert_cleanup (void)
	Cleans up resources used by expert processing.

void	expert_packet_cleanup (void)
	Cleans up resources used by expert processing.

WS_DLL_PUBLIC int	expert_get_highest_severity (void)
	Get the highest severity of expert information.

WS_DLL_PUBLIC void	expert_update_comment_count (uint64_t count)
	Update the expert info comment count.

WS_DLL_PUBLIC proto_item *	expert_add_info (packet_info pinfo, proto_item pi, expert_field *eiindex)
	Add an expert info.

WS_DLL_PUBLIC proto_item *	expert_add_info_format (packet_info pinfo, proto_item pi, expert_field eiindex, const char format,...)

WS_DLL_PUBLIC proto_item *	proto_tree_add_expert (proto_tree tree, packet_info pinfo, expert_field eiindex, tvbuff_t tvb, unsigned start, unsigned length)

WS_DLL_PUBLIC proto_item *	proto_tree_add_expert_remaining (proto_tree tree, packet_info pinfo, expert_field eiindex, tvbuff_t tvb, unsigned start)
	Add an expert info associated with some byte data.

WS_DLL_PUBLIC proto_item *	proto_tree_add_expert_format (proto_tree tree, packet_info pinfo, expert_field eiindex, tvbuff_t tvb, unsigned start, unsigned length, const char *format,...)
	Add an expert info associated with some byte data.

WS_DLL_PUBLIC proto_item *	proto_tree_add_expert_format_remaining (proto_tree tree, packet_info pinfo, expert_field eiindex, tvbuff_t tvb, unsigned start, const char *format,...)

WS_DLL_PUBLIC expert_module_t *	expert_register_protocol (int id)
	Register that a protocol has expert info.

void	expert_deregister_expertinfo (const char *abbrev)
	Deregister a expert info.

void	expert_deregister_protocol (expert_module_t *module)
	Deregister expert info from a protocol.

void	expert_free_deregistered_expertinfos (void)
	Free deregistered expert infos.

WS_DLL_PUBLIC const char *	expert_get_summary (expert_field *eiindex)
	Get summary text of an expert_info field.

WS_DLL_PUBLIC void	expert_register_field_array (expert_module_t module, ei_register_info ei, const int num_records)
	Register a expert field array.

Variables
WS_DLL_PUBLIC int	proto_expert

WS_DLL_PUBLIC const value_string	expert_group_vals []

WS_DLL_PUBLIC const value_string	expert_severity_vals []

WS_DLL_PUBLIC const value_string	expert_checksum_vals []

Detailed Description

Collecting of Expert information.

For further info, see WSDG: 9.3. How to add an expert item: https://www.wireshark.org/docs/wsdg_html/#ChDissectExpertInfo

SPDX-License-Identifier: GPL-2.0-or-later

Macro Definition Documentation

◆ EI_INIT

#define EI_INIT {EI_INIT_EI, EI_INIT_HF}

Compound initializer for an expert_field, zeroing both ei and hf.

◆ EI_INIT_EI

#define EI_INIT_EI 0

Default initializer value for the expert info index field of an expert_field.

◆ EI_INIT_HF

#define EI_INIT_HF 0

Default initializer value for the header field index field of an expert_field.

◆ EXPFILL

#define EXPFILL

Value:

0, NULL, 0, NULL, \

{0, {NULL, NULL, FT_NONE, BASE_NONE, NULL, 0, NULL, HFILL}}

FT_NONE

@ FT_NONE

Definition ftypes.h:27

HFILL

#define HFILL

Definition proto.h:794

BASE_NONE

@ BASE_NONE

Definition proto.h:682

Prefill macro for the registration-managed fields of an expert_field_info; use as a trailing initializer in static declarations.

Function Documentation

◆ expert_add_info()

WS_DLL_PUBLIC proto_item * expert_add_info	(	packet_info *	pinfo,
		proto_item *	pi,
		expert_field *	eiindex
	)

Add an expert info.

Add an expert info tree to a protocol item using registered expert info item

Parameters

pinfo	Packet info of the currently processed packet. May be NULL if pi is supplied
pi	Current protocol item (or NULL)
eiindex	The registered expert info item

Returns: the newly created expert info tree

◆ expert_add_info_format()

WS_DLL_PUBLIC proto_item * expert_add_info_format	(	packet_info *	pinfo,
		proto_item *	pi,
		expert_field *	eiindex,
		const char *	format,
			...
	)

Add an expert info. Add an expert info tree to a protocol item using registered expert info item, but with a formatted message.

Parameters

pinfo	Packet info of the currently processed packet. May be NULL if pi is supplied
pi	Current protocol item (or NULL)
eiindex	The registered expert info item
format	Printf-style format string for additional arguments

Returns: the newly created expert info tree

◆ expert_deregister_expertinfo()

void expert_deregister_expertinfo ( const char * abbrev )

Deregister a expert info.

Parameters

abbrev The abbreviation of the expert info to deregister.

◆ expert_deregister_protocol()

void expert_deregister_protocol ( expert_module_t * module )

Deregister expert info from a protocol.

Parameters

module The expert module for the protocol.

◆ expert_get_highest_severity()

WS_DLL_PUBLIC int expert_get_highest_severity ( void )

Get the highest severity of expert information.

Returns: The highest severity level.

◆ expert_get_summary()

WS_DLL_PUBLIC const char * expert_get_summary ( expert_field * eiindex )

Get summary text of an expert_info field.

This is intended for use in expert_add_info_format or proto_tree_add_expert_format to get the "base" string to then append additional information

Parameters

eiindex The registered expert info item

Returns: The summary text of the expert info item, or NULL if the item is not found.

Get summary text of an expert_info field. This is intended for use in expert_add_info_format or proto_tree_add_expert_format to get the "base" string to then append additional information

◆ expert_init()

void expert_init ( void )

extern

Initializes expert system.

This function initializes the expert system, setting up necessary data structures and resources.

◆ expert_packet_cleanup()

void expert_packet_cleanup ( void )

extern

Cleans up resources used by expert processing.

This function is responsible for cleaning up any resources that were allocated during the initialization and operation of expert processing in Wireshark.

◆ expert_packet_init()

void expert_packet_init ( void )

extern

Initializes the expert system for each packet.

This function initializes the expert system for each packet, setting up necessary data structures and resources.

◆ expert_register_field_array()

WS_DLL_PUBLIC void expert_register_field_array	(	expert_module_t *	module,
		ei_register_info *	ei,
		const int	num_records
	)

Register a expert field array.

Parameters

module	the protocol handle from expert_register_protocol()
ei	the ei_register_info array
num_records	the number of records in exp

◆ expert_register_protocol()

WS_DLL_PUBLIC expert_module_t * expert_register_protocol ( int id )

Register that a protocol has expert info.

Parameters

id	The protocol ID to register.

Returns: A pointer to the expert module for the protocol, or NULL if registration fails.

◆ expert_update_comment_count()

WS_DLL_PUBLIC void expert_update_comment_count ( uint64_t count )

Update the expert info comment count.

Parameters

count The new comment count.

◆ proto_tree_add_expert()

WS_DLL_PUBLIC proto_item * proto_tree_add_expert	(	proto_tree *	tree,
		packet_info *	pinfo,
		expert_field *	eiindex,
		tvbuff_t *	tvb,
		unsigned	start,
		unsigned	length
	)

Add an expert info associated with some byte data Add an expert info tree to a protocol item using registered expert info item. This function is intended to replace places where a "text only" proto_tree_add_xxx API + expert_add_info would be used.

Parameters

tree	Current protocol tree (or NULL)
pinfo	Packet info of the currently processed packet. May be NULL if tree is supplied
eiindex	The registered expert info item
tvb	the tv buffer of the current data
start	start of data in tvb
length	length of data in tvb

Returns: the newly created item above expert info tree

◆ proto_tree_add_expert_format()

WS_DLL_PUBLIC proto_item * proto_tree_add_expert_format	(	proto_tree *	tree,
		packet_info *	pinfo,
		expert_field *	eiindex,
		tvbuff_t *	tvb,
		unsigned	start,
		unsigned	length,
		const char *	format,
			...
	)

Add an expert info associated with some byte data.

Add an expert info tree to a protocol item, using registered expert info item, but with a formatted message. Add an expert info tree to a protocol item using registered expert info item. This function is intended to replace places where a "text only" proto_tree_add_xxx API + expert_add_info_format would be used.

Parameters

tree	Current protocol tree (or NULL)
pinfo	Packet info of the currently processed packet. May be NULL if tree is supplied
eiindex	The registered expert info item
tvb	the tv buffer of the current data
start	start of data in tvb
length	length of data in tvb
format	Printf-style format string for additional arguments

Returns: the newly created item above expert info tree

◆ proto_tree_add_expert_format_remaining()

WS_DLL_PUBLIC proto_item * proto_tree_add_expert_format_remaining	(	proto_tree *	tree,
		packet_info *	pinfo,
		expert_field *	eiindex,
		tvbuff_t *	tvb,
		unsigned	start,
		const char *	format,
			...
	)

Same as proto_tree_add_expert_format but without the length parameter, length will be sret to end of the tvb. Add an expert info associated with some byte data Add an expert info tree to a protocol item, using registered expert info item, but with a formatted message. Add an expert info tree to a protocol item using registered expert info item. This function is intended to replace places where a "text only" proto_tree_add_xxx API + expert_add_info_format would be used.

Parameters

tree	Current protocol tree (or NULL)
pinfo	Packet info of the currently processed packet. May be NULL if tree is supplied
eiindex	The registered expert info item
tvb	the tv buffer of the current data
start	start of data in tvb
format	Printf-style format string for additional arguments

Returns: the newly created item above expert info tree

◆ proto_tree_add_expert_remaining()

WS_DLL_PUBLIC proto_item * proto_tree_add_expert_remaining	(	proto_tree *	tree,
		packet_info *	pinfo,
		expert_field *	eiindex,
		tvbuff_t *	tvb,
		unsigned	start
	)

Add an expert info associated with some byte data.

Add an expert info tree to a protocol item using registered expert info item. This function is intended to replace places where a "text only" proto_tree_add_xxx API + expert_add_info would be used. Length will be to the end of the tvb.

Parameters

tree	Current protocol tree (or NULL)
pinfo	Packet info of the currently processed packet. May be NULL if tree is supplied
eiindex	The registered expert info item
tvb	the tv buffer of the current data
start	start of data in tvb

Returns: the newly created item above expert info tree

Classes

Macros

Typedefs

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ EI_INIT

◆ EI_INIT_EI

◆ EI_INIT_HF

◆ EXPFILL

Function Documentation

◆ expert_add_info()

◆ expert_add_info_format()

◆ expert_deregister_expertinfo()

◆ expert_deregister_protocol()

◆ expert_get_highest_severity()

◆ expert_get_summary()

◆ expert_init()

◆ expert_packet_cleanup()

◆ expert_packet_init()

◆ expert_register_field_array()

◆ expert_register_protocol()

◆ expert_update_comment_count()

◆ proto_tree_add_expert()

◆ proto_tree_add_expert_format()

◆ proto_tree_add_expert_format_remaining()

◆ proto_tree_add_expert_remaining()