Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Classes | Macros | Typedefs | Enumerations | Functions
General Packet Dissection

Classes

struct  _guid_key
 Lookup key for GUID-indexed dissector tables, combining a GUID with an optional version field. More...
 
struct  heur_dtbl_entry
 Represents a single entry in a heuristic dissector table, binding a heuristic dissector to its protocol and configuration. More...
 
struct  frame_data_s
 Holds the data passed to the frame dissector for dissection of a single packet frame. More...
 
struct  file_data_s
 Holds the data passed to the file dissector for dissection of a capture file as a whole. More...
 
struct  ethertype_data_s
 Holds the parameters passed to the Ethertype dissector for dissecting an Ethernet payload. More...
 

Macros

#define hi_nibble(b)   (((b) & 0xf0) >> 4)
 
#define lo_nibble(b)   ((b) & 0x0f)
 
#define BYTES_ARE_IN_FRAME(offset, captured_len, len)
 
#define STRING_CASE_SENSITIVE   0
 
#define STRING_CASE_INSENSITIVE   1
 

Typedefs

typedef struct dissector_handledissector_handle_t
 
typedef struct dissector_tabledissector_table_t
 
typedef int(* dissector_t) (tvbuff_t *, packet_info *, proto_tree *, void *)
 
typedef int(* dissector_cb_t) (tvbuff_t *, packet_info *, proto_tree *, void *, void *)
 
typedef bool(* heur_dissector_t) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *)
 
typedef void(* DATFunc) (const char *table_name, ftenum_t selector_type, void *key, void *value, void *user_data)
 
typedef void(* DATFunc_handle) (const char *table_name, void *value, void *user_data)
 
typedef void(* DATFunc_table) (const char *table_name, const char *ui_name, void *user_data)
 
typedef struct dtbl_entry dtbl_entry_t
 
typedef struct _guid_key guid_key
 Lookup key for GUID-indexed dissector tables, combining a GUID with an optional version field.
 
typedef struct heur_dissector_listheur_dissector_list_t
 
typedef struct heur_dtbl_entry heur_dtbl_entry_t
 Represents a single entry in a heuristic dissector table, binding a heuristic dissector to its protocol and configuration.
 
typedef void(* DATFunc_heur) (const char *table_name, struct heur_dtbl_entry *entry, void *user_data)
 
typedef void(* DATFunc_heur_table) (const char *table_name, struct heur_dissector_list *table, void *user_data)
 
typedef struct depend_dissector_listdepend_dissector_list_t
 
typedef struct frame_data_s frame_data_t
 Holds the data passed to the frame dissector for dissection of a single packet frame.
 
typedef struct file_data_s file_data_t
 Holds the data passed to the file dissector for dissection of a capture file as a whole.
 
typedef struct ethertype_data_s ethertype_data_t
 Holds the parameters passed to the Ethertype dissector for dissecting an Ethernet payload.
 

Enumerations

enum  heuristic_enable_e { HEURISTIC_DISABLE , HEURISTIC_ENABLE }
 Controls whether a heuristic dissector is active. More...
 
enum  data_source_media_type_e { DS_MEDIA_TYPE_APPLICATION_OCTET_STREAM , DS_MEDIA_TYPE_APPLICATION_JSON }
 MIME media type descriptor for a packet data source buffer. More...
 

Functions

void packet_init (void)
 Initialize the packet dissection engine.
 
void packet_cache_proto_handles (void)
 Cache protocol handles for fast lookup during dissection.
 
void packet_all_tables_sort_handles (void)
 Sort the dissector handles in all dissector tables.
 
void packet_cleanup (void)
 Clean up the packet dissection engine.
 
WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
 Return the currently active dissector handle for a dissector table entry.
 
WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_initial_handle (dtbl_entry_t *entry)
 Return the initial (registered) dissector handle for a dissector table entry.
 
void dissector_table_foreach_changed (const char *table_name, DATFunc func, void *user_data)
 
WS_DLL_PUBLIC void dissector_table_foreach (const char *table_name, DATFunc func, void *user_data)
 
WS_DLL_PUBLIC void dissector_all_tables_foreach_changed (DATFunc func, void *user_data)
 
WS_DLL_PUBLIC void dissector_table_foreach_handle (const char *table_name, DATFunc_handle func, void *user_data)
 
WS_DLL_PUBLIC void dissector_all_tables_foreach_table (DATFunc_table func, void *user_data, GCompareFunc compare_key_func)
 
WS_DLL_PUBLIC dissector_table_t register_dissector_table (const char *name, const char *ui_name, const int proto, const ftenum_t type, const int param)
 a protocol uses the function to register a sub-dissector table
 
WS_DLL_PUBLIC dissector_table_t register_custom_dissector_table (const char *name, const char *ui_name, const int proto, GHashFunc hash_func, GEqualFunc key_equal_func, GDestroyNotify key_destroy_func)
 Similar to register_dissector_table, but with a "custom" hash function to store subdissectors.
 
WS_DLL_PUBLIC void register_dissector_table_alias (dissector_table_t dissector_table, const char *alias_name)
 
void deregister_dissector_table (const char *name)
 Deregister the dissector table by table name.
 
WS_DLL_PUBLIC dissector_table_t find_dissector_table (const char *name)
 Find a dissector table by its internal name.
 
WS_DLL_PUBLIC const char * get_dissector_table_ui_name (const char *name)
 Return the UI display name for a dissector table.
 
WS_DLL_PUBLIC ftenum_t get_dissector_table_selector_type (const char *name)
 Return the field type of the selector for a dissector table.
 
WS_DLL_PUBLIC int get_dissector_table_param (const char *name)
 Return the parameter value associated with a dissector table.
 
WS_DLL_PUBLIC void dissector_dump_dissector_tables (void)
 Print information about all registered dissector tables to standard output.
 
WS_DLL_PUBLIC void dissector_add_uint (const char *name, const uint32_t pattern, dissector_handle_t handle)
 Add a uint-keyed entry to a dissector table.
 
WS_DLL_PUBLIC void dissector_add_uint_with_preference (const char *name, const uint32_t pattern, dissector_handle_t handle)
 Add a uint-keyed entry to a dissector table and automatically register a corresponding user preference.
 
WS_DLL_PUBLIC void dissector_add_uint_range (const char *abbrev, range_t *range, dissector_handle_t handle)
 Add a range of uint-keyed entries to a dissector table.
 
WS_DLL_PUBLIC void dissector_add_uint_range_with_preference (const char *abbrev, const char *range_str, dissector_handle_t handle)
 Add a range of uint-keyed entries to a dissector table and automatically register a corresponding user preference.
 
WS_DLL_PUBLIC void dissector_delete_uint (const char *name, const uint32_t pattern, dissector_handle_t handle)
 Remove the entry for a specific uint value from a dissector table.
 
WS_DLL_PUBLIC void dissector_delete_uint_range (const char *abbrev, range_t *range, dissector_handle_t handle)
 Remove a range of uint-keyed entries from a dissector table.
 
WS_DLL_PUBLIC void dissector_delete_all (const char *name, dissector_handle_t handle)
 Remove all entries for a given dissector handle from a table.
 
WS_DLL_PUBLIC void dissector_change_uint (const char *abbrev, const uint32_t pattern, dissector_handle_t handle)
 Override the dissector for a uint value in a dissector table.
 
WS_DLL_PUBLIC void dissector_reset_uint (const char *name, const uint32_t pattern)
 Reset a uint dissector table entry to its initial registered value.
 
WS_DLL_PUBLIC bool dissector_is_uint_changed (dissector_table_t const sub_dissectors, const uint32_t uint_val)
 Return whether a uint dissector table entry has been overridden.
 
WS_DLL_PUBLIC int dissector_try_uint (dissector_table_t sub_dissectors, const uint32_t uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 Try to dissect using a uint-keyed dissector table entry.
 
WS_DLL_PUBLIC int dissector_try_uint_with_data (dissector_table_t sub_dissectors, const uint32_t uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 Try to dissect using a uint-keyed dissector table entry, with additional options and caller data.
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle (dissector_table_t const sub_dissectors, const uint32_t uint_val)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle (const char *name, const uint32_t uint_val)
 
WS_DLL_PUBLIC void dissector_add_string (const char *name, const char *pattern, dissector_handle_t handle)
 Add a string-keyed entry to a dissector table.
 
WS_DLL_PUBLIC void dissector_delete_string (const char *name, const char *pattern, dissector_handle_t handle)
 Remove the entry for a specific string value from a dissector table.
 
WS_DLL_PUBLIC void dissector_change_string (const char *name, const char *pattern, dissector_handle_t handle)
 Override the dissector for a string value in a dissector table.
 
WS_DLL_PUBLIC void dissector_reset_string (const char *name, const char *pattern)
 Reset a string dissector table entry to its initial registered value.
 
WS_DLL_PUBLIC bool dissector_is_string_changed (dissector_table_t const subdissectors, const char *string)
 Return whether a string dissector table entry has been overridden.
 
WS_DLL_PUBLIC int dissector_try_string_with_data (dissector_table_t sub_dissectors, const char *string, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 Look for a given string in a given dissector table and, if found, call the dissector with the arguments supplied, and return the number of bytes consumed, otherwise return 0.
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle (dissector_table_t sub_dissectors, const char *string)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle (const char *name, const char *string)
 
WS_DLL_PUBLIC void dissector_add_custom_table_handle (const char *name, void *pattern, dissector_handle_t handle)
 Add an entry to a "custom" dissector table.
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle (dissector_table_t sub_dissectors, void *key)
 
WS_DLL_PUBLIC void dissector_add_guid (const char *name, guid_key *guid_val, dissector_handle_t handle)
 Add an entry to a guid dissector table.
 
WS_DLL_PUBLIC int dissector_try_guid_with_data (dissector_table_t sub_dissectors, guid_key *guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 Look for a given value in a given guid dissector table and, if found, call the dissector with the arguments supplied, and return true, otherwise return false.
 
WS_DLL_PUBLIC void dissector_delete_guid (const char *name, guid_key *guid_val, dissector_handle_t handle)
 Delete a GUID from a dissector table.
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle (dissector_table_t const sub_dissectors, guid_key *guid_val)
 
WS_DLL_PUBLIC int dissector_try_payload_with_data (dissector_table_t sub_dissectors, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 Invoke the currently assigned payload dissector for a dissector table.
 
WS_DLL_PUBLIC void dissector_change_payload (const char *abbrev, dissector_handle_t handle)
 Override the payload dissector for an FT_NONE dissector table.
 
WS_DLL_PUBLIC void dissector_reset_payload (const char *name)
 Reset an FT_NONE payload dissector table to its initial registered value.
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_payload_handle (dissector_table_t const dissector_table)
 Return the currently active dissector handle for a payload dissector table.
 
WS_DLL_PUBLIC void dissector_add_for_decode_as (const char *name, dissector_handle_t handle)
 Register a dissector handle as a candidate for Decode As on a table.
 
WS_DLL_PUBLIC void dissector_add_for_decode_as_with_preference (const char *name, dissector_handle_t handle)
 Same as dissector_add_for_decode_as(), but also registers a user preference for the dissector table value.
 
WS_DLL_PUBLIC GSList * dissector_table_get_dissector_handles (dissector_table_t dissector_table)
 Return the list of all dissector handles registered with a table.
 
WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle (dissector_table_t dissector_table, const char *description)
 Look up a dissector handle in a table by its description string.
 
WS_DLL_PUBLIC ftenum_t dissector_table_get_type (dissector_table_t dissector_table)
 Return the selector field type of a dissector table.
 
WS_DLL_PUBLIC void dissector_table_allow_decode_as (dissector_table_t dissector_table)
 Mark a dissector table as supporting Decode As.
 
WS_DLL_PUBLIC bool dissector_table_supports_decode_as (dissector_table_t dissector_table)
 Return whether a dissector table supports Decode As.
 
WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list_with_description (const char *name, const char *ui_name, const int proto)
 
WS_DLL_PUBLIC const char * heur_dissector_list_get_description (heur_dissector_list_t list)
 
WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list (const char *name, const int proto)
 
void deregister_heur_dissector_list (const char *name)
 
WS_DLL_PUBLIC void heur_dissector_table_foreach (const char *table_name, DATFunc_heur func, void *user_data)
 
WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table (DATFunc_heur_table func, void *user_data, GCompareFunc compare_key_func)
 
WS_DLL_PUBLIC bool has_heur_dissector_list (const char *name)
 Check if a heuristic dissector list of the given name exists.
 
WS_DLL_PUBLIC bool dissector_try_heuristic (heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **hdtbl_entry, void *data)
 
WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list (const char *name)
 
WS_DLL_PUBLIC heur_dtbl_entry_tfind_heur_dissector_by_unique_short_name (const char *short_name)
 
WS_DLL_PUBLIC void heur_dissector_add (const char *name, heur_dissector_t dissector, const char *display_name, const char *internal_name, const int proto, heuristic_enable_e enable)
 
WS_DLL_PUBLIC void heur_dissector_delete (const char *name, heur_dissector_t dissector, const int proto)
 
WS_DLL_PUBLIC dissector_handle_t register_dissector (const char *name, dissector_t dissector, const int proto)
 Register a new dissector with the global dissector registry.
 
WS_DLL_PUBLIC dissector_handle_t register_dissector_with_description (const char *name, const char *description, dissector_t dissector, const int proto)
 Register a new dissector with a custom user-visible description.
 
WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data (const char *name, dissector_cb_t dissector, const int proto, void *cb_data)
 Register a new dissector that carries an opaque callback pointer.
 
void deregister_dissector (const char *name)
 Deregister a previously registered dissector.
 
WS_DLL_PUBLIC const char * dissector_handle_get_protocol_long_name (const dissector_handle_t handle)
 Return the long (full) protocol name for a dissector handle.
 
WS_DLL_PUBLIC const char * dissector_handle_get_protocol_short_name (const dissector_handle_t handle)
 Return the short protocol name for a dissector handle.
 
WS_DLL_PUBLIC const char * dissector_handle_get_short_name (const dissector_handle_t handle)
 Return the short protocol name for a dissector handle.
 
WS_DLL_PUBLIC const char * dissector_handle_get_description (const dissector_handle_t handle)
 Return the user-visible description for a dissector handle.
 
WS_DLL_PUBLIC int dissector_handle_get_protocol_index (const dissector_handle_t handle)
 Return the protocol index for a dissector handle.
 
WS_DLL_PUBLIC GList * get_dissector_names (void)
 Return a GList of all registered dissector name strings.
 
WS_DLL_PUBLIC dissector_handle_t find_dissector (const char *name)
 Find a registered dissector by name.
 
WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency (const char *name, const int parent_proto)
 Find a registered dissector by name and record a protocol dependency.
 
WS_DLL_PUBLIC const char * dissector_handle_get_dissector_name (const dissector_handle_t handle)
 Return the registered name of a dissector from its handle.
 
WS_DLL_PUBLIC const char * dissector_handle_get_pref_suffix (const dissector_handle_t handle)
 Return the preferences suffix string for a dissector handle.
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle (dissector_t dissector, const int proto)
 Create an anonymous, unregistered dissector handle.
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name (dissector_t dissector, const int proto, const char *name)
 Create a named, unregistered dissector handle.
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name_and_description (dissector_t dissector, const int proto, const char *name, const char *description)
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_data (dissector_cb_t dissector, const int proto, void *cb_data)
 Create an anonymous, unregistered callback-style dissector handle.
 
WS_DLL_PUBLIC void dissector_dump_dissectors (void)
 Dump all registered dissectors to the standard output.
 
WS_DLL_PUBLIC int call_dissector_with_data (dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 Call a dissector through a handle and if no dissector was found pass it over to the "data" dissector instead.
 
WS_DLL_PUBLIC int call_dissector (dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 Call a dissector through its handle, falling back to the data dissector.
 
WS_DLL_PUBLIC int call_data_dissector (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 Call a data dissector.
 
WS_DLL_PUBLIC int call_dissector_only (dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 
WS_DLL_PUBLIC void call_heur_dissector_direct (heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 
WS_DLL_PUBLIC bool register_depend_dissector (const char *parent, const char *dependent)
 
WS_DLL_PUBLIC bool deregister_depend_dissector (const char *parent, const char *dependent)
 
WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list (const char *name)
 
WS_DLL_PUBLIC void set_actual_length (tvbuff_t *tvb, const unsigned specified_len)
 Given a tvbuff, and a length from a packet header, adjust the length of the tvbuff to reflect the specified length.
 
WS_DLL_PUBLIC void register_init_routine (void(*func)(void))
 
WS_DLL_PUBLIC void register_cleanup_routine (void(*func)(void))
 
WS_DLL_PUBLIC void register_shutdown_routine (void(*func)(void))
 
void init_dissection (const char *app_env_var_prefix)
 Initialize all data structures used for dissection.
 
void cleanup_dissection (void)
 Free data structures allocated for dissection.
 
WS_DLL_PUBLIC void register_postseq_cleanup_routine (void(*func)(void))
 Allow protocols to register a "cleanup" routine to be run after the initial sequential run through the packets. Note that the file can still be open after this; this is not the final cleanup.
 
WS_DLL_PUBLIC void postseq_cleanup_all_protocols (void)
 Call all the registered "postseq_cleanup" routines.
 
WS_DLL_PUBLIC void register_final_registration_routine (void(*func)(void))
 
void final_registration_all_protocols (void)
 Call all the registered "final_registration" routines.
 
WS_DLL_PUBLIC struct data_sourceadd_new_data_source (packet_info *pinfo, tvbuff_t *tvb, const char *name)
 
WS_DLL_PUBLIC void set_data_source_name (packet_info *pinfo, struct data_source *src, const char *name)
 
WS_DLL_PUBLIC void set_data_source_media_type (struct data_source *src, data_source_media_type_e media_type)
 
WS_DLL_PUBLIC void remove_last_data_source (packet_info *pinfo)
 Remove the most recently added data source from a packet.
 
WS_DLL_PUBLIC const char * get_data_source_name (const struct data_source *src)
 Return the display name of a data source.
 
WS_DLL_PUBLIC char * get_data_source_description (const struct data_source *src)
 Return the description of a data source.
 
WS_DLL_PUBLIC tvbuff_tget_data_source_tvb (const struct data_source *src)
 Return the tvbuff associated with a data source.
 
WS_DLL_PUBLIC struct data_sourceget_data_source_by_name (const packet_info *pinfo, const char *name)
 
WS_DLL_PUBLIC struct data_sourceget_data_source_by_tvb (const packet_info *pinfo, const tvbuff_t *tvb)
 
WS_DLL_PUBLIC data_source_media_type_e get_data_source_media_type (const struct data_source *src)
 
void free_data_sources (packet_info *pinfo)
 Free up a frame's list of data sources.
 
WS_DLL_PUBLIC void mark_frame_as_depended_upon (frame_data *fd, uint32_t frame_num)
 Mark another frame as depended upon by the current frame.
 
void dissect_record (struct epan_dissect *edt, int file_type_subtype, wtap_rec *rec, frame_data *fd, column_info *cinfo)
 Dissectors should never modify the record data.
 
void dissect_file (struct epan_dissect *edt, wtap_rec *rec, frame_data *fd, column_info *cinfo)
 Dissectors should never modify the file data.
 
WS_DLL_PUBLIC void dissector_dump_decodes (void)
 Dump layer/selector/dissector records in a fashion similar to the proto_registrar_dump_* routines.
 
WS_DLL_PUBLIC void dissector_dump_heur_decodes (void)
 For each heuristic dissector table, dump list of dissectors (filter_names) for that table.
 
WS_DLL_PUBLIC void register_postdissector (dissector_handle_t handle)
 Register a postdissector; the argument is the dissector handle for it.
 
WS_DLL_PUBLIC void set_postdissector_wanted_hfids (dissector_handle_t handle, GArray *wanted_hfids)
 
void deregister_postdissector (dissector_handle_t handle)
 Deregister a postdissector. Not for use in (post)dissectors or applications; only to be used by libwireshark itself.
 
bool have_postdissector (void)
 Return whether any postdissectors are registered.
 
void call_all_postdissectors (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 Invoke all registered postdissectors on the current frame.
 
WS_DLL_PUBLIC bool postdissectors_want_hfids (void)
 Return whether any postdissector has requested specific hfids.
 
void prime_epan_dissect_with_postdissector_wanted_hfids (epan_dissect_t *edt)
 Prime an epan_dissect_t with all hfids requested by postdissectors.
 
WS_DLL_PUBLIC void increment_dissection_depth (packet_info *pinfo)
 
WS_DLL_PUBLIC void increment_dissection_depth_by_n (packet_info *pinfo, unsigned n)
 
WS_DLL_PUBLIC void decrement_dissection_depth (packet_info *pinfo)
 Decrement the dissection depth.
 
WS_DLL_PUBLIC void decrement_dissection_depth_by_n (packet_info *pinfo, unsigned n)
 Decrement the dissection depth by a value.
 

Detailed Description

Macro Definition Documentation

◆ BYTES_ARE_IN_FRAME

#define BYTES_ARE_IN_FRAME (   offset,
  captured_len,
  len 
)
Value:
((unsigned)(offset) + (unsigned)(len) > (unsigned)(offset) && \
(unsigned)(offset) + (unsigned)(len) <= (unsigned)(captured_len))

Typedef Documentation

◆ guid_key

typedef struct _guid_key guid_key

Lookup key for GUID-indexed dissector tables, combining a GUID with an optional version field.

Based on DCE/RPC requirements; some dissector tables may not use the ver field.

◆ heur_dissector_t

typedef bool(* heur_dissector_t) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *)

Type of a heuristic dissector, used in heur_dissector_add().

Parameters
tvbthe tvbuff with the (remaining) packet data
pinfothe packet info of this packet (additional info)
treethe protocol tree to be build or NULL
Returns
true if the packet was recognized by the sub-dissector (stop dissection here)

Enumeration Type Documentation

◆ data_source_media_type_e

enum data_source_media_type_e

MIME media type descriptor for a packet data source buffer.

Enumerator
DS_MEDIA_TYPE_APPLICATION_OCTET_STREAM 

Raw binary data (application/octet-stream)

DS_MEDIA_TYPE_APPLICATION_JSON 

JSON-encoded data (application/json)

◆ heuristic_enable_e

enum heuristic_enable_e

Controls whether a heuristic dissector is active.

Enumerator
HEURISTIC_DISABLE 

Heuristic dissector is disabled and will not be invoked

HEURISTIC_ENABLE 

Heuristic dissector is enabled and may be invoked for matching traffic

Function Documentation

◆ add_new_data_source()

WS_DLL_PUBLIC struct data_source * add_new_data_source ( packet_info pinfo,
tvbuff_t tvb,
const char *  name 
)

Add a new data source to the list of data sources for a frame, given the tvbuff for the data source and its name. The media type will be set to DS_MEDIA_TYPE_APPLICATION_OCTET_STREAM.

Parameters
pinfoPacket info.
tvbThe tvbuff to associate with the data source.
nameA display-friendly name of the data source.
Returns
An opaque pointer to the data source.

◆ call_all_postdissectors()

void call_all_postdissectors ( tvbuff_t tvb,
packet_info pinfo,
proto_tree tree 
)
extern

Invoke all registered postdissectors on the current frame.

Iterates over every registered postdissector and calls each one with the supplied packet buffer, packet info, and protocol tree. Postdissectors run after all regular dissectors have completed for a given frame.

Note
Internal to libwireshark. Not for use by dissectors or applications.
Parameters
tvbThe packet buffer for the current frame.
pinfoThe packet info for the current frame.
treeThe fully populated protocol tree for the current frame.

◆ call_data_dissector()

WS_DLL_PUBLIC int call_data_dissector ( tvbuff_t tvb,
packet_info pinfo,
proto_tree tree 
)

Call a data dissector.

Parameters
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
Returns
0 if the data dissector did not consume any bytes, otherwise the number of bytes consumed.

◆ call_dissector()

WS_DLL_PUBLIC int call_dissector ( dissector_handle_t  handle,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree 
)

Call a dissector through its handle, falling back to the data dissector.

Parameters
handleThe handle of the dissector to invoke.
tvbThe buffer containing the payload to dissect.
pinfoPacket metadata and column information.
treeThe protocol tree node under which the child dissector should add its items.
Returns
The number of bytes consumed by the dissector, or the number consumed by the data dissector fallback if the primary dissector declined. A return value equal to tvb_captured_length(tvb) indicates the entire buffer was consumed.

◆ call_dissector_only()

WS_DLL_PUBLIC int call_dissector_only ( dissector_handle_t  handle,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)

Call a dissector through a handle but if no dissector was found just return 0 and do not call the "data" dissector instead.

Parameters
handleThe dissector to call.
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
dataparameter to pass to dissector
Returns
If the protocol for that handle isn't enabled, return 0 without calling the dissector. Otherwise, if the handle refers to a new-style dissector, call the dissector and return its return value, otherwise call it and return the length of the tvbuff pointed to by the argument.

◆ call_dissector_with_data()

WS_DLL_PUBLIC int call_dissector_with_data ( dissector_handle_t  handle,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)

Call a dissector through a handle and if no dissector was found pass it over to the "data" dissector instead.

Parameters
handleThe dissector to call.
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
dataparameter to pass to dissector
Returns
If the protocol for that handle isn't enabled call the data dissector. Otherwise, if the handle refers to a new-style dissector, call the dissector and return its return value, otherwise call it and return the length of the tvbuff pointed to by the argument.

◆ call_heur_dissector_direct()

WS_DLL_PUBLIC void call_heur_dissector_direct ( heur_dtbl_entry_t heur_dtbl_entry,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)
Parameters
heur_dtbl_entryThe heur_dtbl_entry of the dissector to call.
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
dataparameter to pass to dissector

◆ create_dissector_handle()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle ( dissector_t  dissector,
const int  proto 
)

Create an anonymous, unregistered dissector handle.

Unregistered means that other dissectors can't find the dissector through this API. The typical use case is dissectors added to dissector tables that shouldn't be called by other dissectors, perhaps if some data structure must be passed to the dissector.

Parameters
dissectorThe dissector the handle will call
protoThe value obtained when registering the protocol
Note
The protocol short name will be used as the user-visible description.

◆ create_dissector_handle_with_data()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_data ( dissector_cb_t  dissector,
const int  proto,
void *  cb_data 
)

Create an anonymous, unregistered callback-style dissector handle.

Like create_dissector_handle(), but uses the dissector_cb_t calling convention so that cb_data is forwarded to the dissector on every invocation. The handle is not added to the global registry.

Parameters
dissectorThe callback-style dissector function the handle will invoke.
protoProtocol index returned by proto_register_protocol().
cb_dataOpaque pointer passed through to dissector on each call.
Returns
A newly created, unregistered dissector_handle_t.

◆ create_dissector_handle_with_name()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name ( dissector_t  dissector,
const int  proto,
const char *  name 
)

Create a named, unregistered dissector handle.

Create an named, unregistered dissector handle. A non-NULL name is needed for dissector_add_for_decode_add_with_preference().

Note
The protocol short name will be used as the user-visible description.
Parameters
dissectorThe dissector the handle will call
protoThe value obtained when registering the protocol
namea short, machine-friendly name for the dissector. Does not have to be globally unique, but should be unique for any table the handle will be registered to. Can be NULL, which creates an anonymous dissector.
Returns
A newly created, unregistered dissector_handle_t.

◆ create_dissector_handle_with_name_and_description()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name_and_description ( dissector_t  dissector,
const int  proto,
const char *  name,
const char *  description 
)

Create an named, unregistered handle dissector handle with a description. A non-NULL name is needed for dissector_add_for_decode_add_with_preference(). The description is used to allow a user to distinguish dissectors for the same protocol, e.g. when registered to the same table.

Parameters
dissectorThe dissector the handle will call
protoThe value obtained when registering the protocol
namea short, machine-friendly name for the dissector. Does not have to be globally unique, but should be unique for any table the handle will be registered to. Can be NULL, which creates an anonymous dissector.
descriptionFreeform text designed to be shown to a user. Must be unique for any table the dissector is registered in. Can be NULL, in which case the protocol short name is used as the user-visible description.

◆ decrement_dissection_depth()

WS_DLL_PUBLIC void decrement_dissection_depth ( packet_info pinfo)

Decrement the dissection depth.

Parameters
pinfoPacket Info.

◆ decrement_dissection_depth_by_n()

WS_DLL_PUBLIC void decrement_dissection_depth_by_n ( packet_info pinfo,
unsigned  n 
)

Decrement the dissection depth by a value.

Parameters
pinfoPacket Info.
nThe value by which to decrement the depth

◆ deregister_depend_dissector()

WS_DLL_PUBLIC bool deregister_depend_dissector ( const char *  parent,
const char *  dependent 
)

Unregister a protocol dependency This is done automatically when removing from a dissector or heuristic table. This is for "manual" deregistration for things like Lua.

Parameters
parent"Parent" protocol short name
dependent"Dependent" protocol short name
Returns
return true if dependency was successfully unregistered

◆ deregister_dissector()

void deregister_dissector ( const char *  name)

Deregister a previously registered dissector.

Parameters
nameThe name passed to register_dissector() at registration time.

◆ deregister_dissector_table()

void deregister_dissector_table ( const char *  name)

Deregister the dissector table by table name.

Parameters
nameThe name of the dissector table to deregister.

◆ deregister_heur_dissector_list()

void deregister_heur_dissector_list ( const char *  name)

Deregister a heuristic dissector list by unique short name.

◆ deregister_postdissector()

void deregister_postdissector ( dissector_handle_t  handle)

Deregister a postdissector. Not for use in (post)dissectors or applications; only to be used by libwireshark itself.

Parameters
handleThe dissector handle for the postdissector to deregister.

◆ dissect_file()

void dissect_file ( struct epan_dissect edt,
wtap_rec rec,
frame_data fd,
column_info cinfo 
)
extern

Dissectors should never modify the file data.

Parameters
edtThe epan_dissect_t for the current dissection.
recThe record for the current frame.
fdThe frame data for the current frame.
cinfoThe column info for the current frame.

◆ dissect_record()

void dissect_record ( struct epan_dissect edt,
int  file_type_subtype,
wtap_rec rec,
frame_data fd,
column_info cinfo 
)
extern

Dissectors should never modify the record data.

Parameters
edtThe epan_dissect_t for the current dissection.
file_type_subtypeThe file type subtype of the current frame.
recThe record for the current frame.
fdThe frame data for the current frame.
cinfoThe column info for the current frame.

< time stamp

◆ dissector_add_custom_table_handle()

WS_DLL_PUBLIC void dissector_add_custom_table_handle ( const char *  name,
void *  pattern,
dissector_handle_t  handle 
)

Add an entry to a "custom" dissector table.

Parameters
nameThe name of the dissector table.
patternThe pattern to match.
handleThe dissector handle to associate with the pattern.

◆ dissector_add_for_decode_as()

WS_DLL_PUBLIC void dissector_add_for_decode_as ( const char *  name,
dissector_handle_t  handle 
)

Register a dissector handle as a candidate for Decode As on a table.

Adds handle to the list of dissectors that the user may select when using Decode As or the -d command-line option, without binding it to a specific key value.

Parameters
nameThe internal name of the dissector table.
handleThe dissector handle to make available for Decode As.

◆ dissector_add_for_decode_as_with_preference()

WS_DLL_PUBLIC void dissector_add_for_decode_as_with_preference ( const char *  name,
dissector_handle_t  handle 
)

Same as dissector_add_for_decode_as(), but also registers a user preference for the dissector table value.

Parameters
nameThe internal name of the dissector table.
handleThe dissector handle to make available for Decode As.

◆ dissector_add_guid()

WS_DLL_PUBLIC void dissector_add_guid ( const char *  name,
guid_key guid_val,
dissector_handle_t  handle 
)

Add an entry to a guid dissector table.

Parameters
nameThe name of the dissector table.
guid_valThe GUID value to add.
handleThe dissector handle to associate with the GUID.

◆ dissector_add_string()

WS_DLL_PUBLIC void dissector_add_string ( const char *  name,
const char *  pattern,
dissector_handle_t  handle 
)

Add a string-keyed entry to a dissector table.

Parameters
nameThe internal name of the dissector table.
patternThe string selector value to register.
handleThe dissector handle to associate with pattern.

◆ dissector_add_uint()

WS_DLL_PUBLIC void dissector_add_uint ( const char *  name,
const uint32_t  pattern,
dissector_handle_t  handle 
)

Add a uint-keyed entry to a dissector table.

Parameters
nameThe internal name of the dissector table.
patternThe uint selector value to register.
handleThe dissector handle to associate with pattern.

◆ dissector_add_uint_range()

WS_DLL_PUBLIC void dissector_add_uint_range ( const char *  abbrev,
range_t range,
dissector_handle_t  handle 
)

Add a range of uint-keyed entries to a dissector table.

Parameters
abbrevThe internal name of the dissector table.
rangeThe range of uint selector values to register.
handleThe dissector handle to associate with each value in range.

◆ dissector_add_uint_range_with_preference()

WS_DLL_PUBLIC void dissector_add_uint_range_with_preference ( const char *  abbrev,
const char *  range_str,
dissector_handle_t  handle 
)

Add a range of uint-keyed entries to a dissector table and automatically register a corresponding user preference.

Parameters
abbrevThe internal name of the dissector table.
range_strThe default range string for the registered preference.
handleThe dissector handle to associate with the range.

◆ dissector_add_uint_with_preference()

WS_DLL_PUBLIC void dissector_add_uint_with_preference ( const char *  name,
const uint32_t  pattern,
dissector_handle_t  handle 
)

Add a uint-keyed entry to a dissector table and automatically register a corresponding user preference.

Parameters
nameThe internal name of the dissector table.
patternThe uint selector value to register.
handleThe dissector handle to associate with pattern.

◆ dissector_all_heur_tables_foreach_table()

WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table ( DATFunc_heur_table  func,
void *  user_data,
GCompareFunc  compare_key_func 
)

Iterate over all heuristic dissector tables.

Walk the set of heuristic dissector tables calling a user supplied function on each table.

Parameters
[in]funcThe function to call for each table.
[in]user_dataUser data to pass to the function.
[in]compare_key_funcFunction used to sort the set of tables before calling the function. No sorting is done if NULL.

◆ dissector_all_tables_foreach_changed()

WS_DLL_PUBLIC void dissector_all_tables_foreach_changed ( DATFunc  func,
void *  user_data 
)

Iterate over dissectors with non-default "decode as" settings.

Walk all dissector tables calling a user supplied function only on any "decode as" entry that has been changed from its original state.

Parameters
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_all_tables_foreach_table()

WS_DLL_PUBLIC void dissector_all_tables_foreach_table ( DATFunc_table  func,
void *  user_data,
GCompareFunc  compare_key_func 
)

Iterate over all dissector tables.

Walk the set of dissector tables calling a user supplied function on each table.

Parameters
[in]funcThe function to call for each table.
[in]user_dataUser data to pass to the function.
[in]compare_key_funcFunction used to sort the set of tables before calling the function. No sorting is done if NULL.

◆ dissector_change_payload()

WS_DLL_PUBLIC void dissector_change_payload ( const char *  abbrev,
dissector_handle_t  handle 
)

Override the payload dissector for an FT_NONE dissector table.

Parameters
abbrevThe internal name of the payload dissector table.
handleThe new dissector handle to assign as the payload dissector.

◆ dissector_change_string()

WS_DLL_PUBLIC void dissector_change_string ( const char *  name,
const char *  pattern,
dissector_handle_t  handle 
)

Override the dissector for a string value in a dissector table.

Parameters
nameThe internal name of the dissector table.
patternThe string selector value to override.
handleThe new dissector handle to use for pattern.

◆ dissector_change_uint()

WS_DLL_PUBLIC void dissector_change_uint ( const char *  abbrev,
const uint32_t  pattern,
dissector_handle_t  handle 
)

Override the dissector for a uint value in a dissector table.

Parameters
abbrevThe internal name of the dissector table.
patternThe uint selector value to override.
handleThe new dissector handle to use for pattern.

◆ dissector_delete_all()

WS_DLL_PUBLIC void dissector_delete_all ( const char *  name,
dissector_handle_t  handle 
)

Remove all entries for a given dissector handle from a table.

Parameters
nameThe internal name of the dissector table.
handleThe dissector handle whose entries should be removed.

◆ dissector_delete_guid()

WS_DLL_PUBLIC void dissector_delete_guid ( const char *  name,
guid_key guid_val,
dissector_handle_t  handle 
)

Delete a GUID from a dissector table.

Parameters
nameThe name of the dissector table.
guid_valThe GUID value to delete.
handleThe dissector handle to associate with the GUID.

◆ dissector_delete_string()

WS_DLL_PUBLIC void dissector_delete_string ( const char *  name,
const char *  pattern,
dissector_handle_t  handle 
)

Remove the entry for a specific string value from a dissector table.

Parameters
nameThe internal name of the dissector table.
patternThe string selector value to remove.
handleThe dissector handle to remove.

◆ dissector_delete_uint()

WS_DLL_PUBLIC void dissector_delete_uint ( const char *  name,
const uint32_t  pattern,
dissector_handle_t  handle 
)

Remove the entry for a specific uint value from a dissector table.

Parameters
nameThe internal name of the dissector table.
patternThe uint selector value to remove.
handleThe dissector handle to remove.

◆ dissector_delete_uint_range()

WS_DLL_PUBLIC void dissector_delete_uint_range ( const char *  abbrev,
range_t range,
dissector_handle_t  handle 
)

Remove a range of uint-keyed entries from a dissector table.

Parameters
abbrevThe internal name of the dissector table.
rangeThe range of uint selector values to remove.
handleThe dissector handle to remove.

◆ dissector_dump_dissector_tables()

WS_DLL_PUBLIC void dissector_dump_dissector_tables ( void  )

Print information about all registered dissector tables to standard output.

Prints table metadata only; individual table entries are not shown.

◆ dissector_get_custom_table_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle ( dissector_table_t  sub_dissectors,
void *  key 
)

Look for a given key in a given "custom" dissector table and, if found, return the current dissector handle for that key.

Parameters
[in]sub_dissectorsDissector table to search.
[in]keyValue to match, e.g. RPC key for its subdissectors
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_default_string_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle ( const char *  name,
const char *  string 
)

Look for a given value in a given string dissector table and, if found, return the default dissector handle for that value.

Parameters
[in]nameDissector table name.
[in]stringValue to match, e.g. the OID for the BER dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_default_uint_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle ( const char *  name,
const uint32_t  uint_val 
)

Look for a given value in a given uint dissector table and, if found, return the default dissector handle for that value.

Parameters
[in]nameDissector table name.
[in]uint_valValue to match, e.g. the port number for the TCP dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_guid_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle ( dissector_table_t const  sub_dissectors,
guid_key guid_val 
)

Look for a given value in a given guid dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]guid_valValue to match, e.g. the GUID number for the GUID dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

Look for a given value in a given guid dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]guid_valValue to match.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_payload_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_payload_handle ( dissector_table_t const  dissector_table)

Return the currently active dissector handle for a payload dissector table.

Returns the handle of whichever dissector was selected for the given FT_NONE table, typically via Decode As.

Parameters
dissector_tableThe payload (FT_NONE) dissector table to query.
Returns
The currently active dissector handle, or NULL if none is set.

◆ dissector_get_string_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle ( dissector_table_t  sub_dissectors,
const char *  string 
)

Look for a given value in a given string dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]stringValue to match, e.g. the OID for the BER dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_uint_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle ( dissector_table_t const  sub_dissectors,
const uint32_t  uint_val 
)

Look for a given value in a given uint dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]uint_valValue to match, e.g. the port number for the TCP dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_handle_get_description()

WS_DLL_PUBLIC const char * dissector_handle_get_description ( const dissector_handle_t  handle)

Return the user-visible description for a dissector handle.

Parameters
handleA valid dissector handle.
Returns
The description string, or NULL if handle is invalid.

◆ dissector_handle_get_dissector_name()

WS_DLL_PUBLIC const char * dissector_handle_get_dissector_name ( const dissector_handle_t  handle)

Return the registered name of a dissector from its handle.

Parameters
handleA valid dissector handle.
Returns
The name string passed to register_dissector() or create_dissector_handle_with_name(), or NULL for anonymous handles.

◆ dissector_handle_get_pref_suffix()

WS_DLL_PUBLIC const char * dissector_handle_get_pref_suffix ( const dissector_handle_t  handle)

Return the preferences suffix string for a dissector handle.

Parameters
handleA valid dissector handle.
Returns
The preference key suffix string, or NULL if none is set.

◆ dissector_handle_get_protocol_index()

WS_DLL_PUBLIC int dissector_handle_get_protocol_index ( const dissector_handle_t  handle)

Return the protocol index for a dissector handle.

Parameters
handleA valid dissector handle.
Returns
The proto index (as returned by proto_register_protocol()) for the protocol associated with handle, or -1 if invalid.

◆ dissector_handle_get_protocol_long_name()

WS_DLL_PUBLIC const char * dissector_handle_get_protocol_long_name ( const dissector_handle_t  handle)

Return the long (full) protocol name for a dissector handle.

Parameters
handleA valid dissector handle.
Returns
The long protocol name string (e.g. "Hypertext Transfer Protocol"), or NULL if handle is invalid.

◆ dissector_handle_get_protocol_short_name()

WS_DLL_PUBLIC const char * dissector_handle_get_protocol_short_name ( const dissector_handle_t  handle)

Return the short protocol name for a dissector handle.

Parameters
handleA valid dissector handle.
Returns
The short protocol name string (e.g. "HTTP"), or NULL if handle is invalid.

◆ dissector_handle_get_short_name()

WS_DLL_PUBLIC const char * dissector_handle_get_short_name ( const dissector_handle_t  handle)

Return the short protocol name for a dissector handle.

For backwards source and binary compatibility.

Parameters
handleA valid dissector handle.
Returns
The short protocol name string, or NULL if handle is invalid.

◆ dissector_is_string_changed()

WS_DLL_PUBLIC bool dissector_is_string_changed ( dissector_table_t const  subdissectors,
const char *  string 
)

Return whether a string dissector table entry has been overridden.

Returns true if the entry for string has been changed from its registered default (e.g. via Decode As), false otherwise.

Parameters
subdissectorsThe dissector table to query.
stringThe string selector value to check.
Returns
true if the entry has been changed, false otherwise.

◆ dissector_is_uint_changed()

WS_DLL_PUBLIC bool dissector_is_uint_changed ( dissector_table_t const  sub_dissectors,
const uint32_t  uint_val 
)

Return whether a uint dissector table entry has been overridden.

Returns true if the entry for uint_val has been changed from its registered default (e.g. via Decode As or a preference registered with dissector_add_uint_with_preference()), false otherwise.

Parameters
sub_dissectorsThe dissector table to query.
uint_valThe uint selector value to check.
Returns
true if the entry has been changed, false otherwise.

◆ dissector_reset_payload()

WS_DLL_PUBLIC void dissector_reset_payload ( const char *  name)

Reset an FT_NONE payload dissector table to its initial registered value.

Parameters
nameThe internal name of the payload dissector table.

◆ dissector_reset_string()

WS_DLL_PUBLIC void dissector_reset_string ( const char *  name,
const char *  pattern 
)

Reset a string dissector table entry to its initial registered value.

Parameters
nameThe internal name of the dissector table.
patternThe string selector value to reset.

◆ dissector_reset_uint()

WS_DLL_PUBLIC void dissector_reset_uint ( const char *  name,
const uint32_t  pattern 
)

Reset a uint dissector table entry to its initial registered value.

Parameters
nameThe internal name of the dissector table.
patternThe uint selector value to reset.

◆ dissector_table_allow_decode_as()

WS_DLL_PUBLIC void dissector_table_allow_decode_as ( dissector_table_t  dissector_table)

Mark a dissector table as supporting Decode As.

Note
Prefer calling register_decode_as() instead of this function directly. This function is public only for legacy reasons.
Parameters
dissector_tableThe dissector table to mark.

◆ dissector_table_foreach()

WS_DLL_PUBLIC void dissector_table_foreach ( const char *  table_name,
DATFunc  func,
void *  user_data 
)

Iterate over dissectors in a table.

Walk one dissector table's hash table calling a user supplied function on each entry.

Parameters
[in]table_nameThe name of the dissector table, e.g. "ip.proto".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_table_foreach_changed()

void dissector_table_foreach_changed ( const char *  table_name,
DATFunc  func,
void *  user_data 
)

Iterate over dissectors in a table with non-default "decode as" settings.

Walk one dissector table calling a user supplied function only on any entry that has been changed from its original state.

Parameters
[in]table_nameThe name of the dissector table, e.g. "ip.proto".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_table_foreach_handle()

WS_DLL_PUBLIC void dissector_table_foreach_handle ( const char *  table_name,
DATFunc_handle  func,
void *  user_data 
)

Iterate over dissectors in a table by handle.

Walk one dissector table's list of handles calling a user supplied function on each entry.

Parameters
[in]table_nameThe name of the dissector table, e.g. "ip.proto".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_table_get_dissector_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle ( dissector_table_t  dissector_table,
const char *  description 
)

Look up a dissector handle in a table by its description string.

Parameters
dissector_tableThe dissector table to search.
descriptionThe human-readable description of the target dissector.
Returns
The matching dissector handle, or NULL if not found.

◆ dissector_table_get_dissector_handles()

WS_DLL_PUBLIC GSList * dissector_table_get_dissector_handles ( dissector_table_t  dissector_table)

Return the list of all dissector handles registered with a table.

Parameters
dissector_tableThe dissector table to query.
Returns
A GSList of dissector_handle_t entries registered with the table.

◆ dissector_table_get_type()

WS_DLL_PUBLIC ftenum_t dissector_table_get_type ( dissector_table_t  dissector_table)

Return the selector field type of a dissector table.

Parameters
dissector_tableThe dissector table to query.
Returns
The ftenum_t field type used as the selector for this table.

◆ dissector_table_supports_decode_as()

WS_DLL_PUBLIC bool dissector_table_supports_decode_as ( dissector_table_t  dissector_table)

Return whether a dissector table supports Decode As.

Parameters
dissector_tableThe dissector table to query.
Returns
true if the table allows Decode As, false otherwise.

◆ dissector_try_guid_with_data()

WS_DLL_PUBLIC int dissector_try_guid_with_data ( dissector_table_t  sub_dissectors,
guid_key guid_val,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Look for a given value in a given guid dissector table and, if found, call the dissector with the arguments supplied, and return true, otherwise return false.

Parameters
sub_dissectorsThe dissector table to search.
guid_valThe GUID value to look for.
tvbThe TVBuffer containing the data to dissect.
pinfoPacket information for the current packet.
treeThe protocol tree to add nodes to.
add_proto_nameWhether to add the protocol name to each node.
dataPointer to additional data to pass to the dissector.
Returns
The number of bytes consumed by the dissector, or 0 if no matching entry was found.

◆ dissector_try_heuristic()

WS_DLL_PUBLIC bool dissector_try_heuristic ( heur_dissector_list_t  sub_dissectors,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
heur_dtbl_entry_t **  hdtbl_entry,
void *  data 
)

Try all the dissectors in a given heuristic dissector list. This is done, until we find one that recognizes the protocol. Call this while the parent dissector running.

Parameters
sub_dissectorsthe sub-dissector list
tvbthe tvbuff with the (remaining) packet data
pinfothe packet info of this packet (additional info)
treethe protocol tree to be build or NULL
hdtbl_entryreturns the last tried dissectors hdtbl_entry.
dataparameter to pass to subdissector
Returns
true if the packet was recognized by the sub-dissector (stop dissection here)

◆ dissector_try_payload_with_data()

WS_DLL_PUBLIC int dissector_try_payload_with_data ( dissector_table_t  sub_dissectors,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Invoke the currently assigned payload dissector for a dissector table.

Uses whichever dissector has been assigned as the payload dissector for sub_dissectors (e.g. via Decode As or a default assignment) and, if one is assigned, calls it with the supplied arguments. Unlike dissector_try_uint_with_data(), this does not look up by a key value — it directly invokes the table's designated payload dissector.

Parameters
sub_dissectorsThe dissector table whose payload dissector to invoke.
tvbThe packet buffer to dissect.
pinfoThe packet info for the current packet.
treeThe protocol tree to populate.
add_proto_nameWhether to add the protocol name to the protocol tree.
dataCaller-supplied data passed through to the dissector.
Returns
The number of bytes consumed by the dissector, or 0 if no payload dissector is assigned.

◆ dissector_try_string_with_data()

WS_DLL_PUBLIC int dissector_try_string_with_data ( dissector_table_t  sub_dissectors,
const char *  string,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Look for a given string in a given dissector table and, if found, call the dissector with the arguments supplied, and return the number of bytes consumed, otherwise return 0.

Parameters
sub_dissectorsThe dissector table to search.
stringThe string to look for.
tvbThe TVBuffer containing the data to dissect.
pinfoPacket information for the current packet.
treeThe protocol tree to add nodes to.
add_proto_nameWhether to add the protocol name to each node.
dataPointer to additional data to pass to the dissector.
Returns
The number of bytes consumed by the dissector, or 0 if not found.

◆ dissector_try_uint()

WS_DLL_PUBLIC int dissector_try_uint ( dissector_table_t  sub_dissectors,
const uint32_t  uint_val,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree 
)

Try to dissect using a uint-keyed dissector table entry.

Looks up uint_val in sub_dissectors and, if found, calls the matching dissector with the supplied arguments.

Parameters
sub_dissectorsThe dissector table to search.
uint_valThe uint selector value to look up.
tvbThe packet buffer.
pinfoThe packet info.
treeThe protocol tree.
Returns
The number of bytes consumed by the dissector, or 0 if no matching entry was found.

◆ dissector_try_uint_with_data()

WS_DLL_PUBLIC int dissector_try_uint_with_data ( dissector_table_t  sub_dissectors,
const uint32_t  uint_val,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Try to dissect using a uint-keyed dissector table entry, with additional options and caller data.

Looks up uint_val in sub_dissectors and, if found, calls the matching dissector with the supplied arguments.

Parameters
sub_dissectorsThe dissector table to search.
uint_valThe uint selector value to look up.
tvbThe packet buffer.
pinfoThe packet info.
treeThe protocol tree.
add_proto_nameWhether to add the protocol name to the tree.
dataCaller-supplied data passed to the dissector.
Returns
The number of bytes consumed by the dissector, or 0 if no matching entry was found.

◆ dtbl_entry_get_handle()

WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_handle ( dtbl_entry_t dtbl_entry)

Return the currently active dissector handle for a dissector table entry.

Parameters
dtbl_entryThe dissector table entry to query.
Returns
The currently active dissector handle for the entry.

◆ dtbl_entry_get_initial_handle()

WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_initial_handle ( dtbl_entry_t entry)

Return the initial (registered) dissector handle for a dissector table entry.

Parameters
entryThe dissector table entry to query.
Returns
The original registered dissector handle for the entry, or NULL if no initial handle was recorded.

◆ find_depend_dissector_list()

WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list ( const char *  name)

Find the list of protocol dependencies

Parameters
nameProtocol short name to search for
Returns
return list of dependent was successfully registered

◆ find_dissector()

WS_DLL_PUBLIC dissector_handle_t find_dissector ( const char *  name)

Find a registered dissector by name.

Parameters
nameThe short name used at register_dissector() time.
Returns
The dissector_handle_t for name, or NULL if no dissector with that name is registered.

◆ find_dissector_add_dependency()

WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency ( const char *  name,
const int  parent_proto 
)

Find a registered dissector by name and record a protocol dependency.

Parameters
nameThe short name of the dissector to find.
parent_protoThe protocol index of the calling dissector's protocol.
Returns
The dissector_handle_t for name, or NULL if not found.

Find a dissector by name and add parent protocol as a dependency

◆ find_dissector_table()

WS_DLL_PUBLIC dissector_table_t find_dissector_table ( const char *  name)

Find a dissector table by its internal name.

Parameters
nameThe internal name of the dissector table.
Returns
The dissector table handle, or NULL if not found.

◆ find_heur_dissector_by_unique_short_name()

WS_DLL_PUBLIC heur_dtbl_entry_t * find_heur_dissector_by_unique_short_name ( const char *  short_name)

Find a heuristic dissector by the unique short protocol name provided during registration.

Parameters
short_nameshort name of the protocol to look at
Returns
pointer to the heuristic dissector entry, NULL if not such dissector exists

◆ find_heur_dissector_list()

WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list ( const char *  name)

Find a heuristic dissector table by table name.

Parameters
namename of the dissector table
Returns
pointer to the table on success, NULL if no such table exists

◆ free_data_sources()

void free_data_sources ( packet_info pinfo)
extern

Free up a frame's list of data sources.

Parameters
pinfoThe packet info structure whose data sources should be freed.

◆ get_data_source_by_name()

WS_DLL_PUBLIC struct data_source * get_data_source_by_name ( const packet_info pinfo,
const char *  name 
)

Find and return data source with the given name.

Parameters
pinfopacket_info for the packet whose data sources are to be searched
namename of the data source
Returns
the data source or NULL if not found

◆ get_data_source_by_tvb()

WS_DLL_PUBLIC struct data_source * get_data_source_by_tvb ( const packet_info pinfo,
const tvbuff_t tvb 
)

Find and return data source with the given tvb.

Parameters
pinfopacket_info for the packet whose data sources are to be searched
tvbtvb of the data source
Returns
the data source or NULL if not found

◆ get_data_source_description()

WS_DLL_PUBLIC char * get_data_source_description ( const struct data_source src)

Return the description of a data source.

Parameters
srcThe data source whose description should be returned.
Returns
The description string. The pointer is valid for the lifetime of the packet dissection pool; do not free it.

◆ get_data_source_media_type()

WS_DLL_PUBLIC data_source_media_type_e get_data_source_media_type ( const struct data_source src)

Get a data source's media type.

Parameters
srcThe data source.
Returns
A media type.

◆ get_data_source_name()

WS_DLL_PUBLIC const char * get_data_source_name ( const struct data_source src)

Return the display name of a data source.

Parameters
srcThe data source whose name should be returned.
Returns
A newly allocated string of the form "Name (N bytes)".

◆ get_data_source_tvb()

WS_DLL_PUBLIC tvbuff_t * get_data_source_tvb ( const struct data_source src)

Return the tvbuff associated with a data source.

Parameters
srcThe data source whose tvb should be returned.
Returns
The tvbuff_t associated with src. The pointer is valid for the lifetime of the packet dissection; do not free it directly.

◆ get_dissector_names()

WS_DLL_PUBLIC GList * get_dissector_names ( void  )

Return a GList of all registered dissector name strings.

Returns
A newly allocated GList of registered dissector name strings.

◆ get_dissector_table_param()

WS_DLL_PUBLIC int get_dissector_table_param ( const char *  name)

Return the parameter value associated with a dissector table.

Parameters
nameThe internal name of the dissector table.
Returns
The integer parameter for the table.

◆ get_dissector_table_selector_type()

WS_DLL_PUBLIC ftenum_t get_dissector_table_selector_type ( const char *  name)

Return the field type of the selector for a dissector table.

Parameters
nameThe internal name of the dissector table.
Returns
The ftenum_t selector field type for the table.

◆ get_dissector_table_ui_name()

WS_DLL_PUBLIC const char * get_dissector_table_ui_name ( const char *  name)

Return the UI display name for a dissector table.

Parameters
nameThe internal name of the dissector table.
Returns
The UI name string for the table.

◆ has_heur_dissector_list()

WS_DLL_PUBLIC bool has_heur_dissector_list ( const char *  name)

Check if a heuristic dissector list of the given name exists.

Parameters
nameThe name of the heuristic dissector list to check for.
Returns
true if a heur_dissector list of that name exists to be registered into, false otherwise.

◆ have_postdissector()

bool have_postdissector ( void  )
extern

Return whether any postdissectors are registered.

Checks if at least one postdissector has been registered with the dissection engine.

Note
Internal to libwireshark. Not for use by dissectors or applications.
Returns
true if at least one postdissector is registered, false otherwise.

◆ heur_dissector_add()

WS_DLL_PUBLIC void heur_dissector_add ( const char *  name,
heur_dissector_t  dissector,
const char *  display_name,
const char *  internal_name,
const int  proto,
heuristic_enable_e  enable 
)

Add a sub-dissector to a heuristic dissector list. Call this in the proto_handoff function of the sub-dissector.

Parameters
namethe name of the heuristic dissector table into which to register the dissector, e.g. "tcp"
dissectorthe sub-dissector to be registered
display_namethe string used to present heuristic to user, e.g. "HTTP over TCP"
internal_namethe string used for "internal" use to identify heuristic, e.g. "http_tcp"
protothe protocol id of the sub-dissector
enableinitially enabled or not

◆ heur_dissector_delete()

WS_DLL_PUBLIC void heur_dissector_delete ( const char *  name,
heur_dissector_t  dissector,
const int  proto 
)

Remove a sub-dissector from a heuristic dissector list. Call this in the prefs_reinit function of the sub-dissector.

Parameters
namethe name of the "parent" protocol, e.g. "tcp"
dissectorthe sub-dissector to be unregistered
protothe protocol id of the sub-dissector

◆ heur_dissector_list_get_description()

WS_DLL_PUBLIC const char * heur_dissector_list_get_description ( heur_dissector_list_t  list)

Get description of heuristic sub-dissector list.

Parameters
listthe dissector list

◆ heur_dissector_table_foreach()

WS_DLL_PUBLIC void heur_dissector_table_foreach ( const char *  table_name,
DATFunc_heur  func,
void *  user_data 
)

Iterate over heuristic dissectors in a table.

Walk one heuristic dissector table's list calling a user supplied function on each entry.

Parameters
[in]table_nameThe name of the dissector table, e.g. "tcp".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ increment_dissection_depth()

WS_DLL_PUBLIC void increment_dissection_depth ( packet_info pinfo)

Increment the dissection depth. This should be used to limit recursion outside the tree depth checks in call_dissector and dissector_try_heuristic.

Parameters
pinfoPacket Info.

◆ increment_dissection_depth_by_n()

WS_DLL_PUBLIC void increment_dissection_depth_by_n ( packet_info pinfo,
unsigned  n 
)

Increment the dissection depth by a value. This should be used to limit recursion outside the tree depth checks in call_dissector and dissector_try_heuristic.

Parameters
pinfoPacket Info.
nThe value by which to increment the depth

◆ init_dissection()

void init_dissection ( const char *  app_env_var_prefix)

Initialize all data structures used for dissection.

Parameters
app_env_var_prefixThe prefix for environment variables that control dissection.

◆ mark_frame_as_depended_upon()

WS_DLL_PUBLIC void mark_frame_as_depended_upon ( frame_data fd,
uint32_t  frame_num 
)

Mark another frame as depended upon by the current frame.

This information is used to ensure that when the current frame is exported or saved that the depended upon frames necessary for correct dissection are also exported (along with the frames that those depend upon, in infinite descent.) The fragment handling functions in reassemble.c mark any frame used to reassemble the current frame as depended upon; dissectors can also mark frames themselves.

In Wireshark, the "Include depended upon packets" checkbox in the Export Specified Packets dialog (enabled by default) controls whether depended upon frames of selected frames are also exported. TShark also saves any depended upon frames when saving filtered packets to a file.

Parameters
fdThe frame data for the current frame.
frame_numThe frame number of the frame to mark as depended upon.

◆ postdissectors_want_hfids()

WS_DLL_PUBLIC bool postdissectors_want_hfids ( void  )

Return whether any postdissector has requested specific hfids.

Returns true if at least one registered postdissector has declared interest in one or more header field IDs (hfids), meaning the dissection engine must prime those fields before calling postdissectors.

Returns
true if any postdissector wants at least one hfid, false otherwise.

◆ prime_epan_dissect_with_postdissector_wanted_hfids()

void prime_epan_dissect_with_postdissector_wanted_hfids ( epan_dissect_t edt)
extern

Prime an epan_dissect_t with all hfids requested by postdissectors.

Registers all header field IDs declared by postdissectors into edt so that those fields are extracted and available during the first-pass dissection of an unvisited frame. libwireshark calls this automatically before dissecting any frame that has not yet been visited; it should not be called manually by dissectors or applications.

Note
Internal to libwireshark. Not for use by dissectors or applications.
Parameters
edtThe epan_dissect_t to prime with postdissector-requested hfids.

◆ register_cleanup_routine()

WS_DLL_PUBLIC void register_cleanup_routine ( void(*)(void)  func)

Allows protocols to register "cleanup" routines, which are called after closing a capture file (or when preferences are changed, in that case these routines are called before the init routines are executed). It can be used to release resources that are allocated in an "init" routine.

◆ register_custom_dissector_table()

WS_DLL_PUBLIC dissector_table_t register_custom_dissector_table ( const char *  name,
const char *  ui_name,
const int  proto,
GHashFunc  hash_func,
GEqualFunc  key_equal_func,
GDestroyNotify  key_destroy_func 
)

Similar to register_dissector_table, but with a "custom" hash function to store subdissectors.

Parameters
namethe name of the dissector table, e.g. "ip.proto"
ui_namethe name of the dissector table to show in the UI, e.g. "IP Protocols"
protothe protocol ID of the protocol that registers this table, or -1 if the table is not associated with a protocol
hash_functhe hash function for the custom hash table
key_equal_functhe function to compare keys in the hash table
Returns
the dissector table created for this name

◆ register_depend_dissector()

WS_DLL_PUBLIC bool register_depend_dissector ( const char *  parent,
const char *  dependent 
)

Register a protocol dependency This is done automatically when registering with a dissector or heuristic table. This is for "manual" registration when a dissector ends up calling another through call_dissector (or similar) so dependencies can be determined

Parameters
parent"Parent" protocol short name
dependent"Dependent" protocol short name
Returns
return true if dependency was successfully registered

◆ register_dissector()

WS_DLL_PUBLIC dissector_handle_t register_dissector ( const char *  name,
dissector_t  dissector,
const int  proto 
)

Register a new dissector with the global dissector registry.

Parameters
nameShort, unique machine-friendly name for this dissector (e.g. "http").
dissectorThe dissector function to call.
protoProtocol index returned by proto_register_protocol().
Returns
The newly created and registered dissector_handle_t.

◆ register_dissector_table()

WS_DLL_PUBLIC dissector_table_t register_dissector_table ( const char *  name,
const char *  ui_name,
const int  proto,
const ftenum_t  type,
const int  param 
)

a protocol uses the function to register a sub-dissector table

'param' is the display base for integer tables, STRING_CASE_SENSITIVE or STRING_CASE_INSENSITIVE for string tables, and ignored for other table types.

Parameters
namethe name of the dissector table, e.g. "ip.proto"
ui_namethe name of the dissector table to show in the UI, e.g. "IP Protocols"
protothe protocol ID of the protocol that registers this table, or -1 if the table is not associated with a protocol
typethe type of the selector for this dissector table, e.g. FT_UINT8 for "ip.proto"
paramthe parameter for this dissector table, e.g. BASE_HEX for "ip.proto"
Returns
the dissector table created for this name

◆ register_dissector_table_alias()

WS_DLL_PUBLIC void register_dissector_table_alias ( dissector_table_t  dissector_table,
const char *  alias_name 
)

Register a dissector table alias. This is for dissectors whose original name has changed, e.g. SSL to TLS.

Parameters
dissector_tabledissector table returned by register_dissector_table.
alias_namealias for the dissector table name.

◆ register_dissector_with_data()

WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data ( const char *  name,
dissector_cb_t  dissector,
const int  proto,
void *  cb_data 
)

Register a new dissector that carries an opaque callback pointer.

Parameters
nameShort, unique machine-friendly name for this dissector.
dissectorThe callback-style dissector function to call.
protoProtocol index returned by proto_register_protocol().
cb_dataOpaque pointer passed through to dissector on each invocation.
Returns
The newly created and registered dissector_handle_t.

◆ register_dissector_with_description()

WS_DLL_PUBLIC dissector_handle_t register_dissector_with_description ( const char *  name,
const char *  description,
dissector_t  dissector,
const int  proto 
)

Register a new dissector with a custom user-visible description.

Parameters
nameShort, unique machine-friendly name for this dissector.
descriptionHuman-readable description shown in the UI.
dissectorThe dissector function to call.
protoProtocol index returned by proto_register_protocol().
Returns
The newly created and registered dissector_handle_t.

◆ register_final_registration_routine()

WS_DLL_PUBLIC void register_final_registration_routine ( void(*)(void)  func)

Allow dissectors to register a "final_registration" routine that is run like the proto_register_XXX() routine, but the end end of the epan_init() function; that is, after all other subsystems (such as dfilters) have finished initializing. This is useful for dissector registration routines which need to compile display filters. dfilters can't initialize itself until all protocols have registered themselves.

◆ register_heur_dissector_list()

WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list ( const char *  name,
const int  proto 
)

A protocol uses this function to register a heuristic sub-dissector list. Call this in the parent dissectors proto_register function.

Parameters
namethe name of this protocol
protothe value obtained when registering the protocol

◆ register_heur_dissector_list_with_description()

WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list_with_description ( const char *  name,
const char *  ui_name,
const int  proto 
)

A protocol uses this function to register a heuristic sub-dissector list. Call this in the parent dissectors proto_register function.

Parameters
namea unique short name for the list
ui_namethe name used in the user interface
protothe value obtained when registering the protocol

◆ register_init_routine()

WS_DLL_PUBLIC void register_init_routine ( void(*)(void)  func)

Allow protocols to register "init" routines, which are called before we make a pass through a capture file and dissect all its packets (e.g., when we read in a new capture file, or run a "filter packets" or "colorize packets" pass over the current capture file or when the preferences are changed).

◆ register_postdissector()

WS_DLL_PUBLIC void register_postdissector ( dissector_handle_t  handle)

Register a postdissector; the argument is the dissector handle for it.

Parameters
handleThe dissector handle for the postdissector to register.

◆ register_shutdown_routine()

WS_DLL_PUBLIC void register_shutdown_routine ( void(*)(void)  func)

Allows protocols to register "shutdown" routines, which are called once, just before program exit

◆ remove_last_data_source()

WS_DLL_PUBLIC void remove_last_data_source ( packet_info pinfo)

Remove the most recently added data source from a packet.

Removes the last-added data source, if it turns out it wasn't needed.

Parameters
pinfoThe packet info structure whose last data source should be removed.

◆ set_actual_length()

WS_DLL_PUBLIC void set_actual_length ( tvbuff_t tvb,
const unsigned  specified_len 
)

Given a tvbuff, and a length from a packet header, adjust the length of the tvbuff to reflect the specified length.

Parameters
tvbThe tvbuff to adjust.
specified_lenThe length to set for the tvbuff.

◆ set_data_source_media_type()

WS_DLL_PUBLIC void set_data_source_media_type ( struct data_source src,
data_source_media_type_e  media_type 
)

Set the media type for the data source. This will be used as a hint to display the source's tvbuff.

Parameters
srcThe data source.
media_typeA valid media type.

◆ set_data_source_name()

WS_DLL_PUBLIC void set_data_source_name ( packet_info pinfo,
struct data_source src,
const char *  name 
)

Set the name for the data source.

Parameters
pinfopinfo from whose pool to allocate a copy of the data source
srcThe data source.
namenew name for the data source

◆ set_postdissector_wanted_hfids()

WS_DLL_PUBLIC void set_postdissector_wanted_hfids ( dissector_handle_t  handle,
GArray *  wanted_hfids 
)

Specify a set of hfids that the postdissector will need on the first pass. This ensures that the fields will not be faked, and can be retrieved with proto_get_finfo_ptr_array.

Note
There is no way to guarantee that fields added by other postdissectors will be available. (Issue #19804) This is for postdissectors that examine fields added by other dissectors on the first linear pass, and then store their own results in persistent memory for retrieval and adding in later passes. Postdissectors that need field values on later passes should call something else, like epan_set_always_visible() (which slows dissection.)
Parameters
handleThe dissector handle used to register the postdissector.
wanted_hfidsAn array of hfids (type int), which should be NULL to clear the list. This function will take ownership of the array.
Generated by doxygen 1.9.8