packet.h

Go to the documentation of this file.

 
#pragma once
#include <wsutil/array.h>
#include "proto.h"
#include "range.h"
#include "tvbuff.h"
#include "epan.h"
#include "frame_data.h"
#include "packet_info.h"
#include "column-utils.h"
#include "guid-utils.h"
 
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
 
struct wtap_block;
typedef struct wtap_block* wtap_block_t;
 
 
#define hi_nibble(b) (((b) & 0xf0) >> 4)
#define lo_nibble(b) ((b) & 0x0f)
 
/* Check whether the "len" bytes of data starting at "offset" is
 * entirely inside the captured data for this packet. */
#define BYTES_ARE_IN_FRAME(offset, captured_len, len) \
    ((unsigned)(offset) + (unsigned)(len) > (unsigned)(offset) && \
     (unsigned)(offset) + (unsigned)(len) <= (unsigned)(captured_len))
 
/* 0 is case sensitive for backwards compatibility with tables that
 * used false or BASE_NONE for case sensitive, which was the default.
 */
#define STRING_CASE_SENSITIVE 0
#define STRING_CASE_INSENSITIVE 1
 
extern void packet_init(void);
 
extern void packet_cache_proto_handles(void);
 
extern void packet_all_tables_sort_handles(void);
 
extern void packet_cleanup(void);
 
/* Handle for dissectors you call directly or register with "dissector_add_uint()".
   This handle is opaque outside of "packet.c". */
struct dissector_handle;
typedef struct dissector_handle *dissector_handle_t;
 
/* Hash table for matching unsigned integers, or strings, and dissectors;
   this is opaque outside of "packet.c". */
struct dissector_table;
typedef struct dissector_table *dissector_table_t;
 
/*
 * Dissector that returns:
 *
 *  The amount of data in the protocol's PDU, if it was able to
 *  dissect all the data;
 *
 *  0, if the tvbuff doesn't contain a PDU for that protocol;
 *
 *  The negative of the amount of additional data needed, if
 *  we need more data (e.g., from subsequent TCP segments) to
 *  dissect the entire PDU.
 */
typedef int (*dissector_t)(tvbuff_t *, packet_info *, proto_tree *, void *);
 
/* Same as dissector_t with an extra parameter for callback pointer */
typedef int (*dissector_cb_t)(tvbuff_t *, packet_info *, proto_tree *, void *, void *);
 
typedef bool (*heur_dissector_t)(tvbuff_t *tvb, packet_info *pinfo,
    proto_tree *tree, void *);
 
typedef enum {
    HEURISTIC_DISABLE, 
    HEURISTIC_ENABLE   
} heuristic_enable_e;
 
typedef void (*DATFunc) (const char *table_name, ftenum_t selector_type,
    void *key, void *value, void *user_data);
typedef void (*DATFunc_handle) (const char *table_name, void *value,
    void *user_data);
typedef void (*DATFunc_table) (const char *table_name, const char *ui_name,
    void *user_data);
 
/* Opaque structure - provides type checking but no access to components */
typedef struct dtbl_entry dtbl_entry_t;
 
WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_handle(dtbl_entry_t *dtbl_entry);
 
WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_initial_handle(dtbl_entry_t *entry);
 
void dissector_table_foreach_changed (const char *table_name, DATFunc func,
    void *user_data);
 
WS_DLL_PUBLIC void dissector_table_foreach (const char *table_name, DATFunc func,
    void *user_data);
 
WS_DLL_PUBLIC void dissector_all_tables_foreach_changed (DATFunc func,
    void *user_data);
 
WS_DLL_PUBLIC void dissector_table_foreach_handle(const char *table_name, DATFunc_handle func,
    void *user_data);
 
WS_DLL_PUBLIC void dissector_all_tables_foreach_table (DATFunc_table func,
    void *user_data, GCompareFunc compare_key_func);
 
WS_DLL_PUBLIC dissector_table_t register_dissector_table(const char *name,
    const char *ui_name, const int proto, const ftenum_t type, const int param);
 
WS_DLL_PUBLIC dissector_table_t register_custom_dissector_table(const char *name,
    const char *ui_name, const int proto, GHashFunc hash_func, GEqualFunc key_equal_func,
    GDestroyNotify key_destroy_func);
 
WS_DLL_PUBLIC void register_dissector_table_alias(dissector_table_t dissector_table,
    const char *alias_name);
 
void deregister_dissector_table(const char *name);
 
WS_DLL_PUBLIC dissector_table_t find_dissector_table(const char *name);
 
WS_DLL_PUBLIC const char *get_dissector_table_ui_name(const char *name);
 
WS_DLL_PUBLIC ftenum_t get_dissector_table_selector_type(const char *name);
 
WS_DLL_PUBLIC int get_dissector_table_param(const char *name);
 
WS_DLL_PUBLIC void dissector_dump_dissector_tables(void);
 
WS_DLL_PUBLIC void dissector_add_uint(const char *name, const uint32_t pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_add_uint_with_preference(const char *name, const uint32_t pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_add_uint_range(const char *abbrev, range_t *range,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_add_uint_range_with_preference(const char *abbrev, const char* range_str,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_delete_uint(const char *name, const uint32_t pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_delete_uint_range(const char *abbrev, range_t *range,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_delete_all(const char *name, dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_change_uint(const char *abbrev, const uint32_t pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_reset_uint(const char *name, const uint32_t pattern);
 
WS_DLL_PUBLIC bool dissector_is_uint_changed(dissector_table_t const sub_dissectors, const uint32_t uint_val);
 
WS_DLL_PUBLIC int dissector_try_uint(dissector_table_t sub_dissectors,
    const uint32_t uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
 
WS_DLL_PUBLIC int dissector_try_uint_with_data(dissector_table_t sub_dissectors,
    const uint32_t uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data);
 
WS_DEPRECATED_X("Use dissector_try_uint_with_data instead")
static inline int dissector_try_uint_new(dissector_table_t sub_dissectors,
    const uint32_t uint_val, tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, const bool add_proto_name, void* data) \
{   return dissector_try_uint_with_data(sub_dissectors, uint_val, tvb, pinfo, tree, add_proto_name, data); }
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle(
    dissector_table_t const sub_dissectors, const uint32_t uint_val);
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle(
    const char *name, const uint32_t uint_val);
 
WS_DLL_PUBLIC void dissector_add_string(const char *name, const char *pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_delete_string(const char *name, const char *pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_change_string(const char *name, const char *pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_reset_string(const char *name, const char *pattern);
 
WS_DLL_PUBLIC bool dissector_is_string_changed(dissector_table_t const subdissectors, const char *string);
 
WS_DLL_PUBLIC int dissector_try_string_with_data(dissector_table_t sub_dissectors,
    const char* string, tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, const bool add_proto_name, void* data);
 
WS_DEPRECATED_X("Use dissector_try_string_with_data instead")
static inline int
dissector_try_string(dissector_table_t sub_dissectors, const char* string,\
    tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, void* data) \
    { return dissector_try_string_with_data(sub_dissectors, string, tvb, pinfo, tree, true, data); }
 
WS_DEPRECATED_X("Use dissector_try_string_with_data instead")
static inline int
dissector_try_string_new(dissector_table_t sub_dissectors, const char* string, \
    tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, const bool add_proto_name, void* data) \
{ return dissector_try_string_with_data(sub_dissectors, string, tvb, pinfo, tree, add_proto_name, data); }
 
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle(
    dissector_table_t sub_dissectors, const char *string);
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle(
    const char *name, const char *string);
 
WS_DLL_PUBLIC void dissector_add_custom_table_handle(const char *name, void *pattern,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle(
    dissector_table_t sub_dissectors, void *key);
 
typedef struct _guid_key {
    e_guid_t guid; 
    uint16_t ver;  
} guid_key;
 
WS_DLL_PUBLIC void dissector_add_guid(const char *name, guid_key* guid_val,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC int dissector_try_guid_with_data(dissector_table_t sub_dissectors,
    guid_key* guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data);
 
WS_DLL_PUBLIC void dissector_delete_guid(const char *name, guid_key* guid_val,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle(
    dissector_table_t const sub_dissectors, guid_key* guid_val);
 
WS_DLL_PUBLIC int dissector_try_payload_with_data(dissector_table_t sub_dissectors,
    tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data);
 
WS_DEPRECATED_X("Use dissector_try_payload_with_data instead")
static inline int dissector_try_payload_new(dissector_table_t sub_dissectors,
    tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree, const bool add_proto_name, void* data){ \
    return dissector_try_payload_with_data(sub_dissectors, tvb, pinfo, tree, add_proto_name, data); \
}
 
WS_DEPRECATED_X("Use dissector_try_payload_with_data instead")
static inline int dissector_try_payload(dissector_table_t sub_dissectors,
    tvbuff_t* tvb, packet_info* pinfo, proto_tree* tree) {
    \
    return dissector_try_payload_with_data(sub_dissectors, tvb, pinfo, tree, true, NULL); \
}
 
WS_DLL_PUBLIC void dissector_change_payload(const char *abbrev, dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_reset_payload(const char *name);
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_payload_handle(
        dissector_table_t const dissector_table);
 
WS_DLL_PUBLIC void dissector_add_for_decode_as(const char *name,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC void dissector_add_for_decode_as_with_preference(const char *name,
    dissector_handle_t handle);
 
WS_DLL_PUBLIC GSList *dissector_table_get_dissector_handles(dissector_table_t dissector_table);
 
WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle(dissector_table_t dissector_table, const char* description);
 
WS_DLL_PUBLIC ftenum_t dissector_table_get_type(dissector_table_t dissector_table);
 
WS_DLL_PUBLIC void dissector_table_allow_decode_as(dissector_table_t dissector_table);
 
WS_DLL_PUBLIC bool dissector_table_supports_decode_as(dissector_table_t dissector_table);
 
/* List of "heuristic" dissectors (which get handed a packet, look at it,
   and either recognize it as being for their protocol, dissect it, and
   return true, or don't recognize it and return false) to be called
   by another dissector.
 
   This is opaque outside of "packet.c". */
struct heur_dissector_list;
typedef struct heur_dissector_list *heur_dissector_list_t;
 
 
typedef struct heur_dtbl_entry {
    heur_dissector_t dissector;        
    protocol_t*      protocol;         
    char*            list_name;        
    const char*      display_name;     
    char*            short_name;       
    bool             enabled;          
    bool             enabled_by_default; 
} heur_dtbl_entry_t;
 
WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list_with_description(const char *name, const char *ui_name, const int proto);
 
WS_DLL_PUBLIC const char *heur_dissector_list_get_description(heur_dissector_list_t list);
 
WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list(const char *name, const int proto);
 
void deregister_heur_dissector_list(const char *name);
 
typedef void (*DATFunc_heur) (const char *table_name,
    struct heur_dtbl_entry *entry, void *user_data);
typedef void (*DATFunc_heur_table) (const char *table_name,
    struct heur_dissector_list *table, void *user_data);
 
WS_DLL_PUBLIC void heur_dissector_table_foreach(const char *table_name,
    DATFunc_heur func, void *user_data);
 
WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table (DATFunc_heur_table func,
    void *user_data, GCompareFunc compare_key_func);
 
WS_DLL_PUBLIC bool has_heur_dissector_list(const char *name);
 
WS_DLL_PUBLIC bool dissector_try_heuristic(heur_dissector_list_t sub_dissectors,
    tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **hdtbl_entry, void *data);
 
WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list(const char *name);
 
WS_DLL_PUBLIC heur_dtbl_entry_t* find_heur_dissector_by_unique_short_name(const char *short_name);
 
WS_DLL_PUBLIC void heur_dissector_add(const char *name, heur_dissector_t dissector,
    const char *display_name, const char *internal_name, const int proto, heuristic_enable_e enable);
 
WS_DLL_PUBLIC void heur_dissector_delete(const char *name, heur_dissector_t dissector, const int proto);
 
WS_DLL_PUBLIC dissector_handle_t register_dissector(const char *name,
    dissector_t dissector, const int proto);
 
WS_DLL_PUBLIC dissector_handle_t register_dissector_with_description(const char *name,
    const char *description, dissector_t dissector, const int proto);
 
WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data(const char *name,
    dissector_cb_t dissector, const int proto, void *cb_data);
 
void deregister_dissector(const char *name);
 
WS_DLL_PUBLIC const char *dissector_handle_get_protocol_long_name(
    const dissector_handle_t handle);
 
WS_DLL_PUBLIC const char *dissector_handle_get_protocol_short_name(
    const dissector_handle_t handle);
 
G_DEPRECATED_FOR(dissector_handle_get_protocol_short_name)
WS_DLL_PUBLIC const char *dissector_handle_get_short_name(
    const dissector_handle_t handle);
 
 
WS_DLL_PUBLIC const char *dissector_handle_get_description(
    const dissector_handle_t handle);
 
WS_DLL_PUBLIC int dissector_handle_get_protocol_index(
    const dissector_handle_t handle);
 
WS_DLL_PUBLIC GList *get_dissector_names(void);
 
WS_DLL_PUBLIC dissector_handle_t find_dissector(const char *name);
 
WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency(const char *name,
    const int parent_proto);
 
WS_DLL_PUBLIC const char *dissector_handle_get_dissector_name(
    const dissector_handle_t handle);
 
WS_DLL_PUBLIC const char *dissector_handle_get_pref_suffix(
    const dissector_handle_t handle);
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle(dissector_t dissector,
    const int proto);
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name(
    dissector_t dissector, const int proto, const char *name);
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name_and_description(dissector_t dissector,
    const int proto, const char* name, const char* description);
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_data(
    dissector_cb_t dissector, const int proto, void *cb_data);
 
WS_DLL_PUBLIC void dissector_dump_dissectors(void);
 
WS_DLL_PUBLIC int call_dissector_with_data(dissector_handle_t handle, tvbuff_t *tvb,
    packet_info *pinfo, proto_tree *tree, void *data);
 
WS_DLL_PUBLIC int call_dissector(dissector_handle_t handle, tvbuff_t *tvb,
    packet_info *pinfo, proto_tree *tree);
 
WS_DLL_PUBLIC int call_data_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
 
WS_DLL_PUBLIC int call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb,
    packet_info *pinfo, proto_tree *tree, void *data);
 
WS_DLL_PUBLIC void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb,
    packet_info *pinfo, proto_tree *tree, void *data);
 
/* This is opaque outside of "packet.c". */
struct depend_dissector_list;
typedef struct depend_dissector_list *depend_dissector_list_t;
 
WS_DLL_PUBLIC bool register_depend_dissector(const char* parent, const char* dependent);
 
WS_DLL_PUBLIC bool deregister_depend_dissector(const char* parent, const char* dependent);
 
WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list(const char* name);
 
WS_DLL_PUBLIC void set_actual_length(tvbuff_t *tvb, const unsigned specified_len);
 
WS_DLL_PUBLIC void register_init_routine(void (*func)(void));
 
WS_DLL_PUBLIC void register_cleanup_routine(void (*func)(void));
 
WS_DLL_PUBLIC void register_shutdown_routine(void (*func)(void));
 
void init_dissection(const char* app_env_var_prefix);
 
void cleanup_dissection(void);
 
WS_DLL_PUBLIC void register_postseq_cleanup_routine(void (*func)(void));
 
WS_DLL_PUBLIC void postseq_cleanup_all_protocols(void);
 
WS_DLL_PUBLIC void
register_final_registration_routine(void (*func)(void));
 
extern void
final_registration_all_protocols(void);
 
// XXX Should we move frame_data.encoding here?
typedef enum {
    DS_MEDIA_TYPE_APPLICATION_OCTET_STREAM, 
    DS_MEDIA_TYPE_APPLICATION_JSON,         
} data_source_media_type_e;
 
struct data_source;
 
WS_DLL_PUBLIC struct data_source* add_new_data_source(packet_info *pinfo, tvbuff_t *tvb,
    const char *name);
 
WS_DLL_PUBLIC void set_data_source_name(packet_info *pinfo, struct data_source *src, const char *name);
 
WS_DLL_PUBLIC void set_data_source_media_type(struct data_source *src, data_source_media_type_e media_type);
 
WS_DLL_PUBLIC void remove_last_data_source(packet_info *pinfo);
 
WS_DLL_PUBLIC const char *get_data_source_name(const struct data_source *src);
 
WS_DLL_PUBLIC char *get_data_source_description(const struct data_source *src);
 
WS_DLL_PUBLIC tvbuff_t *get_data_source_tvb(const struct data_source *src);
WS_DLL_PUBLIC struct data_source *get_data_source_by_name(const packet_info *pinfo, const char *name);
 
WS_DLL_PUBLIC struct data_source *get_data_source_by_tvb(const packet_info *pinfo, const tvbuff_t *tvb);
 
WS_DLL_PUBLIC data_source_media_type_e get_data_source_media_type(const struct data_source *src);
 
extern void free_data_sources(packet_info *pinfo);
 
WS_DLL_PUBLIC void mark_frame_as_depended_upon(frame_data *fd, uint32_t frame_num);
 
typedef struct frame_data_s
{
    int          file_type_subtype; 
    wtap_block_t pkt_block;         
    struct epan_dissect* color_edt; 
} frame_data_t;
 
typedef struct file_data_s
{
    wtap_block_t pkt_block;         
    struct epan_dissect* color_edt; 
} file_data_t;
 
extern void dissect_record(struct epan_dissect *edt, int file_type_subtype,
    wtap_rec *rec, frame_data *fd, column_info *cinfo);
 
extern void dissect_file(struct epan_dissect *edt,
    wtap_rec *rec, frame_data *fd, column_info *cinfo);
 
typedef struct ethertype_data_s
{
    uint16_t    etype;          
    int         payload_offset; 
    proto_tree* fh_tree;        
    int         trailer_id;     
    int         fcs_len;        
} ethertype_data_t;
 
WS_DLL_PUBLIC void dissector_dump_decodes(void);
 
WS_DLL_PUBLIC void dissector_dump_heur_decodes(void);
 
/*
 * postdissectors are to be called by packet-frame.c after every other
 * dissector has been called.
 */
 
WS_DLL_PUBLIC void register_postdissector(dissector_handle_t handle);
 
WS_DLL_PUBLIC void set_postdissector_wanted_hfids(dissector_handle_t handle,
    GArray *wanted_hfids);
 
void deregister_postdissector(dissector_handle_t handle);
 
extern bool have_postdissector(void);
 
extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
 
WS_DLL_PUBLIC bool postdissectors_want_hfids(void);
 
extern void
prime_epan_dissect_with_postdissector_wanted_hfids(epan_dissect_t *edt);
 
WS_DLL_PUBLIC void increment_dissection_depth(packet_info *pinfo);
 
WS_DLL_PUBLIC void increment_dissection_depth_by_n(packet_info *pinfo, unsigned n);
 
WS_DLL_PUBLIC void decrement_dissection_depth(packet_info *pinfo);
 
WS_DLL_PUBLIC void decrement_dissection_depth_by_n(packet_info *pinfo, unsigned n);
 
#ifdef __cplusplus
}
#endif /* __cplusplus */