Wireshark 4.5.0
The Wireshark network protocol analyzer
|
Go to the source code of this file.
Classes | |
struct | conversation_element |
struct | conversation |
Macros | |
#define | NO_ADDR2 0x01 |
#define | NO_PORT2 0x02 |
#define | NO_PORT2_FORCE 0x04 |
#define | CONVERSATION_TEMPLATE 0x08 |
#define | NO_PORTS 0x010 |
#define | NO_MASK_B 0xFFFF0000 |
#define | NO_ADDR_B 0x00010000 |
#define | NO_PORT_B 0x00020000 |
#define | NO_PORT_X 0x00040000 |
#define | NO_ANC 0x00080000 |
#define | USE_LAST_ENDPOINT 0x08 |
#define | ENDPOINT_NONE CONVERSATION_NONE |
#define | ENDPOINT_SCTP CONVERSATION_SCTP |
#define | ENDPOINT_TCP CONVERSATION_TCP |
#define | ENDPOINT_UDP CONVERSATION_UDP |
#define | ENDPOINT_DCCP CONVERSATION_DCCP |
#define | ENDPOINT_IPX CONVERSATION_IPX |
#define | ENDPOINT_NCP CONVERSATION_NCP |
#define | ENDPOINT_EXCHG CONVERSATION_EXCHG |
#define | ENDPOINT_DDP CONVERSATION_DDP |
#define | ENDPOINT_SBCCS CONVERSATION_SBCCS |
#define | ENDPOINT_IDP CONVERSATION_IDP |
#define | ENDPOINT_TIPC CONVERSATION_TIPC |
#define | ENDPOINT_USB CONVERSATION_USB |
#define | ENDPOINT_I2C CONVERSATION_I2C |
#define | ENDPOINT_IBQP CONVERSATION_IBQP |
#define | ENDPOINT_BLUETOOTH CONVERSATION_BLUETOOTH |
#define | ENDPOINT_TDMOP CONVERSATION_TDMOP |
#define | ENDPOINT_DVBCI CONVERSATION_DVBCI |
#define | ENDPOINT_ISO14443 CONVERSATION_ISO14443 |
#define | ENDPOINT_ISDN CONVERSATION_ISDN |
#define | ENDPOINT_H223 CONVERSATION_H223 |
#define | ENDPOINT_X25 CONVERSATION_X25 |
#define | ENDPOINT_IAX2 CONVERSATION_IAX2 |
#define | ENDPOINT_DLCI CONVERSATION_DLCI |
#define | ENDPOINT_ISUP CONVERSATION_ISUP |
#define | ENDPOINT_BICC CONVERSATION_BICC |
#define | ENDPOINT_GSMTAP CONVERSATION_GSMTAP |
#define | ENDPOINT_IUUP CONVERSATION_IUUP |
#define | ENDPOINT_DVBBBF CONVERSATION_DVBBBF |
#define | ENDPOINT_IWARP_MPA CONVERSATION_IWARP_MPA |
#define | ENDPOINT_BT_UTP CONVERSATION_BT_UTP |
#define | ENDPOINT_LOG CONVERSATION_LOG |
#define | ENDPOINT_MCTP CONVERSATION_MCTP |
#define | ENDPOINT_NVME_MI CONVERSATION_NVME_MI |
#define | ENDPOINT_SNMP CONVERSATION_SNMP |
Typedefs | |
typedef conversation_type | endpoint_type |
typedef struct conversation_element | conversation_element_t |
typedef struct conversation | conversation_t |
typedef struct conversation_addr_port_endpoints * | conversation_addr_port_endpoints_t |
Enumerations | |
enum | conversation_type { CONVERSATION_NONE , CONVERSATION_SCTP , CONVERSATION_TCP , CONVERSATION_UDP , CONVERSATION_DCCP , CONVERSATION_IPX , CONVERSATION_NCP , CONVERSATION_EXCHG , CONVERSATION_DDP , CONVERSATION_SBCCS , CONVERSATION_IDP , CONVERSATION_TIPC , CONVERSATION_USB , CONVERSATION_I2C , CONVERSATION_IBQP , CONVERSATION_BLUETOOTH , CONVERSATION_TDMOP , CONVERSATION_DVBCI , CONVERSATION_ISO14443 , CONVERSATION_ISDN , CONVERSATION_H223 , CONVERSATION_X25 , CONVERSATION_IAX2 , CONVERSATION_DLCI , CONVERSATION_ISUP , CONVERSATION_BICC , CONVERSATION_GSMTAP , CONVERSATION_IUUP , CONVERSATION_DVBBBF , CONVERSATION_IWARP_MPA , CONVERSATION_BT_UTP , CONVERSATION_LOG , CONVERSATION_LTP , CONVERSATION_MCTP , CONVERSATION_NVME_MI , CONVERSATION_BP , CONVERSATION_SNMP , CONVERSATION_QUIC , CONVERSATION_IDN , CONVERSATION_IP , CONVERSATION_IPV6 , CONVERSATION_ETH , CONVERSATION_ETH_NN , CONVERSATION_ETH_NV , CONVERSATION_ETH_IN , CONVERSATION_ETH_IV , CONVERSATION_VSPC_VMOTION , CONVERSATION_OPENVPN , CONVERSATION_PROXY , CONVERSATION_GNSS , CONVERSATION_DNP3 } |
enum | conversation_element_type { CE_CONVERSATION_TYPE , CE_ADDRESS , CE_PORT , CE_STRING , CE_UINT , CE_UINT64 , CE_INT , CE_INT64 , CE_BLOB } |
Functions | |
WS_DLL_PUBLIC const address * | conversation_key_addr1 (const conversation_element_t *key) |
WS_DLL_PUBLIC uint32_t | conversation_key_port1 (const conversation_element_t *key) |
WS_DLL_PUBLIC const address * | conversation_key_addr2 (const conversation_element_t *key) |
WS_DLL_PUBLIC uint32_t | conversation_key_port2 (const conversation_element_t *key) |
void | conversation_init (void) |
void | conversation_epan_reset (void) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | conversation_new_full (const uint32_t setup_frame, conversation_element_t *elements) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | conversation_new (const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t port1, const uint32_t port2, const unsigned options) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | conversation_new_by_id (const uint32_t setup_frame, const conversation_type ctype, const uint32_t id) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | conversation_new_deinterlaced (const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t port1, const uint32_t port2, const uint32_t anchor, const unsigned options) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | conversation_new_deinterlacer (const uint32_t setup_frame, const address *addr1, const address *addr2, const conversation_type ctype, const uint32_t key1, const uint32_t key2, const uint32_t key3) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | conversation_new_strat (packet_info *pinfo, const conversation_type ctype, const unsigned options) |
WS_DLL_PUBLIC conversation_t * | find_conversation_full (const uint32_t frame_num, conversation_element_t *elements) |
WS_DLL_PUBLIC conversation_t * | find_conversation (const uint32_t frame_num, const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t port_a, const uint32_t port_b, const unsigned options) |
WS_DLL_PUBLIC conversation_t * | find_conversation_deinterlaced (const uint32_t frame_num, const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t port_a, const uint32_t port_b, const uint32_t anchor, const unsigned options) |
WS_DLL_PUBLIC conversation_t * | find_conversation_deinterlacer (const uint32_t frame_num, const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t key_a, const uint32_t key_b, const uint32_t key_c) |
WS_DLL_PUBLIC conversation_t * | find_conversation_deinterlacer_pinfo (const packet_info *pinfo) |
WS_DLL_PUBLIC conversation_t * | find_conversation_by_id (const uint32_t frame, const conversation_type ctype, const uint32_t id) |
WS_DLL_PUBLIC conversation_t * | find_conversation_strat (const packet_info *pinfo, const conversation_type ctype, const unsigned options) |
WS_DLL_PUBLIC conversation_t * | find_conversation_pinfo (const packet_info *pinfo, const unsigned options) |
WS_DLL_PUBLIC conversation_t * | find_conversation_pinfo_ro (const packet_info *pinfo, const unsigned options) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | find_or_create_conversation (packet_info *pinfo) |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * | find_or_create_conversation_by_id (packet_info *pinfo, const conversation_type ctype, const uint32_t id) |
WS_DLL_PUBLIC void | conversation_add_proto_data (conversation_t *conv, const int proto, void *proto_data) |
WS_DLL_PUBLIC void * | conversation_get_proto_data (const conversation_t *conv, const int proto) |
WS_DLL_PUBLIC void | conversation_delete_proto_data (conversation_t *conv, const int proto) |
WS_DLL_PUBLIC void | conversation_set_dissector (conversation_t *conversation, const dissector_handle_t handle) |
WS_DLL_PUBLIC void | conversation_set_dissector_from_frame_number (conversation_t *conversation, const uint32_t starting_frame_num, const dissector_handle_t handle) |
WS_DLL_PUBLIC dissector_handle_t | conversation_get_dissector (conversation_t *conversation, const uint32_t frame_num) |
WS_DLL_PUBLIC void | conversation_set_conv_addr_port_endpoints (struct _packet_info *pinfo, address *addr1, address *addr2, conversation_type ctype, uint32_t port1, uint32_t port2) |
WS_DLL_PUBLIC void | conversation_set_elements_by_id (struct _packet_info *pinfo, conversation_type ctype, uint32_t id) |
WS_DLL_PUBLIC uint32_t | conversation_get_id_from_elements (struct _packet_info *pinfo, conversation_type ctype, const unsigned options) |
Get the ID value from the conversation elements in the packet info. | |
WS_DLL_PUBLIC bool | try_conversation_dissector (const address *addr_a, const address *addr_b, const conversation_type ctype, const uint32_t port_a, const uint32_t port_b, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data, const unsigned options) |
WS_DLL_PUBLIC bool | try_conversation_dissector_by_id (const conversation_type ctype, const uint32_t id, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) |
WS_DLL_PUBLIC void | conversation_set_port2 (conversation_t *conv, const uint32_t port) |
WS_DLL_PUBLIC void | conversation_set_addr2 (conversation_t *conv, const address *addr) |
WS_DLL_PUBLIC wmem_map_t * | get_conversation_hashtables (void) |
Get a hash table of conversation hash table. | |
WS_DLL_PUBLIC conversation_type | conversation_pt_to_conversation_type (port_type pt) |
WS_DLL_PUBLIC endpoint_type | conversation_pt_to_endpoint_type (port_type pt) |
The conversation API lets you correlate packets based on values in a packet, typically address+port tuples. You can search for conversations based on their value tuples and attach data to them.
#define NO_ADDR2 0x01 |
Flags to pass to "conversation_new()" to indicate that the address 2 and/or port 2 values for the conversation should be wildcards. The CONVERSATION_TEMPLATE option tells that any of the other supplied port and / or address wildcards will be used to match an infinite number of new connections to the conversation(s) that have the CONVERSATION_- TEMPLATE flag set. Any conversation created without the CONVERSATION_- TEMPLATE flag will be altered once the first connections (connection oriented protocols only) to include the newly found information which matched the wildcard options.
#define NO_MASK_B 0xFFFF0000 |
Flags to pass to "find_conversation()" to indicate that the address B and/or port B search arguments are wildcards.
#define USE_LAST_ENDPOINT 0x08 |
Flags to handle endpoints Use last endpoint created, regardless of type
typedef struct conversation_element conversation_element_t |
Elements used to identify conversations for *_full routines and pinfo->conv_elements. Arrays must be terminated with an element .type set to CE_CONVERSATION_TYPE.
This is currently set only by conversation_set_elements_by_id(); it is not set for conversations identified by address/port endpoints.
In find_conversation_pinfo() and find_or_create_conversation(), if any dissector has set this, then, unless some dissector has set the pair of address/port endpoints (see below), the array of elements is used to look up or create the conversation. Otherwise, the current addresses and ports in the packet_info structure are used.
XXX - is there any reason why we shouldn't use an array of conversation elements, with the appropriate addresses and ports, and set it for all protocols that use conversations specified by a pair of address/port endpoints? That might simplify find_conversation_pinfo() by having them always use the array of elements if it's present, and just fail if it's not.
typedef struct conversation conversation_t |
Data structure representing a conversation.
Conversation element type.
WS_DLL_PUBLIC void conversation_add_proto_data | ( | conversation_t * | conv, |
const int | proto, | ||
void * | proto_data | ||
) |
Associate data with a conversation.
conv | Conversation. Must not be NULL. |
proto | Protocol ID. |
proto_data | Pointer to the data to associate. |
WS_DLL_PUBLIC void conversation_delete_proto_data | ( | conversation_t * | conv, |
const int | proto | ||
) |
Remove data associated with a conversation.
conv | Conversation. Must not be NULL. |
proto | Protocol ID. |
|
extern |
Initialize some variables every time a file is loaded or re-loaded.
WS_DLL_PUBLIC uint32_t conversation_get_id_from_elements | ( | struct _packet_info * | pinfo, |
conversation_type | ctype, | ||
const unsigned | options | ||
) |
Get the ID value from the conversation elements in the packet info.
pinfo | Packet info. |
ctype | The conversation type. |
options | USE_LAST_ENDPOINT or 0. |
WS_DLL_PUBLIC void * conversation_get_proto_data | ( | const conversation_t * | conv, |
const int | proto | ||
) |
Fetch data associated with a conversation.
conv | Conversation. Must not be NULL. |
proto | Protocol ID. |
|
extern |
Create a new hash tables for conversations.
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new | ( | const uint32_t | setup_frame, |
const address * | addr1, | ||
const address * | addr2, | ||
const conversation_type | ctype, | ||
const uint32_t | port1, | ||
const uint32_t | port2, | ||
const unsigned | options | ||
) |
Given two address/port pairs for a packet, create a new conversation identified by address/port pairs.
The options field is used to specify whether the address 2 value and/or port 2 value are not given and any value is acceptable when searching for this conversation. Null address values will be replaced with empty (AT_NONE) addresses.
setup_frame | The first frame in the conversation. |
addr1 | The first address in the identifying tuple. |
addr2 | The second address in the identifying tuple. |
ctype | The conversation type. |
port1 | The first port in the identifying tuple. |
port2 | The second port in the identifying tuple. |
options | NO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE. Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed. |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_deinterlacer | ( | const uint32_t | setup_frame, |
const address * | addr1, | ||
const address * | addr2, | ||
const conversation_type | ctype, | ||
const uint32_t | key1, | ||
const uint32_t | key2, | ||
const uint32_t | key3 | ||
) |
Create a deinterlacer conversation, based on two addresses, a type, and several keys (VLAN, Mac, Interface).
setup_frame | The first frame in the conversation. |
addr1 | The first address in the identifying tuple. |
addr2 | The second address in the identifying tuple. |
ctype | The conversation type. |
key1 | The first key in the identifying tuple. |
key2 | The second key in the identifying tuple. |
key3 | The third key in the identifying tuple. |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_full | ( | const uint32_t | setup_frame, |
conversation_element_t * | elements | ||
) |
Create a new conversation identified by a list of elements.
setup_frame | The first frame in the conversation. |
elements | An array of element types and values. Must not be NULL. Must be terminated with a CE_CONVERSATION_TYPE element. |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * conversation_new_strat | ( | packet_info * | pinfo, |
const conversation_type | ctype, | ||
const unsigned | options | ||
) |
A helper function for creating conversations according to the runtime deinterlacing strategy, which means the returned conversation is either a classic (historical) object, or a deinterlaced one.
pinfo | Packet info. |
ctype | The conversation type. |
options | NO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE. Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed. |
WS_DLL_PUBLIC void conversation_set_addr2 | ( | conversation_t * | conv, |
const address * | addr | ||
) |
Set the second address in a conversation created with conversation_new.
conv | Conversation. Must be created with conversation_new. |
addr | The second address to set. |
WS_DLL_PUBLIC void conversation_set_conv_addr_port_endpoints | ( | struct _packet_info * | pinfo, |
address * | addr1, | ||
address * | addr2, | ||
conversation_type | ctype, | ||
uint32_t | port1, | ||
uint32_t | port2 | ||
) |
Save address+port information in the current packet info; it can be matched by find_conversation_pinfo or find_conversation. Supports wildcarding.
pinfo | Packet info. |
addr1 | The first address in the identifying tuple. |
addr2 | The second address in the identifying tuple. |
ctype | The conversation type. |
port1 | The first port in the identifying tuple. |
port2 | The second port in the identifying tuple. |
WS_DLL_PUBLIC void conversation_set_elements_by_id | ( | struct _packet_info * | pinfo, |
conversation_type | ctype, | ||
uint32_t | id | ||
) |
Save conversation elements including ID information in the current packet info which can be matched by conversation_get_id_from_elements. Does not support wildcarding.
pinfo | Packet info. |
ctype | The conversation type. |
id | A unique ID. |
WS_DLL_PUBLIC void conversation_set_port2 | ( | conversation_t * | conv, |
const uint32_t | port | ||
) |
Set the second port in a conversation created with conversation_new.
conv | Conversation. Must be created with conversation_new. |
port | The second port to set. |
WS_DLL_PUBLIC conversation_t * find_conversation | ( | const uint32_t | frame_num, |
const address * | addr_a, | ||
const address * | addr_b, | ||
const conversation_type | ctype, | ||
const uint32_t | port_a, | ||
const uint32_t | port_b, | ||
const unsigned | options | ||
) |
Given two address/port pairs for a packet, search for a conversation containing packets between those address/port pairs. Returns NULL if not found.
We try to find the most exact match that we can, and then proceed to try wildcard matches on the "addr_b" and/or "port_b" argument if a more exact match failed.
Either or both of the "addr_b" and "port_b" arguments may be specified as a wildcard by setting the NO_ADDR_B or NO_PORT_B flags in the "options" argument. We do only wildcard matches on addresses and ports specified as wildcards.
I.e.:
if neither "addr_b" nor "port_b" were specified as wildcards, we do an exact match (addr_a/port_a and addr_b/port_b) and, if that succeeds, we return a pointer to the matched conversation;
otherwise, if "port_b" wasn't specified as a wildcard, we try to match any address 2 with the specified port 2 (addr_a/port_a and {any}/addr_b) and, if that succeeds, we return a pointer to the matched conversation;
otherwise, if "addr_b" wasn't specified as a wildcard, we try to match any port 2 with the specified address 2 (addr_a/port_a and addr_b/{any}) and, if that succeeds, we return a pointer to the matched conversation;
otherwise, we try to match any address 2 and any port 2 (addr_a/port_a and {any}/{any}) and, if that succeeds, we return a pointer to the matched conversation;
otherwise, we found no matching conversation, and return NULL.
Null address values will be replaced with empty (AT_NONE) addresses.
frame_num | Frame number. Must be greater than or equal to the conversation's initial frame number. |
addr_a | The first address in the identifying tuple. |
addr_b | The second address in the identifying tuple. |
ctype | The conversation type. |
port_a | The first port in the identifying tuple. |
port_b | The second port in the identifying tuple. |
options | Wildcard options as described above. |
WS_DLL_PUBLIC conversation_t * find_conversation_deinterlacer_pinfo | ( | const packet_info * | pinfo | ) |
A wrapper function of find_conversation_deinterlacer() using data from pinfo, which evaluates the execution context first (user preference, VLAN, interface,..), and then calls find_conversation_deinterlacer(). The frame number and addresses are taken from pinfo.
WS_DLL_PUBLIC conversation_t * find_conversation_full | ( | const uint32_t | frame_num, |
conversation_element_t * | elements | ||
) |
Search for a conversation based on the structure and values of an element list.
frame_num | Frame number. Must be greater than or equal to the conversation's initial frame number. |
elements | An array of element types and values. Must not be NULL. Must be terminated with a CE_CONVERSATION_TYPE element. |
WS_DLL_PUBLIC conversation_t * find_conversation_pinfo | ( | const packet_info * | pinfo, |
const unsigned | options | ||
) |
A helper function that calls find_conversation() using data from pinfo The frame number and addresses are taken from pinfo.
WS_DLL_PUBLIC conversation_t * find_conversation_pinfo_ro | ( | const packet_info * | pinfo, |
const unsigned | options | ||
) |
A helper function that calls find_conversation() using data from pinfo. It's a simplified version of find_conversation_pinfo() to avoid unnecessary checks and be limited to read-only, which is the minimal need for displaying packets in packet_list. The frame number and addresses are taken from pinfo.
A helper function that calls find_conversation() using data from pinfo, as above, but somewhat simplified for being accessed from packet_list. The frame number and addresses are taken from pinfo.
WS_DLL_PUBLIC conversation_t * find_conversation_strat | ( | const packet_info * | pinfo, |
const conversation_type | ctype, | ||
const unsigned | options | ||
) |
A helper function that calls find_conversation() using data from pinfo, and returns a conversation according to the runtime deinterlacing strategy. The frame number and addresses are taken from pinfo.
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * find_or_create_conversation | ( | packet_info * | pinfo | ) |
A helper function that calls find_conversation() and, if a conversation is not found, calls conversation_new(). The frame number and addresses are taken from pinfo. No options are used, though we could extend this API to include an options parameter.
pinfo | Packet info. |
WS_DLL_PUBLIC WS_RETNONNULL conversation_t * find_or_create_conversation_by_id | ( | packet_info * | pinfo, |
const conversation_type | ctype, | ||
const uint32_t | id | ||
) |
A helper function that calls find_conversation_by_id() and, if a conversation is not found, calls conversation_new_by_id(). The frame number is taken from pinfo.
WS_DLL_PUBLIC wmem_map_t * get_conversation_hashtables | ( | void | ) |
Get a hash table of conversation hash table.
WS_DLL_PUBLIC bool try_conversation_dissector | ( | const address * | addr_a, |
const address * | addr_b, | ||
const conversation_type | ctype, | ||
const uint32_t | port_a, | ||
const uint32_t | port_b, | ||
tvbuff_t * | tvb, | ||
packet_info * | pinfo, | ||
proto_tree * | tree, | ||
void * | data, | ||
const unsigned | options | ||
) |
Given two address/port pairs for a packet, search for a matching conversation and, if found and it has a conversation dissector, call that dissector and return true, otherwise return false.
This helper uses call_dissector_only which will NOT call the default "data" dissector if the packet was rejected. Our caller is responsible to call the data dissector explicitly in case this function returns false.