Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Classes | Typedefs | Functions | Variables
epan.h File Reference
#include <wsutil/feature_list.h>
#include <epan/tvbuff.h>
#include <epan/prefs.h>
#include <epan/frame_data.h>
#include <epan/register.h>
#include <wiretap/wtap_opttypes.h>

Go to the source code of this file.

Classes

struct  packet_provider_funcs
 
struct  epan_plugin
 

Typedefs

typedef struct epan_dissect epan_dissect_t
 
typedef struct epan_session epan_t
 

Functions

WS_DLL_PUBLIC bool epan_init (register_cb cb, void *client_data, bool load_plugins)
 
WS_DLL_PUBLIC e_prefsepan_load_settings (void)
 
WS_DLL_PUBLIC void epan_cleanup (void)
 
WS_DLL_PUBLIC void epan_register_plugin (const epan_plugin *plugin)
 
WS_DLL_PUBLIC int epan_plugins_supported (void)
 
void epan_conversation_init (void)
 
WS_DLL_PUBLIC epan_tepan_new (struct packet_provider_data *prov, const struct packet_provider_funcs *funcs)
 
WS_DLL_PUBLIC wtap_block_t epan_get_modified_block (const epan_t *session, const frame_data *fd)
 
WS_DLL_PUBLIC const char * epan_get_interface_name (const epan_t *session, uint32_t interface_id, unsigned section_number)
 
WS_DLL_PUBLIC const char * epan_get_interface_description (const epan_t *session, uint32_t interface_id, unsigned section_number)
 
const nstime_tepan_get_frame_ts (const epan_t *session, uint32_t frame_num)
 
WS_DLL_PUBLIC void epan_free (epan_t *session)
 
WS_DLL_PUBLIC const char * epan_get_version (void)
 
WS_DLL_PUBLIC void epan_get_version_number (int *major, int *minor, int *micro)
 
WS_DLL_PUBLIC void epan_set_always_visible (bool force)
 
WS_DLL_PUBLIC void epan_dissect_init (epan_dissect_t *edt, epan_t *session, const bool create_proto_tree, const bool proto_tree_visible)
 
WS_DLL_PUBLIC epan_dissect_tepan_dissect_new (epan_t *session, const bool create_proto_tree, const bool proto_tree_visible)
 
WS_DLL_PUBLIC void epan_dissect_reset (epan_dissect_t *edt)
 
WS_DLL_PUBLIC void epan_dissect_fake_protocols (epan_dissect_t *edt, const bool fake_protocols)
 
WS_DLL_PUBLIC void epan_dissect_run (epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, const uint8_t *data, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_run_with_taps (epan_dissect_t *edt, int file_type_subtype, wtap_rec *rec, const uint8_t *data, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_file_run (epan_dissect_t *edt, wtap_rec *rec, const uint8_t *data, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_file_run_with_taps (epan_dissect_t *edt, wtap_rec *rec, const uint8_t *data, frame_data *fd, struct epan_column_info *cinfo)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter (epan_dissect_t *edt, const struct epan_dfilter *dfcode)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter_print (epan_dissect_t *edt, const struct epan_dfilter *dfcode)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid (epan_dissect_t *edt, int hfid)
 
WS_DLL_PUBLIC void epan_dissect_prime_with_hfid_array (epan_dissect_t *edt, GArray *hfids)
 
WS_DLL_PUBLIC void epan_dissect_fill_in_columns (epan_dissect_t *edt, const bool fill_col_exprs, const bool fill_fd_colums)
 
WS_DLL_PUBLIC bool epan_dissect_packet_contains_field (epan_dissect_t *edt, const char *field_name)
 
WS_DLL_PUBLIC void epan_dissect_cleanup (epan_dissect_t *edt)
 
WS_DLL_PUBLIC void epan_dissect_free (epan_dissect_t *edt)
 
const char * epan_custom_set (epan_dissect_t *edt, GSList *ids, int occurrence, bool display_details, char *result, char *expr, const int size)
 
WS_DLL_PUBLIC void epan_gather_compile_info (feature_list l)
 
WS_DLL_PUBLIC void epan_gather_runtime_info (feature_list l)
 

Variables

bool wireshark_abort_on_dissector_bug
 
bool wireshark_abort_on_too_many_items
 

Detailed Description

Wireshark Protocol Analyzer Library

Copyright (c) 2001 by Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg

SPDX-License-Identifier: GPL-2.0-or-later

Typedef Documentation

◆ epan_t

typedef struct epan_session epan_t

A client will create one epan_t for an entire dissection session. A single epan_t will be used to analyze the entire sequence of packets, sequentially, in a single session. A session corresponds to a single packet trace file. The reasons epan_t exists is that some packets in some protocols cannot be decoded without knowledge of previous packets. This inter-packet "state" is stored in the epan_t.

Function Documentation

◆ epan_cleanup()

WS_DLL_PUBLIC void epan_cleanup ( void  )

cleanup the whole epan module, this is used to be called only once in a program

◆ epan_conversation_init()

void epan_conversation_init ( void  )

Initialize the table of conversations. Conversations are identified by their endpoints; they are used for protocols such as IP, TCP, and UDP, where packets contain endpoint information but don't contain a single value indicating to which flow the packet belongs.

◆ epan_custom_set()

const char * epan_custom_set ( epan_dissect_t edt,
GSList *  ids,
int  occurrence,
bool  display_details,
char *  result,
char *  expr,
const int  size 
)

Sets custom column

◆ epan_dissect_cleanup()

WS_DLL_PUBLIC void epan_dissect_cleanup ( epan_dissect_t edt)

releases resources attached to the packet dissection. DOES NOT free the actual pointer

◆ epan_dissect_fake_protocols()

WS_DLL_PUBLIC void epan_dissect_fake_protocols ( epan_dissect_t edt,
const bool  fake_protocols 
)

Indicate whether we should fake protocols or not

◆ epan_dissect_file_run()

WS_DLL_PUBLIC void epan_dissect_file_run ( epan_dissect_t edt,
wtap_rec rec,
const uint8_t *  data,
frame_data *  fd,
struct epan_column_info cinfo 
)

run a single file packet dissection

◆ epan_dissect_fill_in_columns()

WS_DLL_PUBLIC void epan_dissect_fill_in_columns ( epan_dissect_t edt,
const bool  fill_col_exprs,
const bool  fill_fd_colums 
)

fill the dissect run output into the packet list columns

◆ epan_dissect_free()

WS_DLL_PUBLIC void epan_dissect_free ( epan_dissect_t edt)

free a single packet dissection

◆ epan_dissect_init()

WS_DLL_PUBLIC void epan_dissect_init ( epan_dissect_t edt,
epan_t session,
const bool  create_proto_tree,
const bool  proto_tree_visible 
)

initialize an existing single packet dissection

◆ epan_dissect_new()

WS_DLL_PUBLIC epan_dissect_t * epan_dissect_new ( epan_t session,
const bool  create_proto_tree,
const bool  proto_tree_visible 
)

get a new single packet dissection should be freed using epan_dissect_free() after packet dissection completed

◆ epan_dissect_packet_contains_field()

WS_DLL_PUBLIC bool epan_dissect_packet_contains_field ( epan_dissect_t edt,
const char *  field_name 
)

Check whether a dissected packet contains a given named field

◆ epan_dissect_prime_with_dfilter()

WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter ( epan_dissect_t edt,
const struct epan_dfilter dfcode 
)

Prime an epan_dissect_t's proto_tree using the fields/protocols used in a dfilter.

◆ epan_dissect_prime_with_dfilter_print()

WS_DLL_PUBLIC void epan_dissect_prime_with_dfilter_print ( epan_dissect_t edt,
const struct epan_dfilter dfcode 
)

Prime an epan_dissect_t's proto_tree using the fields/protocols used in a dfilter, marked for print.

◆ epan_dissect_prime_with_hfid()

WS_DLL_PUBLIC void epan_dissect_prime_with_hfid ( epan_dissect_t edt,
int  hfid 
)

Prime an epan_dissect_t's proto_tree with a field/protocol specified by its hfid

◆ epan_dissect_prime_with_hfid_array()

WS_DLL_PUBLIC void epan_dissect_prime_with_hfid_array ( epan_dissect_t edt,
GArray *  hfids 
)

Prime an epan_dissect_t's proto_tree with a set of fields/protocols specified by their hfids in a GArray

◆ epan_dissect_run()

WS_DLL_PUBLIC void epan_dissect_run ( epan_dissect_t edt,
int  file_type_subtype,
wtap_rec rec,
const uint8_t *  data,
frame_data *  fd,
struct epan_column_info cinfo 
)

run a single packet dissection

◆ epan_gather_compile_info()

WS_DLL_PUBLIC void epan_gather_compile_info ( feature_list  l)

Get compile-time information for libraries used by libwireshark.

◆ epan_gather_runtime_info()

WS_DLL_PUBLIC void epan_gather_runtime_info ( feature_list  l)

Get runtime information for libraries used by libwireshark.

◆ epan_init()

WS_DLL_PUBLIC bool epan_init ( register_cb  cb,
void *  client_data,
bool  load_plugins 
)

The Enhanced Packet ANalyzer

XXX

Sections: Init the whole epan module.

Must be called only once in a program.

Returns true on success, false on failure.

◆ epan_load_settings()

WS_DLL_PUBLIC e_prefs * epan_load_settings ( void  )

Load all settings, from the current profile, that affect epan.

◆ epan_plugins_supported()

WS_DLL_PUBLIC int epan_plugins_supported ( void  )

Returns_ 0 if plugins can be loaded for all of libwireshark (tap, dissector, epan). 1 if plugins are not supported by the platform. -1 if plugins were disabled in the build configuration.

◆ epan_set_always_visible()

WS_DLL_PUBLIC void epan_set_always_visible ( bool  force)

Set/unset the tree to always be visible when epan_dissect_init() is called. This state change sticks until cleared, rather than being done per function call. This is currently used when Lua scripts request all fields be generated. By default it only becomes visible if epan_dissect_init() makes it so, usually only when a packet is selected. Setting this overrides that so it's always visible, although it will still not be created if create_proto_tree is false in the call to epan_dissect_init(). Clearing this reverts the decision to epan_dissect_init() and proto_tree_visible.

Variable Documentation

◆ wireshark_abort_on_dissector_bug

bool wireshark_abort_on_dissector_bug
extern

Global variable holding the content of the corresponding environment variable to save fetching it repeatedly.