Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
Classes | Macros | Typedefs | Enumerations | Functions
General Packet Dissection

Classes

struct  _guid_key
 
struct  heur_dtbl_entry
 
struct  frame_data_s
 
struct  file_data_s
 
struct  ethertype_data_s
 

Macros

#define hi_nibble(b)   (((b) & 0xf0) >> 4)
 
#define lo_nibble(b)   ((b) & 0x0f)
 
#define BYTES_ARE_IN_FRAME(offset, captured_len, len)
 
#define STRING_CASE_SENSITIVE   0
 
#define STRING_CASE_INSENSITIVE   1
 

Typedefs

typedef struct dissector_handledissector_handle_t
 
typedef struct dissector_tabledissector_table_t
 
typedef int(* dissector_t) (tvbuff_t *, packet_info *, proto_tree *, void *)
 
typedef int(* dissector_cb_t) (tvbuff_t *, packet_info *, proto_tree *, void *, void *)
 
typedef bool(* heur_dissector_t) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *)
 
typedef void(* DATFunc) (const char *table_name, ftenum_t selector_type, void *key, void *value, void *user_data)
 
typedef void(* DATFunc_handle) (const char *table_name, void *value, void *user_data)
 
typedef void(* DATFunc_table) (const char *table_name, const char *ui_name, void *user_data)
 
typedef struct dtbl_entry dtbl_entry_t
 
typedef struct _guid_key guid_key
 
typedef struct heur_dissector_listheur_dissector_list_t
 
typedef struct heur_dtbl_entry heur_dtbl_entry_t
 
typedef void(* DATFunc_heur) (const char *table_name, struct heur_dtbl_entry *entry, void *user_data)
 
typedef void(* DATFunc_heur_table) (const char *table_name, struct heur_dissector_list *table, void *user_data)
 
typedef struct depend_dissector_listdepend_dissector_list_t
 
typedef struct frame_data_s frame_data_t
 
typedef struct file_data_s file_data_t
 
typedef struct ethertype_data_s ethertype_data_t
 

Enumerations

enum  heuristic_enable_e { HEURISTIC_DISABLE , HEURISTIC_ENABLE }
 

Functions

void packet_init (void)
 
void packet_cache_proto_handles (void)
 
void packet_all_tables_sort_handles (void)
 
void packet_cleanup (void)
 
WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry)
 
WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_initial_handle (dtbl_entry_t *entry)
 
void dissector_table_foreach_changed (const char *table_name, DATFunc func, void *user_data)
 
WS_DLL_PUBLIC void dissector_table_foreach (const char *table_name, DATFunc func, void *user_data)
 
WS_DLL_PUBLIC void dissector_all_tables_foreach_changed (DATFunc func, void *user_data)
 
WS_DLL_PUBLIC void dissector_table_foreach_handle (const char *table_name, DATFunc_handle func, void *user_data)
 
WS_DLL_PUBLIC void dissector_all_tables_foreach_table (DATFunc_table func, void *user_data, GCompareFunc compare_key_func)
 
WS_DLL_PUBLIC dissector_table_t register_dissector_table (const char *name, const char *ui_name, const int proto, const ftenum_t type, const int param)
 
WS_DLL_PUBLIC dissector_table_t register_custom_dissector_table (const char *name, const char *ui_name, const int proto, GHashFunc hash_func, GEqualFunc key_equal_func, GDestroyNotify key_destroy_func)
 
WS_DLL_PUBLIC void register_dissector_table_alias (dissector_table_t dissector_table, const char *alias_name)
 
void deregister_dissector_table (const char *name)
 
WS_DLL_PUBLIC dissector_table_t find_dissector_table (const char *name)
 
WS_DLL_PUBLIC const char * get_dissector_table_ui_name (const char *name)
 
WS_DLL_PUBLIC ftenum_t get_dissector_table_selector_type (const char *name)
 
WS_DLL_PUBLIC int get_dissector_table_param (const char *name)
 
WS_DLL_PUBLIC void dissector_dump_dissector_tables (void)
 
WS_DLL_PUBLIC void dissector_add_uint (const char *name, const uint32_t pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_add_uint_with_preference (const char *name, const uint32_t pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_add_uint_range (const char *abbrev, struct epan_range *range, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_add_uint_range_with_preference (const char *abbrev, const char *range_str, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_delete_uint (const char *name, const uint32_t pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_delete_uint_range (const char *abbrev, struct epan_range *range, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_delete_all (const char *name, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_change_uint (const char *abbrev, const uint32_t pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_reset_uint (const char *name, const uint32_t pattern)
 
WS_DLL_PUBLIC bool dissector_is_uint_changed (dissector_table_t const sub_dissectors, const uint32_t uint_val)
 
WS_DLL_PUBLIC int dissector_try_uint (dissector_table_t sub_dissectors, const uint32_t uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
WS_DLL_PUBLIC int dissector_try_uint_with_data (dissector_table_t sub_dissectors, const uint32_t uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle (dissector_table_t const sub_dissectors, const uint32_t uint_val)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle (const char *name, const uint32_t uint_val)
 
WS_DLL_PUBLIC void dissector_add_string (const char *name, const char *pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_delete_string (const char *name, const char *pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_change_string (const char *name, const char *pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_reset_string (const char *name, const char *pattern)
 
WS_DLL_PUBLIC bool dissector_is_string_changed (dissector_table_t const subdissectors, const char *string)
 
WS_DLL_PUBLIC int dissector_try_string_with_data (dissector_table_t sub_dissectors, const char *string, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle (dissector_table_t sub_dissectors, const char *string)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle (const char *name, const char *string)
 
WS_DLL_PUBLIC void dissector_add_custom_table_handle (const char *name, void *pattern, dissector_handle_t handle)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle (dissector_table_t sub_dissectors, void *key)
 
WS_DLL_PUBLIC void dissector_add_guid (const char *name, guid_key *guid_val, dissector_handle_t handle)
 
WS_DLL_PUBLIC int dissector_try_guid_with_data (dissector_table_t sub_dissectors, guid_key *guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 
WS_DLL_PUBLIC void dissector_delete_guid (const char *name, guid_key *guid_val, dissector_handle_t handle)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle (dissector_table_t const sub_dissectors, guid_key *guid_val)
 
WS_DLL_PUBLIC int dissector_try_payload_with_data (dissector_table_t sub_dissectors, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const bool add_proto_name, void *data)
 
WS_DLL_PUBLIC void dissector_change_payload (const char *abbrev, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_reset_payload (const char *name)
 
WS_DLL_PUBLIC dissector_handle_t dissector_get_payload_handle (dissector_table_t const dissector_table)
 
WS_DLL_PUBLIC void dissector_add_for_decode_as (const char *name, dissector_handle_t handle)
 
WS_DLL_PUBLIC void dissector_add_for_decode_as_with_preference (const char *name, dissector_handle_t handle)
 
WS_DLL_PUBLIC GSList * dissector_table_get_dissector_handles (dissector_table_t dissector_table)
 
WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle (dissector_table_t dissector_table, const char *description)
 
WS_DLL_PUBLIC ftenum_t dissector_table_get_type (dissector_table_t dissector_table)
 
WS_DLL_PUBLIC void dissector_table_allow_decode_as (dissector_table_t dissector_table)
 
WS_DLL_PUBLIC bool dissector_table_supports_decode_as (dissector_table_t dissector_table)
 
WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list_with_description (const char *name, const char *ui_name, const int proto)
 
WS_DLL_PUBLIC const char * heur_dissector_list_get_description (heur_dissector_list_t list)
 
WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list (const char *name, const int proto)
 
void deregister_heur_dissector_list (const char *name)
 
WS_DLL_PUBLIC void heur_dissector_table_foreach (const char *table_name, DATFunc_heur func, void *user_data)
 
WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table (DATFunc_heur_table func, void *user_data, GCompareFunc compare_key_func)
 
WS_DLL_PUBLIC bool has_heur_dissector_list (const char *name)
 
WS_DLL_PUBLIC bool dissector_try_heuristic (heur_dissector_list_t sub_dissectors, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **hdtbl_entry, void *data)
 
WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list (const char *name)
 
WS_DLL_PUBLIC heur_dtbl_entry_tfind_heur_dissector_by_unique_short_name (const char *short_name)
 
WS_DLL_PUBLIC void heur_dissector_add (const char *name, heur_dissector_t dissector, const char *display_name, const char *internal_name, const int proto, heuristic_enable_e enable)
 
WS_DLL_PUBLIC void heur_dissector_delete (const char *name, heur_dissector_t dissector, const int proto)
 
WS_DLL_PUBLIC dissector_handle_t register_dissector (const char *name, dissector_t dissector, const int proto)
 
WS_DLL_PUBLIC dissector_handle_t register_dissector_with_description (const char *name, const char *description, dissector_t dissector, const int proto)
 
WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data (const char *name, dissector_cb_t dissector, const int proto, void *cb_data)
 
void deregister_dissector (const char *name)
 
WS_DLL_PUBLIC const char * dissector_handle_get_protocol_long_name (const dissector_handle_t handle)
 
WS_DLL_PUBLIC const char * dissector_handle_get_protocol_short_name (const dissector_handle_t handle)
 
WS_DLL_PUBLIC const char * dissector_handle_get_short_name (const dissector_handle_t handle)
 
WS_DLL_PUBLIC const char * dissector_handle_get_description (const dissector_handle_t handle)
 
WS_DLL_PUBLIC int dissector_handle_get_protocol_index (const dissector_handle_t handle)
 
WS_DLL_PUBLIC GList * get_dissector_names (void)
 
WS_DLL_PUBLIC dissector_handle_t find_dissector (const char *name)
 
WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency (const char *name, const int parent_proto)
 
WS_DLL_PUBLIC const char * dissector_handle_get_dissector_name (const dissector_handle_t handle)
 
WS_DLL_PUBLIC const char * dissector_handle_get_pref_suffix (const dissector_handle_t handle)
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle (dissector_t dissector, const int proto)
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name (dissector_t dissector, const int proto, const char *name)
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name_and_description (dissector_t dissector, const int proto, const char *name, const char *description)
 
WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_data (dissector_cb_t dissector, const int proto, void *cb_data)
 
WS_DLL_PUBLIC void dissector_dump_dissectors (void)
 
WS_DLL_PUBLIC int call_dissector_with_data (dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 
WS_DLL_PUBLIC int call_dissector (dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
WS_DLL_PUBLIC int call_data_dissector (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
WS_DLL_PUBLIC int call_dissector_only (dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 
WS_DLL_PUBLIC void call_heur_dissector_direct (heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 
WS_DLL_PUBLIC bool register_depend_dissector (const char *parent, const char *dependent)
 
WS_DLL_PUBLIC bool deregister_depend_dissector (const char *parent, const char *dependent)
 
WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list (const char *name)
 
void dissect_init (void)
 
void dissect_cleanup (void)
 
WS_DLL_PUBLIC void set_actual_length (tvbuff_t *tvb, const unsigned specified_len)
 
WS_DLL_PUBLIC void register_init_routine (void(*func)(void))
 
WS_DLL_PUBLIC void register_cleanup_routine (void(*func)(void))
 
WS_DLL_PUBLIC void register_shutdown_routine (void(*func)(void))
 
void init_dissection (void)
 
void cleanup_dissection (void)
 
WS_DLL_PUBLIC void register_postseq_cleanup_routine (void(*func)(void))
 
WS_DLL_PUBLIC void postseq_cleanup_all_protocols (void)
 
WS_DLL_PUBLIC void register_final_registration_routine (void(*func)(void))
 
void final_registration_all_protocols (void)
 
WS_DLL_PUBLIC void add_new_data_source (packet_info *pinfo, tvbuff_t *tvb, const char *name)
 
WS_DLL_PUBLIC void remove_last_data_source (packet_info *pinfo)
 
WS_DLL_PUBLIC char * get_data_source_name (const struct data_source *src)
 
WS_DLL_PUBLIC tvbuff_tget_data_source_tvb (const struct data_source *src)
 
WS_DLL_PUBLIC tvbuff_tget_data_source_tvb_by_name (packet_info *pinfo, const char *name)
 
void free_data_sources (packet_info *pinfo)
 
WS_DLL_PUBLIC void mark_frame_as_depended_upon (frame_data *fd, uint32_t frame_num)
 
void dissect_record (struct epan_dissect *edt, int file_type_subtype, wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, column_info *cinfo)
 
void dissect_file (struct epan_dissect *edt, wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, column_info *cinfo)
 
WS_DLL_PUBLIC void dissector_dump_decodes (void)
 
WS_DLL_PUBLIC void dissector_dump_heur_decodes (void)
 
WS_DLL_PUBLIC void register_postdissector (dissector_handle_t handle)
 
WS_DLL_PUBLIC void set_postdissector_wanted_hfids (dissector_handle_t handle, GArray *wanted_hfids)
 
void deregister_postdissector (dissector_handle_t handle)
 
bool have_postdissector (void)
 
void call_all_postdissectors (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 
WS_DLL_PUBLIC bool postdissectors_want_hfids (void)
 
WS_DLL_PUBLIC void prime_epan_dissect_with_postdissector_wanted_hfids (epan_dissect_t *edt)
 
WS_DLL_PUBLIC void increment_dissection_depth (packet_info *pinfo)
 
WS_DLL_PUBLIC void decrement_dissection_depth (packet_info *pinfo)
 

Detailed Description

Macro Definition Documentation

◆ BYTES_ARE_IN_FRAME

#define BYTES_ARE_IN_FRAME (   offset,
  captured_len,
  len 
)
Value:
((unsigned)(offset) + (unsigned)(len) > (unsigned)(offset) && \
(unsigned)(offset) + (unsigned)(len) <= (unsigned)(captured_len))

Typedef Documentation

◆ heur_dissector_t

typedef bool(* heur_dissector_t) (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *)

Type of a heuristic dissector, used in heur_dissector_add().

Parameters
tvbthe tvbuff with the (remaining) packet data
pinfothe packet info of this packet (additional info)
treethe protocol tree to be build or NULL
Returns
true if the packet was recognized by the sub-dissector (stop dissection here)

Function Documentation

◆ call_dissector_only()

WS_DLL_PUBLIC int call_dissector_only ( dissector_handle_t  handle,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)

Call a dissector through a handle but if no dissector was found just return 0 and do not call the "data" dissector instead.

Parameters
handleThe dissector to call.
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
dataparameter to pass to dissector
Returns
If the protocol for that handle isn't enabled, return 0 without calling the dissector. Otherwise, if the handle refers to a new-style dissector, call the dissector and return its return value, otherwise call it and return the length of the tvbuff pointed to by the argument.

◆ call_dissector_with_data()

WS_DLL_PUBLIC int call_dissector_with_data ( dissector_handle_t  handle,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)

Call a dissector through a handle and if no dissector was found pass it over to the "data" dissector instead.

Parameters
handleThe dissector to call.
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
dataparameter to pass to dissector
Returns
If the protocol for that handle isn't enabled call the data dissector. Otherwise, if the handle refers to a new-style dissector, call the dissector and return its return value, otherwise call it and return the length of the tvbuff pointed to by the argument.

◆ call_heur_dissector_direct()

WS_DLL_PUBLIC void call_heur_dissector_direct ( heur_dtbl_entry_t heur_dtbl_entry,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
void *  data 
)
Parameters
heur_dtbl_entryThe heur_dtbl_entry of the dissector to call.
tvbThe buffer to dissect.
pinfoPacket Info.
treeThe protocol tree.
dataparameter to pass to dissector

◆ create_dissector_handle()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle ( dissector_t  dissector,
const int  proto 
)

Create an anonymous, unregistered dissector handle. Unregistered means that other dissectors can't find the dissector through this API. The typical use case is dissectors added to dissector tables that shouldn't be called by other dissectors, perhaps if some data structure must be passed to the dissector.

Parameters
dissectorThe dissector the handle will call
protoThe value obtained when registering the protocol
Note
The protocol short name will be used as the user-visible description.

◆ create_dissector_handle_with_name()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name ( dissector_t  dissector,
const int  proto,
const char *  name 
)

Create an named, unregistered dissector handle. A non-NULL name is needed for dissector_add_for_decode_add_with_preference().

Parameters
dissectorThe dissector the handle will call
protoThe value obtained when registering the protocol
namea short, machine-friendly name for the dissector. Does not have to be globally unique, but should be unique for any table the handle will be registered to. Can be NULL, which creates an anonymous dissector.
Note
The protocol short name will be used as the user-visible description.

◆ create_dissector_handle_with_name_and_description()

WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name_and_description ( dissector_t  dissector,
const int  proto,
const char *  name,
const char *  description 
)

Create an named, unregistered handle dissector handle with a description. A non-NULL name is needed for dissector_add_for_decode_add_with_preference(). The description is used to allow a user to distinguish dissectors for the same protocol, e.g. when registered to the same table.

Parameters
dissectorThe dissector the handle will call
protoThe value obtained when registering the protocol
namea short, machine-friendly name for the dissector. Does not have to be globally unique, but should be unique for any table the handle will be registered to. Can be NULL, which creates an anonymous dissector.
descriptionFreeform text designed to be shown to a user. Must be unique for any table the dissector is registered in. Can be NULL, in which case the protocol short name is used as the user-visible description.

◆ decrement_dissection_depth()

WS_DLL_PUBLIC void decrement_dissection_depth ( packet_info pinfo)

Decrement the dissection depth.

Parameters
pinfoPacket Info.

◆ deregister_depend_dissector()

WS_DLL_PUBLIC bool deregister_depend_dissector ( const char *  parent,
const char *  dependent 
)

Unregister a protocol dependency This is done automatically when removing from a dissector or heuristic table. This is for "manual" deregistration for things like Lua.

Parameters
parent"Parent" protocol short name
dependent"Dependent" protocol short name
Returns
return true if dependency was successfully unregistered

◆ deregister_dissector()

void deregister_dissector ( const char *  name)

Deregister a dissector.

◆ deregister_dissector_table()

void deregister_dissector_table ( const char *  name)

Deregister the dissector table by table name.

◆ deregister_heur_dissector_list()

void deregister_heur_dissector_list ( const char *  name)

Deregister a heuristic dissector list by unique short name.

◆ dissector_add_uint_range()

WS_DLL_PUBLIC void dissector_add_uint_range ( const char *  abbrev,
struct epan_range range,
dissector_handle_t  handle 
)

Add an range of entries to a uint dissector table.

◆ dissector_add_uint_range_with_preference()

WS_DLL_PUBLIC void dissector_add_uint_range_with_preference ( const char *  abbrev,
const char *  range_str,
dissector_handle_t  handle 
)

Add an range of entries to a uint dissector table with "preference" automatically added.

◆ dissector_all_heur_tables_foreach_table()

WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table ( DATFunc_heur_table  func,
void *  user_data,
GCompareFunc  compare_key_func 
)

Iterate over all heuristic dissector tables.

Walk the set of heuristic dissector tables calling a user supplied function on each table.

Parameters
[in]funcThe function to call for each table.
[in]user_dataUser data to pass to the function.
[in]compare_key_funcFunction used to sort the set of tables before calling the function. No sorting is done if NULL.

◆ dissector_all_tables_foreach_changed()

WS_DLL_PUBLIC void dissector_all_tables_foreach_changed ( DATFunc  func,
void *  user_data 
)

Iterate over dissectors with non-default "decode as" settings.

Walk all dissector tables calling a user supplied function only on any "decode as" entry that has been changed from its original state.

Parameters
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_all_tables_foreach_table()

WS_DLL_PUBLIC void dissector_all_tables_foreach_table ( DATFunc_table  func,
void *  user_data,
GCompareFunc  compare_key_func 
)

Iterate over all dissector tables.

Walk the set of dissector tables calling a user supplied function on each table.

Parameters
[in]funcThe function to call for each table.
[in]user_dataUser data to pass to the function.
[in]compare_key_funcFunction used to sort the set of tables before calling the function. No sorting is done if NULL.

◆ dissector_change_uint()

WS_DLL_PUBLIC void dissector_change_uint ( const char *  abbrev,
const uint32_t  pattern,
dissector_handle_t  handle 
)

Change the entry for a dissector in a uint dissector table with a particular pattern to use a new dissector handle.

◆ dissector_delete_all()

WS_DLL_PUBLIC void dissector_delete_all ( const char *  name,
dissector_handle_t  handle 
)

Delete all entries from a dissector table.

◆ dissector_delete_uint()

WS_DLL_PUBLIC void dissector_delete_uint ( const char *  name,
const uint32_t  pattern,
dissector_handle_t  handle 
)

Delete the entry for a dissector in a uint dissector table with a particular pattern.

◆ dissector_delete_uint_range()

WS_DLL_PUBLIC void dissector_delete_uint_range ( const char *  abbrev,
struct epan_range range,
dissector_handle_t  handle 
)

Delete an range of entries from a uint dissector table.

◆ dissector_get_custom_table_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle ( dissector_table_t  sub_dissectors,
void *  key 
)

Look for a given key in a given "custom" dissector table and, if found, return the current dissector handle for that key.

Parameters
[in]sub_dissectorsDissector table to search.
[in]keyValue to match, e.g. RPC key for its subdissectors
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_default_string_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle ( const char *  name,
const char *  string 
)

Look for a given value in a given string dissector table and, if found, return the default dissector handle for that value.

Parameters
[in]nameDissector table name.
[in]stringValue to match, e.g. the OID for the BER dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_default_uint_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle ( const char *  name,
const uint32_t  uint_val 
)

Look for a given value in a given uint dissector table and, if found, return the default dissector handle for that value.

Parameters
[in]nameDissector table name.
[in]uint_valValue to match, e.g. the port number for the TCP dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_guid_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle ( dissector_table_t const  sub_dissectors,
guid_key guid_val 
)

Look for a given value in a given guid dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]guid_valValue to match, e.g. the GUID number for the GUID dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

Look for a given value in a given guid dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]guid_valValue to match.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_string_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle ( dissector_table_t  sub_dissectors,
const char *  string 
)

Look for a given value in a given string dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]stringValue to match, e.g. the OID for the BER dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_get_uint_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle ( dissector_table_t const  sub_dissectors,
const uint32_t  uint_val 
)

Look for a given value in a given uint dissector table and, if found, return the current dissector handle for that value.

Parameters
[in]sub_dissectorsDissector table to search.
[in]uint_valValue to match, e.g. the port number for the TCP dissector.
Returns
The matching dissector handle on success, NULL if no match is found.

◆ dissector_handle_get_description()

WS_DLL_PUBLIC const char * dissector_handle_get_description ( const dissector_handle_t  handle)

Get the description for what the dissector for a dissector handle dissects.

◆ dissector_handle_get_dissector_name()

WS_DLL_PUBLIC const char * dissector_handle_get_dissector_name ( const dissector_handle_t  handle)

Get a dissector name from handle.

◆ dissector_handle_get_protocol_index()

WS_DLL_PUBLIC int dissector_handle_get_protocol_index ( const dissector_handle_t  handle)

Get the index of the protocol for a dissector handle.

◆ dissector_handle_get_protocol_long_name()

WS_DLL_PUBLIC const char * dissector_handle_get_protocol_long_name ( const dissector_handle_t  handle)

Get the long name of the protocol for a dissector handle.

◆ dissector_handle_get_protocol_short_name()

WS_DLL_PUBLIC const char * dissector_handle_get_protocol_short_name ( const dissector_handle_t  handle)

Get the short name of the protocol for a dissector handle.

◆ dissector_is_uint_changed()

WS_DLL_PUBLIC bool dissector_is_uint_changed ( dissector_table_t const  sub_dissectors,
const uint32_t  uint_val 
)

Return true if an entry in a uint dissector table is found and has been changed (i.e. dissector_change_uint() has been called, such as from Decode As, prefs registered via dissector_add_uint_[range_]with_preference), etc.), otherwise return false.

◆ dissector_reset_uint()

WS_DLL_PUBLIC void dissector_reset_uint ( const char *  name,
const uint32_t  pattern 
)

Reset an entry in a uint dissector table to its initial value.

◆ dissector_table_allow_decode_as()

WS_DLL_PUBLIC void dissector_table_allow_decode_as ( dissector_table_t  dissector_table)

Mark a dissector table as allowing "Decode As"

◆ dissector_table_foreach()

WS_DLL_PUBLIC void dissector_table_foreach ( const char *  table_name,
DATFunc  func,
void *  user_data 
)

Iterate over dissectors in a table.

Walk one dissector table's hash table calling a user supplied function on each entry.

Parameters
[in]table_nameThe name of the dissector table, e.g. "ip.proto".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_table_foreach_changed()

void dissector_table_foreach_changed ( const char *  table_name,
DATFunc  func,
void *  user_data 
)

Iterate over dissectors in a table with non-default "decode as" settings.

Walk one dissector table calling a user supplied function only on any entry that has been changed from its original state.

Parameters
[in]table_nameThe name of the dissector table, e.g. "ip.proto".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_table_foreach_handle()

WS_DLL_PUBLIC void dissector_table_foreach_handle ( const char *  table_name,
DATFunc_handle  func,
void *  user_data 
)

Iterate over dissectors in a table by handle.

Walk one dissector table's list of handles calling a user supplied function on each entry.

Parameters
[in]table_nameThe name of the dissector table, e.g. "ip.proto".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ dissector_table_get_dissector_handle()

WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle ( dissector_table_t  dissector_table,
const char *  description 
)

Get a handle to dissector out of a dissector table given the description of what the dissector dissects.

◆ dissector_table_get_dissector_handles()

WS_DLL_PUBLIC GSList * dissector_table_get_dissector_handles ( dissector_table_t  dissector_table)

Get the list of handles for a dissector table

◆ dissector_table_get_type()

WS_DLL_PUBLIC ftenum_t dissector_table_get_type ( dissector_table_t  dissector_table)

Get a dissector table's type

◆ dissector_table_supports_decode_as()

WS_DLL_PUBLIC bool dissector_table_supports_decode_as ( dissector_table_t  dissector_table)

Returns true if dissector table allows "Decode As"

◆ dissector_try_guid_with_data()

WS_DLL_PUBLIC int dissector_try_guid_with_data ( dissector_table_t  sub_dissectors,
guid_key guid_val,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Look for a given value in a given guid dissector table and, if found, call the dissector with the arguments supplied, and return true, otherwise return false.

◆ dissector_try_heuristic()

WS_DLL_PUBLIC bool dissector_try_heuristic ( heur_dissector_list_t  sub_dissectors,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
heur_dtbl_entry_t **  hdtbl_entry,
void *  data 
)

Try all the dissectors in a given heuristic dissector list. This is done, until we find one that recognizes the protocol. Call this while the parent dissector running.

Parameters
sub_dissectorsthe sub-dissector list
tvbthe tvbuff with the (remaining) packet data
pinfothe packet info of this packet (additional info)
treethe protocol tree to be build or NULL
hdtbl_entryreturns the last tried dissectors hdtbl_entry.
dataparameter to pass to subdissector
Returns
true if the packet was recognized by the sub-dissector (stop dissection here)

◆ dissector_try_string_with_data()

WS_DLL_PUBLIC int dissector_try_string_with_data ( dissector_table_t  sub_dissectors,
const char *  string,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Look for a given string in a given dissector table and, if found, call the dissector with the arguments supplied, and return the number of bytes consumed, otherwise return 0.

◆ dissector_try_uint()

WS_DLL_PUBLIC int dissector_try_uint ( dissector_table_t  sub_dissectors,
const uint32_t  uint_val,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree 
)

Look for a given value in a given uint dissector table and, if found, call the dissector with the arguments supplied, and return the number of bytes consumed, otherwise return 0.

◆ dissector_try_uint_with_data()

WS_DLL_PUBLIC int dissector_try_uint_with_data ( dissector_table_t  sub_dissectors,
const uint32_t  uint_val,
tvbuff_t tvb,
packet_info pinfo,
proto_tree tree,
const bool  add_proto_name,
void *  data 
)

Look for a given value in a given uint dissector table and, if found, call the dissector with the arguments supplied, and return the number of bytes consumed, otherwise return 0.

◆ find_depend_dissector_list()

WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list ( const char *  name)

Find the list of protocol dependencies

Parameters
nameProtocol short name to search for
Returns
return list of dependent was successfully registered

◆ find_dissector()

WS_DLL_PUBLIC dissector_handle_t find_dissector ( const char *  name)

Find a dissector by name.

◆ find_dissector_add_dependency()

WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency ( const char *  name,
const int  parent_proto 
)

Find a dissector by name and add parent protocol as a dependency.

Find a dissector by name and add parent protocol as a dependency

◆ find_heur_dissector_by_unique_short_name()

WS_DLL_PUBLIC heur_dtbl_entry_t * find_heur_dissector_by_unique_short_name ( const char *  short_name)

Find a heuristic dissector by the unique short protocol name provided during registration.

Parameters
short_nameshort name of the protocol to look at
Returns
pointer to the heuristic dissector entry, NULL if not such dissector exists

◆ find_heur_dissector_list()

WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list ( const char *  name)

Find a heuristic dissector table by table name.

Parameters
namename of the dissector table
Returns
pointer to the table on success, NULL if no such table exists

◆ get_dissector_names()

WS_DLL_PUBLIC GList * get_dissector_names ( void  )

Get a GList of all registered dissector names.

◆ heur_dissector_add()

WS_DLL_PUBLIC void heur_dissector_add ( const char *  name,
heur_dissector_t  dissector,
const char *  display_name,
const char *  internal_name,
const int  proto,
heuristic_enable_e  enable 
)

Add a sub-dissector to a heuristic dissector list. Call this in the proto_handoff function of the sub-dissector.

Parameters
namethe name of the heuristic dissector table into which to register the dissector, e.g. "tcp"
dissectorthe sub-dissector to be registered
display_namethe string used to present heuristic to user, e.g. "HTTP over TCP"
internal_namethe string used for "internal" use to identify heuristic, e.g. "http_tcp"
protothe protocol id of the sub-dissector
enableinitially enabled or not

◆ heur_dissector_delete()

WS_DLL_PUBLIC void heur_dissector_delete ( const char *  name,
heur_dissector_t  dissector,
const int  proto 
)

Remove a sub-dissector from a heuristic dissector list. Call this in the prefs_reinit function of the sub-dissector.

Parameters
namethe name of the "parent" protocol, e.g. "tcp"
dissectorthe sub-dissector to be unregistered
protothe protocol id of the sub-dissector

◆ heur_dissector_list_get_description()

WS_DLL_PUBLIC const char * heur_dissector_list_get_description ( heur_dissector_list_t  list)

Get description of heuristic sub-dissector list.

Parameters
listthe dissector list

◆ heur_dissector_table_foreach()

WS_DLL_PUBLIC void heur_dissector_table_foreach ( const char *  table_name,
DATFunc_heur  func,
void *  user_data 
)

Iterate over heuristic dissectors in a table.

Walk one heuristic dissector table's list calling a user supplied function on each entry.

Parameters
[in]table_nameThe name of the dissector table, e.g. "tcp".
[in]funcThe function to call for each dissector.
[in]user_dataUser data to pass to the function.

◆ increment_dissection_depth()

WS_DLL_PUBLIC void increment_dissection_depth ( packet_info pinfo)

Increment the dissection depth. This should be used to limit recursion outside the tree depth checks in call_dissector and dissector_try_heuristic.

Parameters
pinfoPacket Info.

◆ register_cleanup_routine()

WS_DLL_PUBLIC void register_cleanup_routine ( void(*)(void)  func)

Allows protocols to register "cleanup" routines, which are called after closing a capture file (or when preferences are changed, in that case these routines are called before the init routines are executed). It can be used to release resources that are allocated in an "init" routine.

◆ register_depend_dissector()

WS_DLL_PUBLIC bool register_depend_dissector ( const char *  parent,
const char *  dependent 
)

Register a protocol dependency This is done automatically when registering with a dissector or heuristic table. This is for "manual" registration when a dissector ends up calling another through call_dissector (or similar) so dependencies can be determined

Parameters
parent"Parent" protocol short name
dependent"Dependent" protocol short name
Returns
return true if dependency was successfully registered

◆ register_dissector()

WS_DLL_PUBLIC dissector_handle_t register_dissector ( const char *  name,
dissector_t  dissector,
const int  proto 
)

Register a new dissector.

◆ register_dissector_table_alias()

WS_DLL_PUBLIC void register_dissector_table_alias ( dissector_table_t  dissector_table,
const char *  alias_name 
)

Register a dissector table alias. This is for dissectors whose original name has changed, e.g. SSL to TLS.

Parameters
dissector_tabledissector table returned by register_dissector_table.
alias_namealias for the dissector table name.

◆ register_dissector_with_data()

WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data ( const char *  name,
dissector_cb_t  dissector,
const int  proto,
void *  cb_data 
)

Register a new dissector with a callback pointer.

◆ register_dissector_with_description()

WS_DLL_PUBLIC dissector_handle_t register_dissector_with_description ( const char *  name,
const char *  description,
dissector_t  dissector,
const int  proto 
)

Register a new dissector with a description.

◆ register_heur_dissector_list()

WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list ( const char *  name,
const int  proto 
)

A protocol uses this function to register a heuristic sub-dissector list. Call this in the parent dissectors proto_register function.

Parameters
namethe name of this protocol
protothe value obtained when registering the protocol

◆ register_heur_dissector_list_with_description()

WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list_with_description ( const char *  name,
const char *  ui_name,
const int  proto 
)

A protocol uses this function to register a heuristic sub-dissector list. Call this in the parent dissectors proto_register function.

Parameters
namea unique short name for the list
ui_namethe name used in the user interface
protothe value obtained when registering the protocol

◆ register_init_routine()

WS_DLL_PUBLIC void register_init_routine ( void(*)(void)  func)

Allow protocols to register "init" routines, which are called before we make a pass through a capture file and dissect all its packets (e.g., when we read in a new capture file, or run a "filter packets" or "colorize packets" pass over the current capture file or when the preferences are changed).

Generated by doxygen 1.9.8