Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-udp.h
1/* packet-udp.h
2 *
3 * Wireshark - Network traffic analyzer
4 * By Gerald Combs <[email protected]>
5 * Copyright 1998 Gerald Combs
6 *
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11#ifndef __PACKET_UDP_H__
12#define __PACKET_UDP_H__
13
14#include "ws_symbol_export.h"
15
16#include <epan/conversation.h>
17
18#ifdef __cplusplus
19extern "C" {
20#endif /* __cplusplus */
21
22/* UDP structs and definitions */
23typedef struct _e_udphdr {
24 uint16_t uh_sport;
25 uint16_t uh_dport;
26 uint32_t uh_ulen;
27 uint32_t uh_sum_cov;
28 uint16_t uh_sum;
29 uint32_t uh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */
30 address ip_src;
31 address ip_dst;
32} e_udphdr;
33
34/* Conversation and process structures originally copied from packet-tcp.c */
35typedef struct _udp_flow_t {
36 /* Process info, currently discovered via IPFIX */
37 uint32_t process_uid; /* UID of local process */
38 uint32_t process_pid; /* PID of local process */
39 char *username; /* Username of the local process */
40 char *command; /* Local process name + path + args */
42
44 /* These two structs are managed based on comparing the source
45 * and destination addresses and, if they're equal, comparing
46 * the source and destination ports.
47 *
48 * If the source is greater than the destination, then stuff
49 * sent from src is in ual1.
50 *
51 * If the source is less than the destination, then stuff
52 * sent from src is in ual2.
53 *
54 * XXX - if the addresses and ports are equal, we don't guarantee
55 * the behavior.
56 */
57 udp_flow_t flow1;
58 udp_flow_t flow2;
59
60 /* These pointers are set by get_udp_conversation_data()
61 * fwd point in the same direction as the current packet
62 * and rev in the reverse direction
63 */
64 udp_flow_t *fwd;
65 udp_flow_t *rev;
66
67 /* Keep track of udp stream numbers instead of using the conversation
68 * index (as how it was done before). This prevents gaps in the
69 * stream index numbering
70 */
71 uint32_t stream;
72
73 /* Keep track of packet number within the UDP stream */
74 uint32_t pnum;
75
76 /* Remember the timestamp of the first frame seen in this udp
77 * conversation to be able to calculate a relative time compared
78 * to the start of this conversation
79 */
80 nstime_t ts_first;
81
82 /* Remember the timestamp of the frame that was last seen in this
83 * udp conversation to be able to calculate a delta time compared
84 * to previous frame in this conversation
85 */
86 nstime_t ts_prev;
87};
88
101extern void
102add_udp_process_info(uint32_t frame_num, address *local_addr, address *remote_addr,
103 uint16_t local_port, uint16_t remote_port,
104 uint32_t uid, uint32_t pid,
105 char *username, char *command);
106
111WS_DLL_PUBLIC uint32_t
112get_udp_stream_count(void);
113
114WS_DLL_PUBLIC void
115decode_udp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, int);
116
117WS_DLL_PUBLIC struct udp_analysis *
118get_udp_conversation_data(conversation_t *, packet_info *);
119
120/*
121 * Loop for dissecting PDUs within a UDP packet; Similar to tcp_dissect_pdus,
122 * but doesn't have stream support. Assumes that a PDU consists of a
123 * fixed-length chunk of data that contains enough information
124 * to determine the length of the PDU, followed by rest of the PDU.
125 *
126 * @param tvb the tvbuff with the (remaining) packet data passed to dissector
127 * @param pinfo the packet info of this packet (additional info) passed to dissector
128 * @param tree the protocol tree to be build or NULL passed to dissector
129 * @param fixed_len is the length of the fixed-length part of the PDU.
130 * @param heuristic_check is the optional routine called to see if dissection
131 * should be done; it's passed "pinfo", "tvb", "offset" and "dissector_data".
132 * @param get_pdu_len is a routine called to get the length of the PDU from
133 * the fixed-length part of the PDU; it's passed "pinfo", "tvb", "offset" and
134 * "dissector_data".
135 * @param dissect_pdu the sub-dissector to be called
136 * @param dissector_data parameter to pass to subdissector
137 */
138WS_DLL_PUBLIC int
139udp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
140 unsigned fixed_len,
141 bool (*heuristic_check)(packet_info *, tvbuff_t *, int, void*),
142 unsigned (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*),
143 dissector_t dissect_pdu, void* dissector_data);
144
145extern char *udp_follow_address_filter(address *src_addr, address *dst_addr, int src_port, int dst_port);
146
147#ifdef __cplusplus
148}
149#endif /* __cplusplus */
150
151#endif
Definition address.h:56
Definition packet-udp.h:23
Definition packet_info.h:43
Definition proto.h:903
Definition packet-udp.h:35
Definition conversation.h:224
Definition nstime.h:26
Definition stream.c:41
Definition tvbuff-int.h:35
Definition packet-udp.h:43