Public Attributes
const char *	current_proto

struct epan_column_info *	cinfo

uint32_t	presence_flags

uint32_t	num

nstime_t	abs_ts

nstime_t	rel_ts

nstime_t	rel_cap_ts

bool	rel_cap_ts_present

frame_data *	fd

union wtap_pseudo_header *	pseudo_header

wtap_rec *	rec

GSList *	data_src

address	dl_src

address	dl_dst

address	net_src

address	net_dst

address	src

address	dst

uint32_t	vlan_id

const char *	noreassembly_reason

bool	fragmented

struct {

uint32_t in_error_pkt:1

uint32_t in_gre_pkt:1

}	flags

port_type	ptype

uint32_t	srcport

uint32_t	destport

uint32_t	match_uint

const char *	match_string

bool	use_conv_addr_port_endpoints

struct conversation_addr_port_endpoints *	conv_addr_port_endpoints

struct conversation_element *	conv_elements

uint16_t	can_desegment

uint16_t	saved_can_desegment

int	desegment_offset

uint32_t	desegment_len

uint16_t	want_pdu_tracking

uint32_t	bytes_until_next_pdu

int	p2p_dir

GHashTable *	private_table

wmem_list_t *	layers

wmem_map_t *	proto_layers

uint8_t	curr_layer_num

uint8_t	curr_proto_layer_num

uint16_t	link_number

uint16_t	clnp_srcref

uint16_t	clnp_dstref

int	link_dir

int16_t	src_win_scale

int16_t	dst_win_scale

GSList *	proto_data

GSList *	frame_end_routines

wmem_allocator_t *	pool

struct epan_session *	epan

const char *	heur_list_name

int	dissection_depth

uint32_t	stream_id

Member Data Documentation

◆ abs_ts

nstime_t _packet_info::abs_ts

Packet absolute time stamp

◆ can_desegment

uint16_t _packet_info::can_desegment

>0 if this segment could be desegmented. A dissector that can offer this API (e.g. TCP) sets can_desegment=2, then can_desegment is decremented by 1 each time we pass to the next subdissector. Thus only the dissector immediately above the protocol which sets the flag can use it

◆ cinfo

struct epan_column_info* _packet_info::cinfo

Column formatting information

◆ clnp_dstref

uint16_t _packet_info::clnp_dstref

clnp/cotp destination reference (can't use dstport, this would confuse tpkt)

◆ clnp_srcref

uint16_t _packet_info::clnp_srcref

clnp/cotp source reference (can't use srcport, this would confuse tpkt)

◆ conv_addr_port_endpoints

struct conversation_addr_port_endpoints* _packet_info::conv_addr_port_endpoints

Data that can be used for address+port conversations, including wildcarding

◆ conv_elements

struct conversation_element* _packet_info::conv_elements

Arbitrary conversation identifier; can't be wildcarded

◆ curr_layer_num

uint8_t _packet_info::curr_layer_num

map of proto_id to curr_proto_layer_num. The current "depth" or layer number in the current frame

◆ curr_proto_layer_num

uint8_t _packet_info::curr_proto_layer_num

The current "depth" or layer number for this dissector in the current frame

◆ current_proto

const char* _packet_info::current_proto

name of protocol currently being dissected

◆ data_src

GSList* _packet_info::data_src

Frame data sources

◆ desegment_len

uint32_t _packet_info::desegment_len

requested desegmentation additional length or DESEGMENT_ONE_MORE_SEGMENT: Desegment one more full segment (warning! only partially implemented) DESEGMENT_UNTIL_FIN: Desegment all data for this tcp session until the FIN segment.

◆ desegment_offset

int _packet_info::desegment_offset

offset to stuff needing desegmentation

◆ destport

uint32_t _packet_info::destport

destination port

◆ dissection_depth

int _packet_info::dissection_depth

The current "depth" or layer number in the current frame

◆ dl_dst

address _packet_info::dl_dst

link-layer destination address

◆ dl_src

address _packet_info::dl_src

link-layer source address

◆ dst

address _packet_info::dst

destination address (net if present, DL otherwise )

◆ dst_win_scale

int16_t _packet_info::dst_win_scale

Rcv.Wind.Shift dst applies when sending segments; -1 unknown; -2 disabled

◆ fragmented

bool _packet_info::fragmented

true if the protocol is only a fragment

◆ heur_list_name

const char* _packet_info::heur_list_name

name of heur list if this packet is being heuristically dissected

◆ in_error_pkt

uint32_t _packet_info::in_error_pkt

true if we're inside an {ICMP,CLNP,...} error packet

◆ in_gre_pkt

uint32_t _packet_info::in_gre_pkt

true if we're encapsulated inside a GRE packet

◆ layers

wmem_list_t* _packet_info::layers

layers of each protocol

◆ link_dir

int _packet_info::link_dir

3GPP messages are sometime different UP link(UL) or Downlink(DL)

◆ match_string

const char* _packet_info::match_string

matched string for calling subdissector from table

◆ match_uint

uint32_t _packet_info::match_uint

matched uint for calling subdissector from table

◆ net_dst

address _packet_info::net_dst

network-layer destination address

◆ net_src

address _packet_info::net_src

network-layer source address

◆ noreassembly_reason

const char* _packet_info::noreassembly_reason

reason why reassembly wasn't done, if any

◆ num

uint32_t _packet_info::num

Frame number

◆ p2p_dir

int _packet_info::p2p_dir

Packet was captured as an outbound (P2P_DIR_SENT) inbound (P2P_DIR_RECV) unknown (P2P_DIR_UNKNOWN)

◆ pool

wmem_allocator_t* _packet_info::pool

Memory pool scoped to the pinfo struct

◆ presence_flags

uint32_t _packet_info::presence_flags

Presence flags for some items

◆ private_table

GHashTable* _packet_info::private_table

a hash table passed from one dissector to another

◆ proto_data

GSList* _packet_info::proto_data

Per packet proto data

◆ ptype

port_type _packet_info::ptype

type of the following two port numbers

◆ rec

wtap_rec* _packet_info::rec

Record metadata

◆ rel_cap_ts

nstime_t _packet_info::rel_cap_ts

Relative timestamp from capture start (might be negative for broken files)

◆ rel_cap_ts_present

bool _packet_info::rel_cap_ts_present

Relative timestamp from capture start valid

◆ rel_ts

nstime_t _packet_info::rel_ts

Relative timestamp (yes, it can be negative)

◆ saved_can_desegment

uint16_t _packet_info::saved_can_desegment

Value of can_desegment before current dissector was called. Supplied so that dissectors for proxy protocols such as SOCKS can restore it, allowing the dissectors that they call to use the TCP dissector's desegmentation (SOCKS just retransmits TCP segments once it's finished setting things up, so the TCP desegmentor can desegment its payload).

◆ src

address _packet_info::src

source address (net if present, DL otherwise )

◆ src_win_scale

int16_t _packet_info::src_win_scale

Rcv.Wind.Shift src applies when sending segments; -1 unknown; -2 disabled

◆ srcport

uint32_t _packet_info::srcport

source port

◆ stream_id

uint32_t _packet_info::stream_id

Conversation Stream ID of the highest protocol

◆ use_conv_addr_port_endpoints

bool _packet_info::use_conv_addr_port_endpoints

true if address/port endpoints member should be used for conversations

◆ vlan_id

uint32_t _packet_info::vlan_id

First encountered VLAN Id if present otherwise 0

◆ want_pdu_tracking

uint16_t _packet_info::want_pdu_tracking

>0 if the subdissector has specified a value in 'bytes_until_next_pdu'. When a dissector detects that the next PDU will start beyond the start of the next segment, it can set this value to 2 and 'bytes_until_next_pdu' to the number of bytes beyond the next segment where the next PDU starts.

If the protocol dissector below this one is capable of PDU tracking it can use this hint to detect PDUs that starts unaligned to the segment boundaries. The TCP dissector is using this hint from (some) protocols to detect when a new PDU starts in the middle of a tcp segment.

There is intelligence in the glue between dissector layers to make sure that this request is only passed down to the protocol immediately below the current one and not any further.

The documentation for this struct was generated from the following file:

/builds/wireshark/wireshark/epan/packet_info.h

Public Attributes