 |
Wireshark 4.5.0
The Wireshark network protocol analyzer
|
Loading...
Searching...
No Matches
|
Wireshark 4.5.0
The Wireshark network protocol analyzer
|
Public Attributes | |
| uint8_t | ip_visited: 1 |
| uint8_t | tcp_visited: 1 |
| uint8_t | ip_istcp: 2 |
| uint8_t | ip_isfrag: 2 |
| uint8_t | tcp_synset: 2 |
| uint8_t | tcp_ackset: 2 |
| uint8_t | pkt_ingress: 2 |
| uint8_t | pkt_has_flow: 2 |
| uint8_t | pkt_has_peer: 2 |
| uint8_t | analysis_done: 1 |
| uint8_t | analysis_flowreuse: 1 |
| uint8_t | analysis_flowlost: 1 |
| uint8_t | analysis_hasresults: 1 |
Structure used to store data gathered by the taps and dissector that is attached to the pinfo structure for the packet. This structure ends up getting allocated for every packet. So, we want to keep it small.
For fields that are 1 bit wide, they have 0 == false and 1 == true. For fields that are 2 bits wide, they have 0 == false, 1 == true and 3 == unknown.
| uint8_t f5eth_analysis_data_t::analysis_done |
Analysis has been performed
| uint8_t f5eth_analysis_data_t::analysis_flowlost |
Analysis indicates flow lost
| uint8_t f5eth_analysis_data_t::analysis_flowreuse |
Analysis indicates flow reuse
| uint8_t f5eth_analysis_data_t::analysis_hasresults |
Are there actually any results?
| uint8_t f5eth_analysis_data_t::ip_isfrag |
Is this packet an IP fragment?
| uint8_t f5eth_analysis_data_t::ip_istcp |
Is this a TCP (set by ip/ip6 tap on first header)
| uint8_t f5eth_analysis_data_t::ip_visited |
Did the IPv4 or IPv6 tap look at this packet already?
| uint8_t f5eth_analysis_data_t::pkt_has_flow |
Packet has associated flow
| uint8_t f5eth_analysis_data_t::pkt_has_peer |
Packet has associated peer flow
| uint8_t f5eth_analysis_data_t::pkt_ingress |
Packet is ingress packet
| uint8_t f5eth_analysis_data_t::tcp_ackset |
Is the ACK flag set in the TCP header?
| uint8_t f5eth_analysis_data_t::tcp_synset |
Is the SYN flag set in the TCP header?
| uint8_t f5eth_analysis_data_t::tcp_visited |
Did the TCP tap look at this packet already?
1.9.8