epan/packet_info.h

   1 /* packet_info.h
   2  * Definitions for packet info structures and routines
   3  *
   4  * Wireshark - Network traffic analyzer
   5  * By Gerald Combs <gerald@wireshark.org>
   6  * Copyright 1998 Gerald Combs
   7  *
   8  * SPDX-License-Identifier: GPL-2.0-or-later
   9  */
  10
  11 #ifndef __PACKET_INFO_H__
  12 #define __PACKET_INFO_H__
  13
  14 #include "frame_data.h"
  15 #include "address.h"
  16
  17 struct conversation_element;
  18
  19 /** @file
  20  * Dissected packet data and metadata.
  21  */
  22
  23 /** @defgroup packetinfo Packet Data and Metadata
  24  *
  25  * @{
  26  */
  27
  28 /* Also defined in wiretap/wtap.h */
  29 #define P2P_DIR_UNKNOWN -1
  30 #define P2P_DIR_SENT    0
  31 #define P2P_DIR_RECV    1
  32
  33 /* Link direction */
  34 #define LINK_DIR_UNKNOWN    -1
  35 #define P2P_DIR_UL  0
  36 #define P2P_DIR_DL  1
  37
  38 /*
  39  * Presence flags.
  40  */
  41 #define PINFO_HAS_TS            0x00000001  /**< time stamp */
  42
  43 typedef struct _packet_info {
  44   const char *current_proto;        /**< name of protocol currently being dissected */
  45   struct epan_column_info *cinfo;   /**< Column formatting information */
  46   uint32_t presence_flags;           /**< Presence flags for some items */
  47   uint32_t num;                      /**< Frame number */
  48   nstime_t abs_ts;                  /**< Packet absolute time stamp */
  49   nstime_t rel_ts;                  /**< Relative timestamp (yes, it can be negative) */
  50   nstime_t rel_cap_ts;              /**< Relative timestamp from capture start (might be negative for broken files) */
  51   bool rel_cap_ts_present;      /**< Relative timestamp from capture start valid */
  52   frame_data *fd;
  53   union wtap_pseudo_header *pseudo_header;
  54   wtap_rec *rec;                    /**< Record metadata */
  55   GSList *data_src;                 /**< Frame data sources */
  56   address dl_src;                   /**< link-layer source address */
  57   address dl_dst;                   /**< link-layer destination address */
  58   address net_src;                  /**< network-layer source address */
  59   address net_dst;                  /**< network-layer destination address */
  60   address src;                      /**< source address (net if present, DL otherwise )*/
  61   address dst;                      /**< destination address (net if present, DL otherwise )*/
  62   uint32_t vlan_id;                  /**< First encountered VLAN Id if present otherwise 0 */
  63   const char *noreassembly_reason;  /**< reason why reassembly wasn't done, if any */
  64   bool fragmented;              /**< true if the protocol is only a fragment */
  65   struct {
  66     uint32_t in_error_pkt:1;         /**< true if we're inside an {ICMP,CLNP,...} error packet */
  67     uint32_t in_gre_pkt:1;           /**< true if we're encapsulated inside a GRE packet */
  68   } flags;
  69   port_type ptype;                  /**< type of the following two port numbers */
  70   uint32_t srcport;                  /**< source port */
  71   uint32_t destport;                 /**< destination port */
  72   uint32_t match_uint;               /**< matched uint for calling subdissector from table */
  73   const char *match_string;         /**< matched string for calling subdissector from table */
  74   bool use_conv_addr_port_endpoints; /**< true if address/port endpoints member should be used for conversations */
  75   struct conversation_addr_port_endpoints* conv_addr_port_endpoints; /**< Data that can be used for address+port conversations, including wildcarding */
  76   struct conversation_element *conv_elements; /**< Arbitrary conversation identifier; can't be wildcarded */
  77   uint16_t can_desegment;            /**< >0 if this segment could be desegmented.
  78                                          A dissector that can offer this API (e.g.
  79                                          TCP) sets can_desegment=2, then
  80                                          can_desegment is decremented by 1 each time
  81                                          we pass to the next subdissector. Thus only
  82                                          the dissector immediately above the
  83                                          protocol which sets the flag can use it*/
  84   uint16_t saved_can_desegment;      /**< Value of can_desegment before current
  85                                          dissector was called.  Supplied so that
  86                                          dissectors for proxy protocols such as
  87                                          SOCKS can restore it, allowing the
  88                                          dissectors that they call to use the
  89                                          TCP dissector's desegmentation (SOCKS
  90                                          just retransmits TCP segments once it's
  91                                          finished setting things up, so the TCP
  92                                          desegmentor can desegment its payload). */
  93   int desegment_offset;             /**< offset to stuff needing desegmentation */
  94 #define DESEGMENT_ONE_MORE_SEGMENT 0x0fffffff
  95 #define DESEGMENT_UNTIL_FIN        0x0ffffffe
  96   uint32_t desegment_len;            /**< requested desegmentation additional length
  97                                        or
  98                                        DESEGMENT_ONE_MORE_SEGMENT:
  99                                          Desegment one more full segment
 100                                          (warning! only partially implemented)
 101                                        DESEGMENT_UNTIL_FIN:
 102                                          Desegment all data for this tcp session
 103                                          until the FIN segment.
 104                                     */
 105   uint16_t want_pdu_tracking;    /**< >0 if the subdissector has specified
 106                                    a value in 'bytes_until_next_pdu'.
 107                                    When a dissector detects that the next PDU
 108                                    will start beyond the start of the next
 109                                    segment, it can set this value to 2
 110                                    and 'bytes_until_next_pdu' to the number of
 111                                    bytes beyond the next segment where the
 112                                    next PDU starts.
 113
 114                                    If the protocol dissector below this
 115                                    one is capable of PDU tracking it can
 116                                    use this hint to detect PDUs that starts
 117                                    unaligned to the segment boundaries.
 118                                    The TCP dissector is using this hint from
 119                                    (some) protocols to detect when a new PDU
 120                                    starts in the middle of a tcp segment.
 121
 122                                    There is intelligence in the glue between
 123                                    dissector layers to make sure that this
 124                                    request is only passed down to the protocol
 125                                    immediately below the current one and not
 126                                    any further.
 127                                 */
 128   uint32_t bytes_until_next_pdu;
 129
 130   int     p2p_dir;              /**< Packet was captured as an
 131                                        outbound (P2P_DIR_SENT)
 132                                        inbound (P2P_DIR_RECV)
 133                                        unknown (P2P_DIR_UNKNOWN) */
 134
 135   GHashTable *private_table;    /**< a hash table passed from one dissector to another */
 136
 137   wmem_list_t *layers;          /**< layers of each protocol */
 138   wmem_map_t *proto_layers;     /** map of proto_id to curr_proto_layer_num. */
 139   uint8_t curr_layer_num;        /**< The current "depth" or layer number in the current frame */
 140   uint8_t curr_proto_layer_num;  /**< The current "depth" or layer number for this dissector in the current frame */
 141   uint16_t link_number;
 142
 143   uint16_t clnp_srcref;          /**< clnp/cotp source reference (can't use srcport, this would confuse tpkt) */
 144   uint16_t clnp_dstref;          /**< clnp/cotp destination reference (can't use dstport, this would confuse tpkt) */
 145
 146   int link_dir;                 /**< 3GPP messages are sometime different UP link(UL) or Downlink(DL) */
 147
 148   int16_t src_win_scale;        /**< Rcv.Wind.Shift src applies when sending segments; -1 unknown; -2 disabled */
 149   int16_t dst_win_scale;        /**< Rcv.Wind.Shift dst applies when sending segments; -1 unknown; -2 disabled */
 150
 151   GSList* proto_data;          /**< Per packet proto data */
 152
 153   GSList* frame_end_routines;
 154
 155   wmem_allocator_t *pool;      /**< Memory pool scoped to the pinfo struct */
 156   struct epan_session *epan;
 157   const char *heur_list_name;    /**< name of heur list if this packet is being heuristically dissected */
 158   int dissection_depth;         /**< The current "depth" or layer number in the current frame */
 159
 160   uint32_t stream_id;            /**< Conversation Stream ID of the highest protocol */
 161 } packet_info;
 162
 163 /** @} */
 164
 165 #endif /* __PACKET_INFO_H__ */
 166
 167 /*
 168  * Editor modelines
 169  *
 170  * Local Variables:
 171  * c-basic-offset: 2
 172  * tab-width: 8
 173  * indent-tabs-mode: nil
 174  * End:
 175  *
 176  * ex: set shiftwidth=2 tabstop=8 expandtab:
 177  * :indentSize=2:tabSize=8:noTabs=true:
 178  */