epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-udp.h
blobc27afa1946c648d8222f2953dbcf9dc8915b6b88
1 /* packet-udp.h
3 * Wireshark - Network traffic analyzer
4 * By Gerald Combs <gerald@wireshark.org>
5 * Copyright 1998 Gerald Combs
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
11 #ifndef __PACKET_UDP_H__
12 #define __PACKET_UDP_H__
14 #include "ws_symbol_export.h"
16 #include <epan/conversation.h>
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
22 /* UDP structs and definitions */
23 typedef struct _e_udphdr {
24 uint16_t uh_sport;
25 uint16_t uh_dport;
26 uint32_t uh_ulen;
27 uint32_t uh_sum_cov;
28 uint16_t uh_sum;
29 uint32_t uh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */
30 address ip_src;
31 address ip_dst;
32 } e_udphdr;
34 /* Conversation and process structures originally copied from packet-tcp.c */
35 typedef struct _udp_flow_t {
36 /* Process info, currently discovered via IPFIX */
37 uint32_t process_uid; /* UID of local process */
38 uint32_t process_pid; /* PID of local process */
39 char *username; /* Username of the local process */
40 char *command; /* Local process name + path + args */
41 } udp_flow_t;
43 struct udp_analysis {
44 /* These two structs are managed based on comparing the source
45 * and destination addresses and, if they're equal, comparing
46 * the source and destination ports.
48 * If the source is greater than the destination, then stuff
49 * sent from src is in ual1.
51 * If the source is less than the destination, then stuff
52 * sent from src is in ual2.
54 * XXX - if the addresses and ports are equal, we don't guarantee
55 * the behavior.
57 udp_flow_t flow1;
58 udp_flow_t flow2;
60 /* These pointers are set by get_udp_conversation_data()
61 * fwd point in the same direction as the current packet
62 * and rev in the reverse direction
64 udp_flow_t *fwd;
65 udp_flow_t *rev;
67 /* Keep track of udp stream numbers instead of using the conversation
68 * index (as how it was done before). This prevents gaps in the
69 * stream index numbering
71 uint32_t stream;
73 /* Keep track of packet number within the UDP stream */
74 uint32_t pnum;
76 /* Remember the timestamp of the first frame seen in this udp
77 * conversation to be able to calculate a relative time compared
78 * to the start of this conversation
80 nstime_t ts_first;
82 /* Remember the timestamp of the frame that was last seen in this
83 * udp conversation to be able to calculate a delta time compared
84 * to previous frame in this conversation
86 nstime_t ts_prev;
89 /** Associate process information with a given flow
91 * @param frame_num The frame number
92 * @param local_addr The local IPv4 or IPv6 address of the process
93 * @param remote_addr The remote IPv4 or IPv6 address of the process
94 * @param local_port The local TCP port of the process
95 * @param remote_port The remote TCP port of the process
96 * @param uid The numeric user ID of the process
97 * @param pid The numeric PID of the process
98 * @param username Ephemeral string containing the full or partial process name
99 * @param command Ephemeral string containing the full or partial process name
101 extern void
102 add_udp_process_info(uint32_t frame_num, address *local_addr, address *remote_addr,
103 uint16_t local_port, uint16_t remote_port,
104 uint32_t uid, uint32_t pid,
105 char *username, char *command);
107 /** Get the current number of UDP streams
109 * @return The number of UDP streams
111 WS_DLL_PUBLIC uint32_t
112 get_udp_stream_count(void);
114 WS_DLL_PUBLIC void
115 decode_udp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, int);
117 WS_DLL_PUBLIC struct udp_analysis *
118 get_udp_conversation_data(conversation_t *, packet_info *);
121 * Loop for dissecting PDUs within a UDP packet; Similar to tcp_dissect_pdus,
122 * but doesn't have stream support. Assumes that a PDU consists of a
123 * fixed-length chunk of data that contains enough information
124 * to determine the length of the PDU, followed by rest of the PDU.
126 * @param tvb the tvbuff with the (remaining) packet data passed to dissector
127 * @param pinfo the packet info of this packet (additional info) passed to dissector
128 * @param tree the protocol tree to be build or NULL passed to dissector
129 * @param fixed_len is the length of the fixed-length part of the PDU.
130 * @param heuristic_check is the optional routine called to see if dissection
131 * should be done; it's passed "pinfo", "tvb", "offset" and "dissector_data".
132 * @param get_pdu_len is a routine called to get the length of the PDU from
133 * the fixed-length part of the PDU; it's passed "pinfo", "tvb", "offset" and
134 * "dissector_data".
135 * @param dissect_pdu the sub-dissector to be called
136 * @param dissector_data parameter to pass to subdissector
138 WS_DLL_PUBLIC int
139 udp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
140 unsigned fixed_len,
141 bool (*heuristic_check)(packet_info *, tvbuff_t *, int, void*),
142 unsigned (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*),
143 dissector_t dissect_pdu, void* dissector_data);
145 extern char *udp_follow_address_filter(address *src_addr, address *dst_addr, int src_port, int dst_port);
147 #ifdef __cplusplus
149 #endif /* __cplusplus */
151 #endif