2 * Definitions for packet info structures and routines
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 #ifndef __PACKET_INFO_H__
26 #define __PACKET_INFO_H__
28 #include "frame_data.h"
31 #include "wmem/wmem_core.h"
33 /* Also defined in wiretap/wtap.h */
34 #define P2P_DIR_UNKNOWN -1
35 #define P2P_DIR_SENT 0
36 #define P2P_DIR_RECV 1
39 #define LINK_DIR_UNKNOWN -1
43 #define PINFO_SOF_FIRST_FRAME 0x1
44 #define PINFO_SOF_SOFF 0x2
45 #define PINFO_EOF_LAST_FRAME 0x80
46 #define PINFO_EOF_INVALID 0x40
47 #define MAX_NUMBER_OF_PPIDS 2
49 typedef struct _packet_info {
50 const char *current_proto; /**< name of protocol currently being dissected */
51 column_info *cinfo; /**< Column formatting information */
53 union wtap_pseudo_header *pseudo_header;
54 struct wtap_pkthdr *phdr;
55 GSList *data_src; /**< Frame data sources */
56 address dl_src; /**< link-layer source address */
57 address dl_dst; /**< link-layer destination address */
58 address net_src; /**< network-layer source address */
59 address net_dst; /**< network-layer destination address */
60 address src; /**< source address (net if present, DL otherwise )*/
61 address dst; /**< destination address (net if present, DL otherwise )*/
62 guint32 ethertype; /**< Ethernet Type Code, if this is an Ethernet packet */
63 guint32 ipproto; /**< IP protocol, if this is an IP packet */
64 guint32 ipxptype; /**< IPX packet type, if this is an IPX packet */
65 guint32 mpls_label; /**< last mpls label in label stack, if this is a MPLS packet */
66 circuit_type ctype; /**< type of circuit, for protocols with a VC identifier */
67 guint32 circuit_id; /**< circuit ID, for protocols with a VC identifier */
68 const char *noreassembly_reason; /**< reason why reassembly wasn't done, if any */
69 gboolean fragmented; /**< TRUE if the protocol is only a fragment */
71 guint32 in_error_pkt:1; /**< TRUE if we're inside an {ICMP,CLNP,...} error packet */
72 guint32 in_gre_pkt:1; /**< TRUE if we're encapsulated inside a GRE packet */
74 port_type ptype; /**< type of the following two port numbers */
75 guint32 srcport; /**< source port */
76 guint32 destport; /**< destination port */
77 guint32 match_uint; /**< matched uint for calling subdissector from table */
78 const char *match_string; /**< matched string for calling subdissector from table */
79 guint16 can_desegment; /**< >0 if this segment could be desegmented.
80 A dissector that can offer this API (e.g.
81 TCP) sets can_desegment=2, then
82 can_desegment is decremented by 1 each time
83 we pass to the next subdissector. Thus only
84 the dissector immediately above the
85 protocol which sets the flag can use it*/
86 guint16 saved_can_desegment; /**< Value of can_desegment before current
87 dissector was called. Supplied so that
88 dissectors for proxy protocols such as
89 SOCKS can restore it, allowing the
90 dissectors that they call to use the
91 TCP dissector's desegmentation (SOCKS
92 just retransmits TCP segments once it's
93 finished setting things up, so the TCP
94 desegmentor can desegment its payload). */
95 int desegment_offset; /**< offset to stuff needing desegmentation */
96 #define DESEGMENT_ONE_MORE_SEGMENT 0x0fffffff
97 #define DESEGMENT_UNTIL_FIN 0x0ffffffe
98 guint32 desegment_len; /**< requested desegmentation additional length
100 DESEGMENT_ONE_MORE_SEGMENT:
101 Desegment one more full segment
102 (warning! only partially implemented)
104 Desgment all data for this tcp session
105 until the FIN segment.
107 guint16 want_pdu_tracking; /**< >0 if the subdissector has specified
108 a value in 'bytes_until_next_pdu'.
109 When a dissector detects that the next PDU
110 will start beyond the start of the next
111 segment, it can set this value to 2
112 and 'bytes_until_next_pdu' to the number of
113 bytes beyond the next segment where the
116 If the protocol dissector below this
117 one is capable of PDU tracking it can
118 use this hint to detect PDUs that starts
119 unaligned to the segment boundaries.
120 The TCP dissector is using this hint from
121 (some) protocols to detect when a new PDU
122 starts in the middle of a tcp segment.
124 There is intelligence in the glue between
125 dissector layers to make sure that this
126 request is only passed down to the protocol
127 immediately below the current one and not
130 guint32 bytes_until_next_pdu;
133 int iplen; /**< total length of IP packet */
134 int iphdrlen; /**< length of IP header */
135 guint8 ip_ttl; /**< IP time to live */
136 int p2p_dir; /**< Packet was captured as an
137 outbound (P2P_DIR_SENT)
138 inbound (P2P_DIR_RECV)
139 unknown (P2P_DIR_UNKNOWN) */
140 guint16 oxid; /**< next 2 fields reqd to identify fibre */
141 guint16 rxid; /**< channel conversations */
142 guint8 r_ctl; /**< R_CTL field in Fibre Channel Protocol */
143 guint8 sof_eof; /**< FC's SOF/EOF encoding passed to FC decoder
144 * Bit 7 set if Last frame in sequence
145 * Bit 6 set if invalid frame content
147 * Bit 1 set if first frame in sequence
149 guint16 src_idx; /**< Source port index (Cisco MDS-specific) */
150 guint16 dst_idx; /**< Dest port index (Cisco MDS-specific) */
151 guint16 vsan; /**< Fibre channel/Cisco MDS-specific */
153 /* Extra data for DCERPC handling and tracking of context ids */
154 guint16 dcectxid; /**< Context ID (DCERPC-specific) */
155 int dcetransporttype; /**< Transport type
156 * Value -1 means "not a DCERPC packet"
158 guint16 dcetransportsalt; /**< fid: if transporttype==DCE_CN_TRANSPORT_SMBPIPE */
160 /**< Extra data for handling of decryption of GSSAPI wrapped tvbuffs.
161 Caller sets decrypt_gssapi_tvb if this service is requested.
162 If gssapi_encrypted_tvb is NULL, then the rest of the tvb data following
163 the gssapi blob itself is decrypted othervise the gssapi_encrypted_tvb
164 tvb will be decrypted (DCERPC has the data before the gssapi blob)
165 If, on return, gssapi_data_encrypted is FALSE, the wrapped tvbuff
166 was signed (i.e., an encrypted signature was present, to check
167 whether the data was modified by a man in the middle) but not sealed
168 (i.e., the data itself wasn't encrypted).
170 #define DECRYPT_GSSAPI_NORMAL 1
171 #define DECRYPT_GSSAPI_DCE 2
172 guint16 decrypt_gssapi_tvb;
173 tvbuff_t *gssapi_wrap_tvb;
174 tvbuff_t *gssapi_encrypted_tvb;
175 tvbuff_t *gssapi_decrypted_tvb;
176 gboolean gssapi_data_encrypted;
178 guint32 ppid; /**< SCTP PPI of current DATA chunk */
179 /** This is a valid PPID, but we use it to mark the end of the list */
180 #define LAST_PPID 0xffffffff
181 guint32 ppids[MAX_NUMBER_OF_PPIDS]; /**< The first NUMBER_OF_PPIDS PPIDS which are present
184 void *private_data; /**< pointer to data passed from one dissector to another */
185 GHashTable *private_table; /**< a hash table passed from one dissector to another */
186 /* TODO: Use emem_strbuf_t instead */
187 GString *layer_names; /**< layers of each protocol */
189 guint8 annex_a_used; /**< used in packet-mtp2.c
191 * MTP2_ANNEX_A_NOT_USED 0
192 * MTP2_ANNEX_A_USED 1
193 * MTP2_ANNEX_A_USED_UNKNOWN 2
195 guint16 profinet_type; /**< the type of PROFINET packet (0: not a PROFINET packet) */
196 void *profinet_conv; /**< the PROFINET conversation data (NULL: not a PROFINET packet) */
198 void *tcp_tree; /**< proto_tree for the tcp layer */
200 const char *dcerpc_procedure_name; /* Used by PIDL to store the name of the current dcerpc procedure */
202 struct _sccp_msg_info_t* sccp_info;
203 guint16 clnp_srcref; /**< clnp/cotp source reference (can't use srcport, this would confuse tpkt) */
204 guint16 clnp_dstref; /**< clnp/cotp destination reference (can't use dstport, this would confuse tpkt) */
206 guint16 zbee_cluster_id; /**< ZigBee cluster ID, an application-specific message identifier that
207 * happens to be included in the transport (APS) layer header.
209 guint8 zbee_stack_vers; /**< ZigBee stack version number, present in the ZigBee network layer, but
210 * impacts the packet format at all layers of the ZigBee stack.
212 int link_dir; /**< 3GPP messages are sometime different UP link(UL) or Downlink(DL) */
213 GSList* dependent_frames; /**< A list of frames which this one depends on */
215 GSList *frame_end_routines;
217 wmem_allocator_t *pool; /**< Memory pool scoped to the pinfo struct */
220 /**< For old code that hasn't yet been changed. */
221 #define match_port match_uint
223 #endif /* __PACKET_INFO_H__ */