2 * packet tap interface 2002 Ronnie Sahlberg
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
28 #include <epan/epan.h>
29 #include "ws_symbol_export.h"
33 #endif /* __cplusplus */
35 typedef void (*tap_reset_cb)(void *tapdata);
36 typedef gboolean (*tap_packet_cb)(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data);
37 typedef void (*tap_draw_cb)(void *tapdata);
40 * Flags to indicate what a tap listener's packet routine requires.
42 #define TL_REQUIRES_NOTHING 0x00000000 /**< nothing */
43 #define TL_REQUIRES_PROTO_TREE 0x00000001 /**< full protocol tree */
44 #define TL_REQUIRES_COLUMNS 0x00000002 /**< columns */
45 /** Flags to indicate what the tap listener does */
46 #define TL_IS_DISSECTOR_HELPER 0x00000004 /**< tap helps a dissector do work
47 ** but does not, itself, require dissection */
49 extern void tap_init(void);
51 /** This function registers that a dissector has the packet tap ability
52 * available. The name parameter is the name of this tap and extensions can
53 * use open_tap(char *name,... to specify that it wants to receive packets/
54 * events from this tap.
56 * This function is only to be called once, when the dissector initializes.
58 * The return value from this call is later used as a parameter to the
59 * tap_packet(unsigned int *tap_id,...
60 * call so that the tap subsystem knows to which tap point this tapped
61 * packet is associated.
63 WS_DLL_PUBLIC int register_tap(const char *name);
65 /** This function will return the tap_id for the specific protocol tap
66 * or 0 if no such tap was found.
68 WS_DLL_PUBLIC int find_tap_id(const char *name);
70 /** Everytime the dissector has finished dissecting a packet (and all
71 * subdissectors have returned) and if the dissector has been made "tappable"
72 * it will push some data to everyone tapping this layer by a call
73 * to tap_queue_packet().
74 * The first parameter is the tap_id returned by the register_tap()
75 * call for this dissector (so the tap system can keep track of who it came
76 * from and who is listening to it)
77 * The second is the packet_info structure which many tap readers will find
79 * The third argument is specific to each tap point or NULL if no additional
80 * data is available to this tap. A tap point in say IP will probably want to
81 * push the IP header structure here. Same thing for TCP and ONCRPC.
83 * The pinfo and the specific pointer are what is supplied to every listener
84 * in the read_callback() call made to every one currently listening to this
87 * The tap reader is responsible to know how to parse any structure pointed
88 * to by the tap specific data pointer.
90 WS_DLL_PUBLIC void tap_queue_packet(int tap_id, packet_info *pinfo, const void *tap_specific_data);
92 /** Functions used by file.c to drive the tap subsystem */
93 WS_DLL_PUBLIC void tap_build_interesting(epan_dissect_t *edt);
95 /** This function is used to delete/initialize the tap queue and prime an
96 * epan_dissect_t with all the filters for tap listeners.
97 * To free the tap queue, we just prepend the used queue to the free queue.
99 extern void tap_queue_init(epan_dissect_t *edt);
101 /** this function is called after a packet has been fully dissected to push the tapped
102 * data to all extensions that has callbacks registered.
105 extern void tap_push_tapped_queue(epan_dissect_t *edt);
107 /** This function is called after a packet has been fully dissected to push the tapped
108 * data to all extensions that has callbacks registered.
111 WS_DLL_PUBLIC void reset_tap_listeners(void);
113 /** This function is called when we need to redraw all tap listeners, for example
114 * when we open/start a new capture or if we need to rescan the packet list.
115 * It should be called from a low priority thread say once every 3 seconds
117 * If draw_all is true, redraw all aplications regardless if they have
120 WS_DLL_PUBLIC void draw_tap_listeners(gboolean draw_all);
122 /** this function attaches the tap_listener to the named tap.
125 * non-NULL: error, return value points to GString containing error
127 * @param tapname The name of the tap we want to listen to.
128 * @param tapdata is the instance identifier. The tap system uses the value of this
129 * pointer to distinguish between different instances of a tap.
130 * Just make sure that it is unique by letting it be the pointer to a struct
131 * holding all state variables. If you want to allow multiple concurrent
132 * instances, just put ALL state variables inside a struct allocated by
133 * g_malloc() and use that pointer.
134 * @param fstring is a pointer to a filter string.
135 * If this is NULL, then the tap system will provide ALL packets passing the
136 * tapped protocol to your listener.
137 * If you specify a filter string here the tap system will first try
138 * to apply this string to the packet and then only pass those packets that
139 * matched the filter to your listener.
140 * The syntax for the filter string is identical to normal display filters.
142 * NOTE: Specifying filter strings will have a significant performance impact
143 * on your application and Wireshark. If possible it is MUCH better to take
144 * unfiltered data and just filter it yourself in the packet-callback than
145 * to specify a filter string.
146 * ONLY use a filter string if no other option exist.
148 * @param flags is a set of flags for the tap listener. The flags that can be set are:
150 * TL_REQUIRES_PROTO_TREE
152 * set if your tap listener "packet" routine requires a protocol
153 * tree to be built. It will require a protocol tree to be
156 * 1) it looks at the protocol tree in edt->tree
160 * 2) the tap-specific data passed to it is constructed only if
161 * the protocol tree is being built.
163 * TL_REQUIRES_COLUMNS
165 * set if your tap listener "packet" routine requires the column
166 * strings to be constructed.
168 * If no flags are needed, use TL_REQUIRES_NOTHING.
170 * @param tap_reset void (*reset)(void *tapdata)
171 * This callback is called whenever Wireshark wants to inform your
172 * listener that it is about to start [re]reading a capture file or a new capture
173 * from an interface and that your application should reset any state it has
174 * in the *tapdata instance.
175 * @param tap_packet gboolean (*packet)(void *tapdata, packet_info *pinfo, epan_dissect_t *edt, const void *data)
176 * This callback is used whenever a new packet has arrived at the tap and that
177 * it has passed the filter (if there were a filter).
178 * The *data structure type is specific to each tap.
179 * This function returns an gboolean and it should return
180 * TRUE, if the data in the packet caused state to be updated
181 * (and thus a redraw of the window would later be required)
182 * FALSE, if we don't need to redraw the window.
183 * NOTE: that (*packet) should be as fast and efficient as possible. Use this
184 * function ONLY to store data for later and do the CPU-intensive processing
185 * or GUI updates down in (*draw) instead.
186 * @param tap_draw void (*draw)(void *tapdata)
187 * This callback is used when Wireshark wants your application to redraw its
188 * output. It will usually not be called unless your application has received
189 * new data through the (*packet) callback.
190 * On some ports of Wireshark (gtk2) (*draw) will be called asynchronously
191 * from a separate thread up to once every 2-3 seconds.
192 * On other ports it might only be called once when the capture is finished
193 * or the file has been [re]read completely.
196 WS_DLL_PUBLIC GString *register_tap_listener(const char *tapname, void *tapdata,
197 const char *fstring, guint flags, tap_reset_cb tap_reset,
198 tap_packet_cb tap_packet, tap_draw_cb tap_draw);
200 /** This function sets a new dfilter to a tap listener */
201 WS_DLL_PUBLIC GString *set_tap_dfilter(void *tapdata, const char *fstring);
203 /** this function removes a tap listener */
204 WS_DLL_PUBLIC void remove_tap_listener(void *tapdata);
207 * Return TRUE if we have one or more tap listeners that require dissection,
210 WS_DLL_PUBLIC gboolean tap_listeners_require_dissection(void);
212 /** Returns TRUE there is an active tap listener for the specified tap id. */
213 extern gboolean have_tap_listener(int tap_id);
215 /** Return TRUE if we have any tap listeners with filters, FALSE otherwise. */
216 WS_DLL_PUBLIC gboolean have_filtering_tap_listeners(void);
219 * Get the union of all the flags for all the tap listeners; that gives
220 * an indication of whether the protocol tree, or the columns, are
221 * required by any taps.
223 WS_DLL_PUBLIC guint union_of_tap_listener_flags(void);
225 /** This function can be used by a dissector to fetch any tapped data before
227 * This can be useful if one wants to extract the data inside dissector BEFORE
228 * it exists as an alternative to the callbacks that are all called AFTER the
229 * dissection has completed.
231 * Example: SMB2 uses this mechanism to extract the data tapped from NTLMSSP
232 * containing the account and domain names before exiting.
233 * Note that the SMB2 tap listener specifies all three callbacks as NULL.
235 * Beware: when using this mechanism to extract the tapped data you can not
236 * use "filters" and should specify the "filter" as NULL when registering
239 WS_DLL_PUBLIC const void *fetch_tapped_data(int tap_id, int idx);
243 #endif /* __cplusplus */
245 #endif /* __TAP_H__ */
git.samba.org / metze / wireshark / wip.git / blob