2 * Definitions for packet info structures and routines
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * SPDX-License-Identifier: GPL-2.0-or-later
11 #ifndef __PACKET_INFO_H__
12 #define __PACKET_INFO_H__
14 #include "frame_data.h"
21 * Dissected packet data and metadata.
24 /** @defgroup packetinfo Packet Data and Metadata
29 /* Also defined in wiretap/wtap.h */
30 #define P2P_DIR_UNKNOWN -1
31 #define P2P_DIR_SENT 0
32 #define P2P_DIR_RECV 1
35 #define LINK_DIR_UNKNOWN -1
42 #define PINFO_HAS_TS 0x00000001 /**< time stamp */
44 typedef struct _packet_info {
45 const char *current_proto; /**< name of protocol currently being dissected */
46 struct epan_column_info *cinfo; /**< Column formatting information */
47 guint32 presence_flags; /**< Presence flags for some items */
48 guint32 num; /**< Frame number */
49 nstime_t abs_ts; /**< Packet absolute time stamp */
50 nstime_t rel_ts; /**< Relative timestamp (yes, it can be negative) */
52 union wtap_pseudo_header *pseudo_header;
53 wtap_rec *rec; /**< Record metadata */
54 GSList *data_src; /**< Frame data sources */
55 address dl_src; /**< link-layer source address */
56 address dl_dst; /**< link-layer destination address */
57 address net_src; /**< network-layer source address */
58 address net_dst; /**< network-layer destination address */
59 address src; /**< source address (net if present, DL otherwise )*/
60 address dst; /**< destination address (net if present, DL otherwise )*/
61 guint32 vlan_id; /**< First encountered VLAN Id if present otherwise 0 */
62 const char *noreassembly_reason; /**< reason why reassembly wasn't done, if any */
63 gboolean fragmented; /**< TRUE if the protocol is only a fragment */
65 guint32 in_error_pkt:1; /**< TRUE if we're inside an {ICMP,CLNP,...} error packet */
66 guint32 in_gre_pkt:1; /**< TRUE if we're encapsulated inside a GRE packet */
68 port_type ptype; /**< type of the following two port numbers */
69 guint32 srcport; /**< source port */
70 guint32 destport; /**< destination port */
71 guint32 match_uint; /**< matched uint for calling subdissector from table */
72 const char *match_string; /**< matched string for calling subdissector from table */
73 gboolean use_endpoint; /**< TRUE if endpoint member should be used for conversations */
74 struct endpoint* conv_endpoint; /**< Data that can be used for conversations */
75 guint16 can_desegment; /**< >0 if this segment could be desegmented.
76 A dissector that can offer this API (e.g.
77 TCP) sets can_desegment=2, then
78 can_desegment is decremented by 1 each time
79 we pass to the next subdissector. Thus only
80 the dissector immediately above the
81 protocol which sets the flag can use it*/
82 guint16 saved_can_desegment; /**< Value of can_desegment before current
83 dissector was called. Supplied so that
84 dissectors for proxy protocols such as
85 SOCKS can restore it, allowing the
86 dissectors that they call to use the
87 TCP dissector's desegmentation (SOCKS
88 just retransmits TCP segments once it's
89 finished setting things up, so the TCP
90 desegmentor can desegment its payload). */
91 int desegment_offset; /**< offset to stuff needing desegmentation */
92 #define DESEGMENT_ONE_MORE_SEGMENT 0x0fffffff
93 #define DESEGMENT_UNTIL_FIN 0x0ffffffe
94 guint32 desegment_len; /**< requested desegmentation additional length
96 DESEGMENT_ONE_MORE_SEGMENT:
97 Desegment one more full segment
98 (warning! only partially implemented)
100 Desgment all data for this tcp session
101 until the FIN segment.
103 guint16 want_pdu_tracking; /**< >0 if the subdissector has specified
104 a value in 'bytes_until_next_pdu'.
105 When a dissector detects that the next PDU
106 will start beyond the start of the next
107 segment, it can set this value to 2
108 and 'bytes_until_next_pdu' to the number of
109 bytes beyond the next segment where the
112 If the protocol dissector below this
113 one is capable of PDU tracking it can
114 use this hint to detect PDUs that starts
115 unaligned to the segment boundaries.
116 The TCP dissector is using this hint from
117 (some) protocols to detect when a new PDU
118 starts in the middle of a tcp segment.
120 There is intelligence in the glue between
121 dissector layers to make sure that this
122 request is only passed down to the protocol
123 immediately below the current one and not
126 guint32 bytes_until_next_pdu;
128 int p2p_dir; /**< Packet was captured as an
129 outbound (P2P_DIR_SENT)
130 inbound (P2P_DIR_RECV)
131 unknown (P2P_DIR_UNKNOWN) */
133 GHashTable *private_table; /**< a hash table passed from one dissector to another */
135 wmem_list_t *layers; /**< layers of each protocol */
136 guint8 curr_layer_num; /**< The current "depth" or layer number in the current frame */
139 guint16 clnp_srcref; /**< clnp/cotp source reference (can't use srcport, this would confuse tpkt) */
140 guint16 clnp_dstref; /**< clnp/cotp destination reference (can't use dstport, this would confuse tpkt) */
142 int link_dir; /**< 3GPP messages are sometime different UP link(UL) or Downlink(DL) */
144 GSList* proto_data; /**< Per packet proto data */
146 GSList* dependent_frames; /**< A list of frames which this one depends on */
148 GSList* frame_end_routines;
150 wmem_allocator_t *pool; /**< Memory pool scoped to the pinfo struct */
151 struct epan_session *epan;
152 const gchar *heur_list_name; /**< name of heur list if this packet is being heuristically dissected */
157 #endif /* __PACKET_INFO_H__ */
165 * indent-tabs-mode: nil
168 * ex: set shiftwidth=2 tabstop=8 expandtab:
169 * :indentSize=2:tabSize=8:noTabs=true: