2 * Definitions for packet info structures and routines
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #ifndef __PACKET_INFO_H__
24 #define __PACKET_INFO_H__
26 #include "frame_data.h"
31 * Dissected packet data and metadata.
34 /** @defgroup packetinfo Packet Data and Metadata
39 /* Also defined in wiretap/wtap.h */
40 #define P2P_DIR_UNKNOWN -1
41 #define P2P_DIR_SENT 0
42 #define P2P_DIR_RECV 1
45 #define LINK_DIR_UNKNOWN -1
52 #define PINFO_HAS_TS 0x00000001 /**< time stamp */
54 typedef struct _packet_info {
55 const char *current_proto; /**< name of protocol currently being dissected */
56 struct epan_column_info *cinfo; /**< Column formatting information */
57 guint32 presence_flags; /**< Presence flags for some items */
58 nstime_t abs_ts; /**< Packet absolute time stamp */
59 gint pkt_encap; /**< Per-packet encapsulation/data-link type */
61 union wtap_pseudo_header *pseudo_header;
62 struct wtap_pkthdr *phdr; /**< Record metadata */
63 GSList *data_src; /**< Frame data sources */
64 address dl_src; /**< link-layer source address */
65 address dl_dst; /**< link-layer destination address */
66 address net_src; /**< network-layer source address */
67 address net_dst; /**< network-layer destination address */
68 address src; /**< source address (net if present, DL otherwise )*/
69 address dst; /**< destination address (net if present, DL otherwise )*/
70 guint32 vlan_id; /**< First encountered VLAN Id if pressent otherwise 0 */
71 circuit_type ctype; /**< type of circuit, for protocols with a VC identifier */
72 guint32 circuit_id; /**< circuit ID, for protocols with a VC identifier */
73 const char *noreassembly_reason; /**< reason why reassembly wasn't done, if any */
74 gboolean fragmented; /**< TRUE if the protocol is only a fragment */
76 guint32 in_error_pkt:1; /**< TRUE if we're inside an {ICMP,CLNP,...} error packet */
77 guint32 in_gre_pkt:1; /**< TRUE if we're encapsulated inside a GRE packet */
79 port_type ptype; /**< type of the following two port numbers */
80 guint32 srcport; /**< source port */
81 guint32 destport; /**< destination port */
82 guint32 match_uint; /**< matched uint for calling subdissector from table */
83 const char *match_string; /**< matched string for calling subdissector from table */
84 guint16 can_desegment; /**< >0 if this segment could be desegmented.
85 A dissector that can offer this API (e.g.
86 TCP) sets can_desegment=2, then
87 can_desegment is decremented by 1 each time
88 we pass to the next subdissector. Thus only
89 the dissector immediately above the
90 protocol which sets the flag can use it*/
91 guint16 saved_can_desegment; /**< Value of can_desegment before current
92 dissector was called. Supplied so that
93 dissectors for proxy protocols such as
94 SOCKS can restore it, allowing the
95 dissectors that they call to use the
96 TCP dissector's desegmentation (SOCKS
97 just retransmits TCP segments once it's
98 finished setting things up, so the TCP
99 desegmentor can desegment its payload). */
100 int desegment_offset; /**< offset to stuff needing desegmentation */
101 #define DESEGMENT_ONE_MORE_SEGMENT 0x0fffffff
102 #define DESEGMENT_UNTIL_FIN 0x0ffffffe
103 guint32 desegment_len; /**< requested desegmentation additional length
105 DESEGMENT_ONE_MORE_SEGMENT:
106 Desegment one more full segment
107 (warning! only partially implemented)
109 Desgment all data for this tcp session
110 until the FIN segment.
112 guint16 want_pdu_tracking; /**< >0 if the subdissector has specified
113 a value in 'bytes_until_next_pdu'.
114 When a dissector detects that the next PDU
115 will start beyond the start of the next
116 segment, it can set this value to 2
117 and 'bytes_until_next_pdu' to the number of
118 bytes beyond the next segment where the
121 If the protocol dissector below this
122 one is capable of PDU tracking it can
123 use this hint to detect PDUs that starts
124 unaligned to the segment boundaries.
125 The TCP dissector is using this hint from
126 (some) protocols to detect when a new PDU
127 starts in the middle of a tcp segment.
129 There is intelligence in the glue between
130 dissector layers to make sure that this
131 request is only passed down to the protocol
132 immediately below the current one and not
135 guint32 bytes_until_next_pdu;
137 int p2p_dir; /**< Packet was captured as an
138 outbound (P2P_DIR_SENT)
139 inbound (P2P_DIR_RECV)
140 unknown (P2P_DIR_UNKNOWN) */
142 GHashTable *private_table; /**< a hash table passed from one dissector to another */
144 wmem_list_t *layers; /**< layers of each protocol */
145 guint8 curr_layer_num; /**< The current "depth" or layer number in the current frame */
148 guint16 clnp_srcref; /**< clnp/cotp source reference (can't use srcport, this would confuse tpkt) */
149 guint16 clnp_dstref; /**< clnp/cotp destination reference (can't use dstport, this would confuse tpkt) */
151 int link_dir; /**< 3GPP messages are sometime different UP link(UL) or Downlink(DL) */
153 GSList* proto_data; /**< Per packet proto data */
155 GSList* dependent_frames; /**< A list of frames which this one depends on */
157 GSList* frame_end_routines;
159 wmem_allocator_t *pool; /**< Memory pool scoped to the pinfo struct */
160 struct epan_session *epan;
161 nstime_t rel_ts; /**< Relative timestamp (yes, it can be negative) */
162 const gchar *heur_list_name; /**< name of heur list if this packet is being heuristically dissected */
167 #endif /* __PACKET_INFO_H__ */
175 * indent-tabs-mode: nil
178 * ex: set shiftwidth=2 tabstop=8 expandtab:
179 * :indentSize=2:tabSize=8:noTabs=true: