1 /* packet.h 2 * Definitions for packet disassembly structures and routines 3 * 4 * Wireshark - Network traffic analyzer 5 * By Gerald Combs <gerald@wireshark.org> 6 * Copyright 1998 Gerald Combs 7 * 8 * SPDX-License-Identifier: GPL-2.0-or-later 9 */ 10 11 #ifndef __PACKET_H__ 12 #define __PACKET_H__ 13 14 #include <wiretap/wtap_opttypes.h> 15 #include "proto.h" 16 #include "tvbuff.h" 17 #include "epan.h" 18 #include "value_string.h" 19 #include "frame_data.h" 20 #include "packet_info.h" 21 #include "column-utils.h" 22 #include "guid-utils.h" 23 #include "tfs.h" 24 #include "unit_strings.h" 25 #include "ws_symbol_export.h" 26 #include "wsutil/glib-compat.h" 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif /* __cplusplus */ 31 32 struct epan_range; 33 34 /** @defgroup packet General Packet Dissection 35 * 36 * @{ 37 */ 38 39 #define hi_nibble(b) (((b) & 0xf0) >> 4) 40 #define lo_nibble(b) ((b) & 0x0f) 41 42 /* Useful when you have an array whose size you can tell at compile-time */ 43 #define array_length(x) (sizeof x / sizeof x[0]) 44 45 /* Check whether the "len" bytes of data starting at "offset" is 46 * entirely inside the captured data for this packet. */ 47 #define BYTES_ARE_IN_FRAME(offset, captured_len, len) \ 48 ((guint)(offset) + (guint)(len) > (guint)(offset) && \ 49 (guint)(offset) + (guint)(len) <= (guint)(captured_len)) 50 51 extern void packet_init(void); 52 extern void packet_cache_proto_handles(void); 53 extern void packet_cleanup(void); 54 55 /* Handle for dissectors you call directly or register with "dissector_add_uint()". 56 This handle is opaque outside of "packet.c". */ 57 struct dissector_handle; 58 typedef struct dissector_handle *dissector_handle_t; 59 60 /* Hash table for matching unsigned integers, or strings, and dissectors; 61 this is opaque outside of "packet.c". */ 62 struct dissector_table; 63 typedef struct dissector_table *dissector_table_t; 64 65 /* 66 * Dissector that returns: 67 * 68 * The amount of data in the protocol's PDU, if it was able to 69 * dissect all the data; 70 * 71 * 0, if the tvbuff doesn't contain a PDU for that protocol; 72 * 73 * The negative of the amount of additional data needed, if 74 * we need more data (e.g., from subsequent TCP segments) to 75 * dissect the entire PDU. 76 */ 77 typedef int (*dissector_t)(tvbuff_t *, packet_info *, proto_tree *, void *); 78 79 /* Same as dissector_t with an extra parameter for callback pointer */ 80 typedef int (*dissector_cb_t)(tvbuff_t *, packet_info *, proto_tree *, void *, void *); 81 82 /** Type of a heuristic dissector, used in heur_dissector_add(). 83 * 84 * @param tvb the tvbuff with the (remaining) packet data 85 * @param pinfo the packet info of this packet (additional info) 86 * @param tree the protocol tree to be build or NULL 87 * @return TRUE if the packet was recognized by the sub-dissector (stop dissection here) 88 */ 89 typedef gboolean (*heur_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, 90 proto_tree *tree, void *); 91 92 typedef enum { 93 HEURISTIC_DISABLE, 94 HEURISTIC_ENABLE 95 } heuristic_enable_e; 96 97 typedef void (*DATFunc) (const gchar *table_name, ftenum_t selector_type, 98 gpointer key, gpointer value, gpointer user_data); 99 typedef void (*DATFunc_handle) (const gchar *table_name, gpointer value, 100 gpointer user_data); 101 typedef void (*DATFunc_table) (const gchar *table_name, const gchar *ui_name, 102 gpointer user_data); 103 104 /* Opaque structure - provides type checking but no access to components */ 105 typedef struct dtbl_entry dtbl_entry_t; 106 107 WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_handle (dtbl_entry_t *dtbl_entry); 108 WS_DLL_PUBLIC dissector_handle_t dtbl_entry_get_initial_handle (dtbl_entry_t * entry); 109 110 /** Iterate over dissectors in a table with non-default "decode as" settings. 111 * 112 * Walk one dissector table calling a user supplied function only on 113 * any entry that has been changed from its original state. 114 * 115 * @param[in] table_name The name of the dissector table, e.g. "ip.proto". 116 * @param[in] func The function to call for each dissector. 117 * @param[in] user_data User data to pass to the function. 118 */ 119 void dissector_table_foreach_changed (const char *table_name, DATFunc func, 120 gpointer user_data); 121 122 /** Iterate over dissectors in a table. 123 * 124 * Walk one dissector table's hash table calling a user supplied function 125 * on each entry. 126 * 127 * @param[in] table_name The name of the dissector table, e.g. "ip.proto". 128 * @param[in] func The function to call for each dissector. 129 * @param[in] user_data User data to pass to the function. 130 */ 131 WS_DLL_PUBLIC void dissector_table_foreach (const char *table_name, DATFunc func, 132 gpointer user_data); 133 134 /** Iterate over dissectors with non-default "decode as" settings. 135 * 136 * Walk all dissector tables calling a user supplied function only on 137 * any "decode as" entry that has been changed from its original state. 138 * 139 * @param[in] func The function to call for each dissector. 140 * @param[in] user_data User data to pass to the function. 141 */ 142 WS_DLL_PUBLIC void dissector_all_tables_foreach_changed (DATFunc func, 143 gpointer user_data); 144 145 /** Iterate over dissectors in a table by handle. 146 * 147 * Walk one dissector table's list of handles calling a user supplied 148 * function on each entry. 149 * 150 * @param[in] table_name The name of the dissector table, e.g. "ip.proto". 151 * @param[in] func The function to call for each dissector. 152 * @param[in] user_data User data to pass to the function. 153 */ 154 WS_DLL_PUBLIC void dissector_table_foreach_handle(const char *table_name, DATFunc_handle func, 155 gpointer user_data); 156 157 /** Iterate over all dissector tables. 158 * 159 * Walk the set of dissector tables calling a user supplied function on each 160 * table. 161 * @param[in] func The function to call for each table. 162 * @param[in] user_data User data to pass to the function. 163 * @param[in] compare_key_func Function used to sort the set of tables before 164 * calling the function. No sorting is done if NULL. */ 165 WS_DLL_PUBLIC void dissector_all_tables_foreach_table (DATFunc_table func, 166 gpointer user_data, GCompareFunc compare_key_func); 167 168 /* a protocol uses the function to register a sub-dissector table 169 * 170 * 'param' is the display base for integer tables, and TRUE/FALSE for 171 * string tables (true indicating case-insensitive, false indicating 172 * case-sensitive) 173 */ 174 WS_DLL_PUBLIC dissector_table_t register_dissector_table(const char *name, 175 const char *ui_name, const int proto, const ftenum_t type, const int param); 176 177 /* 178 * Similar to register_dissector_table, but with a "custom" hash function 179 * to store subdissectors. 180 */ 181 WS_DLL_PUBLIC dissector_table_t register_custom_dissector_table(const char *name, 182 const char *ui_name, const int proto, GHashFunc hash_func, GEqualFunc key_equal_func); 183 184 /** Register a dissector table alias. 185 * This is for dissectors whose original name has changed, e.g. SSL to TLS. 186 * @param dissector_table dissector table returned by register_dissector_table. 187 * @param alias_name alias for the dissector table name. 188 */ 189 WS_DLL_PUBLIC void register_dissector_table_alias(dissector_table_t dissector_table, 190 const char *alias_name); 191 192 /** Deregister the dissector table by table name. */ 193 void deregister_dissector_table(const char *name); 194 195 /* Find a dissector table by table name. */ 196 WS_DLL_PUBLIC dissector_table_t find_dissector_table(const char *name); 197 198 /* Get the UI name for a sub-dissector table, given its internal name */ 199 WS_DLL_PUBLIC const char *get_dissector_table_ui_name(const char *name); 200 201 /* Get the field type for values of the selector for a dissector table, 202 given the table's internal name */ 203 WS_DLL_PUBLIC ftenum_t get_dissector_table_selector_type(const char *name); 204 205 /* Get the param set for the sub-dissector table, 206 given the table's internal name */ 207 WS_DLL_PUBLIC int get_dissector_table_param(const char *name); 208 209 /* Dump all dissector tables to the standard output (not the entries, 210 just the information about the tables) */ 211 WS_DLL_PUBLIC void dissector_dump_dissector_tables(void); 212 213 /* Add an entry to a uint dissector table. */ 214 WS_DLL_PUBLIC void dissector_add_uint(const char *name, const guint32 pattern, 215 dissector_handle_t handle); 216 217 /* Add an entry to a uint dissector table with "preference" automatically added. */ 218 WS_DLL_PUBLIC void dissector_add_uint_with_preference(const char *name, const guint32 pattern, 219 dissector_handle_t handle); 220 221 /* Add an range of entries to a uint dissector table. */ 222 WS_DLL_PUBLIC void dissector_add_uint_range(const char *abbrev, struct epan_range *range, 223 dissector_handle_t handle); 224 225 /* Add an range of entries to a uint dissector table with "preference" automatically added. */ 226 WS_DLL_PUBLIC void dissector_add_uint_range_with_preference(const char *abbrev, const char* range_str, 227 dissector_handle_t handle); 228 229 /* Delete the entry for a dissector in a uint dissector table 230 with a particular pattern. */ 231 WS_DLL_PUBLIC void dissector_delete_uint(const char *name, const guint32 pattern, 232 dissector_handle_t handle); 233 234 /* Delete an range of entries from a uint dissector table. */ 235 WS_DLL_PUBLIC void dissector_delete_uint_range(const char *abbrev, struct epan_range *range, 236 dissector_handle_t handle); 237 238 /* Delete all entries from a dissector table. */ 239 WS_DLL_PUBLIC void dissector_delete_all(const char *name, dissector_handle_t handle); 240 241 /* Change the entry for a dissector in a uint dissector table 242 with a particular pattern to use a new dissector handle. */ 243 WS_DLL_PUBLIC void dissector_change_uint(const char *abbrev, const guint32 pattern, 244 dissector_handle_t handle); 245 246 /* Reset an entry in a uint dissector table to its initial value. */ 247 WS_DLL_PUBLIC void dissector_reset_uint(const char *name, const guint32 pattern); 248 249 /* Look for a given value in a given uint dissector table and, if found, 250 call the dissector with the arguments supplied, and return the number 251 of bytes consumed, otherwise return 0. */ 252 WS_DLL_PUBLIC int dissector_try_uint(dissector_table_t sub_dissectors, 253 const guint32 uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 254 255 /* Look for a given value in a given uint dissector table and, if found, 256 call the dissector with the arguments supplied, and return the number 257 of bytes consumed, otherwise return 0. */ 258 WS_DLL_PUBLIC int dissector_try_uint_new(dissector_table_t sub_dissectors, 259 const guint32 uint_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const gboolean add_proto_name, void *data); 260 261 /** Look for a given value in a given uint dissector table and, if found, 262 * return the current dissector handle for that value. 263 * 264 * @param[in] sub_dissectors Dissector table to search. 265 * @param[in] uint_val Value to match, e.g. the port number for the TCP dissector. 266 * @return The matching dissector handle on success, NULL if no match is found. 267 */ 268 WS_DLL_PUBLIC dissector_handle_t dissector_get_uint_handle( 269 dissector_table_t const sub_dissectors, const guint32 uint_val); 270 271 /** Look for a given value in a given uint dissector table and, if found, 272 * return the default dissector handle for that value. 273 * 274 * @param[in] name Dissector table name. 275 * @param[in] uint_val Value to match, e.g. the port number for the TCP dissector. 276 * @return The matching dissector handle on success, NULL if no match is found. 277 */ 278 WS_DLL_PUBLIC dissector_handle_t dissector_get_default_uint_handle( 279 const char *name, const guint32 uint_val); 280 281 /* Add an entry to a string dissector table. */ 282 WS_DLL_PUBLIC void dissector_add_string(const char *name, const gchar *pattern, 283 dissector_handle_t handle); 284 285 /* Delete the entry for a dissector in a string dissector table 286 with a particular pattern. */ 287 WS_DLL_PUBLIC void dissector_delete_string(const char *name, const gchar *pattern, 288 dissector_handle_t handle); 289 290 /* Change the entry for a dissector in a string dissector table 291 with a particular pattern to use a new dissector handle. */ 292 WS_DLL_PUBLIC void dissector_change_string(const char *name, const gchar *pattern, 293 dissector_handle_t handle); 294 295 /* Reset an entry in a string sub-dissector table to its initial value. */ 296 WS_DLL_PUBLIC void dissector_reset_string(const char *name, const gchar *pattern); 297 298 /* Look for a given string in a given dissector table and, if found, call 299 the dissector with the arguments supplied, and return the number of 300 bytes consumed, otherwise return 0. */ 301 WS_DLL_PUBLIC int dissector_try_string(dissector_table_t sub_dissectors, 302 const gchar *string, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data); 303 304 /* Look for a given string in a given dissector table and, if found, call 305 the dissector with the arguments supplied, and return the number of 306 bytes consumed, otherwise return 0. */ 307 WS_DLL_PUBLIC int dissector_try_string_new(dissector_table_t sub_dissectors, 308 const gchar *string, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const gboolean add_proto_name,void *data); 309 310 /** Look for a given value in a given string dissector table and, if found, 311 * return the current dissector handle for that value. 312 * 313 * @param[in] sub_dissectors Dissector table to search. 314 * @param[in] string Value to match, e.g. the OID for the BER dissector. 315 * @return The matching dissector handle on success, NULL if no match is found. 316 */ 317 WS_DLL_PUBLIC dissector_handle_t dissector_get_string_handle( 318 dissector_table_t sub_dissectors, const gchar *string); 319 320 /** Look for a given value in a given string dissector table and, if found, 321 * return the default dissector handle for that value. 322 * 323 * @param[in] name Dissector table name. 324 * @param[in] string Value to match, e.g. the OID for the BER dissector. 325 * @return The matching dissector handle on success, NULL if no match is found. 326 */ 327 WS_DLL_PUBLIC dissector_handle_t dissector_get_default_string_handle( 328 const char *name, const gchar *string); 329 330 /* Add an entry to a "custom" dissector table. */ 331 WS_DLL_PUBLIC void dissector_add_custom_table_handle(const char *name, void *pattern, 332 dissector_handle_t handle); 333 334 /** Look for a given key in a given "custom" dissector table and, if found, 335 * return the current dissector handle for that key. 336 * 337 * @param[in] sub_dissectors Dissector table to search. 338 * @param[in] key Value to match, e.g. RPC key for its subdissectors 339 * @return The matching dissector handle on success, NULL if no match is found. 340 */ 341 WS_DLL_PUBLIC dissector_handle_t dissector_get_custom_table_handle( 342 dissector_table_t sub_dissectors, void *key); 343 /* Key for GUID dissector tables. This is based off of DCE/RPC needs 344 so some dissector tables may not need the ver portion of the hash 345 */ 346 typedef struct _guid_key { 347 e_guid_t guid; 348 guint16 ver; 349 } guid_key; 350 351 /* Add an entry to a guid dissector table. */ 352 WS_DLL_PUBLIC void dissector_add_guid(const char *name, guid_key* guid_val, 353 dissector_handle_t handle); 354 355 /* Look for a given value in a given guid dissector table and, if found, 356 call the dissector with the arguments supplied, and return TRUE, 357 otherwise return FALSE. */ 358 WS_DLL_PUBLIC int dissector_try_guid(dissector_table_t sub_dissectors, 359 guid_key* guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 360 361 /* Look for a given value in a given guid dissector table and, if found, 362 call the dissector with the arguments supplied, and return TRUE, 363 otherwise return FALSE. */ 364 WS_DLL_PUBLIC int dissector_try_guid_new(dissector_table_t sub_dissectors, 365 guid_key* guid_val, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const gboolean add_proto_name, void *data); 366 367 /** Look for a given value in a given guid dissector table and, if found, 368 * return the current dissector handle for that value. 369 * 370 * @param[in] sub_dissectors Dissector table to search. 371 * @param[in] guid_val Value to match, e.g. the GUID number for the GUID dissector. 372 * @return The matching dissector handle on success, NULL if no match is found. 373 */ 374 WS_DLL_PUBLIC dissector_handle_t dissector_get_guid_handle( 375 dissector_table_t const sub_dissectors, guid_key* guid_val); 376 377 /* Use the currently assigned payload dissector for the dissector table and, 378 if any, call the dissector with the arguments supplied, and return the 379 number of bytes consumed, otherwise return 0. */ 380 WS_DLL_PUBLIC int dissector_try_payload(dissector_table_t sub_dissectors, 381 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 382 383 /* Use the currently assigned payload dissector for the dissector table and, 384 if any, call the dissector with the arguments supplied, and return the 385 number of bytes consumed, otherwise return 0. */ 386 WS_DLL_PUBLIC int dissector_try_payload_new(dissector_table_t sub_dissectors, 387 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, const gboolean add_proto_name, void *data); 388 389 /* Change the entry for a dissector in a payload (FT_NONE) dissector table 390 with a particular pattern to use a new dissector handle. */ 391 WS_DLL_PUBLIC void dissector_change_payload(const char *abbrev, dissector_handle_t handle); 392 393 /* Reset payload (FT_NONE) dissector table to its initial value. */ 394 WS_DLL_PUBLIC void dissector_reset_payload(const char *name); 395 396 /* Given a payload dissector table (type FT_NONE), return the handle of 397 the dissector that is currently active, i.e. that was selected via 398 Decode As. */ 399 WS_DLL_PUBLIC dissector_handle_t dissector_get_payload_handle( 400 dissector_table_t const dissector_table); 401 402 /* Add a handle to the list of handles that *could* be used with this 403 table. That list is used by the "Decode As"/"-d" code in the UI. */ 404 WS_DLL_PUBLIC void dissector_add_for_decode_as(const char *name, 405 dissector_handle_t handle); 406 407 /* Same as dissector_add_for_decode_as, but adds preference for dissector table value */ 408 WS_DLL_PUBLIC void dissector_add_for_decode_as_with_preference(const char *name, 409 dissector_handle_t handle); 410 411 /** Get the list of handles for a dissector table 412 */ 413 WS_DLL_PUBLIC GSList *dissector_table_get_dissector_handles(dissector_table_t dissector_table); 414 415 /** Get a handle to dissector out of a dissector table 416 */ 417 WS_DLL_PUBLIC dissector_handle_t dissector_table_get_dissector_handle(dissector_table_t dissector_table, const gchar* short_name); 418 419 /** Get a dissector table's type 420 */ 421 WS_DLL_PUBLIC ftenum_t dissector_table_get_type(dissector_table_t dissector_table); 422 423 /** Mark a dissector table as allowing "Decode As" 424 */ 425 WS_DLL_PUBLIC void dissector_table_allow_decode_as(dissector_table_t dissector_table); 426 427 /* List of "heuristic" dissectors (which get handed a packet, look at it, 428 and either recognize it as being for their protocol, dissect it, and 429 return TRUE, or don't recognize it and return FALSE) to be called 430 by another dissector. 431 432 This is opaque outside of "packet.c". */ 433 struct heur_dissector_list; 434 typedef struct heur_dissector_list *heur_dissector_list_t; 435 436 437 typedef struct heur_dtbl_entry { 438 heur_dissector_t dissector; 439 protocol_t *protocol; /* this entry's protocol */ 440 gchar *list_name; /* the list name this entry is in the list of */ 441 const gchar *display_name; /* the string used to present heuristic to user */ 442 gchar *short_name; /* string used for "internal" use to uniquely identify heuristic */ 443 gboolean enabled; 444 } heur_dtbl_entry_t; 445 446 /** A protocol uses this function to register a heuristic sub-dissector list. 447 * Call this in the parent dissectors proto_register function. 448 * 449 * @param name the name of this protocol 450 * @param proto the value obtained when regestering the protocol 451 */ 452 WS_DLL_PUBLIC heur_dissector_list_t register_heur_dissector_list(const char *name, const int proto); 453 454 typedef void (*DATFunc_heur) (const gchar *table_name, 455 struct heur_dtbl_entry *entry, gpointer user_data); 456 typedef void (*DATFunc_heur_table) (const char *table_name, 457 struct heur_dissector_list *table, gpointer user_data); 458 459 /** Iterate over heuristic dissectors in a table. 460 * 461 * Walk one heuristic dissector table's list calling a user supplied function 462 * on each entry. 463 * 464 * @param[in] table_name The name of the dissector table, e.g. "tcp". 465 * @param[in] func The function to call for each dissector. 466 * @param[in] user_data User data to pass to the function. 467 */ 468 WS_DLL_PUBLIC void heur_dissector_table_foreach(const char *table_name, 469 DATFunc_heur func, gpointer user_data); 470 471 /** Iterate over all heuristic dissector tables. 472 * 473 * Walk the set of heuristic dissector tables calling a user supplied function 474 * on each table. 475 * @param[in] func The function to call for each table. 476 * @param[in] user_data User data to pass to the function. 477 * @param[in] compare_key_func Function used to sort the set of tables before 478 * calling the function. No sorting is done if NULL. */ 479 WS_DLL_PUBLIC void dissector_all_heur_tables_foreach_table (DATFunc_heur_table func, 480 gpointer user_data, GCompareFunc compare_key_func); 481 482 /* true if a heur_dissector list of that anme exists to be registered into */ 483 WS_DLL_PUBLIC gboolean has_heur_dissector_list(const gchar *name); 484 485 /** Try all the dissectors in a given heuristic dissector list. This is done, 486 * until we find one that recognizes the protocol. 487 * Call this while the parent dissector running. 488 * 489 * @param sub_dissectors the sub-dissector list 490 * @param tvb the tvbuff with the (remaining) packet data 491 * @param pinfo the packet info of this packet (additional info) 492 * @param tree the protocol tree to be build or NULL 493 * @param hdtbl_entry returns the last tried dissectors hdtbl_entry. 494 * @param data parameter to pass to subdissector 495 * @return TRUE if the packet was recognized by the sub-dissector (stop dissection here) 496 */ 497 WS_DLL_PUBLIC gboolean dissector_try_heuristic(heur_dissector_list_t sub_dissectors, 498 tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, heur_dtbl_entry_t **hdtbl_entry, void *data); 499 500 /** Find a heuristic dissector table by table name. 501 * 502 * @param name name of the dissector table 503 * @return pointer to the table on success, NULL if no such table exists 504 */ 505 WS_DLL_PUBLIC heur_dissector_list_t find_heur_dissector_list(const char *name); 506 507 /** Find a heuristic dissector by the unique short protocol name provided during registration. 508 * 509 * @param short_name short name of the protocol to look at 510 * @return pointer to the heuristic dissector entry, NULL if not such dissector exists 511 */ 512 WS_DLL_PUBLIC heur_dtbl_entry_t* find_heur_dissector_by_unique_short_name(const char *short_name); 513 514 /** Add a sub-dissector to a heuristic dissector list. 515 * Call this in the proto_handoff function of the sub-dissector. 516 * 517 * @param name the name of the heuristic dissector table into which to register the dissector, e.g. "tcp" 518 * @param dissector the sub-dissector to be registered 519 * @param display_name the string used to present heuristic to user, e.g. "HTTP over TCP" 520 * @param internal_name the string used for "internal" use to identify heuristic, e.g. "http_tcp" 521 * @param proto the protocol id of the sub-dissector 522 * @param enable initially enabled or not 523 */ 524 WS_DLL_PUBLIC void heur_dissector_add(const char *name, heur_dissector_t dissector, 525 const char *display_name, const char *internal_name, const int proto, heuristic_enable_e enable); 526 527 /** Remove a sub-dissector from a heuristic dissector list. 528 * Call this in the prefs_reinit function of the sub-dissector. 529 * 530 * @param name the name of the "parent" protocol, e.g. "tcp" 531 * @param dissector the sub-dissector to be unregistered 532 * @param proto the protocol id of the sub-dissector 533 */ 534 WS_DLL_PUBLIC void heur_dissector_delete(const char *name, heur_dissector_t dissector, const int proto); 535 536 /** Register a new dissector. */ 537 WS_DLL_PUBLIC dissector_handle_t register_dissector(const char *name, dissector_t dissector, const int proto); 538 539 /** Register a new dissector with a callback pointer. */ 540 WS_DLL_PUBLIC dissector_handle_t register_dissector_with_data(const char *name, dissector_cb_t dissector, const int proto, void *cb_data); 541 542 /** Deregister a dissector. */ 543 void deregister_dissector(const char *name); 544 545 /** Get the long name of the protocol for a dissector handle. */ 546 extern const char *dissector_handle_get_long_name(const dissector_handle_t handle); 547 548 /** Get the short name of the protocol for a dissector handle. */ 549 WS_DLL_PUBLIC const char *dissector_handle_get_short_name(const dissector_handle_t handle); 550 551 /** Get the index of the protocol for a dissector handle. */ 552 WS_DLL_PUBLIC int dissector_handle_get_protocol_index(const dissector_handle_t handle); 553 554 /** Get a GList of all registered dissector names. */ 555 WS_DLL_PUBLIC GList* get_dissector_names(void); 556 557 /** Find a dissector by name. */ 558 WS_DLL_PUBLIC dissector_handle_t find_dissector(const char *name); 559 560 /** Find a dissector by name and add parent protocol as a depedency*/ 561 WS_DLL_PUBLIC dissector_handle_t find_dissector_add_dependency(const char *name, const int parent_proto); 562 563 /** Get a dissector name from handle. */ 564 WS_DLL_PUBLIC const char *dissector_handle_get_dissector_name(const dissector_handle_t handle); 565 566 /** Create an anonymous handle for a dissector. */ 567 WS_DLL_PUBLIC dissector_handle_t create_dissector_handle(dissector_t dissector, 568 const int proto); 569 WS_DLL_PUBLIC dissector_handle_t create_dissector_handle_with_name(dissector_t dissector, 570 const int proto, const char* name); 571 572 /** Call a dissector through a handle and if no dissector was found 573 * pass it over to the "data" dissector instead. 574 * 575 * @param handle The dissector to call. 576 * @param tvb The buffer to dissect. 577 * @param pinfo Packet Info. 578 * @param tree The protocol tree. 579 * @param data parameter to pass to dissector 580 * @return If the protocol for that handle isn't enabled call the data 581 * dissector. Otherwise, if the handle refers to a new-style 582 * dissector, call the dissector and return its return value, otherwise call 583 * it and return the length of the tvbuff pointed to by the argument. 584 */ 585 WS_DLL_PUBLIC int call_dissector_with_data(dissector_handle_t handle, tvbuff_t *tvb, 586 packet_info *pinfo, proto_tree *tree, void *data); 587 WS_DLL_PUBLIC int call_dissector(dissector_handle_t handle, tvbuff_t *tvb, 588 packet_info *pinfo, proto_tree *tree); 589 590 WS_DLL_PUBLIC int call_data_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 591 592 /** Call a dissector through a handle but if no dissector was found 593 * just return 0 and do not call the "data" dissector instead. 594 * 595 * @param handle The dissector to call. 596 * @param tvb The buffer to dissect. 597 * @param pinfo Packet Info. 598 * @param tree The protocol tree. 599 * @param data parameter to pass to dissector 600 * @return If the protocol for that handle isn't enabled, return 0 without 601 * calling the dissector. Otherwise, if the handle refers to a new-style 602 * dissector, call the dissector and return its return value, otherwise call 603 * it and return the length of the tvbuff pointed to by the argument. 604 */ 605 WS_DLL_PUBLIC int call_dissector_only(dissector_handle_t handle, tvbuff_t *tvb, 606 packet_info *pinfo, proto_tree *tree, void *data); 607 608 /** 609 * @param heur_dtbl_entry The heur_dtbl_entry of the dissector to call. 610 * @param tvb The buffer to dissect. 611 * @param pinfo Packet Info. 612 * @param tree The protocol tree. 613 * @param data parameter to pass to dissector 614 */ 615 616 WS_DLL_PUBLIC void call_heur_dissector_direct(heur_dtbl_entry_t *heur_dtbl_entry, tvbuff_t *tvb, 617 packet_info *pinfo, proto_tree *tree, void *data); 618 619 /* This is opaque outside of "packet.c". */ 620 struct depend_dissector_list; 621 typedef struct depend_dissector_list *depend_dissector_list_t; 622 623 /** Register a protocol dependency 624 * This is done automatically when registering with a dissector or 625 * heuristic table. This is for "manual" registration when a dissector 626 * ends up calling another through call_dissector (or similar) so 627 * dependencies can be determined 628 * 629 * @param parent "Parent" protocol short name 630 * @param dependent "Dependent" protocol short name 631 * @return return TRUE if dependency was successfully registered 632 */ 633 WS_DLL_PUBLIC gboolean register_depend_dissector(const char* parent, const char* dependent); 634 635 /** Unregister a protocol dependency 636 * This is done automatically when removing from a dissector or 637 * heuristic table. This is for "manual" deregistration for things 638 * like Lua 639 * 640 * @param parent "Parent" protocol short name 641 * @param dependent "Dependent" protocol short name 642 * @return return TRUE if dependency was successfully unregistered 643 */ 644 WS_DLL_PUBLIC gboolean deregister_depend_dissector(const char* parent, const char* dependent); 645 646 /** Find the list of protocol dependencies 647 * 648 * @param name Protocol short name to search for 649 * @return return list of dependent was successfully registered 650 */ 651 WS_DLL_PUBLIC depend_dissector_list_t find_depend_dissector_list(const char* name); 652 653 654 /* Do all one-time initialization. */ 655 extern void dissect_init(void); 656 657 extern void dissect_cleanup(void); 658 659 /* 660 * Given a tvbuff, and a length from a packet header, adjust the length 661 * of the tvbuff to reflect the specified length. 662 */ 663 WS_DLL_PUBLIC void set_actual_length(tvbuff_t *tvb, const guint specified_len); 664 665 /** 666 * Allow protocols to register "init" routines, which are called before 667 * we make a pass through a capture file and dissect all its packets 668 * (e.g., when we read in a new capture file, or run a "filter packets" 669 * or "colorize packets" pass over the current capture file or when the 670 * preferences are changed). 671 */ 672 WS_DLL_PUBLIC void register_init_routine(void (*func)(void)); 673 674 /** 675 * Allows protocols to register "cleanup" routines which are called 676 * after closing a capture file (or when preferences are changed, in 677 * that case these routines are called before the init routines are 678 * executed). It can be used to release resources that are allocated in 679 * register_init_routine. 680 */ 681 WS_DLL_PUBLIC void register_cleanup_routine(void (*func)(void)); 682 683 /* 684 * Register a shutdown routine to call once just before program exit 685 */ 686 WS_DLL_PUBLIC void register_shutdown_routine(void (*func)(void)); 687 688 /* Initialize all data structures used for dissection. */ 689 void init_dissection(void); 690 691 /* Free data structures allocated for dissection. */ 692 void cleanup_dissection(void); 693 694 /* Allow protocols to register a "cleanup" routine to be 695 * run after the initial sequential run through the packets. 696 * Note that the file can still be open after this; this is not 697 * the final cleanup. */ 698 WS_DLL_PUBLIC void register_postseq_cleanup_routine(void (*func)(void)); 699 700 /* Call all the registered "postseq_cleanup" routines. */ 701 WS_DLL_PUBLIC void postseq_cleanup_all_protocols(void); 702 703 /* Allow dissectors to register a "final_registration" routine 704 * that is run like the proto_register_XXX() routine, but the end 705 * end of the epan_init() function; that is, *after* all other 706 * subsystems, liked dfilters, have finished initializing. This is 707 * useful for dissector registration routines which need to compile 708 * display filters. dfilters can't initialize itself until all protocols 709 * have registereed themselvs. */ 710 WS_DLL_PUBLIC void 711 register_final_registration_routine(void (*func)(void)); 712 713 /* Call all the registered "final_registration" routines. */ 714 extern void 715 final_registration_all_protocols(void); 716 717 /* 718 * Add a new data source to the list of data sources for a frame, given 719 * the tvbuff for the data source and its name. 720 */ 721 WS_DLL_PUBLIC void add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, 722 const char *name); 723 /* Removes the last-added data source, if it turns out it wasn't needed */ 724 WS_DLL_PUBLIC void remove_last_data_source(packet_info *pinfo); 725 726 /* 727 * Return the data source name, tvb. 728 */ 729 struct data_source; 730 WS_DLL_PUBLIC char *get_data_source_name(const struct data_source *src); 731 WS_DLL_PUBLIC tvbuff_t *get_data_source_tvb(const struct data_source *src); 732 WS_DLL_PUBLIC tvbuff_t *get_data_source_tvb_by_name(packet_info *pinfo, const char *name); 733 734 /* 735 * Free up a frame's list of data sources. 736 */ 737 extern void free_data_sources(packet_info *pinfo); 738 739 /* Mark another frame as depended upon by the current frame. 740 * 741 * This information is used to ensure that the dependend-upon frame is saved 742 * if the user does a File->Save-As of only the Displayed packets and the 743 * current frame passed the display filter. 744 */ 745 WS_DLL_PUBLIC void mark_frame_as_depended_upon(packet_info *pinfo, guint32 frame_num); 746 747 /* Structure passed to the frame dissector */ 748 typedef struct frame_data_s 749 { 750 int file_type_subtype; 751 wtap_block_t pkt_block; /**< NULL if not available */ 752 struct epan_dissect *color_edt; /** Used strictly for "coloring rules" */ 753 754 } frame_data_t; 755 756 /* Structure passed to the file dissector */ 757 typedef struct file_data_s 758 { 759 wtap_block_t pkt_block; /**< NULL if not available */ 760 struct epan_dissect *color_edt; /** Used strictly for "coloring rules" */ 761 762 } file_data_t; 763 764 /* 765 * Dissectors should never modify the record data. 766 */ 767 extern void dissect_record(struct epan_dissect *edt, int file_type_subtype, 768 wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, column_info *cinfo); 769 770 /* 771 * Dissectors should never modify the packet data. 772 */ 773 extern void dissect_file(struct epan_dissect *edt, 774 wtap_rec *rec, tvbuff_t *tvb, frame_data *fd, column_info *cinfo); 775 776 /* Structure passed to the ethertype dissector */ 777 typedef struct ethertype_data_s 778 { 779 guint16 etype; 780 int payload_offset; 781 proto_tree *fh_tree; 782 int trailer_id; 783 int fcs_len; 784 } ethertype_data_t; 785 786 /* 787 * Dump layer/selector/dissector records in a fashion similar to the 788 * proto_registrar_dump_* routines. 789 */ 790 WS_DLL_PUBLIC void dissector_dump_decodes(void); 791 792 /* 793 * For each heuristic dissector table, dump list of dissectors (filter_names) for that table 794 */ 795 WS_DLL_PUBLIC void dissector_dump_heur_decodes(void); 796 797 /* 798 * postdissectors are to be called by packet-frame.c after every other 799 * dissector has been called. 800 */ 801 802 /* 803 * Register a postdissector; the argument is the dissector handle for it. 804 */ 805 WS_DLL_PUBLIC void register_postdissector(dissector_handle_t handle); 806 807 /* 808 * Specify a set of hfids that the postdissector will need. 809 * The GArray is an array of hfids (type int) and should be NULL to clear the 810 * list. This function will take ownership of the memory. 811 */ 812 WS_DLL_PUBLIC void set_postdissector_wanted_hfids(dissector_handle_t handle, 813 GArray *wanted_hfids); 814 815 /* 816 * Deregister a postdissector. Not for use in (post)dissectors or 817 * applications; only to be used by libwireshark itself. 818 */ 819 void deregister_postdissector(dissector_handle_t handle); 820 821 /* 822 * Return TRUE if we have at least one postdissector, FALSE if not. 823 * Not for use in (post)dissectors or applications; only to be used 824 * by libwireshark itself. 825 */ 826 extern gboolean have_postdissector(void); 827 828 /* 829 * Call all postdissectors, handing them the supplied arguments. 830 * Not for use in (post)dissectors or applications; only to be used 831 * by libwireshark itself. 832 */ 833 extern void call_all_postdissectors(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); 834 835 /* 836 * Return TRUE if at least one postdissector needs at least one hfid, 837 * FALSE otherwise. 838 */ 839 WS_DLL_PUBLIC gboolean postdissectors_want_hfids(void); 840 841 /* 842 * Prime an epan_dissect_t with all the hfids wanted by postdissectors. 843 */ 844 WS_DLL_PUBLIC void 845 prime_epan_dissect_with_postdissector_wanted_hfids(epan_dissect_t *edt); 846 847 /** @} */ 848 849 #ifdef __cplusplus 850 } 851 #endif /* __cplusplus */ 852 853 #endif /* packet.h */ 854